vendor: update buildkit to master@31c870e82a48

Signed-off-by: Justin Chadwell <me@jedevc.com>
This commit is contained in:
Justin Chadwell
2023-05-15 18:32:31 +01:00
parent 167cd16acb
commit e61a8cf637
269 changed files with 25798 additions and 3371 deletions

View File

@ -1,3 +1,125 @@
# v1.18.6 (2023-03-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.5 (2023-02-22)
* **Bug Fix**: Prevent nil pointer dereference when retrieving error codes.
# v1.18.4 (2023-02-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.3 (2023-02-03)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade smithy to 1.27.2 and correct empty query list serialization.
# v1.18.2 (2023-01-25)
* **Documentation**: Doc only change to update wording in a key topic
# v1.18.1 (2023-01-23)
* No change notes available for this release.
# v1.18.0 (2023-01-05)
* **Feature**: Add `ErrorCodeOverride` field to all error structs (aws/smithy-go#401).
# v1.17.7 (2022-12-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.6 (2022-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.5 (2022-11-22)
* No change notes available for this release.
# v1.17.4 (2022-11-17)
* **Documentation**: Documentation updates for AWS Security Token Service.
# v1.17.3 (2022-11-16)
* No change notes available for this release.
# v1.17.2 (2022-11-10)
* No change notes available for this release.
# v1.17.1 (2022-10-24)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.0 (2022-10-21)
* **Feature**: Add presign functionality for sts:AssumeRole operation
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.19 (2022-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.18 (2022-09-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.17 (2022-09-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.16 (2022-08-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.15 (2022-08-30)
* No change notes available for this release.
# v1.16.14 (2022-08-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.13 (2022-08-11)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.12 (2022-08-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.11 (2022-08-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.10 (2022-08-01)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.9 (2022-07-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.8 (2022-06-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.7 (2022-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.6 (2022-05-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.5 (2022-05-16)
* **Documentation**: Documentation updates for AWS Security Token Service.
# v1.16.4 (2022-04-25)
* **Dependency Update**: Updated to the latest SDK module versions

View File

@ -512,6 +512,9 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op
if err != nil {
return err
}
if err = smithyhttp.AddNoPayloadDefaultContentTypeRemover(stack); err != nil {
return err
}
// convert request to a GET request
err = query.AddAsGetRequestMiddleware(stack)
if err != nil {

View File

@ -12,12 +12,11 @@ import (
)
// Returns a set of temporary security credentials that you can use to access
// Amazon Web Services resources that you might not normally have access to. These
// temporary credentials consist of an access key ID, a secret access key, and a
// security token. Typically, you use AssumeRole within your account or for
// cross-account access. For a comparison of AssumeRole with other API operations
// that produce temporary credentials, see Requesting Temporary Security
// Credentials
// Amazon Web Services resources. These temporary credentials consist of an access
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
// within your account or for cross-account access. For a comparison of AssumeRole
// with other API operations that produce temporary credentials, see Requesting
// Temporary Security Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
@ -28,16 +27,16 @@ import (
// inline or managed session policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. When you create a role, you create two policies: A role
// trust policy that specifies who can assume the role and a permissions policy
@ -189,11 +188,11 @@ type AssumeRoleInput struct {
// be any ASCII character from the space character to the end of the valid
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
// Services conversion compresses the passed session policies and session tags into
// a packed binary format that has a separate limit. Your request can fail for this
// limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit.
// Services conversion compresses the passed inline session policy, managed policy
// ARNs, and session tags into a packed binary format that has a separate limit.
// Your request can fail for this limit even if your plaintext meets the other
// requirements. The PackedPolicySize response element indicates by percentage how
// close the policies and tags for your request are to the upper size limit.
Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -204,18 +203,18 @@ type AssumeRoleInput struct {
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
// the Amazon Web Services General Reference. An Amazon Web Services conversion
// compresses the passed session policies and session tags into a packed binary
// format that has a separate limit. Your request can fail for this limit even if
// your plaintext meets the other requirements. The PackedPolicySize response
// element indicates by percentage how close the policies and tags for your request
// are to the upper size limit. Passing policies to this operation returns new
// temporary credentials. The resulting session's permissions are the intersection
// of the role's identity-based policy and the session policies. You can use the
// role's temporary credentials in subsequent Amazon Web Services API calls to
// access resources in the account that owns the role. You cannot use session
// policies to grant more permissions than those allowed by the identity-based
// policy of the role that is being assumed. For more information, see Session
// Policies
// compresses the passed inline session policy, managed policy ARNs, and session
// tags into a packed binary format that has a separate limit. Your request can
// fail for this limit even if your plaintext meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
PolicyArns []types.PolicyDescriptorType
@ -257,22 +256,23 @@ type AssumeRoleInput struct {
// Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit. You can pass a session tag with the same key as a tag that is
// already attached to the role. When you do, session tags override a role tag with
// the same key. Tag keyvalue pairs are not case sensitive, but case is preserved.
// This means that you cannot have separate Department and department tag keys.
// Assume that the role has the Department=Marketing tag and you pass the
// department=engineering session tag. Department and department are not saved as
// separate tags, and the session tag passed in the request takes precedence over
// the role tag. Additionally, if you used temporary credentials to perform this
// operation, the new session inherits any transitive session tags from the calling
// session. If you pass a session tag with the same key as an inherited tag, the
// operation fails. To view the inherited tags for a session, see the CloudTrail
// logs. For more information, see Viewing Session Tags in CloudTrail
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is already attached to the role. When you do, session
// tags override a role tag with the same key. Tag keyvalue pairs are not case
// sensitive, but case is preserved. This means that you cannot have separate
// Department and department tag keys. Assume that the role has the
// Department=Marketing tag and you pass the department=engineering session tag.
// Department and department are not saved as separate tags, and the session tag
// passed in the request takes precedence over the role tag. Additionally, if you
// used temporary credentials to perform this operation, the new session inherits
// any transitive session tags from the calling session. If you pass a session tag
// with the same key as an inherited tag, the operation fails. To view the
// inherited tags for a session, see the CloudTrail logs. For more information, see
// Viewing Session Tags in CloudTrail
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
// in the IAM User Guide.
Tags []types.Tag
@ -415,3 +415,27 @@ func newServiceMetadataMiddleware_opAssumeRole(region string) *awsmiddleware.Reg
OperationName: "AssumeRole",
}
}
// PresignAssumeRole is used to generate a presigned HTTP Request which contains
// presigned URL, signed headers and HTTP method used.
func (c *PresignClient) PresignAssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) {
if params == nil {
params = &AssumeRoleInput{}
}
options := c.options.copy()
for _, fn := range optFns {
fn(&options)
}
clientOptFns := append(options.ClientOptions, withNopHTTPClientAPIOption)
result, _, err := c.client.invokeOperation(ctx, "AssumeRole", params, clientOptFns,
c.client.addOperationAssumeRoleMiddlewares,
presignConverter(options).convertToPresignMiddleware,
)
if err != nil {
return nil, err
}
out := result.(*v4.PresignedHTTPRequest)
return out, nil
}

View File

@ -53,16 +53,16 @@ import (
// pass inline or managed session policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
// Amazon Web Services security credentials. The identity of the caller is
@ -82,16 +82,16 @@ import (
// these and additional limits, see IAM and STS Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit. You can pass a session tag with the same key as a tag that is
// attached to the role. When you do, session tags override the role's tags with
// the same key. An administrator must grant you the permissions necessary to pass
// session tags. The administrator can also create granular permissions to allow
// you to pass only specific session tags. For more information, see Tutorial:
// Using Tags for Attribute-Based Access Control
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is attached to the role. When you do, session tags
// override the role's tags with the same key. An administrator must grant you the
// permissions necessary to pass session tags. The administrator can also create
// granular permissions to allow you to pass only specific session tags. For more
// information, see Tutorial: Using Tags for Attribute-Based Access Control
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles with
@ -194,11 +194,11 @@ type AssumeRoleWithSAMLInput struct {
// be any ASCII character from the space character to the end of the valid
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
// Services conversion compresses the passed session policies and session tags into
// a packed binary format that has a separate limit. Your request can fail for this
// limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit.
// Services conversion compresses the passed inline session policy, managed policy
// ARNs, and session tags into a packed binary format that has a separate limit.
// Your request can fail for this limit even if your plaintext meets the other
// requirements. The PackedPolicySize response element indicates by percentage how
// close the policies and tags for your request are to the upper size limit.
Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -209,18 +209,18 @@ type AssumeRoleWithSAMLInput struct {
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
// the Amazon Web Services General Reference. An Amazon Web Services conversion
// compresses the passed session policies and session tags into a packed binary
// format that has a separate limit. Your request can fail for this limit even if
// your plaintext meets the other requirements. The PackedPolicySize response
// element indicates by percentage how close the policies and tags for your request
// are to the upper size limit. Passing policies to this operation returns new
// temporary credentials. The resulting session's permissions are the intersection
// of the role's identity-based policy and the session policies. You can use the
// role's temporary credentials in subsequent Amazon Web Services API calls to
// access resources in the account that owns the role. You cannot use session
// policies to grant more permissions than those allowed by the identity-based
// policy of the role that is being assumed. For more information, see Session
// Policies
// compresses the passed inline session policy, managed policy ARNs, and session
// tags into a packed binary format that has a separate limit. Your request can
// fail for this limit even if your plaintext meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
PolicyArns []types.PolicyDescriptorType

View File

@ -63,16 +63,16 @@ import (
// inline or managed session policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Tags (Optional) You can configure your IdP to pass
// attributes into your web identity token as session tags. Each session tag
@ -84,16 +84,16 @@ import (
// these and additional limits, see IAM and STS Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit. You can pass a session tag with the same key as a tag that is
// attached to the role. When you do, the session tag overrides the role tag with
// the same key. An administrator must grant you the permissions necessary to pass
// session tags. The administrator can also create granular permissions to allow
// you to pass only specific session tags. For more information, see Tutorial:
// Using Tags for Attribute-Based Access Control
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is attached to the role. When you do, the session tag
// overrides the role tag with the same key. An administrator must grant you the
// permissions necessary to pass session tags. The administrator can also create
// granular permissions to allow you to pass only specific session tags. For more
// information, see Tutorial: Using Tags for Attribute-Based Access Control
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles with
@ -215,11 +215,11 @@ type AssumeRoleWithWebIdentityInput struct {
// be any ASCII character from the space character to the end of the valid
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
// Services conversion compresses the passed session policies and session tags into
// a packed binary format that has a separate limit. Your request can fail for this
// limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit.
// Services conversion compresses the passed inline session policy, managed policy
// ARNs, and session tags into a packed binary format that has a separate limit.
// Your request can fail for this limit even if your plaintext meets the other
// requirements. The PackedPolicySize response element indicates by percentage how
// close the policies and tags for your request are to the upper size limit.
Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -230,18 +230,18 @@ type AssumeRoleWithWebIdentityInput struct {
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
// the Amazon Web Services General Reference. An Amazon Web Services conversion
// compresses the passed session policies and session tags into a packed binary
// format that has a separate limit. Your request can fail for this limit even if
// your plaintext meets the other requirements. The PackedPolicySize response
// element indicates by percentage how close the policies and tags for your request
// are to the upper size limit. Passing policies to this operation returns new
// temporary credentials. The resulting session's permissions are the intersection
// of the role's identity-based policy and the session policies. You can use the
// role's temporary credentials in subsequent Amazon Web Services API calls to
// access resources in the account that owns the role. You cannot use session
// policies to grant more permissions than those allowed by the identity-based
// policy of the role that is being assumed. For more information, see Session
// Policies
// compresses the passed inline session policy, managed policy ARNs, and session
// tags into a packed binary format that has a separate limit. Your request can
// fail for this limit even if your plaintext meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
PolicyArns []types.PolicyDescriptorType

View File

@ -43,28 +43,29 @@ import (
// Temporary credentials obtained by using the Amazon Web Services account root
// user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions
// You can use the temporary credentials created by GetFederationToken in any
// Amazon Web Services service except the following:
// Amazon Web Services service with the following exceptions:
//
// * You cannot call any IAM
// operations using the CLI or the Amazon Web Services API.
// * You cannot call
// any IAM operations using the CLI or the Amazon Web Services API. This limitation
// does not apply to console sessions.
//
// * You cannot call any
// STS operations except GetCallerIdentity.
// * You cannot call any STS operations except
// GetCallerIdentity.
//
// You must pass an inline or managed
// session policy
// You can use temporary credentials for single sign-on (SSO)
// to the console. You must pass an inline or managed session policy
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. Though the session policy
// parameters are optional, if you do not pass a policy, then the resulting
// federated user session has no permissions. When you pass session policies, the
// session permissions are the intersection of the IAM user policies and the
// session policies that you pass. This gives you a way to further restrict the
// permissions for a federated user. You cannot use session policies to grant more
// permissions than those that are defined in the permissions policy of the IAM
// user. For more information, see Session Policies
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Though the session policy parameters are optional, if you do not pass a policy,
// then the resulting federated user session has no permissions. When you pass
// session policies, the session permissions are the intersection of the IAM user
// policies and the session policies that you pass. This gives you a way to further
// restrict the permissions for a federated user. You cannot use session policies
// to grant more permissions than those that are defined in the permissions policy
// of the IAM user. For more information, see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. For information about using GetFederationToken to create
// temporary security credentials, see GetFederationToken—Federation Through a
@ -135,15 +136,15 @@ type GetFederationTokenInput struct {
// You must pass an inline or managed session policy
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. This parameter is optional. However, if you do not
// pass any session policies, then the resulting federated user session has no
// permissions. When you pass session policies, the session permissions are the
// intersection of the IAM user policies and the session policies that you pass.
// This gives you a way to further restrict the permissions for a federated user.
// You cannot use session policies to grant more permissions than those that are
// defined in the permissions policy of the IAM user. For more information, see
// Session Policies
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. This parameter is
// optional. However, if you do not pass any session policies, then the resulting
// federated user session has no permissions. When you pass session policies, the
// session permissions are the intersection of the IAM user policies and the
// session policies that you pass. This gives you a way to further restrict the
// permissions for a federated user. You cannot use session policies to grant more
// permissions than those that are defined in the permissions policy of the IAM
// user. For more information, see Session Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. The resulting credentials can be used to access a
// resource that has a resource-based policy. If that policy specifically
@ -155,11 +156,11 @@ type GetFederationTokenInput struct {
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters. An Amazon Web Services conversion compresses the
// passed session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit.
// passed inline session policy, managed policy ARNs, and session tags into a
// packed binary format that has a separate limit. Your request can fail for this
// limit even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit.
Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
@ -168,11 +169,11 @@ type GetFederationTokenInput struct {
// managed session policy
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policies to use as
// managed session policies. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. You can provide up to 10 managed
// policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
// and Amazon Web Services Service Namespaces
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// You can provide up to 10 managed policy ARNs. For more information about ARNs,
// see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
// the Amazon Web Services General Reference. This parameter is optional. However,
// if you do not pass any session policies, then the resulting federated user
@ -188,11 +189,12 @@ type GetFederationTokenInput struct {
// references the federated user session in the Principal element of the policy,
// the session has the permissions allowed by the policy. These permissions are
// granted in addition to the permissions that are granted by the session policies.
// An Amazon Web Services conversion compresses the passed session policies and
// session tags into a packed binary format that has a separate limit. Your request
// can fail for this limit even if your plaintext meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit.
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit.
PolicyArns []types.PolicyDescriptorType
// A list of session tags. Each session tag consists of a key name and an
@ -205,15 +207,15 @@ type GetFederationTokenInput struct {
// Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// session policies and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates by
// percentage how close the policies and tags for your request are to the upper
// size limit. You can pass a session tag with the same key as a tag that is
// already attached to the user you are federating. When you do, session tags
// override a user tag with the same key. Tag keyvalue pairs are not case
// sensitive, but case is preserved. This means that you cannot have separate
// Department and department tag keys. Assume that the role has the
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is already attached to the user you are federating. When
// you do, session tags override a user tag with the same key. Tag keyvalue pairs
// are not case sensitive, but case is preserved. This means that you cannot have
// separate Department and department tag keys. Assume that the role has the
// Department=Marketing tag and you pass the department=engineering session tag.
// Department and department are not saved as separate tags, and the session tag
// passed in the request takes precedence over the role tag.

View File

@ -26,6 +26,11 @@ import (
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. No permissions are required for users to perform this
// operation. The purpose of the sts:GetSessionToken operation is to authenticate
// the user using MFA. You cannot use policies to control authentication
// operations. For more information, see Permissions for GetSessionToken
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
// in the IAM User Guide. Session Duration The GetSessionToken operation must be
// called by using the long-term Amazon Web Services security credentials of the
// Amazon Web Services account root user or an IAM user. Credentials that are

View File

@ -3,4 +3,4 @@
package sts
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.16.4"
const goModuleVersion = "1.18.6"

View File

@ -153,6 +153,9 @@ var defaultPartitions = endpoints.Partitions{
endpoints.EndpointKey{
Region: "ap-south-1",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "ap-south-2",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "ap-southeast-1",
}: endpoints.Endpoint{},
@ -162,6 +165,9 @@ var defaultPartitions = endpoints.Partitions{
endpoints.EndpointKey{
Region: "ap-southeast-3",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "ap-southeast-4",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "aws-global",
}: endpoints.Endpoint{
@ -176,12 +182,18 @@ var defaultPartitions = endpoints.Partitions{
endpoints.EndpointKey{
Region: "eu-central-1",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "eu-central-2",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "eu-north-1",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "eu-south-1",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "eu-south-2",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "eu-west-1",
}: endpoints.Endpoint{},
@ -191,6 +203,9 @@ var defaultPartitions = endpoints.Partitions{
endpoints.EndpointKey{
Region: "eu-west-3",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "me-central-1",
}: endpoints.Endpoint{},
endpoints.EndpointKey{
Region: "me-south-1",
}: endpoints.Endpoint{},

View File

@ -523,9 +523,6 @@ func (m *awsAwsquery_serializeOpGetSessionToken) HandleSerialize(ctx context.Con
return next.HandleSerialize(ctx, in)
}
func awsAwsquery_serializeDocumentPolicyDescriptorListType(v []types.PolicyDescriptorType, value query.Value) error {
if len(v) == 0 {
return nil
}
array := value.Array("member")
for i := range v {
@ -567,9 +564,6 @@ func awsAwsquery_serializeDocumentTag(v *types.Tag, value query.Value) error {
}
func awsAwsquery_serializeDocumentTagKeyListType(v []string, value query.Value) error {
if len(v) == 0 {
return nil
}
array := value.Array("member")
for i := range v {
@ -580,9 +574,6 @@ func awsAwsquery_serializeDocumentTagKeyListType(v []string, value query.Value)
}
func awsAwsquery_serializeDocumentTagListType(v []types.Tag, value query.Value) error {
if len(v) == 0 {
return nil
}
array := value.Array("member")
for i := range v {

View File

@ -12,6 +12,8 @@ import (
type ExpiredTokenException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -24,7 +26,12 @@ func (e *ExpiredTokenException) ErrorMessage() string {
}
return *e.Message
}
func (e *ExpiredTokenException) ErrorCode() string { return "ExpiredTokenException" }
func (e *ExpiredTokenException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "ExpiredTokenException"
}
return *e.ErrorCodeOverride
}
func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// The request could not be fulfilled because the identity provider (IDP) that was
@ -35,6 +42,8 @@ func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.F
type IDPCommunicationErrorException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -47,7 +56,12 @@ func (e *IDPCommunicationErrorException) ErrorMessage() string {
}
return *e.Message
}
func (e *IDPCommunicationErrorException) ErrorCode() string { return "IDPCommunicationError" }
func (e *IDPCommunicationErrorException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "IDPCommunicationError"
}
return *e.ErrorCodeOverride
}
func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// The identity provider (IdP) reported that authentication failed. This might be
@ -57,6 +71,8 @@ func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault { return
type IDPRejectedClaimException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -69,7 +85,12 @@ func (e *IDPRejectedClaimException) ErrorMessage() string {
}
return *e.Message
}
func (e *IDPRejectedClaimException) ErrorCode() string { return "IDPRejectedClaim" }
func (e *IDPRejectedClaimException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "IDPRejectedClaim"
}
return *e.ErrorCodeOverride
}
func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// The error returned if the message passed to DecodeAuthorizationMessage was
@ -78,6 +99,8 @@ func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smit
type InvalidAuthorizationMessageException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -91,7 +114,10 @@ func (e *InvalidAuthorizationMessageException) ErrorMessage() string {
return *e.Message
}
func (e *InvalidAuthorizationMessageException) ErrorCode() string {
return "InvalidAuthorizationMessageException"
if e == nil || e.ErrorCodeOverride == nil {
return "InvalidAuthorizationMessageException"
}
return *e.ErrorCodeOverride
}
func (e *InvalidAuthorizationMessageException) ErrorFault() smithy.ErrorFault {
return smithy.FaultClient
@ -103,6 +129,8 @@ func (e *InvalidAuthorizationMessageException) ErrorFault() smithy.ErrorFault {
type InvalidIdentityTokenException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -115,7 +143,12 @@ func (e *InvalidIdentityTokenException) ErrorMessage() string {
}
return *e.Message
}
func (e *InvalidIdentityTokenException) ErrorCode() string { return "InvalidIdentityToken" }
func (e *InvalidIdentityTokenException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "InvalidIdentityToken"
}
return *e.ErrorCodeOverride
}
func (e *InvalidIdentityTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// The request was rejected because the policy document was malformed. The error
@ -123,6 +156,8 @@ func (e *InvalidIdentityTokenException) ErrorFault() smithy.ErrorFault { return
type MalformedPolicyDocumentException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -135,7 +170,12 @@ func (e *MalformedPolicyDocumentException) ErrorMessage() string {
}
return *e.Message
}
func (e *MalformedPolicyDocumentException) ErrorCode() string { return "MalformedPolicyDocument" }
func (e *MalformedPolicyDocumentException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "MalformedPolicyDocument"
}
return *e.ErrorCodeOverride
}
func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// The request was rejected because the total packed size of the session policies
@ -153,6 +193,8 @@ func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { retu
type PackedPolicyTooLargeException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -165,7 +207,12 @@ func (e *PackedPolicyTooLargeException) ErrorMessage() string {
}
return *e.Message
}
func (e *PackedPolicyTooLargeException) ErrorCode() string { return "PackedPolicyTooLarge" }
func (e *PackedPolicyTooLargeException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "PackedPolicyTooLarge"
}
return *e.ErrorCodeOverride
}
func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// STS is not activated in the requested region for the account that is being asked
@ -177,6 +224,8 @@ func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return
type RegionDisabledException struct {
Message *string
ErrorCodeOverride *string
noSmithyDocumentSerde
}
@ -189,5 +238,10 @@ func (e *RegionDisabledException) ErrorMessage() string {
}
return *e.Message
}
func (e *RegionDisabledException) ErrorCode() string { return "RegionDisabledException" }
func (e *RegionDisabledException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "RegionDisabledException"
}
return *e.ErrorCodeOverride
}
func (e *RegionDisabledException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }