bluepython508/tsnet-proxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update dependencies

Browse Source
This commit is contained in:
bluepython508
2025-04-09 01:00:12 +01:00
parent f0641ffd6e
commit 5a9cfc022c
882 changed files with 68930 additions and 24201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go generated vendored Normal file
View File

@@ -0,0 +1,18 @@
package aws
// AccountIDEndpointMode controls how a resolved AWS account ID is handled for endpoint routing.
type AccountIDEndpointMode string
const (
// AccountIDEndpointModeUnset indicates the AWS account ID will not be used for endpoint routing
AccountIDEndpointModeUnset AccountIDEndpointMode = ""
// AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if present
AccountIDEndpointModePreferred = "preferred"
// AccountIDEndpointModeRequired indicates an error will be returned if the AWS account ID is not resolved from identity
AccountIDEndpointModeRequired = "required"
// AccountIDEndpointModeDisabled indicates the AWS account ID will be ignored during endpoint routing
AccountIDEndpointModeDisabled = "disabled"
)

33
vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go generated vendored Normal file
View File

@@ -0,0 +1,33 @@
package aws
// RequestChecksumCalculation controls request checksum calculation workflow
type RequestChecksumCalculation int
const (
// RequestChecksumCalculationUnset is the unset value for RequestChecksumCalculation
RequestChecksumCalculationUnset RequestChecksumCalculation = iota
// RequestChecksumCalculationWhenSupported indicates request checksum will be calculated
// if the operation supports input checksums
RequestChecksumCalculationWhenSupported
// RequestChecksumCalculationWhenRequired indicates request checksum will be calculated
// if required by the operation or if user elects to set a checksum algorithm in request
RequestChecksumCalculationWhenRequired
)
// ResponseChecksumValidation controls response checksum validation workflow
type ResponseChecksumValidation int
const (
// ResponseChecksumValidationUnset is the unset value for ResponseChecksumValidation
ResponseChecksumValidationUnset ResponseChecksumValidation = iota
// ResponseChecksumValidationWhenSupported indicates response checksum will be validated
// if the operation supports output checksums
ResponseChecksumValidationWhenSupported
// ResponseChecksumValidationWhenRequired indicates response checksum will only
// be validated if the operation requires output checksum validation
ResponseChecksumValidationWhenRequired
)

30
vendor/github.com/aws/aws-sdk-go-v2/aws/config.go generated vendored
View File

@@ -162,6 +162,36 @@ type Config struct {
// This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or
// the shared config profile attribute request_min_compression_size_bytes
RequestMinCompressSizeBytes int64
// Controls how a resolved AWS account ID is handled for endpoint routing.
AccountIDEndpointMode AccountIDEndpointMode
// RequestChecksumCalculation determines when request checksum calculation is performed.
//
// There are two possible values for this setting:
//
// 1. RequestChecksumCalculationWhenSupported (default): The checksum is always calculated
// if the operation supports it, regardless of whether the user sets an algorithm in the request.
//
// 2. RequestChecksumCalculationWhenRequired: The checksum is only calculated if the user
// explicitly sets a checksum algorithm in the request.
//
// This setting is sourced from the environment variable AWS_REQUEST_CHECKSUM_CALCULATION
// or the shared config profile attribute "request_checksum_calculation".
RequestChecksumCalculation RequestChecksumCalculation
// ResponseChecksumValidation determines when response checksum validation is performed
//
// There are two possible values for this setting:
//
// 1. ResponseChecksumValidationWhenSupported (default): The checksum is always validated
// if the operation supports it, regardless of whether the user sets the validation mode to ENABLED in request.
//
// 2. ResponseChecksumValidationWhenRequired: The checksum is only validated if the user
// explicitly sets the validation mode to ENABLED in the request
// This variable is sourced from environment variable AWS_RESPONSE_CHECKSUM_VALIDATION or
// the shared config profile attribute "response_checksum_validation".
ResponseChecksumValidation ResponseChecksumValidation
}
// NewConfig returns a new Config pointer that can be chained with builder

3
vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go generated vendored
View File

@@ -90,6 +90,9 @@ type Credentials struct {
// The time the credentials will expire at. Should be ignored if CanExpire
// is false.
Expires time.Time
// The ID of the account for the credentials.
AccountID string
}
// Expired returns if the credentials have expired.

26
vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go generated vendored
View File

@@ -70,6 +70,10 @@ func GetUseFIPSEndpoint(options ...interface{}) (value FIPSEndpointState, found
// The SDK will automatically resolve these endpoints per API client using an
// internal endpoint resolvers. If you'd like to provide custom endpoint
// resolving behavior you can implement the EndpointResolver interface.
//
// Deprecated: This structure was used with the global [EndpointResolver]
// interface, which has been deprecated in favor of service-specific endpoint
// resolution. See the deprecation docs on that interface for more information.
type Endpoint struct {
// The base URL endpoint the SDK API clients will use to make API calls to.
// The SDK will suffix URI path and query elements to this endpoint.
@@ -124,6 +128,8 @@ type Endpoint struct {
}
// EndpointSource is the endpoint source type.
//
// Deprecated: The global [Endpoint] structure is deprecated.
type EndpointSource int
const (
@@ -161,19 +167,25 @@ func (e *EndpointNotFoundError) Unwrap() error {
// API clients will fallback to attempting to resolve the endpoint using its
// internal default endpoint resolver.
//
// Deprecated: See EndpointResolverWithOptions
// Deprecated: The global endpoint resolution interface is deprecated. The API
// for endpoint resolution is now unique to each service and is set via the
// EndpointResolverV2 field on service client options. Setting a value for
// EndpointResolver on aws.Config or service client options will prevent you
// from using any endpoint-related service features released after the
// introduction of EndpointResolverV2. You may also encounter broken or
// unexpected behavior when using the old global interface with services that
// use many endpoint-related customizations such as S3.
type EndpointResolver interface {
ResolveEndpoint(service, region string) (Endpoint, error)
}
// EndpointResolverFunc wraps a function to satisfy the EndpointResolver interface.
//
// Deprecated: See EndpointResolverWithOptionsFunc
// Deprecated: The global endpoint resolution interface is deprecated. See
// deprecation docs on [EndpointResolver].
type EndpointResolverFunc func(service, region string) (Endpoint, error)
// ResolveEndpoint calls the wrapped function and returns the results.
//
// Deprecated: See EndpointResolverWithOptions.ResolveEndpoint
func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint, error) {
return e(service, region)
}
@@ -184,11 +196,17 @@ func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint,
// available. If the EndpointResolverWithOptions returns an EndpointNotFoundError error,
// API clients will fallback to attempting to resolve the endpoint using its
// internal default endpoint resolver.
//
// Deprecated: The global endpoint resolution interface is deprecated. See
// deprecation docs on [EndpointResolver].
type EndpointResolverWithOptions interface {
ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error)
}
// EndpointResolverWithOptionsFunc wraps a function to satisfy the EndpointResolverWithOptions interface.
//
// Deprecated: The global endpoint resolution interface is deprecated. See
// deprecation docs on [EndpointResolver].
type EndpointResolverWithOptionsFunc func(service, region string, options ...interface{}) (Endpoint, error)
// ResolveEndpoint calls the wrapped function and returns the results.

2
vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package aws
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.24.1"
const goModuleVersion = "1.36.0"

10
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go generated vendored
View File

@@ -139,16 +139,16 @@ func AddRecordResponseTiming(stack *middleware.Stack) error {
// raw response within the response metadata.
type rawResponseKey struct{}
// addRawResponse middleware adds raw response on to the metadata
type addRawResponse struct{}
// AddRawResponse middleware adds raw response on to the metadata
type AddRawResponse struct{}
// ID the identifier for the ClientRequestID
func (m *addRawResponse) ID() string {
func (m *AddRawResponse) ID() string {
return "AddRawResponseToMetadata"
}
// HandleDeserialize adds raw response on the middleware metadata
func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
func (m AddRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
) {
out, metadata, err = next.HandleDeserialize(ctx, in)
@@ -159,7 +159,7 @@ func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.Des
// AddRawResponseToMetadata adds middleware to the middleware stack that
// store raw response on to the metadata.
func AddRawResponseToMetadata(stack *middleware.Stack) error {
return stack.Deserialize.Add(&addRawResponse{}, middleware.Before)
return stack.Deserialize.Add(&AddRawResponse{}, middleware.Before)
}
// GetRawResponse returns raw response set on metadata

319
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go generated vendored
View File

@@ -1,319 +0,0 @@
// Package metrics implements metrics gathering for SDK development purposes.
//
// This package is designated as private and is intended for use only by the
// AWS client runtime. The exported API therein is not considered stable and
// is subject to breaking changes without notice.
package metrics
import (
"context"
"encoding/json"
"fmt"
"sync"
"time"
"github.com/aws/smithy-go/middleware"
)
const (
// ServiceIDKey is the key for the service ID metric.
ServiceIDKey = "ServiceId"
// OperationNameKey is the key for the operation name metric.
OperationNameKey = "OperationName"
// ClientRequestIDKey is the key for the client request ID metric.
ClientRequestIDKey = "ClientRequestId"
// APICallDurationKey is the key for the API call duration metric.
APICallDurationKey = "ApiCallDuration"
// APICallSuccessfulKey is the key for the API call successful metric.
APICallSuccessfulKey = "ApiCallSuccessful"
// MarshallingDurationKey is the key for the marshalling duration metric.
MarshallingDurationKey = "MarshallingDuration"
// InThroughputKey is the key for the input throughput metric.
InThroughputKey = "InThroughput"
// OutThroughputKey is the key for the output throughput metric.
OutThroughputKey = "OutThroughput"
// RetryCountKey is the key for the retry count metric.
RetryCountKey = "RetryCount"
// HTTPStatusCodeKey is the key for the HTTP status code metric.
HTTPStatusCodeKey = "HttpStatusCode"
// AWSExtendedRequestIDKey is the key for the AWS extended request ID metric.
AWSExtendedRequestIDKey = "AwsExtendedRequestId"
// AWSRequestIDKey is the key for the AWS request ID metric.
AWSRequestIDKey = "AwsRequestId"
// BackoffDelayDurationKey is the key for the backoff delay duration metric.
BackoffDelayDurationKey = "BackoffDelayDuration"
// StreamThroughputKey is the key for the stream throughput metric.
StreamThroughputKey = "Throughput"
// ConcurrencyAcquireDurationKey is the key for the concurrency acquire duration metric.
ConcurrencyAcquireDurationKey = "ConcurrencyAcquireDuration"
// PendingConcurrencyAcquiresKey is the key for the pending concurrency acquires metric.
PendingConcurrencyAcquiresKey = "PendingConcurrencyAcquires"
// SigningDurationKey is the key for the signing duration metric.
SigningDurationKey = "SigningDuration"
// UnmarshallingDurationKey is the key for the unmarshalling duration metric.
UnmarshallingDurationKey = "UnmarshallingDuration"
// TimeToFirstByteKey is the key for the time to first byte metric.
TimeToFirstByteKey = "TimeToFirstByte"
// ServiceCallDurationKey is the key for the service call duration metric.
ServiceCallDurationKey = "ServiceCallDuration"
// EndpointResolutionDurationKey is the key for the endpoint resolution duration metric.
EndpointResolutionDurationKey = "EndpointResolutionDuration"
// AttemptNumberKey is the key for the attempt number metric.
AttemptNumberKey = "AttemptNumber"
// MaxConcurrencyKey is the key for the max concurrency metric.
MaxConcurrencyKey = "MaxConcurrency"
// AvailableConcurrencyKey is the key for the available concurrency metric.
AvailableConcurrencyKey = "AvailableConcurrency"
)
// MetricPublisher provides the interface to provide custom MetricPublishers.
// PostRequestMetrics will be invoked by the MetricCollection middleware to post request.
// PostStreamMetrics will be invoked by ReadCloserWithMetrics to post stream metrics.
type MetricPublisher interface {
PostRequestMetrics(*MetricData) error
PostStreamMetrics(*MetricData) error
}
// Serializer provides the interface to provide custom Serializers.
// Serialize will transform any input object in its corresponding string representation.
type Serializer interface {
Serialize(obj interface{}) (string, error)
}
// DefaultSerializer is an implementation of the Serializer interface.
type DefaultSerializer struct{}
// Serialize uses the default JSON serializer to obtain the string representation of an object.
func (DefaultSerializer) Serialize(obj interface{}) (string, error) {
bytes, err := json.Marshal(obj)
if err != nil {
return "", err
}
return string(bytes), nil
}
type metricContextKey struct{}
// MetricContext contains fields to store metric-related information.
type MetricContext struct {
connectionCounter *SharedConnectionCounter
publisher MetricPublisher
data *MetricData
}
// MetricData stores the collected metric data.
type MetricData struct {
RequestStartTime time.Time
RequestEndTime time.Time
APICallDuration time.Duration
SerializeStartTime time.Time
SerializeEndTime time.Time
MarshallingDuration time.Duration
ResolveEndpointStartTime time.Time
ResolveEndpointEndTime time.Time
EndpointResolutionDuration time.Duration
InThroughput float64
OutThroughput float64
RetryCount int
Success uint8
StatusCode int
ClientRequestID string
ServiceID string
OperationName string
PartitionID string
Region string
RequestContentLength int64
Stream StreamMetrics
Attempts []AttemptMetrics
}
// StreamMetrics stores metrics related to streaming data.
type StreamMetrics struct {
ReadDuration time.Duration
ReadBytes int64
Throughput float64
}
// AttemptMetrics stores metrics related to individual attempts.
type AttemptMetrics struct {
ServiceCallStart time.Time
ServiceCallEnd time.Time
ServiceCallDuration time.Duration
FirstByteTime time.Time
TimeToFirstByte time.Duration
ConnRequestedTime time.Time
ConnObtainedTime time.Time
ConcurrencyAcquireDuration time.Duration
CredentialFetchStartTime time.Time
CredentialFetchEndTime time.Time
SignStartTime time.Time
SignEndTime time.Time
SigningDuration time.Duration
DeserializeStartTime time.Time
DeserializeEndTime time.Time
UnMarshallingDuration time.Duration
RetryDelay time.Duration
ResponseContentLength int64
StatusCode int
RequestID string
ExtendedRequestID string
HTTPClient string
MaxConcurrency int
PendingConnectionAcquires int
AvailableConcurrency int
ActiveRequests int
ReusedConnection bool
}
// Data returns the MetricData associated with the MetricContext.
func (mc *MetricContext) Data() *MetricData {
return mc.data
}
// ConnectionCounter returns the SharedConnectionCounter associated with the MetricContext.
func (mc *MetricContext) ConnectionCounter() *SharedConnectionCounter {
return mc.connectionCounter
}
// Publisher returns the MetricPublisher associated with the MetricContext.
func (mc *MetricContext) Publisher() MetricPublisher {
return mc.publisher
}
// ComputeRequestMetrics calculates and populates derived metrics based on the collected data.
func (md *MetricData) ComputeRequestMetrics() {
for idx := range md.Attempts {
attempt := &md.Attempts[idx]
attempt.ConcurrencyAcquireDuration = attempt.ConnObtainedTime.Sub(attempt.ConnRequestedTime)
attempt.SigningDuration = attempt.SignEndTime.Sub(attempt.SignStartTime)
attempt.UnMarshallingDuration = attempt.DeserializeEndTime.Sub(attempt.DeserializeStartTime)
attempt.TimeToFirstByte = attempt.FirstByteTime.Sub(attempt.ServiceCallStart)
attempt.ServiceCallDuration = attempt.ServiceCallEnd.Sub(attempt.ServiceCallStart)
}
md.APICallDuration = md.RequestEndTime.Sub(md.RequestStartTime)
md.MarshallingDuration = md.SerializeEndTime.Sub(md.SerializeStartTime)
md.EndpointResolutionDuration = md.ResolveEndpointEndTime.Sub(md.ResolveEndpointStartTime)
md.RetryCount = len(md.Attempts) - 1
latestAttempt, err := md.LatestAttempt()
if err != nil {
fmt.Printf("error retrieving attempts data due to: %s. Skipping Throughput metrics", err.Error())
} else {
md.StatusCode = latestAttempt.StatusCode
if md.Success == 1 {
if latestAttempt.ResponseContentLength > 0 && latestAttempt.ServiceCallDuration > 0 {
md.InThroughput = float64(latestAttempt.ResponseContentLength) / latestAttempt.ServiceCallDuration.Seconds()
}
if md.RequestContentLength > 0 && latestAttempt.ServiceCallDuration > 0 {
md.OutThroughput = float64(md.RequestContentLength) / latestAttempt.ServiceCallDuration.Seconds()
}
}
}
}
// LatestAttempt returns the latest attempt metrics.
// It returns an error if no attempts are initialized.
func (md *MetricData) LatestAttempt() (*AttemptMetrics, error) {
if md.Attempts == nil || len(md.Attempts) == 0 {
return nil, fmt.Errorf("no attempts initialized. NewAttempt() should be called first")
}
return &md.Attempts[len(md.Attempts)-1], nil
}
// NewAttempt initializes new attempt metrics.
func (md *MetricData) NewAttempt() {
if md.Attempts == nil {
md.Attempts = []AttemptMetrics{}
}
md.Attempts = append(md.Attempts, AttemptMetrics{})
}
// SharedConnectionCounter is a counter shared across API calls.
type SharedConnectionCounter struct {
mu sync.Mutex
activeRequests int
pendingConnectionAcquire int
}
// ActiveRequests returns the count of active requests.
func (cc *SharedConnectionCounter) ActiveRequests() int {
cc.mu.Lock()
defer cc.mu.Unlock()
return cc.activeRequests
}
// PendingConnectionAcquire returns the count of pending connection acquires.
func (cc *SharedConnectionCounter) PendingConnectionAcquire() int {
cc.mu.Lock()
defer cc.mu.Unlock()
return cc.pendingConnectionAcquire
}
// AddActiveRequest increments the count of active requests.
func (cc *SharedConnectionCounter) AddActiveRequest() {
cc.mu.Lock()
defer cc.mu.Unlock()
cc.activeRequests++
}
// RemoveActiveRequest decrements the count of active requests.
func (cc *SharedConnectionCounter) RemoveActiveRequest() {
cc.mu.Lock()
defer cc.mu.Unlock()
cc.activeRequests--
}
// AddPendingConnectionAcquire increments the count of pending connection acquires.
func (cc *SharedConnectionCounter) AddPendingConnectionAcquire() {
cc.mu.Lock()
defer cc.mu.Unlock()
cc.pendingConnectionAcquire++
}
// RemovePendingConnectionAcquire decrements the count of pending connection acquires.
func (cc *SharedConnectionCounter) RemovePendingConnectionAcquire() {
cc.mu.Lock()
defer cc.mu.Unlock()
cc.pendingConnectionAcquire--
}
// InitMetricContext initializes the metric context with the provided counter and publisher.
// It returns the updated context.
func InitMetricContext(
ctx context.Context, counter *SharedConnectionCounter, publisher MetricPublisher,
) context.Context {
if middleware.GetStackValue(ctx, metricContextKey{}) == nil {
ctx = middleware.WithStackValue(ctx, metricContextKey{}, &MetricContext{
connectionCounter: counter,
publisher: publisher,
data: &MetricData{
Attempts: []AttemptMetrics{},
Stream: StreamMetrics{},
},
})
}
return ctx
}
// Context returns the metric context from the given context.
// It returns nil if the metric context is not found.
func Context(ctx context.Context) *MetricContext {
mctx := middleware.GetStackValue(ctx, metricContextKey{})
if mctx == nil {
return nil
}
return mctx.(*MetricContext)
}

16
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go generated vendored
View File

@@ -4,6 +4,7 @@ import (
"context"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@@ -11,18 +12,22 @@ import (
func AddRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
// add error wrapper middleware before operation deserializers so that it can wrap the error response
// returned by operation deserializers
return stack.Deserialize.Insert(&requestIDRetriever{}, "OperationDeserializer", middleware.Before)
return stack.Deserialize.Insert(&RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
}
type requestIDRetriever struct {
// RequestIDRetriever middleware captures the AWS service request ID from the
// raw response.
type RequestIDRetriever struct {
}
// ID returns the middleware identifier
func (m *requestIDRetriever) ID() string {
func (m *RequestIDRetriever) ID() string {
return "RequestIDRetriever"
}
func (m *requestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
// HandleDeserialize pulls the AWS request ID from the response, storing it in
// operation metadata.
func (m *RequestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
) {
out, metadata, err = next.HandleDeserialize(ctx, in)
@@ -41,6 +46,9 @@ func (m *requestIDRetriever) HandleDeserialize(ctx context.Context, in middlewar
if v := resp.Header.Get(h); len(v) != 0 {
// set reqID on metadata for successful responses.
SetRequestIDMetadata(&metadata, v)
span, _ := tracing.GetSpan(ctx)
span.SetProperty("aws.request_id", v)
break
}
}

102
vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go generated vendored
View File

@@ -5,6 +5,7 @@ import (
"fmt"
"os"
"runtime"
"sort"
"strings"
"github.com/aws/aws-sdk-go-v2/aws"
@@ -30,8 +31,12 @@ const (
FrameworkMetadata
AdditionalMetadata
ApplicationIdentifier
FeatureMetadata2
)
// Hardcoded value to specify which version of the user agent we're using
const uaMetadata = "ua/2.1"
func (k SDKAgentKeyType) string() string {
switch k {
case APIMetadata:
@@ -50,6 +55,8 @@ func (k SDKAgentKeyType) string() string {
return "lib"
case ApplicationIdentifier:
return "app"
case FeatureMetadata2:
return "m"
case AdditionalMetadata:
fallthrough
default:
@@ -64,12 +71,42 @@ var validChars = map[rune]bool{
'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
}
// requestUserAgent is a build middleware that set the User-Agent for the request.
type requestUserAgent struct {
// UserAgentFeature enumerates tracked SDK features.
type UserAgentFeature string
// Enumerates UserAgentFeature.
const (
UserAgentFeatureResourceModel UserAgentFeature = "A" // n/a (we don't generate separate resource types)
UserAgentFeatureWaiter = "B"
UserAgentFeaturePaginator = "C"
UserAgentFeatureRetryModeLegacy = "D" // n/a (equivalent to standard)
UserAgentFeatureRetryModeStandard = "E"
UserAgentFeatureRetryModeAdaptive = "F"
UserAgentFeatureS3Transfer = "G"
UserAgentFeatureS3CryptoV1N = "H" // n/a (crypto client is external)
UserAgentFeatureS3CryptoV2 = "I" // n/a
UserAgentFeatureS3ExpressBucket = "J"
UserAgentFeatureS3AccessGrants = "K" // not yet implemented
UserAgentFeatureGZIPRequestCompression = "L"
UserAgentFeatureProtocolRPCV2CBOR = "M"
UserAgentFeatureRequestChecksumCRC32 = "U"
UserAgentFeatureRequestChecksumCRC32C = "V"
UserAgentFeatureRequestChecksumCRC64 = "W"
UserAgentFeatureRequestChecksumSHA1 = "X"
UserAgentFeatureRequestChecksumSHA256 = "Y"
UserAgentFeatureRequestChecksumWhenSupported = "Z"
UserAgentFeatureRequestChecksumWhenRequired = "a"
UserAgentFeatureResponseChecksumWhenSupported = "b"
UserAgentFeatureResponseChecksumWhenRequired = "c"
)
// RequestUserAgent is a build middleware that set the User-Agent for the request.
type RequestUserAgent struct {
sdkAgent, userAgent *smithyhttp.UserAgentBuilder
features map[UserAgentFeature]struct{}
}
// newRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
// NewRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
// request.
//
// User-Agent example:
@@ -79,14 +116,16 @@ type requestUserAgent struct {
// X-Amz-User-Agent example:
//
// aws-sdk-go-v2/1.2.3 md/GOOS/linux md/GOARCH/amd64 lang/go/1.15
func newRequestUserAgent() *requestUserAgent {
func NewRequestUserAgent() *RequestUserAgent {
userAgent, sdkAgent := smithyhttp.NewUserAgentBuilder(), smithyhttp.NewUserAgentBuilder()
addProductName(userAgent)
addUserAgentMetadata(userAgent)
addProductName(sdkAgent)
r := &requestUserAgent{
r := &RequestUserAgent{
sdkAgent: sdkAgent,
userAgent: userAgent,
features: map[UserAgentFeature]struct{}{},
}
addSDKMetadata(r)
@@ -94,7 +133,7 @@ func newRequestUserAgent() *requestUserAgent {
return r
}
func addSDKMetadata(r *requestUserAgent) {
func addSDKMetadata(r *RequestUserAgent) {
r.AddSDKAgentKey(OperatingSystemMetadata, getNormalizedOSName())
r.AddSDKAgentKeyValue(LanguageMetadata, "go", languageVersion)
r.AddSDKAgentKeyValue(AdditionalMetadata, "GOOS", runtime.GOOS)
@@ -108,6 +147,10 @@ func addProductName(builder *smithyhttp.UserAgentBuilder) {
builder.AddKeyValue(aws.SDKName, aws.SDKVersion)
}
func addUserAgentMetadata(builder *smithyhttp.UserAgentBuilder) {
builder.AddKey(uaMetadata)
}
// AddUserAgentKey retrieves a requestUserAgent from the provided stack, or initializes one.
func AddUserAgentKey(key string) func(*middleware.Stack) error {
return func(stack *middleware.Stack) error {
@@ -162,18 +205,18 @@ func AddRequestUserAgentMiddleware(stack *middleware.Stack) error {
return err
}
func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error) {
id := (*requestUserAgent)(nil).ID()
func getOrAddRequestUserAgent(stack *middleware.Stack) (*RequestUserAgent, error) {
id := (*RequestUserAgent)(nil).ID()
bm, ok := stack.Build.Get(id)
if !ok {
bm = newRequestUserAgent()
bm = NewRequestUserAgent()
err := stack.Build.Add(bm, middleware.After)
if err != nil {
return nil, err
}
}
requestUserAgent, ok := bm.(*requestUserAgent)
requestUserAgent, ok := bm.(*RequestUserAgent)
if !ok {
return nil, fmt.Errorf("%T for %s middleware did not match expected type", bm, id)
}
@@ -182,34 +225,40 @@ func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error
}
// AddUserAgentKey adds the component identified by name to the User-Agent string.
func (u *requestUserAgent) AddUserAgentKey(key string) {
func (u *RequestUserAgent) AddUserAgentKey(key string) {
u.userAgent.AddKey(strings.Map(rules, key))
}
// AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
func (u *requestUserAgent) AddUserAgentKeyValue(key, value string) {
func (u *RequestUserAgent) AddUserAgentKeyValue(key, value string) {
u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
}
// AddUserAgentKey adds the component identified by name to the User-Agent string.
func (u *requestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
// AddUserAgentFeature adds the feature ID to the tracking list to be emitted
// in the final User-Agent string.
func (u *RequestUserAgent) AddUserAgentFeature(feature UserAgentFeature) {
u.features[feature] = struct{}{}
}
// AddSDKAgentKey adds the component identified by name to the User-Agent string.
func (u *RequestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
// TODO: should target sdkAgent
u.userAgent.AddKey(keyType.string() + "/" + strings.Map(rules, key))
}
// AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
func (u *requestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
// AddSDKAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
// TODO: should target sdkAgent
u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
}
// ID the name of the middleware.
func (u *requestUserAgent) ID() string {
func (u *RequestUserAgent) ID() string {
return "UserAgent"
}
// HandleBuild adds or appends the constructed user agent to the request.
func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
func (u *RequestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
) {
switch req := in.Request.(type) {
@@ -224,12 +273,15 @@ func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildI
return next.HandleBuild(ctx, in)
}
func (u *requestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
func (u *RequestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
const userAgent = "User-Agent"
if len(u.features) > 0 {
updateHTTPHeader(request, userAgent, buildFeatureMetrics(u.features))
}
updateHTTPHeader(request, userAgent, u.userAgent.Build())
}
func (u *requestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
func (u *RequestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
const sdkAgent = "X-Amz-User-Agent"
updateHTTPHeader(request, sdkAgent, u.sdkAgent.Build())
}
@@ -259,3 +311,13 @@ func rules(r rune) rune {
return '-'
}
}
func buildFeatureMetrics(features map[UserAgentFeature]struct{}) string {
fs := make([]string, 0, len(features))
for f := range features {
fs = append(fs, string(f))
}
sort.Strings(fs)
return fmt.Sprintf("%s/%s", FeatureMetadata2.string(), strings.Join(fs, ","))
}

29
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go generated vendored
View File

@@ -1,8 +1,8 @@
package query
import (
"fmt"
"net/url"
"strconv"
)
// Array represents the encoding of Query lists and sets. A Query array is a
@@ -21,19 +21,8 @@ type Array struct {
// keys for each element in the list. For example, an entry might have the
// key "ParentStructure.ListName.member.MemberName.1".
//
// While this is currently represented as a string that gets added to, it
// could also be represented as a stack that only gets condensed into a
// string when a finalized key is created. This could potentially reduce
// allocations.
// When the array is not flat the prefix will contain the memberName otherwise the memberName is ignored
prefix string
// Whether the list is flat or not. A list that is not flat will produce the
// following entry to the url.Values for a given entry:
// ListName.MemberName.1=value
// A list that is flat will produce the following:
// ListName.1=value
flat bool
// The location name of the member. In most cases this should be "member".
memberName string
// Elements are stored in values, so we keep track of the list size here.
size int32
// Empty lists are encoded as "<prefix>=", if we add a value later we will
@@ -45,11 +34,14 @@ func newArray(values url.Values, prefix string, flat bool, memberName string) *A
emptyValue := newValue(values, prefix, flat)
emptyValue.String("")
if !flat {
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
prefix = prefix + keySeparator + memberName
}
return &Array{
values: values,
prefix: prefix,
flat: flat,
memberName: memberName,
emptyValue: emptyValue,
}
}
@@ -63,10 +55,7 @@ func (a *Array) Value() Value {
// Query lists start a 1, so adjust the size first
a.size++
prefix := a.prefix
if !a.flat {
prefix = fmt.Sprintf("%s.%s", prefix, a.memberName)
}
// Lists can't have flat members
return newValue(a.values, fmt.Sprintf("%s.%d", prefix, a.size), false)
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
return newValue(a.values, a.prefix+keySeparator+strconv.FormatInt(int64(a.size), 10), false)
}

11
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go generated vendored
View File

@@ -1,9 +1,6 @@
package query
import (
"fmt"
"net/url"
)
import "net/url"
// Object represents the encoding of Query structures and unions. A Query
// object is a representation of a mapping of string keys to arbitrary
@@ -56,14 +53,16 @@ func (o *Object) FlatKey(name string) Value {
func (o *Object) key(name string, flatValue bool) Value {
if o.prefix != "" {
return newValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
return newValue(o.values, o.prefix+keySeparator+name, flatValue)
}
return newValue(o.values, name, flatValue)
}
func (o *Object) keyWithValues(name string, flatValue bool) Value {
if o.prefix != "" {
return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
return newAppendValue(o.values, o.prefix+keySeparator+name, flatValue)
}
return newAppendValue(o.values, name, flatValue)
}

2
vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go generated vendored
View File

@@ -7,6 +7,8 @@ import (
"github.com/aws/smithy-go/encoding/httpbinding"
)
const keySeparator = "."
// Value represents a Query Value type.
type Value struct {
// The query values to add the value to.

20
vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go generated vendored Normal file
View File

@@ -0,0 +1,20 @@
package ratelimit
import "context"
// None implements a no-op rate limiter which effectively disables client-side
// rate limiting (also known as "retry quotas").
//
// GetToken does nothing and always returns a nil error. The returned
// token-release function does nothing, and always returns a nil error.
//
// AddTokens does nothing and always returns a nil error.
var None = &none{}
type none struct{}
func (*none) GetToken(ctx context.Context, cost uint) (func() error, error) {
return func() error { return nil }, nil
}
func (*none) AddTokens(v uint) error { return nil }

51
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/attempt_metrics.go generated vendored Normal file
View File

@@ -0,0 +1,51 @@
package retry
import (
"context"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
)
type attemptMetrics struct {
Attempts metrics.Int64Counter
Errors metrics.Int64Counter
AttemptDuration metrics.Float64Histogram
}
func newAttemptMetrics(meter metrics.Meter) (*attemptMetrics, error) {
m := &attemptMetrics{}
var err error
m.Attempts, err = meter.Int64Counter("client.call.attempts", func(o *metrics.InstrumentOptions) {
o.UnitLabel = "{attempt}"
o.Description = "The number of attempts for an individual operation"
})
if err != nil {
return nil, err
}
m.Errors, err = meter.Int64Counter("client.call.errors", func(o *metrics.InstrumentOptions) {
o.UnitLabel = "{error}"
o.Description = "The number of errors for an operation"
})
if err != nil {
return nil, err
}
m.AttemptDuration, err = meter.Float64Histogram("client.call.attempt_duration", func(o *metrics.InstrumentOptions) {
o.UnitLabel = "s"
o.Description = "The time it takes to connect to the service, send the request, and get back HTTP status code and headers (including time queued waiting to be sent)"
})
if err != nil {
return nil, err
}
return m, nil
}
func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
return func(o *metrics.RecordMetricOptions) {
o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
}
}

94
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go generated vendored
View File

@@ -2,17 +2,22 @@ package retry
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
"strconv"
"strings"
"time"
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
"github.com/aws/smithy-go"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/internal/sdk"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/metrics"
smithymiddle "github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
"github.com/aws/smithy-go/transport/http"
)
@@ -35,10 +40,17 @@ type Attempt struct {
// attempts are reached.
LogAttempts bool
// A Meter instance for recording retry-related metrics.
OperationMeter metrics.Meter
retryer aws.RetryerV2
requestCloner RequestCloner
}
// define the threshold at which we will consider certain kind of errors to be probably
// caused by clock skew
const skewThreshold = 4 * time.Minute
// NewAttemptMiddleware returns a new Attempt retry middleware.
func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optFns ...func(*Attempt)) *Attempt {
m := &Attempt{
@@ -48,6 +60,10 @@ func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optF
for _, fn := range optFns {
fn(m)
}
if m.OperationMeter == nil {
m.OperationMeter = metrics.NopMeterProvider{}.Meter("")
}
return m
}
@@ -73,6 +89,11 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
maxAttempts := r.retryer.MaxAttempts()
releaseRetryToken := nopRelease
retryMetrics, err := newAttemptMetrics(r.OperationMeter)
if err != nil {
return out, metadata, err
}
for {
attemptNum++
attemptInput := in
@@ -86,8 +107,29 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
AttemptClockSkew: attemptClockSkew,
})
// Setting clock skew to be used on other context (like signing)
ctx = internalcontext.SetAttemptSkewContext(ctx, attemptClockSkew)
var attemptResult AttemptResult
attemptCtx, span := tracing.StartSpan(attemptCtx, "Attempt", func(o *tracing.SpanOptions) {
o.Properties.Set("operation.attempt", attemptNum)
})
retryMetrics.Attempts.Add(ctx, 1, withOperationMetadata(ctx))
start := sdk.NowTime()
out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
elapsed := sdk.NowTime().Sub(start)
retryMetrics.AttemptDuration.Record(ctx, float64(elapsed)/1e9, withOperationMetadata(ctx))
if err != nil {
retryMetrics.Errors.Add(ctx, 1, withOperationMetadata(ctx), func(o *metrics.RecordMetricOptions) {
o.Properties.Set("exception.type", errorType(err))
})
}
span.End()
attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
// AttemptResult Retried states that the attempt was not successful, and
@@ -185,6 +227,8 @@ func (r *Attempt) handleAttempt(
return out, attemptResult, nopRelease, err
}
err = wrapAsClockSkew(ctx, err)
//------------------------------
// Is Retryable and Should Retry
//------------------------------
@@ -226,13 +270,6 @@ func (r *Attempt) handleAttempt(
// that time. Potentially early exist if the sleep is canceled via the
// context.
retryDelay, reqErr := r.retryer.RetryDelay(attemptNum, err)
mctx := metrics.Context(ctx)
if mctx != nil {
attempt, err := mctx.Data().LatestAttempt()
if err != nil {
attempt.RetryDelay = retryDelay
}
}
if reqErr != nil {
return out, attemptResult, releaseRetryToken, reqErr
}
@@ -247,6 +284,37 @@ func (r *Attempt) handleAttempt(
return out, attemptResult, releaseRetryToken, err
}
// errors that, if detected when we know there's a clock skew,
// can be retried and have a high chance of success
var possibleSkewCodes = map[string]struct{}{
"InvalidSignatureException": {},
"SignatureDoesNotMatch": {},
"AuthFailure": {},
}
var definiteSkewCodes = map[string]struct{}{
"RequestExpired": {},
"RequestInTheFuture": {},
"RequestTimeTooSkewed": {},
}
// wrapAsClockSkew checks if this error could be related to a clock skew
// error and if so, wrap the error.
func wrapAsClockSkew(ctx context.Context, err error) error {
var v interface{ ErrorCode() string }
if !errors.As(err, &v) {
return err
}
if _, ok := definiteSkewCodes[v.ErrorCode()]; ok {
return &retryableClockSkewError{Err: err}
}
_, isPossibleSkewCode := possibleSkewCodes[v.ErrorCode()]
if skew := internalcontext.GetAttemptSkewContext(ctx); skew > skewThreshold && isPossibleSkewCode {
return &retryableClockSkewError{Err: err}
}
return err
}
// MetricsHeader attaches SDK request metric header for retries to the transport
type MetricsHeader struct{}
@@ -338,3 +406,13 @@ func AddRetryMiddlewares(stack *smithymiddle.Stack, options AddRetryMiddlewaresO
}
return nil
}
// Determines the value of exception.type for metrics purposes. We prefer an
// API-specific error code, otherwise it's just the Go type for the value.
func errorType(err error) string {
var terr smithy.APIError
if errors.As(err, &terr) {
return terr.ErrorCode()
}
return fmt.Sprintf("%T", err)
}

27
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go generated vendored
View File

@@ -2,6 +2,7 @@ package retry
import (
"errors"
"fmt"
"net"
"net/url"
"strings"
@@ -115,7 +116,13 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
case errors.As(err, &conErr) && conErr.ConnectionError():
retryable = true
case strings.Contains(err.Error(), "use of closed network connection"):
fallthrough
case strings.Contains(err.Error(), "connection reset"):
// The errors "connection reset" and "use of closed network connection"
// are effectively the same. It appears to be the difference between
// sync and async read of TCP RST in the stdlib's net.Conn read loop.
// see #2737
retryable = true
case errors.As(err, &urlErr):
@@ -199,3 +206,23 @@ func (r RetryableErrorCode) IsErrorRetryable(err error) aws.Ternary {
return aws.TrueTernary
}
// retryableClockSkewError marks errors that can be caused by clock skew
// (difference between server time and client time).
// This is returned when there's certain confidence that adjusting the client time
// could allow a retry to succeed
type retryableClockSkewError struct{ Err error }
func (e *retryableClockSkewError) Error() string {
return fmt.Sprintf("Probable clock skew error: %v", e.Err)
}
// Unwrap returns the wrapped error.
func (e *retryableClockSkewError) Unwrap() error {
return e.Err
}
// RetryableError allows the retryer to retry this request
func (e *retryableClockSkewError) RetryableError() bool {
return true
}

11
vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go generated vendored
View File

@@ -123,6 +123,17 @@ type StandardOptions struct {
// Provides the rate limiting strategy for rate limiting attempt retries
// across all attempts the retryer is being used with.
//
// A RateLimiter operates as a token bucket with a set capacity, where
// attempt failures events consume tokens. A retry attempt that attempts to
// consume more tokens than what's available results in operation failure.
// The default implementation is parameterized as follows:
// - a capacity of 500 (DefaultRetryRateTokens)
// - a retry caused by a timeout costs 10 tokens (DefaultRetryCost)
// - a retry caused by other errors costs 5 tokens (DefaultRetryTimeoutCost)
// - an operation that succeeds on the 1st attempt adds 1 token (DefaultNoRetryIncrement)
//
// You can disable rate limiting by setting this field to ratelimit.None.
RateLimiter RateLimiter
// The cost to deduct from the RateLimiter's token bucket per retry.

11
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go generated vendored
View File

@@ -4,10 +4,11 @@ package v4
var IgnoredHeaders = Rules{
ExcludeList{
MapRule{
"Authorization": struct{}{},
"User-Agent": struct{}{},
"X-Amzn-Trace-Id": struct{}{},
"Expect": struct{}{},
"Authorization": struct{}{},
"User-Agent": struct{}{},
"X-Amzn-Trace-Id": struct{}{},
"Expect": struct{}{},
"Transfer-Encoding": struct{}{},
},
},
}
@@ -38,7 +39,6 @@ var RequiredSignedHeaders = Rules{
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
"X-Amz-Expected-Bucket-Owner": struct{}{},
"X-Amz-Grant-Full-control": struct{}{},
"X-Amz-Grant-Read": struct{}{},
"X-Amz-Grant-Read-Acp": struct{}{},
@@ -46,7 +46,6 @@ var RequiredSignedHeaders = Rules{
"X-Amz-Grant-Write-Acp": struct{}{},
"X-Amz-Metadata-Directive": struct{}{},
"X-Amz-Mfa": struct{}{},
"X-Amz-Request-Payer": struct{}{},
"X-Amz-Server-Side-Encryption": struct{}{},
"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{},
"X-Amz-Server-Side-Encryption-Context": struct{}{},

86
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go generated vendored
View File

@@ -11,11 +11,11 @@ import (
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
"github.com/aws/aws-sdk-go-v2/internal/sdk"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@@ -85,12 +85,12 @@ func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
}
if req.IsHTTPS() {
return (&unsignedPayload{}).HandleFinalize(ctx, in, next)
return (&UnsignedPayload{}).HandleFinalize(ctx, in, next)
}
return (&computePayloadSHA256{}).HandleFinalize(ctx, in, next)
return (&ComputePayloadSHA256{}).HandleFinalize(ctx, in, next)
}
// unsignedPayload sets the SigV4 request payload hash to unsigned.
// UnsignedPayload sets the SigV4 request payload hash to unsigned.
//
// Will not set the Unsigned Payload magic SHA value, if a SHA has already been
// stored in the context. (e.g. application pre-computed SHA256 before making
@@ -98,21 +98,21 @@ func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
//
// This middleware does not check the X-Amz-Content-Sha256 header, if that
// header is serialized a middleware must translate it into the context.
type unsignedPayload struct{}
type UnsignedPayload struct{}
// AddUnsignedPayloadMiddleware adds unsignedPayload to the operation
// middleware stack
func AddUnsignedPayloadMiddleware(stack *middleware.Stack) error {
return stack.Finalize.Insert(&unsignedPayload{}, "ResolveEndpointV2", middleware.After)
return stack.Finalize.Insert(&UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
}
// ID returns the unsignedPayload identifier
func (m *unsignedPayload) ID() string {
func (m *UnsignedPayload) ID() string {
return computePayloadHashMiddlewareID
}
// HandleFinalize sets the payload hash magic value to the unsigned sentinel.
func (m *unsignedPayload) HandleFinalize(
func (m *UnsignedPayload) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -123,7 +123,7 @@ func (m *unsignedPayload) HandleFinalize(
return next.HandleFinalize(ctx, in)
}
// computePayloadSHA256 computes SHA256 payload hash to sign.
// ComputePayloadSHA256 computes SHA256 payload hash to sign.
//
// Will not set the Unsigned Payload magic SHA value, if a SHA has already been
// stored in the context. (e.g. application pre-computed SHA256 before making
@@ -131,12 +131,12 @@ func (m *unsignedPayload) HandleFinalize(
//
// This middleware does not check the X-Amz-Content-Sha256 header, if that
// header is serialized a middleware must translate it into the context.
type computePayloadSHA256 struct{}
type ComputePayloadSHA256 struct{}
// AddComputePayloadSHA256Middleware adds computePayloadSHA256 to the
// operation middleware stack
func AddComputePayloadSHA256Middleware(stack *middleware.Stack) error {
return stack.Finalize.Insert(&computePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
return stack.Finalize.Insert(&ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
}
// RemoveComputePayloadSHA256Middleware removes computePayloadSHA256 from the
@@ -147,13 +147,13 @@ func RemoveComputePayloadSHA256Middleware(stack *middleware.Stack) error {
}
// ID is the middleware name
func (m *computePayloadSHA256) ID() string {
func (m *ComputePayloadSHA256) ID() string {
return computePayloadHashMiddlewareID
}
// HandleFinalize computes the payload hash for the request, storing it to the
// context. This is a no-op if a caller has previously set that value.
func (m *computePayloadSHA256) HandleFinalize(
func (m *ComputePayloadSHA256) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -162,6 +162,9 @@ func (m *computePayloadSHA256) HandleFinalize(
return next.HandleFinalize(ctx, in)
}
_, span := tracing.StartSpan(ctx, "ComputePayloadSHA256")
defer span.End()
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &HashComputationError{
@@ -187,6 +190,7 @@ func (m *computePayloadSHA256) HandleFinalize(
ctx = SetPayloadHash(ctx, hex.EncodeToString(hash.Sum(nil)))
span.End()
return next.HandleFinalize(ctx, in)
}
@@ -196,35 +200,35 @@ func (m *computePayloadSHA256) HandleFinalize(
// Use this to disable computing the Payload SHA256 checksum and instead use
// UNSIGNED-PAYLOAD for the SHA256 value.
func SwapComputePayloadSHA256ForUnsignedPayloadMiddleware(stack *middleware.Stack) error {
_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &unsignedPayload{})
_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &UnsignedPayload{})
return err
}
// contentSHA256Header sets the X-Amz-Content-Sha256 header value to
// ContentSHA256Header sets the X-Amz-Content-Sha256 header value to
// the Payload hash stored in the context.
type contentSHA256Header struct{}
type ContentSHA256Header struct{}
// AddContentSHA256HeaderMiddleware adds ContentSHA256Header to the
// operation middleware stack
func AddContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
return stack.Finalize.Insert(&contentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
return stack.Finalize.Insert(&ContentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
}
// RemoveContentSHA256HeaderMiddleware removes contentSHA256Header middleware
// from the operation middleware stack
func RemoveContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
_, err := stack.Finalize.Remove((*contentSHA256Header)(nil).ID())
_, err := stack.Finalize.Remove((*ContentSHA256Header)(nil).ID())
return err
}
// ID returns the ContentSHA256HeaderMiddleware identifier
func (m *contentSHA256Header) ID() string {
func (m *ContentSHA256Header) ID() string {
return "SigV4ContentSHA256Header"
}
// HandleFinalize sets the X-Amz-Content-Sha256 header value to the Payload hash
// stored in the context.
func (m *contentSHA256Header) HandleFinalize(
func (m *ContentSHA256Header) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -301,22 +305,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")}
}
mctx := metrics.Context(ctx)
if mctx != nil {
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
attempt.CredentialFetchStartTime = sdk.NowTime()
}
}
credentials, err := s.credentialsProvider.Retrieve(ctx)
if mctx != nil {
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
attempt.CredentialFetchEndTime = sdk.NowTime()
}
}
if err != nil {
return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
}
@@ -337,20 +326,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
})
}
if mctx != nil {
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
attempt.SignStartTime = sdk.NowTime()
}
}
err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...)
if mctx != nil {
if attempt, err := mctx.Data().LatestAttempt(); err == nil {
attempt.SignEndTime = sdk.NowTime()
}
}
if err != nil {
return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
}
@@ -360,18 +336,21 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
return next.HandleFinalize(ctx, in)
}
type streamingEventsPayload struct{}
// StreamingEventsPayload signs input event stream messages.
type StreamingEventsPayload struct{}
// AddStreamingEventsPayload adds the streamingEventsPayload middleware to the stack.
func AddStreamingEventsPayload(stack *middleware.Stack) error {
return stack.Finalize.Add(&streamingEventsPayload{}, middleware.Before)
return stack.Finalize.Add(&StreamingEventsPayload{}, middleware.Before)
}
func (s *streamingEventsPayload) ID() string {
// ID identifies the middleware.
func (s *StreamingEventsPayload) ID() string {
return computePayloadHashMiddlewareID
}
func (s *streamingEventsPayload) HandleFinalize(
// HandleFinalize marks the input stream to be signed with SigV4.
func (s *StreamingEventsPayload) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -393,8 +372,9 @@ func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
const authHeaderSignatureElem = "Signature="
if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
ps := strings.Split(auth, ", ")
ps := strings.Split(auth, ",")
for _, p := range ps {
p = strings.TrimSpace(p)
if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
sig := p[len(authHeaderSignatureElem):]
if len(sig) == 0 {

66
vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go generated vendored
View File

@@ -1,48 +1,41 @@
// Package v4 implements signing for AWS V4 signer
// Package v4 implements the AWS signature version 4 algorithm (commonly known
// as SigV4).
//
// Provides request signing for request that need to be signed with
// AWS V4 Signatures.
// For more information about SigV4, see [Signing AWS API requests] in the IAM
// user guide.
//
// # Standalone Signer
// While this implementation CAN work in an external context, it is developed
// primarily for SDK use and you may encounter fringe behaviors around header
// canonicalization.
//
// Generally using the signer outside of the SDK should not require any additional
// # Pre-escaping a request URI
//
// The signer does this by taking advantage of the URL.EscapedPath method. If your request URI requires
// AWS v4 signature validation requires that the canonical string's URI path
// component must be the escaped form of the HTTP request's path.
//
// additional escaping you many need to use the URL.Opaque to define what the raw URI should be sent
// to the service as.
// The Go HTTP client will perform escaping automatically on the HTTP request.
// This may cause signature validation errors because the request differs from
// the URI path or query from which the signature was generated.
//
// The signer will first check the URL.Opaque field, and use its value if set.
// The signer does require the URL.Opaque field to be set in the form of:
// Because of this, we recommend that you explicitly escape the request when
// using this signer outside of the SDK to prevent possible signature mismatch.
// This can be done by setting URL.Opaque on the request. The signer will
// prefer that value, falling back to the return of URL.EscapedPath if unset.
//
// When setting URL.Opaque you must do so in the form of:
//
// "//<hostname>/<path>"
//
// // e.g.
// "//example.com/some/path"
//
// The leading "//" and hostname are required or the URL.Opaque escaping will
// not work correctly.
// The leading "//" and hostname are required or the escaping will not work
// correctly.
//
// If URL.Opaque is not set the signer will fallback to the URL.EscapedPath()
// method and using the returned value.
// The TestStandaloneSign unit test provides a complete example of using the
// signer outside of the SDK and pre-escaping the URI path.
//
// AWS v4 signature validation requires that the canonical string's URI path
// element must be the URI escaped form of the HTTP request's path.
// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
//
// The Go HTTP client will perform escaping automatically on the request. Some
// of these escaping may cause signature validation errors because the HTTP
// request differs from the URI path or query that the signature was generated.
// https://golang.org/pkg/net/url/#URL.EscapedPath
//
// Because of this, it is recommended that when using the signer outside of the
// SDK that explicitly escaping the request prior to being signed is preferable,
// and will help prevent signature validation errors. This can be done by setting
// the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
// call URL.EscapedPath() if Opaque is not set.
//
// Test `TestStandaloneSign` provides a complete example of using the signer
// outside of the SDK and pre-escaping the URI path.
// [Signing AWS API requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
package v4
import (
@@ -401,7 +394,18 @@ func (s *httpSigner) buildCredentialScope() string {
func buildQuery(r v4Internal.Rule, header http.Header) (url.Values, http.Header) {
query := url.Values{}
unsignedHeaders := http.Header{}
// A list of headers to be converted to lower case to mitigate a limitation from S3
lowerCaseHeaders := map[string]string{
"X-Amz-Expected-Bucket-Owner": "x-amz-expected-bucket-owner", // see #2508
"X-Amz-Request-Payer": "x-amz-request-payer", // see #2764
}
for k, h := range header {
if newKey, ok := lowerCaseHeaders[k]; ok {
k = newKey
}
if r.IsValid(k) {
query[k] = h
} else {

36
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go generated vendored
View File

@@ -1,13 +1,16 @@
package http
import (
"context"
"crypto/tls"
"github.com/aws/aws-sdk-go-v2/aws"
"net"
"net/http"
"reflect"
"sync"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/smithy-go/tracing"
)
// Defaults for the HTTPTransportBuilder.
@@ -179,7 +182,7 @@ func defaultHTTPTransport() *http.Transport {
tr := &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: dialer.DialContext,
DialContext: traceDialContext(dialer.DialContext),
TLSHandshakeTimeout: DefaultHTTPTransportTLSHandleshakeTimeout,
MaxIdleConns: DefaultHTTPTransportMaxIdleConns,
MaxIdleConnsPerHost: DefaultHTTPTransportMaxIdleConnsPerHost,
@@ -194,6 +197,35 @@ func defaultHTTPTransport() *http.Transport {
return tr
}
type dialContext func(ctx context.Context, network, addr string) (net.Conn, error)
func traceDialContext(dc dialContext) dialContext {
return func(ctx context.Context, network, addr string) (net.Conn, error) {
span, _ := tracing.GetSpan(ctx)
span.SetProperty("net.peer.name", addr)
conn, err := dc(ctx, network, addr)
if err != nil {
return conn, err
}
raddr := conn.RemoteAddr()
if raddr == nil {
return conn, err
}
host, port, err := net.SplitHostPort(raddr.String())
if err != nil { // don't blow up just because we couldn't parse
span.SetProperty("net.peer.addr", raddr.String())
} else {
span.SetProperty("net.peer.host", host)
span.SetProperty("net.peer.port", port)
}
return conn, err
}
}
// shallowCopyStruct creates a shallow copy of the passed in source struct, and
// returns that copy of the same struct type.
func shallowCopyStruct(src interface{}) interface{} {

10
vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error_middleware.go generated vendored
View File

@@ -12,18 +12,20 @@ import (
func AddResponseErrorMiddleware(stack *middleware.Stack) error {
// add error wrapper middleware before request id retriever middleware so that it can wrap the error response
// returned by operation deserializers
return stack.Deserialize.Insert(&responseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
return stack.Deserialize.Insert(&ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
}
type responseErrorWrapper struct {
// ResponseErrorWrapper wraps operation errors with ResponseError.
type ResponseErrorWrapper struct {
}
// ID returns the middleware identifier
func (m *responseErrorWrapper) ID() string {
func (m *ResponseErrorWrapper) ID() string {
return "ResponseErrorWrapper"
}
func (m *responseErrorWrapper) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
// HandleDeserialize wraps the stack error with smithyhttp.ResponseError.
func (m *ResponseErrorWrapper) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
) {
out, metadata, err = next.HandleDeserialize(ctx, in)

262
vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,265 @@
# v1.29.5 (2025-02-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.4 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.3 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.2 (2025-01-24)
* **Bug Fix**: Fix env config naming and usage of deprecated ioutil
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.29.1 (2025-01-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.0 (2025-01-15)
* **Feature**: S3 client behavior is updated to always calculate a checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). The checksum algorithm used by default now becomes CRC32. Checksum behavior can be configured using `when_supported` and `when_required` options - in code using RequestChecksumCalculation, in shared config using request_checksum_calculation, or as env variable using AWS_REQUEST_CHECKSUM_CALCULATION. The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using `when_supported` and `when_required` options - in code using ResponseChecksumValidation, in shared config using response_checksum_validation, or as env variable using AWS_RESPONSE_CHECKSUM_VALIDATION.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.11 (2025-01-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.10 (2025-01-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.9 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.8 (2025-01-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.7 (2024-12-19)
* **Bug Fix**: Fix improper use of printf-style functions.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.6 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.5 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.4 (2024-11-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.3 (2024-11-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.2 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.1 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.0 (2024-10-16)
* **Feature**: Adds the LoadOptions hook `WithBaseEndpoint` for setting global endpoint override in-code.
# v1.27.43 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.42 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.41 (2024-10-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.40 (2024-10-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.39 (2024-09-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.38 (2024-09-25)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.37 (2024-09-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.36 (2024-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.35 (2024-09-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.34 (2024-09-16)
* **Bug Fix**: Read `AWS_CONTAINER_CREDENTIALS_FULL_URI` env variable if set when reading a profile with `credential_source`. Also ensure `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` is always read before it
# v1.27.33 (2024-09-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.32 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.31 (2024-08-26)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.30 (2024-08-23)
* **Bug Fix**: Don't fail credentials unit tests if credentials are found on a file
# v1.27.29 (2024-08-22)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.28 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.27 (2024-07-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.26 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.25 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.24 (2024-07-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.23 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.22 (2024-06-26)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.21 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.20 (2024-06-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.19 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.18 (2024-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.17 (2024-06-03)
* **Documentation**: Add deprecation docs to global endpoint resolution interfaces. These APIs were previously deprecated with the introduction of service-specific endpoint resolution (EndpointResolverV2 and BaseEndpoint on service client options).
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.16 (2024-05-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.15 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.14 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.13 (2024-05-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.12 (2024-05-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.11 (2024-04-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.10 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.9 (2024-03-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.8 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.7 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.6 (2024-03-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.5 (2024-03-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.4 (2024-02-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.3 (2024-02-22)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.2 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.1 (2024-02-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.6 (2024-01-22)
* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.5 (2024-01-18)
* **Dependency Update**: Updated to the latest SDK module versions

11
vendor/github.com/aws/aws-sdk-go-v2/config/config.go generated vendored
View File

@@ -80,6 +80,15 @@ var defaultAWSConfigResolvers = []awsConfigResolver{
// Sets the RequestMinCompressSizeBytes if present in env var or shared config profile
resolveRequestMinCompressSizeBytes,
// Sets the AccountIDEndpointMode if present in env var or shared config profile
resolveAccountIDEndpointMode,
// Sets the RequestChecksumCalculation if present in env var or shared config profile
resolveRequestChecksumCalculation,
// Sets the ResponseChecksumValidation if present in env var or shared config profile
resolveResponseChecksumValidation,
}
// A Config represents a generic configuration value or set of values. This type
@@ -209,7 +218,7 @@ func resolveConfigLoaders(options *LoadOptions) []loader {
loaders[0] = loadEnvConfig
// specification of a profile should cause a load failure if it doesn't exist
if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" {
if os.Getenv(awsProfileEnv) != "" || options.SharedConfigProfile != "" {
loaders[1] = loadSharedConfig
} else {
loaders[1] = loadSharedConfigIgnoreNotExist

245
vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go generated vendored
View File

@@ -5,7 +5,6 @@ import (
"context"
"fmt"
"io"
"io/ioutil"
"os"
"strconv"
"strings"
@@ -21,83 +20,89 @@ const CredentialsSourceName = "EnvConfigCredentials"
// Environment variables that will be read for configuration values.
const (
awsAccessKeyIDEnvVar = "AWS_ACCESS_KEY_ID"
awsAccessKeyEnvVar = "AWS_ACCESS_KEY"
awsAccessKeyIDEnv = "AWS_ACCESS_KEY_ID"
awsAccessKeyEnv = "AWS_ACCESS_KEY"
awsSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY"
awsSecretKeyEnvVar = "AWS_SECRET_KEY"
awsSecretAccessKeyEnv = "AWS_SECRET_ACCESS_KEY"
awsSecretKeyEnv = "AWS_SECRET_KEY"
awsSessionTokenEnvVar = "AWS_SESSION_TOKEN"
awsSessionTokenEnv = "AWS_SESSION_TOKEN"
awsContainerCredentialsEndpointEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
awsContainerCredentialsRelativePathEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
awsContainerPProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
awsContainerCredentialsFullURIEnv = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
awsContainerCredentialsRelativeURIEnv = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
awsContainerAuthorizationTokenEnv = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
awsRegionEnvVar = "AWS_REGION"
awsDefaultRegionEnvVar = "AWS_DEFAULT_REGION"
awsRegionEnv = "AWS_REGION"
awsDefaultRegionEnv = "AWS_DEFAULT_REGION"
awsProfileEnvVar = "AWS_PROFILE"
awsDefaultProfileEnvVar = "AWS_DEFAULT_PROFILE"
awsProfileEnv = "AWS_PROFILE"
awsDefaultProfileEnv = "AWS_DEFAULT_PROFILE"
awsSharedCredentialsFileEnvVar = "AWS_SHARED_CREDENTIALS_FILE"
awsSharedCredentialsFileEnv = "AWS_SHARED_CREDENTIALS_FILE"
awsConfigFileEnvVar = "AWS_CONFIG_FILE"
awsConfigFileEnv = "AWS_CONFIG_FILE"
awsCustomCABundleEnvVar = "AWS_CA_BUNDLE"
awsCABundleEnv = "AWS_CA_BUNDLE"
awsWebIdentityTokenFilePathEnvVar = "AWS_WEB_IDENTITY_TOKEN_FILE"
awsWebIdentityTokenFileEnv = "AWS_WEB_IDENTITY_TOKEN_FILE"
awsRoleARNEnvVar = "AWS_ROLE_ARN"
awsRoleSessionNameEnvVar = "AWS_ROLE_SESSION_NAME"
awsRoleARNEnv = "AWS_ROLE_ARN"
awsRoleSessionNameEnv = "AWS_ROLE_SESSION_NAME"
awsEnableEndpointDiscoveryEnvVar = "AWS_ENABLE_ENDPOINT_DISCOVERY"
awsEnableEndpointDiscoveryEnv = "AWS_ENABLE_ENDPOINT_DISCOVERY"
awsS3UseARNRegionEnvVar = "AWS_S3_USE_ARN_REGION"
awsS3UseARNRegionEnv = "AWS_S3_USE_ARN_REGION"
awsEc2MetadataServiceEndpointModeEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
awsEc2MetadataServiceEndpointModeEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
awsEc2MetadataServiceEndpointEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
awsEc2MetadataServiceEndpointEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
awsEc2MetadataDisabled = "AWS_EC2_METADATA_DISABLED"
awsEc2MetadataV1DisabledEnvVar = "AWS_EC2_METADATA_V1_DISABLED"
awsEc2MetadataDisabledEnv = "AWS_EC2_METADATA_DISABLED"
awsEc2MetadataV1DisabledEnv = "AWS_EC2_METADATA_V1_DISABLED"
awsS3DisableMultiRegionAccessPointEnvVar = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
awsS3DisableMultiRegionAccessPointsEnv = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
awsUseDualStackEndpoint = "AWS_USE_DUALSTACK_ENDPOINT"
awsUseDualStackEndpointEnv = "AWS_USE_DUALSTACK_ENDPOINT"
awsUseFIPSEndpoint = "AWS_USE_FIPS_ENDPOINT"
awsUseFIPSEndpointEnv = "AWS_USE_FIPS_ENDPOINT"
awsDefaultMode = "AWS_DEFAULTS_MODE"
awsDefaultsModeEnv = "AWS_DEFAULTS_MODE"
awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS"
awsRetryMode = "AWS_RETRY_MODE"
awsSdkAppID = "AWS_SDK_UA_APP_ID"
awsMaxAttemptsEnv = "AWS_MAX_ATTEMPTS"
awsRetryModeEnv = "AWS_RETRY_MODE"
awsSdkUaAppIDEnv = "AWS_SDK_UA_APP_ID"
awsIgnoreConfiguredEndpoints = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS"
awsEndpointURL = "AWS_ENDPOINT_URL"
awsIgnoreConfiguredEndpointURLEnv = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS"
awsEndpointURLEnv = "AWS_ENDPOINT_URL"
awsDisableRequestCompression = "AWS_DISABLE_REQUEST_COMPRESSION"
awsRequestMinCompressionSizeBytes = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
awsDisableRequestCompressionEnv = "AWS_DISABLE_REQUEST_COMPRESSION"
awsRequestMinCompressionSizeBytesEnv = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
awsS3DisableExpressSessionAuthEnv = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"
awsAccountIDEnv = "AWS_ACCOUNT_ID"
awsAccountIDEndpointModeEnv = "AWS_ACCOUNT_ID_ENDPOINT_MODE"
awsRequestChecksumCalculation = "AWS_REQUEST_CHECKSUM_CALCULATION"
awsResponseChecksumValidation = "AWS_RESPONSE_CHECKSUM_VALIDATION"
)
var (
credAccessEnvKeys = []string{
awsAccessKeyIDEnvVar,
awsAccessKeyEnvVar,
awsAccessKeyIDEnv,
awsAccessKeyEnv,
}
credSecretEnvKeys = []string{
awsSecretAccessKeyEnvVar,
awsSecretKeyEnvVar,
awsSecretAccessKeyEnv,
awsSecretKeyEnv,
}
regionEnvKeys = []string{
awsRegionEnvVar,
awsDefaultRegionEnvVar,
awsRegionEnv,
awsDefaultRegionEnv,
}
profileEnvKeys = []string{
awsProfileEnvVar,
awsDefaultProfileEnvVar,
awsProfileEnv,
awsDefaultProfileEnv,
}
)
@@ -290,6 +295,15 @@ type EnvConfig struct {
// will only bypass the modified endpoint routing and signing behaviors
// associated with the feature.
S3DisableExpressAuth *bool
// Indicates whether account ID will be required/ignored in endpoint2.0 routing
AccountIDEndpointMode aws.AccountIDEndpointMode
// Indicates whether request checksum should be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// Indicates whether response checksum should be validated
ResponseChecksumValidation aws.ResponseChecksumValidation
}
// loadEnvConfig reads configuration values from the OS's environment variables.
@@ -309,79 +323,80 @@ func NewEnvConfig() (EnvConfig, error) {
setStringFromEnvVal(&creds.AccessKeyID, credAccessEnvKeys)
setStringFromEnvVal(&creds.SecretAccessKey, credSecretEnvKeys)
if creds.HasKeys() {
creds.SessionToken = os.Getenv(awsSessionTokenEnvVar)
creds.AccountID = os.Getenv(awsAccountIDEnv)
creds.SessionToken = os.Getenv(awsSessionTokenEnv)
cfg.Credentials = creds
}
cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsEndpointEnvVar)
cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativePathEnvVar)
cfg.ContainerAuthorizationToken = os.Getenv(awsContainerPProviderAuthorizationEnvVar)
cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsFullURIEnv)
cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativeURIEnv)
cfg.ContainerAuthorizationToken = os.Getenv(awsContainerAuthorizationTokenEnv)
setStringFromEnvVal(&cfg.Region, regionEnvKeys)
setStringFromEnvVal(&cfg.SharedConfigProfile, profileEnvKeys)
cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnvVar)
cfg.SharedConfigFile = os.Getenv(awsConfigFileEnvVar)
cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnv)
cfg.SharedConfigFile = os.Getenv(awsConfigFileEnv)
cfg.CustomCABundle = os.Getenv(awsCustomCABundleEnvVar)
cfg.CustomCABundle = os.Getenv(awsCABundleEnv)
cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFilePathEnvVar)
cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFileEnv)
cfg.RoleARN = os.Getenv(awsRoleARNEnvVar)
cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar)
cfg.RoleARN = os.Getenv(awsRoleARNEnv)
cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnv)
cfg.AppID = os.Getenv(awsSdkAppID)
cfg.AppID = os.Getenv(awsSdkUaAppIDEnv)
if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompression}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompressionEnv}); err != nil {
return cfg, err
}
if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytes}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil {
if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytesEnv}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil {
return cfg, err
}
if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil {
if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnv}); err != nil {
return cfg, err
}
if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnvVar}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnv}); err != nil {
return cfg, err
}
setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabled})
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnvVar}); err != nil {
setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabledEnv})
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnv}); err != nil {
return cfg, err
}
cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnvVar)
if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnvVar}); err != nil {
cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnv)
if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnv}); err != nil {
return cfg, err
}
if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointEnvVar}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointsEnv}); err != nil {
return cfg, err
}
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpoint}); err != nil {
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpointEnv}); err != nil {
return cfg, err
}
if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpoint}); err != nil {
if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpointEnv}); err != nil {
return cfg, err
}
if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultMode}); err != nil {
if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultsModeEnv}); err != nil {
return cfg, err
}
if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsRetryMaxAttempts}); err != nil {
if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsMaxAttemptsEnv}); err != nil {
return cfg, err
}
if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryMode}); err != nil {
if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryModeEnv}); err != nil {
return cfg, err
}
setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURL})
setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURLEnv})
if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpoints}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpointURLEnv}); err != nil {
return cfg, err
}
@@ -389,6 +404,17 @@ func NewEnvConfig() (EnvConfig, error) {
return cfg, err
}
if err := setAIDEndPointModeFromEnvVal(&cfg.AccountIDEndpointMode, []string{awsAccountIDEndpointModeEnv}); err != nil {
return cfg, err
}
if err := setRequestChecksumCalculationFromEnvVal(&cfg.RequestChecksumCalculation, []string{awsRequestChecksumCalculation}); err != nil {
return cfg, err
}
if err := setResponseChecksumValidationFromEnvVal(&cfg.ResponseChecksumValidation, []string{awsResponseChecksumValidation}); err != nil {
return cfg, err
}
return cfg, nil
}
@@ -417,6 +443,18 @@ func (c EnvConfig) getRequestMinCompressSizeBytes(context.Context) (int64, bool,
return *c.RequestMinCompressSizeBytes, true, nil
}
func (c EnvConfig) getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpointMode, bool, error) {
return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
}
func (c EnvConfig) getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error) {
return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil
}
func (c EnvConfig) getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error) {
return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil
}
// GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
// and not 0.
func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
@@ -491,6 +529,67 @@ func setEC2IMDSEndpointMode(mode *imds.EndpointModeState, keys []string) error {
return nil
}
func setAIDEndPointModeFromEnvVal(m *aws.AccountIDEndpointMode, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch value {
case "preferred":
*m = aws.AccountIDEndpointModePreferred
case "required":
*m = aws.AccountIDEndpointModeRequired
case "disabled":
*m = aws.AccountIDEndpointModeDisabled
default:
return fmt.Errorf("invalid value for environment variable, %s=%s, must be preferred/required/disabled", k, value)
}
break
}
return nil
}
func setRequestChecksumCalculationFromEnvVal(m *aws.RequestChecksumCalculation, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch strings.ToLower(value) {
case checksumWhenSupported:
*m = aws.RequestChecksumCalculationWhenSupported
case checksumWhenRequired:
*m = aws.RequestChecksumCalculationWhenRequired
default:
return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value)
}
}
return nil
}
func setResponseChecksumValidationFromEnvVal(m *aws.ResponseChecksumValidation, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch strings.ToLower(value) {
case checksumWhenSupported:
*m = aws.ResponseChecksumValidationWhenSupported
case checksumWhenRequired:
*m = aws.ResponseChecksumValidationWhenRequired
default:
return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value)
}
}
return nil
}
// GetRegion returns the AWS Region if set in the environment. Returns an empty
// string if not set.
func (c EnvConfig) getRegion(ctx context.Context) (string, bool, error) {
@@ -547,7 +646,7 @@ func (c EnvConfig) getCustomCABundle(context.Context) (io.Reader, bool, error) {
return nil, false, nil
}
b, err := ioutil.ReadFile(c.CustomCABundle)
b, err := os.ReadFile(c.CustomCABundle)
if err != nil {
return nil, false, err
}
@@ -571,7 +670,7 @@ func (c EnvConfig) getBaseEndpoint(context.Context) (string, bool, error) {
// GetServiceBaseEndpoint is used to retrieve a normalized SDK ID for use
// with configured endpoints.
func (c EnvConfig) GetServiceBaseEndpoint(ctx context.Context, sdkID string) (string, bool, error) {
if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURL, normalizeEnv(sdkID))); endpt != "" {
if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURLEnv, normalizeEnv(sdkID))); endpt != "" {
return endpt, true, nil
}
return "", false, nil

2
vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package config
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.26.5"
const goModuleVersion = "1.29.5"

97
vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go generated vendored
View File

@@ -215,6 +215,19 @@ type LoadOptions struct {
// Whether S3 Express auth is disabled.
S3DisableExpressAuth *bool
// Whether account id should be built into endpoint resolution
AccountIDEndpointMode aws.AccountIDEndpointMode
// Specify if request checksum should be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// Specifies if response checksum should be validated
ResponseChecksumValidation aws.ResponseChecksumValidation
// Service endpoint override. This value is not necessarily final and is
// passed to the service's EndpointResolverV2 for further delegation.
BaseEndpoint string
}
func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) {
@@ -278,6 +291,31 @@ func (o LoadOptions) getRequestMinCompressSizeBytes(ctx context.Context) (int64,
return *o.RequestMinCompressSizeBytes, true, nil
}
func (o LoadOptions) getAccountIDEndpointMode(ctx context.Context) (aws.AccountIDEndpointMode, bool, error) {
return o.AccountIDEndpointMode, len(o.AccountIDEndpointMode) > 0, nil
}
func (o LoadOptions) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) {
return o.RequestChecksumCalculation, o.RequestChecksumCalculation > 0, nil
}
func (o LoadOptions) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) {
return o.ResponseChecksumValidation, o.ResponseChecksumValidation > 0, nil
}
func (o LoadOptions) getBaseEndpoint(context.Context) (string, bool, error) {
return o.BaseEndpoint, o.BaseEndpoint != "", nil
}
// GetServiceBaseEndpoint satisfies (internal/configsources).ServiceBaseEndpointProvider.
//
// The sdkID value is unused because LoadOptions only supports setting a GLOBAL
// endpoint override. In-code, per-service endpoint overrides are performed via
// functional options in service client space.
func (o LoadOptions) GetServiceBaseEndpoint(context.Context, string) (string, bool, error) {
return o.BaseEndpoint, o.BaseEndpoint != "", nil
}
// WithRegion is a helper function to construct functional options
// that sets Region on config's LoadOptions. Setting the region to
// an empty string, will result in the region value being ignored.
@@ -323,6 +361,37 @@ func WithRequestMinCompressSizeBytes(RequestMinCompressSizeBytes *int64) LoadOpt
}
}
// WithAccountIDEndpointMode is a helper function to construct functional options
// that sets AccountIDEndpointMode on config's LoadOptions
func WithAccountIDEndpointMode(m aws.AccountIDEndpointMode) LoadOptionsFunc {
return func(o *LoadOptions) error {
if m != "" {
o.AccountIDEndpointMode = m
}
return nil
}
}
// WithRequestChecksumCalculation is a helper function to construct functional options
// that sets RequestChecksumCalculation on config's LoadOptions
func WithRequestChecksumCalculation(c aws.RequestChecksumCalculation) LoadOptionsFunc {
return func(o *LoadOptions) error {
if c > 0 {
o.RequestChecksumCalculation = c
}
return nil
}
}
// WithResponseChecksumValidation is a helper function to construct functional options
// that sets ResponseChecksumValidation on config's LoadOptions
func WithResponseChecksumValidation(v aws.ResponseChecksumValidation) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.ResponseChecksumValidation = v
return nil
}
}
// getDefaultRegion returns DefaultRegion from config's LoadOptions
func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) {
if len(o.DefaultRegion) == 0 {
@@ -824,7 +893,14 @@ func (o LoadOptions) getEndpointResolver(ctx context.Context) (aws.EndpointResol
// the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
// are made, the last call overrides the previous call values.
//
// Deprecated: See WithEndpointResolverWithOptions
// Deprecated: The global endpoint resolution interface is deprecated. The API
// for endpoint resolution is now unique to each service and is set via the
// EndpointResolverV2 field on service client options. Use of
// WithEndpointResolver or WithEndpointResolverWithOptions will prevent you
// from using any endpoint-related service features released after the
// introduction of EndpointResolverV2. You may also encounter broken or
// unexpected behavior when using the old global interface with services that
// use many endpoint-related customizations such as S3.
func WithEndpointResolver(v aws.EndpointResolver) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EndpointResolver = v
@@ -844,6 +920,9 @@ func (o LoadOptions) getEndpointResolverWithOptions(ctx context.Context) (aws.En
// that sets the EndpointResolverWithOptions on LoadOptions. If the EndpointResolverWithOptions is set to nil,
// the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
// are made, the last call overrides the previous call values.
//
// Deprecated: The global endpoint resolution interface is deprecated. See
// deprecation docs on [WithEndpointResolver].
func WithEndpointResolverWithOptions(v aws.EndpointResolverWithOptions) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.EndpointResolverWithOptions = v
@@ -1112,3 +1191,19 @@ func WithS3DisableExpressAuth(v bool) LoadOptionsFunc {
return nil
}
}
// WithBaseEndpoint is a helper function to construct functional options that
// sets BaseEndpoint on config's LoadOptions. Empty values have no effect, and
// subsequent calls to this API override previous ones.
//
// This is an in-code setting, therefore, any value set using this hook takes
// precedence over and will override ALL environment and shared config
// directives that set endpoint URLs. Functional options on service clients
// have higher specificity, and functional options that modify the value of
// BaseEndpoint on a client will take precedence over this setting.
func WithBaseEndpoint(v string) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.BaseEndpoint = v
return nil
}
}

51
vendor/github.com/aws/aws-sdk-go-v2/config/provider.go generated vendored
View File

@@ -225,6 +225,57 @@ func getRequestMinCompressSizeBytes(ctx context.Context, configs configs) (value
return
}
// accountIDEndpointModeProvider provides access to the AccountIDEndpointMode
type accountIDEndpointModeProvider interface {
getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpointMode, bool, error)
}
func getAccountIDEndpointMode(ctx context.Context, configs configs) (value aws.AccountIDEndpointMode, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(accountIDEndpointModeProvider); ok {
value, found, err = p.getAccountIDEndpointMode(ctx)
if err != nil || found {
break
}
}
}
return
}
// requestChecksumCalculationProvider provides access to the RequestChecksumCalculation
type requestChecksumCalculationProvider interface {
getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error)
}
func getRequestChecksumCalculation(ctx context.Context, configs configs) (value aws.RequestChecksumCalculation, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(requestChecksumCalculationProvider); ok {
value, found, err = p.getRequestChecksumCalculation(ctx)
if err != nil || found {
break
}
}
}
return
}
// responseChecksumValidationProvider provides access to the ResponseChecksumValidation
type responseChecksumValidationProvider interface {
getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error)
}
func getResponseChecksumValidation(ctx context.Context, configs configs) (value aws.ResponseChecksumValidation, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(responseChecksumValidationProvider); ok {
value, found, err = p.getResponseChecksumValidation(ctx)
if err != nil || found {
break
}
}
}
return
}
// ec2IMDSRegionProvider provides access to the ec2 imds region
// configuration value
type ec2IMDSRegionProvider interface {

46
vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go generated vendored
View File

@@ -166,6 +166,52 @@ func resolveRequestMinCompressSizeBytes(ctx context.Context, cfg *aws.Config, co
return nil
}
// resolveAccountIDEndpointMode extracts the AccountIDEndpointMode from the configs slice's
// SharedConfig or EnvConfig
func resolveAccountIDEndpointMode(ctx context.Context, cfg *aws.Config, configs configs) error {
m, found, err := getAccountIDEndpointMode(ctx, configs)
if err != nil {
return err
}
if !found {
m = aws.AccountIDEndpointModePreferred
}
cfg.AccountIDEndpointMode = m
return nil
}
// resolveRequestChecksumCalculation extracts the RequestChecksumCalculation from the configs slice's
// SharedConfig or EnvConfig
func resolveRequestChecksumCalculation(ctx context.Context, cfg *aws.Config, configs configs) error {
c, found, err := getRequestChecksumCalculation(ctx, configs)
if err != nil {
return err
}
if !found {
c = aws.RequestChecksumCalculationWhenSupported
}
cfg.RequestChecksumCalculation = c
return nil
}
// resolveResponseValidation extracts the ResponseChecksumValidation from the configs slice's
// SharedConfig or EnvConfig
func resolveResponseChecksumValidation(ctx context.Context, cfg *aws.Config, configs configs) error {
c, found, err := getResponseChecksumValidation(ctx, configs)
if err != nil {
return err
}
if !found {
c = aws.ResponseChecksumValidationWhenSupported
}
cfg.ResponseChecksumValidation = c
return nil
}
// resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default
// region if region had not been resolved from other sources.
func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error {

15
vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go generated vendored
View File

@@ -162,12 +162,12 @@ func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *En
// Get credentials from CredentialProcess
err = processCredentials(ctx, cfg, sharedConfig, configs)
case len(envConfig.ContainerCredentialsEndpoint) != 0:
err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
case len(envConfig.ContainerCredentialsRelativePath) != 0:
err = resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
case len(envConfig.ContainerCredentialsEndpoint) != 0:
err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
default:
err = resolveEC2RoleCredentials(ctx, cfg, configs)
}
@@ -355,10 +355,13 @@ func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *Env
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials}
case credSourceECSContainer:
if len(envConfig.ContainerCredentialsRelativePath) == 0 {
return fmt.Errorf("EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set")
if len(envConfig.ContainerCredentialsRelativePath) != 0 {
return resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
}
return resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
if len(envConfig.ContainerCredentialsEndpoint) != 0 {
return resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
}
return fmt.Errorf("EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was set")
default:
return fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment")

96
vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go generated vendored
View File

@@ -115,6 +115,14 @@ const (
requestMinCompressionSizeBytes = "request_min_compression_size_bytes"
s3DisableExpressSessionAuthKey = "s3_disable_express_session_auth"
accountIDKey = "aws_account_id"
accountIDEndpointMode = "account_id_endpoint_mode"
requestChecksumCalculationKey = "request_checksum_calculation"
responseChecksumValidationKey = "response_checksum_validation"
checksumWhenSupported = "when_supported"
checksumWhenRequired = "when_required"
)
// defaultSharedConfigProfile allows for swapping the default profile for testing
@@ -341,6 +349,14 @@ type SharedConfig struct {
// will only bypass the modified endpoint routing and signing behaviors
// associated with the feature.
S3DisableExpressAuth *bool
AccountIDEndpointMode aws.AccountIDEndpointMode
// RequestChecksumCalculation indicates if the request checksum should be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// ResponseChecksumValidation indicates if the response checksum should be validated
ResponseChecksumValidation aws.ResponseChecksumValidation
}
func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) {
@@ -1124,12 +1140,24 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
return fmt.Errorf("failed to load %s from shared config, %w", requestMinCompressionSizeBytes, err)
}
if err := updateAIDEndpointMode(&c.AccountIDEndpointMode, section, accountIDEndpointMode); err != nil {
return fmt.Errorf("failed to load %s from shared config, %w", accountIDEndpointMode, err)
}
if err := updateRequestChecksumCalculation(&c.RequestChecksumCalculation, section, requestChecksumCalculationKey); err != nil {
return fmt.Errorf("failed to load %s from shared config, %w", requestChecksumCalculationKey, err)
}
if err := updateResponseChecksumValidation(&c.ResponseChecksumValidation, section, responseChecksumValidationKey); err != nil {
return fmt.Errorf("failed to load %s from shared config, %w", responseChecksumValidationKey, err)
}
// Shared Credentials
creds := aws.Credentials{
AccessKeyID: section.String(accessKeyIDKey),
SecretAccessKey: section.String(secretAccessKey),
SessionToken: section.String(sessionTokenKey),
Source: fmt.Sprintf("SharedConfigCredentials: %s", section.SourceFile[accessKeyIDKey]),
AccountID: section.String(accountIDKey),
}
if creds.HasKeys() {
@@ -1177,6 +1205,62 @@ func updateDisableRequestCompression(disable **bool, sec ini.Section, key string
return nil
}
func updateAIDEndpointMode(m *aws.AccountIDEndpointMode, sec ini.Section, key string) error {
if !sec.Has(key) {
return nil
}
v := sec.String(key)
switch v {
case "preferred":
*m = aws.AccountIDEndpointModePreferred
case "required":
*m = aws.AccountIDEndpointModeRequired
case "disabled":
*m = aws.AccountIDEndpointModeDisabled
default:
return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be preferred/required/disabled", key, v)
}
return nil
}
func updateRequestChecksumCalculation(m *aws.RequestChecksumCalculation, sec ini.Section, key string) error {
if !sec.Has(key) {
return nil
}
v := sec.String(key)
switch strings.ToLower(v) {
case checksumWhenSupported:
*m = aws.RequestChecksumCalculationWhenSupported
case checksumWhenRequired:
*m = aws.RequestChecksumCalculationWhenRequired
default:
return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v)
}
return nil
}
func updateResponseChecksumValidation(m *aws.ResponseChecksumValidation, sec ini.Section, key string) error {
if !sec.Has(key) {
return nil
}
v := sec.String(key)
switch strings.ToLower(v) {
case checksumWhenSupported:
*m = aws.ResponseChecksumValidationWhenSupported
case checksumWhenRequired:
*m = aws.ResponseChecksumValidationWhenRequired
default:
return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v)
}
return nil
}
func (c SharedConfig) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) {
if c.RequestMinCompressSizeBytes == nil {
return 0, false, nil
@@ -1191,6 +1275,18 @@ func (c SharedConfig) getDisableRequestCompression(ctx context.Context) (bool, b
return *c.DisableRequestCompression, true, nil
}
func (c SharedConfig) getAccountIDEndpointMode(ctx context.Context) (aws.AccountIDEndpointMode, bool, error) {
return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
}
func (c SharedConfig) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) {
return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil
}
func (c SharedConfig) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) {
return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil
}
func updateDefaultsMode(mode *aws.DefaultsMode, section ini.Section, key string) error {
if !section.Has(key) {
return nil

242
vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,245 @@
# v1.17.58 (2025-02-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.57 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.56 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.55 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.17.54 (2025-01-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.53 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.52 (2025-01-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.51 (2025-01-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.50 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.49 (2025-01-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.48 (2024-12-19)
* **Bug Fix**: Fix improper use of printf-style functions.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.47 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.46 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.45 (2024-11-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.44 (2024-11-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.43 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.42 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.41 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.40 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.39 (2024-10-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.38 (2024-10-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.37 (2024-09-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.36 (2024-09-25)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.35 (2024-09-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.34 (2024-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.33 (2024-09-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.32 (2024-09-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.31 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.30 (2024-08-26)
* **Bug Fix**: Save SSO cached token expiry in UTC to ensure cross-SDK compatibility.
# v1.17.29 (2024-08-22)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.28 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.27 (2024-07-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.26 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.25 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.24 (2024-07-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.23 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.22 (2024-06-26)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.21 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.20 (2024-06-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.19 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.18 (2024-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.17 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.16 (2024-05-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.15 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.14 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.13 (2024-05-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.12 (2024-05-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.11 (2024-04-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.10 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.9 (2024-03-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.8 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.7 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.6 (2024-03-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.5 (2024-03-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.4 (2024-02-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.3 (2024-02-22)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.2 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.1 (2024-02-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.16 (2024-01-18)
* **Dependency Update**: Updated to the latest SDK module versions

1
vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go generated vendored
View File

@@ -128,6 +128,7 @@ type GetCredentialsOutput struct {
AccessKeyID string
SecretAccessKey string
Token string
AccountID string
}
// EndpointError is an error returned from the endpoint service

1
vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go generated vendored
View File

@@ -152,6 +152,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
SecretAccessKey: resp.SecretAccessKey,
SessionToken: resp.Token,
Source: ProviderName,
AccountID: resp.AccountID,
}
if resp.Expiration != nil {

2
vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package credentials
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.16.16"
const goModuleVersion = "1.17.58"

4
vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go generated vendored
View File

@@ -167,6 +167,9 @@ type CredentialProcessResponse struct {
// The date on which the current credentials expire.
Expiration *time.Time
// The ID of the account for credentials
AccountID string `json:"AccountId"`
}
// Retrieve executes the credential process command and returns the
@@ -208,6 +211,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
AccessKeyID: resp.AccessKeyID,
SecretAccessKey: resp.SecretAccessKey,
SessionToken: resp.SessionToken,
AccountID: resp.AccountID,
}
// Handle expiration

2
vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go generated vendored
View File

@@ -225,7 +225,7 @@ func (r *rfc3339) UnmarshalJSON(bytes []byte) (err error) {
}
func (r *rfc3339) MarshalJSON() ([]byte, error) {
value := time.Time(*r).Format(time.RFC3339)
value := time.Time(*r).UTC().Format(time.RFC3339)
// Use JSON unmarshal to unescape the quoted value making use of JSON's
// quoting rules.

1
vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go generated vendored
View File

@@ -129,6 +129,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
CanExpire: true,
Expires: time.Unix(0, output.RoleCredentials.Expiration*int64(time.Millisecond)).UTC(),
Source: ProviderName,
AccountID: p.options.AccountID,
}, nil
}

6
vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go generated vendored
View File

@@ -308,6 +308,11 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
return aws.Credentials{Source: ProviderName}, err
}
var accountID string
if resp.AssumedRoleUser != nil {
accountID = getAccountID(resp.AssumedRoleUser)
}
return aws.Credentials{
AccessKeyID: *resp.Credentials.AccessKeyId,
SecretAccessKey: *resp.Credentials.SecretAccessKey,
@@ -316,5 +321,6 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
CanExpire: true,
Expires: *resp.Credentials.Expiration,
AccountID: accountID,
}, nil
}

19
vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go generated vendored
View File

@@ -5,6 +5,7 @@ import (
"fmt"
"io/ioutil"
"strconv"
"strings"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
@@ -135,6 +136,11 @@ func (p *WebIdentityRoleProvider) Retrieve(ctx context.Context) (aws.Credentials
return aws.Credentials{}, fmt.Errorf("failed to retrieve credentials, %w", err)
}
var accountID string
if resp.AssumedRoleUser != nil {
accountID = getAccountID(resp.AssumedRoleUser)
}
// InvalidIdentityToken error is a temporary error that can occur
// when assuming an Role with a JWT web identity token.
@@ -145,6 +151,19 @@ func (p *WebIdentityRoleProvider) Retrieve(ctx context.Context) (aws.Credentials
Source: WebIdentityProviderName,
CanExpire: true,
Expires: *resp.Credentials.Expiration,
AccountID: accountID,
}
return value, nil
}
// extract accountID from arn with format "arn:partition:service:region:account-id:[resource-section]"
func getAccountID(u *types.AssumedRoleUser) string {
if u.Arn == nil {
return ""
}
parts := strings.Split(*u.Arn, ":")
if len(parts) < 5 {
return ""
}
return parts[4]
}

137
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,140 @@
# v1.16.27 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.26 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.25 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.16.24 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.23 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.22 (2024-12-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.21 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.20 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.19 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.18 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.17 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.16 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.15 (2024-10-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.14 (2024-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.13 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.12 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.11 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.10 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.9 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.8 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.7 (2024-06-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.6 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.5 (2024-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.4 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.3 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.2 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.1 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.0 (2024-03-21)
* **Feature**: Add config switch `DisableDefaultTimeout` that allows you to disable the default operation timeout (5 seconds) for IMDS calls.
# v1.15.4 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.3 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.2 (2024-02-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.1 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.15.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.14.11 (2024-01-04)
* **Dependency Update**: Updated to the latest SDK module versions

4
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go generated vendored
View File

@@ -185,6 +185,10 @@ type Options struct {
// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
EnableFallback aws.Ternary
// By default, all IMDS client operations enforce a 5-second timeout. You
// can disable that behavior with this setting.
DisableDefaultTimeout bool
// provides the caching of API tokens used for operation calls. If unset,
// the API token will not be retrieved for the operation.
tokenProvider *tokenProvider

5
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/doc.go generated vendored
View File

@@ -3,8 +3,9 @@
//
// All Client operation calls have a default timeout. If the operation is not
// completed before this timeout expires, the operation will be canceled. This
// timeout can be overridden by providing Context with a timeout or deadline
// with calling the client's operations.
// timeout can be overridden through the following:
// - Set the options flag DisableDefaultTimeout
// - Provide a Context with a timeout or deadline with calling the client's operations.
//
// See the EC2 IMDS user guide for more information on using the API.
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

2
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package imds
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.14.11"
const goModuleVersion = "1.16.27"

6
vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go generated vendored
View File

@@ -56,6 +56,7 @@ func addRequestMiddleware(stack *middleware.Stack,
// Operation timeout
err = stack.Initialize.Add(&operationTimeout{
Disabled: options.DisableDefaultTimeout,
DefaultTimeout: defaultOperationTimeout,
}, middleware.Before)
if err != nil {
@@ -260,6 +261,7 @@ const (
// Otherwise the timeout cleanup will race the resource being consumed
// upstream.
type operationTimeout struct {
Disabled bool
DefaultTimeout time.Duration
}
@@ -270,6 +272,10 @@ func (m *operationTimeout) HandleInitialize(
) (
output middleware.InitializeOutput, metadata middleware.Metadata, err error,
) {
if m.Disabled {
return next.HandleInitialize(ctx, input)
}
if _, ok := ctx.Deadline(); !ok && m.DefaultTimeout != 0 {
var cancelFn func()
ctx, cancelFn = context.WithTimeout(ctx, m.DefaultTimeout)

6
vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go generated vendored
View File

@@ -5,6 +5,7 @@ import (
"fmt"
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
"github.com/aws/aws-sdk-go-v2/internal/sdk"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/auth"
@@ -39,7 +40,10 @@ func (v *V4SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request
}
hash := v4.GetPayloadHash(ctx)
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, sdk.NowTime(), func(o *v4.SignerOptions) {
signingTime := sdk.NowTime()
skew := internalcontext.GetAttemptSkewContext(ctx)
signingTime = signingTime.Add(skew)
err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, signingTime, func(o *v4.SignerOptions) {
o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
o.Logger = v.Logger

132
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,135 @@
# v1.3.31 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.30 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.29 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.3.28 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.27 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.26 (2024-12-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.25 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.24 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.23 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.22 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.21 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.20 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.19 (2024-10-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.18 (2024-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.17 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.16 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.15 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.14 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.13 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.12 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.11 (2024-06-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.10 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.9 (2024-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.8 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.7 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.6 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.5 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.4 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.3 (2024-03-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.2 (2024-02-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.1 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.2.10 (2024-01-04)
* **Dependency Update**: Updated to the latest SDK module versions

2
vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package configsources
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.2.10"
const goModuleVersion = "1.3.31"

52
vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go generated vendored Normal file
View File

@@ -0,0 +1,52 @@
package context
import (
"context"
"time"
"github.com/aws/smithy-go/middleware"
)
type s3BackendKey struct{}
type checksumInputAlgorithmKey struct{}
type clockSkew struct{}
const (
// S3BackendS3Express identifies the S3Express backend
S3BackendS3Express = "S3Express"
)
// SetS3Backend stores the resolved endpoint backend within the request
// context, which is required for a variety of custom S3 behaviors.
func SetS3Backend(ctx context.Context, typ string) context.Context {
return middleware.WithStackValue(ctx, s3BackendKey{}, typ)
}
// GetS3Backend retrieves the stored endpoint backend within the context.
func GetS3Backend(ctx context.Context) string {
v, _ := middleware.GetStackValue(ctx, s3BackendKey{}).(string)
return v
}
// SetChecksumInputAlgorithm sets the request checksum algorithm on the
// context.
func SetChecksumInputAlgorithm(ctx context.Context, value string) context.Context {
return middleware.WithStackValue(ctx, checksumInputAlgorithmKey{}, value)
}
// GetChecksumInputAlgorithm returns the checksum algorithm from the context.
func GetChecksumInputAlgorithm(ctx context.Context) string {
v, _ := middleware.GetStackValue(ctx, checksumInputAlgorithmKey{}).(string)
return v
}
// SetAttemptSkewContext sets the clock skew value on the context
func SetAttemptSkewContext(ctx context.Context, v time.Duration) context.Context {
return middleware.WithStackValue(ctx, clockSkew{}, v)
}
// GetAttemptSkewContext gets the clock skew value from the context
func GetAttemptSkewContext(ctx context.Context) time.Duration {
x, _ := middleware.GetStackValue(ctx, clockSkew{}).(time.Duration)
return x
}

11
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go generated vendored
View File

@@ -12,11 +12,12 @@ type Partition struct {
// PartitionConfig provides the endpoint metadata for an AWS region or partition.
type PartitionConfig struct {
Name string `json:"name"`
DnsSuffix string `json:"dnsSuffix"`
DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
SupportsFIPS bool `json:"supportsFIPS"`
SupportsDualStack bool `json:"supportsDualStack"`
Name string `json:"name"`
DnsSuffix string `json:"dnsSuffix"`
DualStackDnsSuffix string `json:"dualStackDnsSuffix"`
SupportsFIPS bool `json:"supportsFIPS"`
SupportsDualStack bool `json:"supportsDualStack"`
ImplicitGlobalRegion string `json:"implicitGlobalRegion"`
}
type RegionOverrides struct {

94
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go generated vendored
View File

@@ -13,11 +13,12 @@ var partitions = []Partition{
ID: "aws",
RegionRegex: "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws",
DnsSuffix: "amazonaws.com",
DualStackDnsSuffix: "api.aws",
SupportsFIPS: true,
SupportsDualStack: true,
Name: "aws",
DnsSuffix: "amazonaws.com",
DualStackDnsSuffix: "api.aws",
SupportsFIPS: true,
SupportsDualStack: true,
ImplicitGlobalRegion: "us-east-1",
},
Regions: map[string]RegionOverrides{
"af-south-1": {
@@ -111,6 +112,13 @@ var partitions = []Partition{
SupportsFIPS: nil,
SupportsDualStack: nil,
},
"ca-west-1": {
Name: nil,
DnsSuffix: nil,
DualStackDnsSuffix: nil,
SupportsFIPS: nil,
SupportsDualStack: nil,
},
"eu-central-1": {
Name: nil,
DnsSuffix: nil,
@@ -229,11 +237,12 @@ var partitions = []Partition{
ID: "aws-cn",
RegionRegex: "^cn\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws-cn",
DnsSuffix: "amazonaws.com.cn",
DualStackDnsSuffix: "api.amazonwebservices.com.cn",
SupportsFIPS: true,
SupportsDualStack: true,
Name: "aws-cn",
DnsSuffix: "amazonaws.com.cn",
DualStackDnsSuffix: "api.amazonwebservices.com.cn",
SupportsFIPS: true,
SupportsDualStack: true,
ImplicitGlobalRegion: "cn-northwest-1",
},
Regions: map[string]RegionOverrides{
"aws-cn-global": {
@@ -263,11 +272,12 @@ var partitions = []Partition{
ID: "aws-us-gov",
RegionRegex: "^us\\-gov\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws-us-gov",
DnsSuffix: "amazonaws.com",
DualStackDnsSuffix: "api.aws",
SupportsFIPS: true,
SupportsDualStack: true,
Name: "aws-us-gov",
DnsSuffix: "amazonaws.com",
DualStackDnsSuffix: "api.aws",
SupportsFIPS: true,
SupportsDualStack: true,
ImplicitGlobalRegion: "us-gov-west-1",
},
Regions: map[string]RegionOverrides{
"aws-us-gov-global": {
@@ -297,11 +307,12 @@ var partitions = []Partition{
ID: "aws-iso",
RegionRegex: "^us\\-iso\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws-iso",
DnsSuffix: "c2s.ic.gov",
DualStackDnsSuffix: "c2s.ic.gov",
SupportsFIPS: true,
SupportsDualStack: false,
Name: "aws-iso",
DnsSuffix: "c2s.ic.gov",
DualStackDnsSuffix: "c2s.ic.gov",
SupportsFIPS: true,
SupportsDualStack: false,
ImplicitGlobalRegion: "us-iso-east-1",
},
Regions: map[string]RegionOverrides{
"aws-iso-global": {
@@ -331,11 +342,12 @@ var partitions = []Partition{
ID: "aws-iso-b",
RegionRegex: "^us\\-isob\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws-iso-b",
DnsSuffix: "sc2s.sgov.gov",
DualStackDnsSuffix: "sc2s.sgov.gov",
SupportsFIPS: true,
SupportsDualStack: false,
Name: "aws-iso-b",
DnsSuffix: "sc2s.sgov.gov",
DualStackDnsSuffix: "sc2s.sgov.gov",
SupportsFIPS: true,
SupportsDualStack: false,
ImplicitGlobalRegion: "us-isob-east-1",
},
Regions: map[string]RegionOverrides{
"aws-iso-b-global": {
@@ -358,23 +370,33 @@ var partitions = []Partition{
ID: "aws-iso-e",
RegionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws-iso-e",
DnsSuffix: "cloud.adc-e.uk",
DualStackDnsSuffix: "cloud.adc-e.uk",
SupportsFIPS: true,
SupportsDualStack: false,
Name: "aws-iso-e",
DnsSuffix: "cloud.adc-e.uk",
DualStackDnsSuffix: "cloud.adc-e.uk",
SupportsFIPS: true,
SupportsDualStack: false,
ImplicitGlobalRegion: "eu-isoe-west-1",
},
Regions: map[string]RegionOverrides{
"eu-isoe-west-1": {
Name: nil,
DnsSuffix: nil,
DualStackDnsSuffix: nil,
SupportsFIPS: nil,
SupportsDualStack: nil,
},
},
Regions: map[string]RegionOverrides{},
},
{
ID: "aws-iso-f",
RegionRegex: "^us\\-isof\\-\\w+\\-\\d+$",
DefaultConfig: PartitionConfig{
Name: "aws-iso-f",
DnsSuffix: "csp.hci.ic.gov",
DualStackDnsSuffix: "csp.hci.ic.gov",
SupportsFIPS: true,
SupportsDualStack: false,
Name: "aws-iso-f",
DnsSuffix: "csp.hci.ic.gov",
DualStackDnsSuffix: "csp.hci.ic.gov",
SupportsFIPS: true,
SupportsDualStack: false,
ImplicitGlobalRegion: "us-isof-south-1",
},
Regions: map[string]RegionOverrides{},
},

17
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json generated vendored
View File

@@ -9,7 +9,7 @@
"supportsDualStack" : true,
"supportsFIPS" : true
},
"regionRegex" : "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
"regionRegex" : "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$",
"regions" : {
"af-south-1" : {
"description" : "Africa (Cape Town)"
@@ -44,6 +44,12 @@
"ap-southeast-4" : {
"description" : "Asia Pacific (Melbourne)"
},
"ap-southeast-5" : {
"description" : "Asia Pacific (Malaysia)"
},
"ap-southeast-7" : {
"description" : "Asia Pacific (Thailand)"
},
"aws-global" : {
"description" : "AWS Standard global region"
},
@@ -86,6 +92,9 @@
"me-south-1" : {
"description" : "Middle East (Bahrain)"
},
"mx-central-1" : {
"description" : "Mexico (Central)"
},
"sa-east-1" : {
"description" : "South America (Sao Paulo)"
},
@@ -198,7 +207,11 @@
"supportsFIPS" : true
},
"regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$",
"regions" : { }
"regions" : {
"eu-isoe-west-1" : {
"description" : "EU ISOE West"
}
}
}, {
"id" : "aws-iso-f",
"outputs" : {

134
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,137 @@
# v2.6.31 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.30 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.29 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v2.6.28 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.27 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.26 (2024-12-19)
* **Bug Fix**: Fix improper use of printf-style functions.
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.25 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.24 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.23 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.22 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.21 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.20 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.19 (2024-10-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.18 (2024-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.17 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.16 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.15 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.14 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.13 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.12 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.11 (2024-06-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.10 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.9 (2024-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.8 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.7 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.6 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.5 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.4 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.3 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.2 (2024-02-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.1 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v2.5.10 (2024-01-04)
* **Dependency Update**: Updated to the latest SDK module versions

2
vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package endpoints
// goModuleVersion is the tagged release for this module
const goModuleVersion = "2.5.10"
const goModuleVersion = "2.6.31"

16
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,19 @@
# v1.8.2 (2025-01-24)
* **Bug Fix**: Refactor filepath.Walk to filepath.WalkDir
# v1.8.1 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
# v1.8.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
# v1.7.3 (2024-01-22)
* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons.
# v1.7.2 (2023-12-08)
* **Bug Fix**: Correct loading of [services *] sections into shared config.

2
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package ini
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.7.2"
const goModuleVersion = "1.8.2"

4
vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go generated vendored
View File

@@ -67,12 +67,8 @@ func unquote(s string) string {
// applies various legacy conversions to property values:
// - remote wrapping single/doublequotes
// - expand escaped quote and newline sequences
func legacyStrconv(s string) string {
s = unquote(s)
s = strings.ReplaceAll(s, `\"`, `"`)
s = strings.ReplaceAll(s, `\'`, `'`)
s = strings.ReplaceAll(s, `\n`, "\n")
return s
}

42
vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go generated vendored Normal file
View File

@@ -0,0 +1,42 @@
package middleware
import (
"context"
"sync/atomic"
"time"
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
"github.com/aws/smithy-go/middleware"
)
// AddTimeOffsetMiddleware sets a value representing clock skew on the request context.
// This can be read by other operations (such as signing) to correct the date value they send
// on the request
type AddTimeOffsetMiddleware struct {
Offset *atomic.Int64
}
// ID the identifier for AddTimeOffsetMiddleware
func (m *AddTimeOffsetMiddleware) ID() string { return "AddTimeOffsetMiddleware" }
// HandleBuild sets a value for attemptSkew on the request context if one is set on the client.
func (m AddTimeOffsetMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
) {
if m.Offset != nil {
offset := time.Duration(m.Offset.Load())
ctx = internalcontext.SetAttemptSkewContext(ctx, offset)
}
return next.HandleBuild(ctx, in)
}
// HandleDeserialize gets the clock skew context from the context, and if set, sets it on the pointer
// held by AddTimeOffsetMiddleware
func (m *AddTimeOffsetMiddleware) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
) {
if v := internalcontext.GetAttemptSkewContext(ctx); v != 0 {
m.Offset.Store(v.Nanoseconds())
}
return next.HandleDeserialize(ctx, in)
}

36
vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,39 @@
# v1.12.2 (2025-01-24)
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.12.1 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
# v1.12.0 (2024-10-04)
* **Feature**: Add support for HTTP client metrics.
# v1.11.5 (2024-09-20)
* No change notes available for this release.
# v1.11.4 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
# v1.11.3 (2024-06-28)
* No change notes available for this release.
# v1.11.2 (2024-03-29)
* No change notes available for this release.
# v1.11.1 (2024-02-21)
* No change notes available for this release.
# v1.11.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
# v1.10.4 (2023-12-07)
* No change notes available for this release.

2
vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package acceptencoding
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.10.4"
const goModuleVersion = "1.12.2"

142
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,145 @@
# v1.12.12 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.11 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.10 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.12.9 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.8 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.7 (2024-12-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.6 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.5 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.4 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.3 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.2 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.1 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.0 (2024-10-04)
* **Feature**: Add support for HTTP client metrics.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.20 (2024-09-20)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.19 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.18 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.17 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.16 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.15 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.14 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.13 (2024-06-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.12 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.11 (2024-06-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.10 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.9 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.8 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.7 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.6 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.5 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.4 (2024-03-05)
* **Bug Fix**: Restore typo'd API `AddAsIsInternalPresigingMiddleware` as an alias for backwards compatibility.
# v1.11.3 (2024-03-04)
* **Bug Fix**: Correct a typo in internal AddAsIsPresigningMiddleware API.
# v1.11.2 (2024-02-23)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.1 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.11.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.10.10 (2024-01-04)
* **Dependency Update**: Updated to the latest SDK module versions

12
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/context.go generated vendored
View File

@@ -27,13 +27,21 @@ func GetIsPresigning(ctx context.Context) bool {
type isPresigningKey struct{}
// AddAsIsPresigingMiddleware adds a middleware to the head of the stack that
// AddAsIsPresigningMiddleware adds a middleware to the head of the stack that
// will update the stack's context to be flagged as being invoked for the
// purpose of presigning.
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
func AddAsIsPresigningMiddleware(stack *middleware.Stack) error {
return stack.Initialize.Add(asIsPresigningMiddleware{}, middleware.Before)
}
// AddAsIsPresigingMiddleware is an alias for backwards compatibility.
//
// Deprecated: This API was released with a typo. Use
// [AddAsIsPresigningMiddleware] instead.
func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
return AddAsIsPresigningMiddleware(stack)
}
type asIsPresigningMiddleware struct{}
func (asIsPresigningMiddleware) ID() string { return "AsIsPresigningMiddleware" }

2
vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package presignedurl
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.10.10"
const goModuleVersion = "1.12.12"

198
vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,201 @@
# v1.24.14 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.13 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.12 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.24.11 (2025-01-17)
* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
# v1.24.10 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.9 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.8 (2024-12-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.7 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.6 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.5 (2024-11-07)
* **Bug Fix**: Adds case-insensitive handling of error message fields in service responses
# v1.24.4 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.3 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.2 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.1 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.0 (2024-10-04)
* **Feature**: Add support for HTTP client metrics.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.23.4 (2024-10-03)
* No change notes available for this release.
# v1.23.3 (2024-09-27)
* No change notes available for this release.
# v1.23.2 (2024-09-25)
* No change notes available for this release.
# v1.23.1 (2024-09-23)
* No change notes available for this release.
# v1.23.0 (2024-09-20)
* **Feature**: Add tracing and metrics support to service clients.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.8 (2024-09-17)
* **Bug Fix**: **BREAKFIX**: Only generate AccountIDEndpointMode config for services that use it. This is a compiler break, but removes no actual functionality, as no services currently use the account ID in endpoint resolution.
# v1.22.7 (2024-09-04)
* No change notes available for this release.
# v1.22.6 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.5 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.4 (2024-07-18)
* No change notes available for this release.
# v1.22.3 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.2 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.1 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.0 (2024-06-26)
* **Feature**: Support list-of-string endpoint parameter.
# v1.21.1 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.21.0 (2024-06-18)
* **Feature**: Track usage of various AWS SDK features in user-agent string.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.12 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.11 (2024-06-07)
* **Bug Fix**: Add clock skew correction on all service clients
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.10 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.9 (2024-05-23)
* No change notes available for this release.
# v1.20.8 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.7 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.6 (2024-05-08)
* **Bug Fix**: GoDoc improvement
# v1.20.5 (2024-04-05)
* No change notes available for this release.
# v1.20.4 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.3 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.2 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.1 (2024-02-23)
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.20.0 (2024-02-22)
* **Feature**: Add middleware stack snapshot tests.
# v1.19.2 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.19.1 (2024-02-20)
* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
# v1.19.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.7 (2024-01-18)
* No change notes available for this release.

463
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go generated vendored
View File

@@ -4,6 +4,7 @@ package sso
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/defaults"
@@ -14,22 +15,157 @@ import (
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
smithydocument "github.com/aws/smithy-go/document"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net"
"net/http"
"sync/atomic"
"time"
)
const ServiceID = "SSO"
const ServiceAPIVersion = "2019-06-10"
type operationMetrics struct {
Duration metrics.Float64Histogram
SerializeDuration metrics.Float64Histogram
ResolveIdentityDuration metrics.Float64Histogram
ResolveEndpointDuration metrics.Float64Histogram
SignRequestDuration metrics.Float64Histogram
DeserializeDuration metrics.Float64Histogram
}
func (m *operationMetrics) histogramFor(name string) metrics.Float64Histogram {
switch name {
case "client.call.duration":
return m.Duration
case "client.call.serialization_duration":
return m.SerializeDuration
case "client.call.resolve_identity_duration":
return m.ResolveIdentityDuration
case "client.call.resolve_endpoint_duration":
return m.ResolveEndpointDuration
case "client.call.signing_duration":
return m.SignRequestDuration
case "client.call.deserialization_duration":
return m.DeserializeDuration
default:
panic("unrecognized operation metric")
}
}
func timeOperationMetric[T any](
ctx context.Context, metric string, fn func() (T, error),
opts ...metrics.RecordMetricOption,
) (T, error) {
instr := getOperationMetrics(ctx).histogramFor(metric)
opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
start := time.Now()
v, err := fn()
end := time.Now()
elapsed := end.Sub(start)
instr.Record(ctx, float64(elapsed)/1e9, opts...)
return v, err
}
func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() {
instr := getOperationMetrics(ctx).histogramFor(metric)
opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
var ended bool
start := time.Now()
return func() {
if ended {
return
}
ended = true
end := time.Now()
elapsed := end.Sub(start)
instr.Record(ctx, float64(elapsed)/1e9, opts...)
}
}
func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
return func(o *metrics.RecordMetricOptions) {
o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
}
}
type operationMetricsKey struct{}
func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) {
meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/sso")
om := &operationMetrics{}
var err error
om.Duration, err = operationMetricTimer(meter, "client.call.duration",
"Overall call duration (including retries and time to send or receive request and response body)")
if err != nil {
return nil, err
}
om.SerializeDuration, err = operationMetricTimer(meter, "client.call.serialization_duration",
"The time it takes to serialize a message body")
if err != nil {
return nil, err
}
om.ResolveIdentityDuration, err = operationMetricTimer(meter, "client.call.auth.resolve_identity_duration",
"The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity Provider")
if err != nil {
return nil, err
}
om.ResolveEndpointDuration, err = operationMetricTimer(meter, "client.call.resolve_endpoint_duration",
"The time it takes to resolve an endpoint (endpoint resolver, not DNS) for the request")
if err != nil {
return nil, err
}
om.SignRequestDuration, err = operationMetricTimer(meter, "client.call.auth.signing_duration",
"The time it takes to sign a request")
if err != nil {
return nil, err
}
om.DeserializeDuration, err = operationMetricTimer(meter, "client.call.deserialization_duration",
"The time it takes to deserialize a message body")
if err != nil {
return nil, err
}
return context.WithValue(parent, operationMetricsKey{}, om), nil
}
func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Histogram, error) {
return m.Float64Histogram(name, func(o *metrics.InstrumentOptions) {
o.UnitLabel = "s"
o.Description = desc
})
}
func getOperationMetrics(ctx context.Context) *operationMetrics {
return ctx.Value(operationMetricsKey{}).(*operationMetrics)
}
func operationTracer(p tracing.TracerProvider) tracing.Tracer {
return p.Tracer("github.com/aws/aws-sdk-go-v2/service/sso")
}
// Client provides the API client to make operations call for AWS Single Sign-On.
type Client struct {
options Options
// Difference between the time reported by the server and the client
timeOffset *atomic.Int64
}
// New returns an initialized Client based on the functional options. Provide
@@ -50,6 +186,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
resolveEndpointResolverV2(&options)
resolveTracerProvider(&options)
resolveMeterProvider(&options)
resolveAuthSchemeResolver(&options)
for _, fn := range optFns {
@@ -68,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
options: options,
}
initializeTimeOffsetResolver(client)
return client
}
@@ -80,8 +222,15 @@ func (c *Client) Options() Options {
return c.options.Copy()
}
func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) {
func (c *Client) invokeOperation(
ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error,
) (
result interface{}, metadata middleware.Metadata, err error,
) {
ctx = middleware.ClearStackValues(ctx)
ctx = middleware.WithServiceID(ctx, ServiceID)
ctx = middleware.WithOperationName(ctx, opID)
stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
options := c.options.Copy()
@@ -105,15 +254,56 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
}
}
handler := middleware.DecorateHandler(smithyhttp.NewClientHandler(options.HTTPClient), stack)
result, metadata, err = handler.Handle(ctx, params)
ctx, err = withOperationMetrics(ctx, options.MeterProvider)
if err != nil {
return nil, metadata, err
}
tracer := operationTracer(options.TracerProvider)
spanName := fmt.Sprintf("%s.%s", ServiceID, opID)
ctx = tracing.WithOperationTracer(ctx, tracer)
ctx, span := tracer.StartSpan(ctx, spanName, func(o *tracing.SpanOptions) {
o.Kind = tracing.SpanKindClient
o.Properties.Set("rpc.system", "aws-api")
o.Properties.Set("rpc.method", opID)
o.Properties.Set("rpc.service", ServiceID)
})
endTimer := startMetricTimer(ctx, "client.call.duration")
defer endTimer()
defer span.End()
handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) {
o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso")
})
decorated := middleware.DecorateHandler(handler, stack)
result, metadata, err = decorated.Handle(ctx, params)
if err != nil {
span.SetProperty("exception.type", fmt.Sprintf("%T", err))
span.SetProperty("exception.message", err.Error())
var aerr smithy.APIError
if errors.As(err, &aerr) {
span.SetProperty("api.error_code", aerr.ErrorCode())
span.SetProperty("api.error_message", aerr.ErrorMessage())
span.SetProperty("api.error_fault", aerr.ErrorFault().String())
}
err = &smithy.OperationError{
ServiceID: ServiceID,
OperationName: opID,
Err: err,
}
}
span.SetProperty("error", err != nil)
if err == nil {
span.SetStatus(tracing.SpanStatusOK)
} else {
span.SetStatus(tracing.SpanStatusError)
}
return result, metadata, err
}
@@ -151,7 +341,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o
if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
return fmt.Errorf("add ResolveEndpointV2: %v", err)
}
if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
if err := stack.Finalize.Insert(&signRequestMiddleware{options: options}, "ResolveEndpointV2", middleware.After); err != nil {
return fmt.Errorf("add Signing: %w", err)
}
return nil
@@ -361,17 +551,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
}
func addClientUserAgent(stack *middleware.Stack, options Options) error {
if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)(stack); err != nil {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)
if len(options.AppID) > 0 {
return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
}
return nil
}
func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
id := (*awsmiddleware.RequestUserAgent)(nil).ID()
mw, ok := stack.Build.Get(id)
if !ok {
mw = awsmiddleware.NewRequestUserAgent()
if err := stack.Build.Add(mw, middleware.After); err != nil {
return nil, err
}
}
ua, ok := mw.(*awsmiddleware.RequestUserAgent)
if !ok {
return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
}
return ua, nil
}
type HTTPSignerV4 interface {
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}
@@ -390,12 +600,97 @@ func newDefaultV4Signer(o Options) *v4.Signer {
})
}
func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
mo := retry.AddRetryMiddlewaresOptions{
Retryer: o.Retryer,
LogRetryAttempts: o.ClientLogMode.IsRetries(),
func addClientRequestID(stack *middleware.Stack) error {
return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
}
func addComputeContentLength(stack *middleware.Stack) error {
return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
}
func addRawResponseToMetadata(stack *middleware.Stack) error {
return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
}
func addRecordResponseTiming(stack *middleware.Stack) error {
return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
}
func addSpanRetryLoop(stack *middleware.Stack, options Options) error {
return stack.Finalize.Insert(&spanRetryLoop{options: options}, "Retry", middleware.Before)
}
type spanRetryLoop struct {
options Options
}
func (*spanRetryLoop) ID() string {
return "spanRetryLoop"
}
func (m *spanRetryLoop) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
middleware.FinalizeOutput, middleware.Metadata, error,
) {
tracer := operationTracer(m.options.TracerProvider)
ctx, span := tracer.StartSpan(ctx, "RetryLoop")
defer span.End()
return next.HandleFinalize(ctx, in)
}
func addStreamingEventsPayload(stack *middleware.Stack) error {
return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
}
func addUnsignedPayload(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
}
func addComputePayloadSHA256(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
}
func addContentSHA256Header(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
}
func addIsWaiterUserAgent(o *Options) {
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
return nil
})
}
func addIsPaginatorUserAgent(o *Options) {
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
return nil
})
}
func addRetry(stack *middleware.Stack, o Options) error {
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
m.LogAttempts = o.ClientLogMode.IsRetries()
m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso")
})
if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil {
return err
}
return retry.AddRetryMiddlewares(stack, mo)
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
return err
}
return nil
}
// resolves dual-stack endpoint configuration
@@ -428,12 +723,68 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
return nil
}
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
if mode == aws.AccountIDEndpointModeDisabled {
return nil
}
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
return aws.String(ca.Credentials.AccountID)
}
return nil
}
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
if err := stack.Build.Add(&mw, middleware.After); err != nil {
return err
}
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
}
func initializeTimeOffsetResolver(c *Client) {
c.timeOffset = new(atomic.Int64)
}
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
switch options.Retryer.(type) {
case *retry.Standard:
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
case *retry.AdaptiveMode:
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
}
return nil
}
func resolveTracerProvider(options *Options) {
if options.TracerProvider == nil {
options.TracerProvider = &tracing.NopTracerProvider{}
}
}
func resolveMeterProvider(options *Options) {
if options.MeterProvider == nil {
options.MeterProvider = metrics.NopMeterProvider{}
}
}
func addRecursionDetection(stack *middleware.Stack) error {
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
}
func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
}
func addResponseErrorMiddleware(stack *middleware.Stack) error {
return awshttp.AddResponseErrorMiddleware(stack)
return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
}
func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
@@ -473,3 +824,89 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
DisableHTTPS: o.EndpointOptions.DisableHTTPS,
}, "ResolveEndpointV2", middleware.After)
}
type spanInitializeStart struct {
}
func (*spanInitializeStart) ID() string {
return "spanInitializeStart"
}
func (m *spanInitializeStart) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
middleware.InitializeOutput, middleware.Metadata, error,
) {
ctx, _ = tracing.StartSpan(ctx, "Initialize")
return next.HandleInitialize(ctx, in)
}
type spanInitializeEnd struct {
}
func (*spanInitializeEnd) ID() string {
return "spanInitializeEnd"
}
func (m *spanInitializeEnd) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
middleware.InitializeOutput, middleware.Metadata, error,
) {
ctx, span := tracing.PopSpan(ctx)
span.End()
return next.HandleInitialize(ctx, in)
}
type spanBuildRequestStart struct {
}
func (*spanBuildRequestStart) ID() string {
return "spanBuildRequestStart"
}
func (m *spanBuildRequestStart) HandleSerialize(
ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler,
) (
middleware.SerializeOutput, middleware.Metadata, error,
) {
ctx, _ = tracing.StartSpan(ctx, "BuildRequest")
return next.HandleSerialize(ctx, in)
}
type spanBuildRequestEnd struct {
}
func (*spanBuildRequestEnd) ID() string {
return "spanBuildRequestEnd"
}
func (m *spanBuildRequestEnd) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
) (
middleware.BuildOutput, middleware.Metadata, error,
) {
ctx, span := tracing.PopSpan(ctx)
span.End()
return next.HandleBuild(ctx, in)
}
func addSpanInitializeStart(stack *middleware.Stack) error {
return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before)
}
func addSpanInitializeEnd(stack *middleware.Stack) error {
return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After)
}
func addSpanBuildRequestStart(stack *middleware.Stack) error {
return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before)
}
func addSpanBuildRequestEnd(stack *middleware.Stack) error {
return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After)
}

40
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go generated vendored
View File

@@ -30,9 +30,10 @@ func (c *Client) GetRoleCredentials(ctx context.Context, params *GetRoleCredenti
type GetRoleCredentialsInput struct {
// The token issued by the CreateToken API call. For more information, see
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
// in the IAM Identity Center OIDC API Reference Guide.
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
// IAM Identity Center OIDC API Reference Guide.
//
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
//
// This member is required.
AccessToken *string
@@ -83,22 +84,25 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -113,13 +117,19 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpGetRoleCredentialsValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRoleCredentials(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -134,6 +144,18 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

59
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go generated vendored
View File

@@ -29,9 +29,10 @@ func (c *Client) ListAccountRoles(ctx context.Context, params *ListAccountRolesI
type ListAccountRolesInput struct {
// The token issued by the CreateToken API call. For more information, see
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
// in the IAM Identity Center OIDC API Reference Guide.
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
// IAM Identity Center OIDC API Reference Guide.
//
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
//
// This member is required.
AccessToken *string
@@ -88,22 +89,25 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -118,13 +122,19 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpListAccountRolesValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccountRoles(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -139,17 +149,21 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}
// ListAccountRolesAPIClient is a client that implements the ListAccountRoles
// operation.
type ListAccountRolesAPIClient interface {
ListAccountRoles(context.Context, *ListAccountRolesInput, ...func(*Options)) (*ListAccountRolesOutput, error)
}
var _ ListAccountRolesAPIClient = (*Client)(nil)
// ListAccountRolesPaginatorOptions is the paginator options for ListAccountRoles
type ListAccountRolesPaginatorOptions struct {
// The number of items that clients can request per page.
@@ -213,6 +227,9 @@ func (p *ListAccountRolesPaginator) NextPage(ctx context.Context, optFns ...func
}
params.MaxResults = limit
optFns = append([]func(*Options){
addIsPaginatorUserAgent,
}, optFns...)
result, err := p.client.ListAccountRoles(ctx, &params, optFns...)
if err != nil {
return nil, err
@@ -232,6 +249,14 @@ func (p *ListAccountRolesPaginator) NextPage(ctx context.Context, optFns ...func
return result, nil
}
// ListAccountRolesAPIClient is a client that implements the ListAccountRoles
// operation.
type ListAccountRolesAPIClient interface {
ListAccountRoles(context.Context, *ListAccountRolesInput, ...func(*Options)) (*ListAccountRolesOutput, error)
}
var _ ListAccountRolesAPIClient = (*Client)(nil)
func newServiceMetadataMiddleware_opListAccountRoles(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,

64
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go generated vendored
View File

@@ -12,9 +12,10 @@ import (
)
// Lists all AWS accounts assigned to the user. These AWS accounts are assigned by
// the administrator of the account. For more information, see Assign User Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
// in the IAM Identity Center User Guide. This operation returns a paginated
// response.
// the administrator of the account. For more information, see [Assign User Access]in the IAM Identity
// Center User Guide. This operation returns a paginated response.
//
// [Assign User Access]: https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers
func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, optFns ...func(*Options)) (*ListAccountsOutput, error) {
if params == nil {
params = &ListAccountsInput{}
@@ -32,9 +33,10 @@ func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, op
type ListAccountsInput struct {
// The token issued by the CreateToken API call. For more information, see
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
// in the IAM Identity Center OIDC API Reference Guide.
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
// IAM Identity Center OIDC API Reference Guide.
//
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
//
// This member is required.
AccessToken *string
@@ -86,22 +88,25 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -116,13 +121,19 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpListAccountsValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccounts(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -137,16 +148,21 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}
// ListAccountsAPIClient is a client that implements the ListAccounts operation.
type ListAccountsAPIClient interface {
ListAccounts(context.Context, *ListAccountsInput, ...func(*Options)) (*ListAccountsOutput, error)
}
var _ ListAccountsAPIClient = (*Client)(nil)
// ListAccountsPaginatorOptions is the paginator options for ListAccounts
type ListAccountsPaginatorOptions struct {
// This is the number of items clients can request per page.
@@ -210,6 +226,9 @@ func (p *ListAccountsPaginator) NextPage(ctx context.Context, optFns ...func(*Op
}
params.MaxResults = limit
optFns = append([]func(*Options){
addIsPaginatorUserAgent,
}, optFns...)
result, err := p.client.ListAccounts(ctx, &params, optFns...)
if err != nil {
return nil, err
@@ -229,6 +248,13 @@ func (p *ListAccountsPaginator) NextPage(ctx context.Context, optFns ...func(*Op
return result, nil
}
// ListAccountsAPIClient is a client that implements the ListAccounts operation.
type ListAccountsAPIClient interface {
ListAccounts(context.Context, *ListAccountsInput, ...func(*Options)) (*ListAccountsOutput, error)
}
var _ ListAccountsAPIClient = (*Client)(nil)
func newServiceMetadataMiddleware_opListAccounts(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,

64
vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go generated vendored
View File

@@ -12,16 +12,20 @@ import (
// Removes the locally stored SSO tokens from the client-side cache and sends an
// API call to the IAM Identity Center service to invalidate the corresponding
// server-side IAM Identity Center sign in session. If a user uses IAM Identity
// Center to access the AWS CLI, the users IAM Identity Center sign in session is
// used to obtain an IAM session, as specified in the corresponding IAM Identity
// Center permission set. More specifically, IAM Identity Center assumes an IAM
// role in the target account on behalf of the user, and the corresponding
// temporary AWS credentials are returned to the client. After user logout, any
// existing IAM role sessions that were created by using IAM Identity Center
// permission sets continue based on the duration configured in the permission set.
// For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
// in the IAM Identity Center User Guide.
// server-side IAM Identity Center sign in session.
//
// If a user uses IAM Identity Center to access the AWS CLI, the users IAM
// Identity Center sign in session is used to obtain an IAM session, as specified
// in the corresponding IAM Identity Center permission set. More specifically, IAM
// Identity Center assumes an IAM role in the target account on behalf of the user,
// and the corresponding temporary AWS credentials are returned to the client.
//
// After user logout, any existing IAM role sessions that were created by using
// IAM Identity Center permission sets continue based on the duration configured in
// the permission set. For more information, see [User authentications]in the IAM Identity Center User
// Guide.
//
// [User authentications]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func(*Options)) (*LogoutOutput, error) {
if params == nil {
params = &LogoutInput{}
@@ -39,9 +43,10 @@ func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func
type LogoutInput struct {
// The token issued by the CreateToken API call. For more information, see
// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
// in the IAM Identity Center OIDC API Reference Guide.
// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
// IAM Identity Center OIDC API Reference Guide.
//
// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
//
// This member is required.
AccessToken *string
@@ -78,22 +83,25 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -108,13 +116,19 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpLogoutValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opLogout(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -129,6 +143,18 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

43
vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go generated vendored
View File

@@ -8,11 +8,13 @@ import (
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
params.Region = options.Region
}
@@ -90,12 +92,12 @@ type AuthResolverParameters struct {
Region string
}
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
params := &AuthResolverParameters{
Operation: operation,
}
bindAuthParamsRegion(params, input, options)
bindAuthParamsRegion(ctx, params, input, options)
return params
}
@@ -169,7 +171,10 @@ func (*resolveAuthSchemeMiddleware) ID() string {
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
_, span := tracing.StartSpan(ctx, "ResolveAuthScheme")
defer span.End()
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
@@ -181,6 +186,9 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid
}
ctx = setResolvedAuthScheme(ctx, scheme)
span.SetProperty("auth.scheme_id", scheme.Scheme.SchemeID())
span.End()
return next.HandleFinalize(ctx, in)
}
@@ -240,7 +248,10 @@ func (*getIdentityMiddleware) ID() string {
func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
rscheme := getResolvedAuthScheme(ctx)
innerCtx, span := tracing.StartSpan(ctx, "GetIdentity")
defer span.End()
rscheme := getResolvedAuthScheme(innerCtx)
if rscheme == nil {
return out, metadata, fmt.Errorf("no resolved auth scheme")
}
@@ -250,12 +261,20 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar
return out, metadata, fmt.Errorf("no identity resolver")
}
identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties)
identity, err := timeOperationMetric(ctx, "client.call.resolve_identity_duration",
func() (smithyauth.Identity, error) {
return resolver.GetIdentity(innerCtx, rscheme.IdentityProperties)
},
func(o *metrics.RecordMetricOptions) {
o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
})
if err != nil {
return out, metadata, fmt.Errorf("get identity: %w", err)
}
ctx = setIdentity(ctx, identity)
span.End()
return next.HandleFinalize(ctx, in)
}
@@ -271,6 +290,7 @@ func getIdentity(ctx context.Context) smithyauth.Identity {
}
type signRequestMiddleware struct {
options Options
}
func (*signRequestMiddleware) ID() string {
@@ -280,6 +300,9 @@ func (*signRequestMiddleware) ID() string {
func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "SignRequest")
defer span.End()
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request)
@@ -300,9 +323,15 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar
return out, metadata, fmt.Errorf("no signer")
}
if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil {
_, err = timeOperationMetric(ctx, "client.call.signing_duration", func() (any, error) {
return nil, signer.SignRequest(ctx, req, identity, rscheme.SignerProperties)
}, func(o *metrics.RecordMetricOptions) {
o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
})
if err != nil {
return out, metadata, fmt.Errorf("sign request: %w", err)
}
span.End()
return next.HandleFinalize(ctx, in)
}

39
vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go generated vendored
View File

@@ -13,12 +13,23 @@ import (
smithyio "github.com/aws/smithy-go/io"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/ptr"
smithytime "github.com/aws/smithy-go/time"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"io"
"io/ioutil"
"strings"
"time"
)
func deserializeS3Expires(v string) (*time.Time, error) {
t, err := smithytime.ParseHTTPDate(v)
if err != nil {
return nil, nil
}
return &t, nil
}
type awsRestjson1_deserializeOpGetRoleCredentials struct {
}
@@ -34,6 +45,10 @@ func (m *awsRestjson1_deserializeOpGetRoleCredentials) HandleDeserialize(ctx con
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -73,6 +88,7 @@ func (m *awsRestjson1_deserializeOpGetRoleCredentials) HandleDeserialize(ctx con
}
}
span.End()
return out, metadata, err
}
@@ -190,6 +206,10 @@ func (m *awsRestjson1_deserializeOpListAccountRoles) HandleDeserialize(ctx conte
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -229,6 +249,7 @@ func (m *awsRestjson1_deserializeOpListAccountRoles) HandleDeserialize(ctx conte
}
}
span.End()
return out, metadata, err
}
@@ -355,6 +376,10 @@ func (m *awsRestjson1_deserializeOpListAccounts) HandleDeserialize(ctx context.C
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -394,6 +419,7 @@ func (m *awsRestjson1_deserializeOpListAccounts) HandleDeserialize(ctx context.C
}
}
span.End()
return out, metadata, err
}
@@ -520,6 +546,10 @@ func (m *awsRestjson1_deserializeOpLogout) HandleDeserialize(ctx context.Context
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -537,6 +567,7 @@ func (m *awsRestjson1_deserializeOpLogout) HandleDeserialize(ctx context.Context
}
}
span.End()
return out, metadata, err
}
@@ -858,7 +889,7 @@ func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRe
for key, value := range shape {
switch key {
case "message":
case "message", "Message":
if value != nil {
jtv, ok := value.(string)
if !ok {
@@ -898,7 +929,7 @@ func awsRestjson1_deserializeDocumentResourceNotFoundException(v **types.Resourc
for key, value := range shape {
switch key {
case "message":
case "message", "Message":
if value != nil {
jtv, ok := value.(string)
if !ok {
@@ -1092,7 +1123,7 @@ func awsRestjson1_deserializeDocumentTooManyRequestsException(v **types.TooManyR
for key, value := range shape {
switch key {
case "message":
case "message", "Message":
if value != nil {
jtv, ok := value.(string)
if !ok {
@@ -1132,7 +1163,7 @@ func awsRestjson1_deserializeDocumentUnauthorizedException(v **types.Unauthorize
for key, value := range shape {
switch key {
case "message":
case "message", "Message":
if value != nil {
jtv, ok := value.(string)
if !ok {

22
vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go generated vendored
View File

@@ -6,16 +6,22 @@
// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
// service that makes it easy for you to assign user access to IAM Identity Center
// resources such as the AWS access portal. Users can get AWS account applications
// and roles assigned to them and get federated into the application. Although AWS
// Single Sign-On was renamed, the sso and identitystore API namespaces will
// continue to retain their original name for backward compatibility purposes. For
// more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed)
// . This reference guide describes the IAM Identity Center Portal operations that
// and roles assigned to them and get federated into the application.
//
// Although AWS Single Sign-On was renamed, the sso and identitystore API
// namespaces will continue to retain their original name for backward
// compatibility purposes. For more information, see [IAM Identity Center rename].
//
// This reference guide describes the IAM Identity Center Portal operations that
// you can call programatically and includes detailed information on data types and
// errors. AWS provides SDKs that consist of libraries and sample code for various
// errors.
//
// AWS provides SDKs that consist of libraries and sample code for various
// programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android.
// The SDKs provide a convenient way to create programmatic access to IAM Identity
// Center and other AWS services. For more information about the AWS SDKs,
// including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/)
// .
// including how to download and install them, see [Tools for Amazon Web Services].
//
// [Tools for Amazon Web Services]: http://aws.amazon.com/tools/
// [IAM Identity Center rename]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed
package sso

36
vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go generated vendored
View File

@@ -16,6 +16,7 @@ import (
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/ptr"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net/http"
"net/url"
@@ -216,6 +217,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
}
}
func bindRegion(region string) *string {
if region == "" {
return nil
}
return aws.String(endpoints.MapFIPSRegion(region))
}
// EndpointParameters provides the parameters that influence how endpoints are
// resolved.
type EndpointParameters struct {
@@ -281,6 +289,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
return p
}
type stringSlice []string
func (s stringSlice) Get(i int) *string {
if i < 0 || i >= len(s) {
return nil
}
v := s[i]
return &v
}
// EndpointResolverV2 provides the interface for resolving service endpoints.
type EndpointResolverV2 interface {
// ResolveEndpoint attempts to resolve the endpoint with the provided options,
@@ -458,10 +477,10 @@ type endpointParamsBinder interface {
bindEndpointParams(*EndpointParameters)
}
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
params := &EndpointParameters{}
params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
params.Region = bindRegion(options.Region)
params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
params.Endpoint = options.BaseEndpoint
@@ -484,6 +503,9 @@ func (*resolveEndpointV2Middleware) ID() string {
func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "ResolveEndpoint")
defer span.End()
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleFinalize(ctx, in)
}
@@ -497,12 +519,17 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := bindEndpointParams(getOperationInput(ctx), m.options)
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration",
func() (smithyendpoints.Endpoint, error) {
return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
})
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
span.SetProperty("client.call.resolved_endpoint", endpt.URI.String())
if endpt.URI.RawPath == "" && req.URL.RawPath != "" {
endpt.URI.RawPath = endpt.URI.Path
}
@@ -524,5 +551,6 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
rscheme.SignerProperties.SetAll(&o.SignerProperties)
}
span.End()
return next.HandleFinalize(ctx, in)
}

4
vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json generated vendored
View File

@@ -3,8 +3,7 @@
"github.com/aws/aws-sdk-go-v2": "v1.4.0",
"github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
"github.com/aws/smithy-go": "v1.4.0",
"github.com/google/go-cmp": "v0.5.4"
"github.com/aws/smithy-go": "v1.4.0"
},
"files": [
"api_client.go",
@@ -25,6 +24,7 @@
"options.go",
"protocol_test.go",
"serializers.go",
"snapshot_test.go",
"types/errors.go",
"types/types.go",
"validators.go"

2
vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package sso
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.18.7"
const goModuleVersion = "1.24.14"

34
vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go generated vendored
View File

@@ -94,7 +94,7 @@ var partitionRegexp = struct {
AwsUsGov *regexp.Regexp
}{
Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"),
AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -187,6 +187,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "ap-south-1",
},
},
endpoints.EndpointKey{
Region: "ap-south-2",
}: endpoints.Endpoint{
Hostname: "portal.sso.ap-south-2.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "ap-south-2",
},
},
endpoints.EndpointKey{
Region: "ap-southeast-1",
}: endpoints.Endpoint{
@@ -211,6 +219,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "ap-southeast-3",
},
},
endpoints.EndpointKey{
Region: "ap-southeast-4",
}: endpoints.Endpoint{
Hostname: "portal.sso.ap-southeast-4.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "ap-southeast-4",
},
},
endpoints.EndpointKey{
Region: "ca-central-1",
}: endpoints.Endpoint{
@@ -219,6 +235,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "ca-central-1",
},
},
endpoints.EndpointKey{
Region: "ca-west-1",
}: endpoints.Endpoint{
Hostname: "portal.sso.ca-west-1.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "ca-west-1",
},
},
endpoints.EndpointKey{
Region: "eu-central-1",
}: endpoints.Endpoint{
@@ -251,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "eu-south-1",
},
},
endpoints.EndpointKey{
Region: "eu-south-2",
}: endpoints.Endpoint{
Hostname: "portal.sso.eu-south-2.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "eu-south-2",
},
},
endpoints.EndpointKey{
Region: "eu-west-1",
}: endpoints.Endpoint{

39
vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go generated vendored
View File

@@ -9,7 +9,9 @@ import (
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
smithyauth "github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net/http"
)
@@ -50,8 +52,10 @@ type Options struct {
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
// value for this field will likely prevent you from using any endpoint-related
// service features released after the introduction of EndpointResolverV2 and
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
// endpoint, set the client option BaseEndpoint instead.
// BaseEndpoint.
//
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
// the client option BaseEndpoint instead.
EndpointResolver EndpointResolver
// Resolves the endpoint used for a particular service operation. This should be
@@ -64,23 +68,29 @@ type Options struct {
// The logger writer interface to write logging messages to.
Logger logging.Logger
// The client meter provider.
MeterProvider metrics.MeterProvider
// The region to send requests to. (Required)
Region string
// RetryMaxAttempts specifies the maximum number attempts an API client will call
// an operation that fails with a retryable error. A value of 0 is ignored, and
// will not be used to configure the API client created default retryer, or modify
// per operation call's retry max attempts. If specified in an operation call's
// functional options with a value that is different than the constructed client's
// Options, the Client's Retryer will be wrapped to use the operation's specific
// RetryMaxAttempts value.
// per operation call's retry max attempts.
//
// If specified in an operation call's functional options with a value that is
// different than the constructed client's Options, the Client's Retryer will be
// wrapped to use the operation's specific RetryMaxAttempts value.
RetryMaxAttempts int
// RetryMode specifies the retry mode the API client will be created with, if
// Retryer option is not also specified. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. Currently does not support per operation call
// overrides, may in the future.
// Retryer option is not also specified.
//
// When creating a new API Clients this member will only be used if the Retryer
// Options member is nil. This value will be ignored if Retryer is not nil.
//
// Currently does not support per operation call overrides, may in the future.
RetryMode aws.RetryMode
// Retryer guides how HTTP requests should be retried in case of recoverable
@@ -95,10 +105,14 @@ type Options struct {
// within your applications.
RuntimeEnvironment aws.RuntimeEnvironment
// The client tracer provider.
TracerProvider tracing.TracerProvider
// The initial DefaultsMode used when the client options were constructed. If the
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
// value was at that point in time. Currently does not support per operation call
// overrides, may in the future.
// value was at that point in time.
//
// Currently does not support per operation call overrides, may in the future.
resolvedDefaultsMode aws.DefaultsMode
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
@@ -143,6 +157,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
// this field will likely prevent you from using any endpoint-related service
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
//
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
// the client option BaseEndpoint instead.
func WithEndpointResolver(v EndpointResolver) func(*Options) {

33
vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go generated vendored
View File

@@ -8,6 +8,7 @@ import (
smithy "github.com/aws/smithy-go"
"github.com/aws/smithy-go/encoding/httpbinding"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@@ -21,6 +22,10 @@ func (*awsRestjson1_serializeOpGetRoleCredentials) ID() string {
func (m *awsRestjson1_serializeOpGetRoleCredentials) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -57,6 +62,8 @@ func (m *awsRestjson1_serializeOpGetRoleCredentials) HandleSerialize(ctx context
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsGetRoleCredentialsInput(v *GetRoleCredentialsInput, encoder *httpbinding.Encoder) error {
@@ -64,7 +71,7 @@ func awsRestjson1_serializeOpHttpBindingsGetRoleCredentialsInput(v *GetRoleCrede
return fmt.Errorf("unsupported serialization of nil %T", v)
}
if v.AccessToken != nil && len(*v.AccessToken) > 0 {
if v.AccessToken != nil {
locationName := "X-Amz-Sso_bearer_token"
encoder.SetHeader(locationName).String(*v.AccessToken)
}
@@ -90,6 +97,10 @@ func (*awsRestjson1_serializeOpListAccountRoles) ID() string {
func (m *awsRestjson1_serializeOpListAccountRoles) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -126,6 +137,8 @@ func (m *awsRestjson1_serializeOpListAccountRoles) HandleSerialize(ctx context.C
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsListAccountRolesInput(v *ListAccountRolesInput, encoder *httpbinding.Encoder) error {
@@ -133,7 +146,7 @@ func awsRestjson1_serializeOpHttpBindingsListAccountRolesInput(v *ListAccountRol
return fmt.Errorf("unsupported serialization of nil %T", v)
}
if v.AccessToken != nil && len(*v.AccessToken) > 0 {
if v.AccessToken != nil {
locationName := "X-Amz-Sso_bearer_token"
encoder.SetHeader(locationName).String(*v.AccessToken)
}
@@ -163,6 +176,10 @@ func (*awsRestjson1_serializeOpListAccounts) ID() string {
func (m *awsRestjson1_serializeOpListAccounts) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -199,6 +216,8 @@ func (m *awsRestjson1_serializeOpListAccounts) HandleSerialize(ctx context.Conte
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsListAccountsInput(v *ListAccountsInput, encoder *httpbinding.Encoder) error {
@@ -206,7 +225,7 @@ func awsRestjson1_serializeOpHttpBindingsListAccountsInput(v *ListAccountsInput,
return fmt.Errorf("unsupported serialization of nil %T", v)
}
if v.AccessToken != nil && len(*v.AccessToken) > 0 {
if v.AccessToken != nil {
locationName := "X-Amz-Sso_bearer_token"
encoder.SetHeader(locationName).String(*v.AccessToken)
}
@@ -232,6 +251,10 @@ func (*awsRestjson1_serializeOpLogout) ID() string {
func (m *awsRestjson1_serializeOpLogout) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -268,6 +291,8 @@ func (m *awsRestjson1_serializeOpLogout) HandleSerialize(ctx context.Context, in
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsLogoutInput(v *LogoutInput, encoder *httpbinding.Encoder) error {
@@ -275,7 +300,7 @@ func awsRestjson1_serializeOpHttpBindingsLogoutInput(v *LogoutInput, encoder *ht
return fmt.Errorf("unsupported serialization of nil %T", v)
}
if v.AccessToken != nil && len(*v.AccessToken) > 0 {
if v.AccessToken != nil {
locationName := "X-Amz-Sso_bearer_token"
encoder.SetHeader(locationName).String(*v.AccessToken)
}

20
vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go generated vendored
View File

@@ -25,22 +25,24 @@ type AccountInfo struct {
type RoleCredentials struct {
// The identifier used for the temporary security credentials. For more
// information, see Using Temporary Security Credentials to Request Access to AWS
// Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
// in the AWS IAM User Guide.
// information, see [Using Temporary Security Credentials to Request Access to AWS Resources]in the AWS IAM User Guide.
//
// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
AccessKeyId *string
// The date on which temporary security credentials expire.
Expiration int64
// The key that is used to sign the request. For more information, see Using
// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
// in the AWS IAM User Guide.
// The key that is used to sign the request. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources] in the AWS
// IAM User Guide.
//
// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
SecretAccessKey *string
// The token used for temporary credentials. For more information, see Using
// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
// in the AWS IAM User Guide.
// The token used for temporary credentials. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources] in the AWS
// IAM User Guide.
//
// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
SessionToken *string
noSmithyDocumentSerde

195
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,198 @@
# v1.28.13 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.12 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.11 (2025-01-24)
* **Documentation**: Fixed typos in the descriptions.
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.28.10 (2025-01-17)
* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
# v1.28.9 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.8 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.7 (2024-12-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.6 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.5 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.4 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.3 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.2 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.1 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.0 (2024-10-04)
* **Feature**: Add support for HTTP client metrics.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.4 (2024-10-03)
* No change notes available for this release.
# v1.27.3 (2024-09-27)
* No change notes available for this release.
# v1.27.2 (2024-09-25)
* No change notes available for this release.
# v1.27.1 (2024-09-23)
* No change notes available for this release.
# v1.27.0 (2024-09-20)
* **Feature**: Add tracing and metrics support to service clients.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.8 (2024-09-17)
* **Bug Fix**: **BREAKFIX**: Only generate AccountIDEndpointMode config for services that use it. This is a compiler break, but removes no actual functionality, as no services currently use the account ID in endpoint resolution.
# v1.26.7 (2024-09-04)
* No change notes available for this release.
# v1.26.6 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.5 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.4 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.3 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.2 (2024-07-03)
* No change notes available for this release.
# v1.26.1 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.0 (2024-06-26)
* **Feature**: Support list-of-string endpoint parameter.
# v1.25.1 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.25.0 (2024-06-18)
* **Feature**: Track usage of various AWS SDK features in user-agent string.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.6 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.5 (2024-06-07)
* **Bug Fix**: Add clock skew correction on all service clients
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.4 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.3 (2024-05-23)
* No change notes available for this release.
# v1.24.2 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.1 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.24.0 (2024-05-10)
* **Feature**: Updated request parameters for PKCE support.
# v1.23.5 (2024-05-08)
* **Bug Fix**: GoDoc improvement
# v1.23.4 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.23.3 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.23.2 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.23.1 (2024-02-23)
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.23.0 (2024-02-22)
* **Feature**: Add middleware stack snapshot tests.
# v1.22.2 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.22.1 (2024-02-20)
* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
# v1.22.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.21.7 (2024-01-16)
* No change notes available for this release.

463
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go generated vendored
View File

@@ -4,6 +4,7 @@ package ssooidc
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/defaults"
@@ -14,22 +15,157 @@ import (
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
smithydocument "github.com/aws/smithy-go/document"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net"
"net/http"
"sync/atomic"
"time"
)
const ServiceID = "SSO OIDC"
const ServiceAPIVersion = "2019-06-10"
type operationMetrics struct {
Duration metrics.Float64Histogram
SerializeDuration metrics.Float64Histogram
ResolveIdentityDuration metrics.Float64Histogram
ResolveEndpointDuration metrics.Float64Histogram
SignRequestDuration metrics.Float64Histogram
DeserializeDuration metrics.Float64Histogram
}
func (m *operationMetrics) histogramFor(name string) metrics.Float64Histogram {
switch name {
case "client.call.duration":
return m.Duration
case "client.call.serialization_duration":
return m.SerializeDuration
case "client.call.resolve_identity_duration":
return m.ResolveIdentityDuration
case "client.call.resolve_endpoint_duration":
return m.ResolveEndpointDuration
case "client.call.signing_duration":
return m.SignRequestDuration
case "client.call.deserialization_duration":
return m.DeserializeDuration
default:
panic("unrecognized operation metric")
}
}
func timeOperationMetric[T any](
ctx context.Context, metric string, fn func() (T, error),
opts ...metrics.RecordMetricOption,
) (T, error) {
instr := getOperationMetrics(ctx).histogramFor(metric)
opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
start := time.Now()
v, err := fn()
end := time.Now()
elapsed := end.Sub(start)
instr.Record(ctx, float64(elapsed)/1e9, opts...)
return v, err
}
func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() {
instr := getOperationMetrics(ctx).histogramFor(metric)
opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
var ended bool
start := time.Now()
return func() {
if ended {
return
}
ended = true
end := time.Now()
elapsed := end.Sub(start)
instr.Record(ctx, float64(elapsed)/1e9, opts...)
}
}
func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
return func(o *metrics.RecordMetricOptions) {
o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
}
}
type operationMetricsKey struct{}
func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) {
meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc")
om := &operationMetrics{}
var err error
om.Duration, err = operationMetricTimer(meter, "client.call.duration",
"Overall call duration (including retries and time to send or receive request and response body)")
if err != nil {
return nil, err
}
om.SerializeDuration, err = operationMetricTimer(meter, "client.call.serialization_duration",
"The time it takes to serialize a message body")
if err != nil {
return nil, err
}
om.ResolveIdentityDuration, err = operationMetricTimer(meter, "client.call.auth.resolve_identity_duration",
"The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity Provider")
if err != nil {
return nil, err
}
om.ResolveEndpointDuration, err = operationMetricTimer(meter, "client.call.resolve_endpoint_duration",
"The time it takes to resolve an endpoint (endpoint resolver, not DNS) for the request")
if err != nil {
return nil, err
}
om.SignRequestDuration, err = operationMetricTimer(meter, "client.call.auth.signing_duration",
"The time it takes to sign a request")
if err != nil {
return nil, err
}
om.DeserializeDuration, err = operationMetricTimer(meter, "client.call.deserialization_duration",
"The time it takes to deserialize a message body")
if err != nil {
return nil, err
}
return context.WithValue(parent, operationMetricsKey{}, om), nil
}
func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Histogram, error) {
return m.Float64Histogram(name, func(o *metrics.InstrumentOptions) {
o.UnitLabel = "s"
o.Description = desc
})
}
func getOperationMetrics(ctx context.Context) *operationMetrics {
return ctx.Value(operationMetricsKey{}).(*operationMetrics)
}
func operationTracer(p tracing.TracerProvider) tracing.Tracer {
return p.Tracer("github.com/aws/aws-sdk-go-v2/service/ssooidc")
}
// Client provides the API client to make operations call for AWS SSO OIDC.
type Client struct {
options Options
// Difference between the time reported by the server and the client
timeOffset *atomic.Int64
}
// New returns an initialized Client based on the functional options. Provide
@@ -50,6 +186,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
resolveEndpointResolverV2(&options)
resolveTracerProvider(&options)
resolveMeterProvider(&options)
resolveAuthSchemeResolver(&options)
for _, fn := range optFns {
@@ -68,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
options: options,
}
initializeTimeOffsetResolver(client)
return client
}
@@ -80,8 +222,15 @@ func (c *Client) Options() Options {
return c.options.Copy()
}
func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) {
func (c *Client) invokeOperation(
ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error,
) (
result interface{}, metadata middleware.Metadata, err error,
) {
ctx = middleware.ClearStackValues(ctx)
ctx = middleware.WithServiceID(ctx, ServiceID)
ctx = middleware.WithOperationName(ctx, opID)
stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
options := c.options.Copy()
@@ -105,15 +254,56 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
}
}
handler := middleware.DecorateHandler(smithyhttp.NewClientHandler(options.HTTPClient), stack)
result, metadata, err = handler.Handle(ctx, params)
ctx, err = withOperationMetrics(ctx, options.MeterProvider)
if err != nil {
return nil, metadata, err
}
tracer := operationTracer(options.TracerProvider)
spanName := fmt.Sprintf("%s.%s", ServiceID, opID)
ctx = tracing.WithOperationTracer(ctx, tracer)
ctx, span := tracer.StartSpan(ctx, spanName, func(o *tracing.SpanOptions) {
o.Kind = tracing.SpanKindClient
o.Properties.Set("rpc.system", "aws-api")
o.Properties.Set("rpc.method", opID)
o.Properties.Set("rpc.service", ServiceID)
})
endTimer := startMetricTimer(ctx, "client.call.duration")
defer endTimer()
defer span.End()
handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) {
o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc")
})
decorated := middleware.DecorateHandler(handler, stack)
result, metadata, err = decorated.Handle(ctx, params)
if err != nil {
span.SetProperty("exception.type", fmt.Sprintf("%T", err))
span.SetProperty("exception.message", err.Error())
var aerr smithy.APIError
if errors.As(err, &aerr) {
span.SetProperty("api.error_code", aerr.ErrorCode())
span.SetProperty("api.error_message", aerr.ErrorMessage())
span.SetProperty("api.error_fault", aerr.ErrorFault().String())
}
err = &smithy.OperationError{
ServiceID: ServiceID,
OperationName: opID,
Err: err,
}
}
span.SetProperty("error", err != nil)
if err == nil {
span.SetStatus(tracing.SpanStatusOK)
} else {
span.SetStatus(tracing.SpanStatusError)
}
return result, metadata, err
}
@@ -151,7 +341,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o
if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
return fmt.Errorf("add ResolveEndpointV2: %v", err)
}
if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
if err := stack.Finalize.Insert(&signRequestMiddleware{options: options}, "ResolveEndpointV2", middleware.After); err != nil {
return fmt.Errorf("add Signing: %w", err)
}
return nil
@@ -361,17 +551,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
}
func addClientUserAgent(stack *middleware.Stack, options Options) error {
if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)(stack); err != nil {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)
if len(options.AppID) > 0 {
return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
}
return nil
}
func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
id := (*awsmiddleware.RequestUserAgent)(nil).ID()
mw, ok := stack.Build.Get(id)
if !ok {
mw = awsmiddleware.NewRequestUserAgent()
if err := stack.Build.Add(mw, middleware.After); err != nil {
return nil, err
}
}
ua, ok := mw.(*awsmiddleware.RequestUserAgent)
if !ok {
return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
}
return ua, nil
}
type HTTPSignerV4 interface {
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}
@@ -390,12 +600,97 @@ func newDefaultV4Signer(o Options) *v4.Signer {
})
}
func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
mo := retry.AddRetryMiddlewaresOptions{
Retryer: o.Retryer,
LogRetryAttempts: o.ClientLogMode.IsRetries(),
func addClientRequestID(stack *middleware.Stack) error {
return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
}
func addComputeContentLength(stack *middleware.Stack) error {
return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
}
func addRawResponseToMetadata(stack *middleware.Stack) error {
return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
}
func addRecordResponseTiming(stack *middleware.Stack) error {
return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
}
func addSpanRetryLoop(stack *middleware.Stack, options Options) error {
return stack.Finalize.Insert(&spanRetryLoop{options: options}, "Retry", middleware.Before)
}
type spanRetryLoop struct {
options Options
}
func (*spanRetryLoop) ID() string {
return "spanRetryLoop"
}
func (m *spanRetryLoop) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
middleware.FinalizeOutput, middleware.Metadata, error,
) {
tracer := operationTracer(m.options.TracerProvider)
ctx, span := tracer.StartSpan(ctx, "RetryLoop")
defer span.End()
return next.HandleFinalize(ctx, in)
}
func addStreamingEventsPayload(stack *middleware.Stack) error {
return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
}
func addUnsignedPayload(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
}
func addComputePayloadSHA256(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
}
func addContentSHA256Header(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
}
func addIsWaiterUserAgent(o *Options) {
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
return nil
})
}
func addIsPaginatorUserAgent(o *Options) {
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
return nil
})
}
func addRetry(stack *middleware.Stack, o Options) error {
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
m.LogAttempts = o.ClientLogMode.IsRetries()
m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc")
})
if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil {
return err
}
return retry.AddRetryMiddlewares(stack, mo)
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
return err
}
return nil
}
// resolves dual-stack endpoint configuration
@@ -428,12 +723,68 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
return nil
}
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
if mode == aws.AccountIDEndpointModeDisabled {
return nil
}
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
return aws.String(ca.Credentials.AccountID)
}
return nil
}
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
if err := stack.Build.Add(&mw, middleware.After); err != nil {
return err
}
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
}
func initializeTimeOffsetResolver(c *Client) {
c.timeOffset = new(atomic.Int64)
}
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
switch options.Retryer.(type) {
case *retry.Standard:
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
case *retry.AdaptiveMode:
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
}
return nil
}
func resolveTracerProvider(options *Options) {
if options.TracerProvider == nil {
options.TracerProvider = &tracing.NopTracerProvider{}
}
}
func resolveMeterProvider(options *Options) {
if options.MeterProvider == nil {
options.MeterProvider = metrics.NopMeterProvider{}
}
}
func addRecursionDetection(stack *middleware.Stack) error {
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
}
func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
}
func addResponseErrorMiddleware(stack *middleware.Stack) error {
return awshttp.AddResponseErrorMiddleware(stack)
return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
}
func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
@@ -473,3 +824,89 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
DisableHTTPS: o.EndpointOptions.DisableHTTPS,
}, "ResolveEndpointV2", middleware.After)
}
type spanInitializeStart struct {
}
func (*spanInitializeStart) ID() string {
return "spanInitializeStart"
}
func (m *spanInitializeStart) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
middleware.InitializeOutput, middleware.Metadata, error,
) {
ctx, _ = tracing.StartSpan(ctx, "Initialize")
return next.HandleInitialize(ctx, in)
}
type spanInitializeEnd struct {
}
func (*spanInitializeEnd) ID() string {
return "spanInitializeEnd"
}
func (m *spanInitializeEnd) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
middleware.InitializeOutput, middleware.Metadata, error,
) {
ctx, span := tracing.PopSpan(ctx)
span.End()
return next.HandleInitialize(ctx, in)
}
type spanBuildRequestStart struct {
}
func (*spanBuildRequestStart) ID() string {
return "spanBuildRequestStart"
}
func (m *spanBuildRequestStart) HandleSerialize(
ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler,
) (
middleware.SerializeOutput, middleware.Metadata, error,
) {
ctx, _ = tracing.StartSpan(ctx, "BuildRequest")
return next.HandleSerialize(ctx, in)
}
type spanBuildRequestEnd struct {
}
func (*spanBuildRequestEnd) ID() string {
return "spanBuildRequestEnd"
}
func (m *spanBuildRequestEnd) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
) (
middleware.BuildOutput, middleware.Metadata, error,
) {
ctx, span := tracing.PopSpan(ctx)
span.End()
return next.HandleBuild(ctx, in)
}
func addSpanInitializeStart(stack *middleware.Stack) error {
return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before)
}
func addSpanInitializeEnd(stack *middleware.Stack) error {
return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After)
}
func addSpanBuildRequestStart(stack *middleware.Stack) error {
return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before)
}
func addSpanBuildRequestEnd(stack *middleware.Stack) error {
return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After)
}

102
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go generated vendored
View File

@@ -12,7 +12,7 @@ import (
// Creates and returns access and refresh tokens for clients that are
// authenticated using client secrets. The access token can be used to fetch
// short-term credentials for the assigned AWS accounts or to access application
// short-lived credentials for the assigned AWS accounts or to access application
// APIs using bearer authentication.
func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error) {
if params == nil {
@@ -32,34 +32,42 @@ func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optF
type CreateTokenInput struct {
// The unique identifier string for the client or application. This value comes
// from the result of the RegisterClient API.
// from the result of the RegisterClientAPI.
//
// This member is required.
ClientId *string
// A secret string generated for the client. This value should come from the
// persisted result of the RegisterClient API.
// persisted result of the RegisterClientAPI.
//
// This member is required.
ClientSecret *string
// Supports the following OAuth grant types: Device Code and Refresh Token.
// Specify either of the following values, depending on the grant type that you
// want: * Device Code - urn:ietf:params:oauth:grant-type:device_code * Refresh
// Token - refresh_token For information about how to obtain the device code, see
// the StartDeviceAuthorization topic.
// Supports the following OAuth grant types: Authorization Code, Device Code, and
// Refresh Token. Specify one of the following values, depending on the grant type
// that you want:
//
// * Authorization Code - authorization_code
//
// * Device Code - urn:ietf:params:oauth:grant-type:device_code
//
// * Refresh Token - refresh_token
//
// This member is required.
GrantType *string
// Used only when calling this API for the Authorization Code grant type. The
// short-term code is used to identify this authorization request. This grant type
// is currently unsupported for the CreateToken API.
// short-lived code is used to identify this authorization request.
Code *string
// Used only when calling this API for the Device Code grant type. This short-term
// code is used to identify this authorization request. This comes from the result
// of the StartDeviceAuthorization API.
// Used only when calling this API for the Authorization Code grant type. This
// value is generated by the client and presented to validate the original code
// challenge value the client passed at authorization time.
CodeVerifier *string
// Used only when calling this API for the Device Code grant type. This
// short-lived code is used to identify this authorization request. This comes from
// the result of the StartDeviceAuthorizationAPI.
DeviceCode *string
// Used only when calling this API for the Authorization Code grant type. This
@@ -68,17 +76,19 @@ type CreateTokenInput struct {
RedirectUri *string
// Used only when calling this API for the Refresh Token grant type. This token is
// used to refresh short-term tokens, such as the access token, that might expire.
// used to refresh short-lived tokens, such as the access token, that might expire.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide in
// the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
// .
// the [IAM Identity Center OIDC API Reference].
//
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
RefreshToken *string
// The list of scopes for which authorization is requested. The access token that
// is issued is limited to the scopes that are granted. If this value is not
// specified, IAM Identity Center authorizes all scopes that are configured for the
// client during the call to RegisterClient .
// client during the call to RegisterClient.
Scope []string
noSmithyDocumentSerde
@@ -86,7 +96,8 @@ type CreateTokenInput struct {
type CreateTokenOutput struct {
// A bearer token to access AWS accounts and applications assigned to a user.
// A bearer token to access Amazon Web Services accounts and applications assigned
// to a user.
AccessToken *string
// Indicates the time in seconds when an access token will expire.
@@ -94,18 +105,22 @@ type CreateTokenOutput struct {
// The idToken is not implemented or supported. For more information about the
// features and limitations of the current IAM Identity Center OIDC implementation,
// see Considerations for Using this Guide in the IAM Identity Center OIDC API
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
// . A JSON Web Token (JWT) that identifies who is associated with the issued
// access token.
// see Considerations for Using this Guide in the [IAM Identity Center OIDC API Reference].
//
// A JSON Web Token (JWT) that identifies who is associated with the issued access
// token.
//
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
IdToken *string
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired. For more information about the features and
// limitations of the current IAM Identity Center OIDC implementation, see
// Considerations for Using this Guide in the IAM Identity Center OIDC API
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
// .
// token that might have expired.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide in
// the [IAM Identity Center OIDC API Reference].
//
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
RefreshToken *string
// Used to notify the client that the returned token is an access token. The
@@ -140,22 +155,25 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -170,13 +188,19 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpCreateTokenValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -191,6 +215,18 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

103
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go generated vendored
View File

@@ -6,15 +6,14 @@ import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Creates and returns access and refresh tokens for clients and applications that
// are authenticated using IAM entities. The access token can be used to fetch
// short-term credentials for the assigned AWS accounts or to access application
// APIs using bearer authentication.
// short-lived credentials for the assigned Amazon Web Services accounts or to
// access application APIs using bearer authentication.
func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) {
if params == nil {
params = &CreateTokenWithIAMInput{}
@@ -40,10 +39,15 @@ type CreateTokenWithIAMInput struct {
// Supports the following OAuth grant types: Authorization Code, Refresh Token,
// JWT Bearer, and Token Exchange. Specify one of the following values, depending
// on the grant type that you want: * Authorization Code - authorization_code *
// Refresh Token - refresh_token * JWT Bearer -
// urn:ietf:params:oauth:grant-type:jwt-bearer * Token Exchange -
// urn:ietf:params:oauth:grant-type:token-exchange
// on the grant type that you want:
//
// * Authorization Code - authorization_code
//
// * Refresh Token - refresh_token
//
// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
//
// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
//
// This member is required.
GrantType *string
@@ -55,28 +59,38 @@ type CreateTokenWithIAMInput struct {
Assertion *string
// Used only when calling this API for the Authorization Code grant type. This
// short-term code is used to identify this authorization request. The code is
// short-lived code is used to identify this authorization request. The code is
// obtained through a redirect from IAM Identity Center to a redirect URI persisted
// in the Authorization Code GrantOptions for the application.
Code *string
// Used only when calling this API for the Authorization Code grant type. This
// value is generated by the client and presented to validate the original code
// challenge value the client passed at authorization time.
CodeVerifier *string
// Used only when calling this API for the Authorization Code grant type. This
// value specifies the location of the client or application that has registered to
// receive the authorization code.
RedirectUri *string
// Used only when calling this API for the Refresh Token grant type. This token is
// used to refresh short-term tokens, such as the access token, that might expire.
// used to refresh short-lived tokens, such as the access token, that might expire.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide in
// the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
// .
// the [IAM Identity Center OIDC API Reference].
//
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
RefreshToken *string
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that the requester can receive. The following values
// are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token *
// Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
// are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
RequestedTokenType *string
// The list of scopes for which authorization is requested. The access token that
@@ -95,8 +109,9 @@ type CreateTokenWithIAMInput struct {
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that is passed as the subject of the exchange. The
// following value is supported: * Access Token -
// urn:ietf:params:oauth:token-type:access_token
// following value is supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
SubjectTokenType *string
noSmithyDocumentSerde
@@ -104,7 +119,8 @@ type CreateTokenWithIAMInput struct {
type CreateTokenWithIAMOutput struct {
// A bearer token to access AWS accounts and applications assigned to a user.
// A bearer token to access Amazon Web Services accounts and applications assigned
// to a user.
AccessToken *string
// Indicates the time in seconds when an access token will expire.
@@ -115,17 +131,21 @@ type CreateTokenWithIAMOutput struct {
IdToken *string
// Indicates the type of tokens that are issued by IAM Identity Center. The
// following values are supported: * Access Token -
// urn:ietf:params:oauth:token-type:access_token * Refresh Token -
// urn:ietf:params:oauth:token-type:refresh_token
// following values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
IssuedTokenType *string
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired. For more information about the features and
// limitations of the current IAM Identity Center OIDC implementation, see
// Considerations for Using this Guide in the IAM Identity Center OIDC API
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
// .
// token that might have expired.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide in
// the [IAM Identity Center OIDC API Reference].
//
// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
RefreshToken *string
// The list of scopes for which authorization is granted. The access token that is
@@ -164,25 +184,28 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
if err = addComputePayloadSHA256(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -197,13 +220,19 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -218,6 +247,18 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

66
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go generated vendored
View File

@@ -10,9 +10,9 @@ import (
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Registers a client with IAM Identity Center. This allows clients to initiate
// device authorization. The output should be persisted for reuse through many
// authentication requests.
// Registers a public client with IAM Identity Center. This allows clients to
// perform authorization using the authorization code grant with Proof Key for Code
// Exchange (PKCE) or the device code grant.
func (c *Client) RegisterClient(ctx context.Context, params *RegisterClientInput, optFns ...func(*Options)) (*RegisterClientOutput, error) {
if params == nil {
params = &RegisterClientInput{}
@@ -41,6 +41,33 @@ type RegisterClientInput struct {
// This member is required.
ClientType *string
// This IAM Identity Center application ARN is used to define
// administrator-managed configuration for public client access to resources. At
// authorization, the scopes, grants, and redirect URI available to this client
// will be restricted by this application resource.
EntitledApplicationArn *string
// The list of OAuth 2.0 grant types that are defined by the client. This list is
// used to restrict the token granting flows available to the client. Supports the
// following OAuth 2.0 grant types: Authorization Code, Device Code, and Refresh
// Token.
//
// * Authorization Code - authorization_code
//
// * Device Code - urn:ietf:params:oauth:grant-type:device_code
//
// * Refresh Token - refresh_token
GrantTypes []string
// The IAM Identity Center Issuer URL associated with an instance of IAM Identity
// Center. This value is needed for user access to resources through the client.
IssuerUrl *string
// The list of redirect URI that are defined by the client. At completion of
// authorization, this list is used to restrict what locations the user agent can
// be redirected back to.
RedirectUris []string
// The list of scopes that are defined by the client. Upon authorization, this
// list is used to restrict permissions when granting an access token.
Scopes []string
@@ -98,22 +125,25 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -128,13 +158,19 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpRegisterClientValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRegisterClient(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -149,6 +185,18 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

44
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go generated vendored
View File

@@ -30,22 +30,23 @@ func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDevi
type StartDeviceAuthorizationInput struct {
// The unique identifier string for the client that is registered with IAM
// Identity Center. This value should come from the persisted result of the
// RegisterClient API operation.
// Identity Center. This value should come from the persisted result of the RegisterClientAPI
// operation.
//
// This member is required.
ClientId *string
// A secret string that is generated for the client. This value should come from
// the persisted result of the RegisterClient API operation.
// the persisted result of the RegisterClientAPI operation.
//
// This member is required.
ClientSecret *string
// The URL for the Amazon Web Services access portal. For more information, see
// Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// The URL for the Amazon Web Services access portal. For more information, see [Using the Amazon Web Services access portal]
// in the IAM Identity Center User Guide.
//
// [Using the Amazon Web Services access portal]: https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html
//
// This member is required.
StartUrl *string
@@ -106,22 +107,25 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -136,13 +140,19 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpStartDeviceAuthorizationValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartDeviceAuthorization(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -157,6 +167,18 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

43
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go generated vendored
View File

@@ -8,11 +8,13 @@ import (
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
params.Region = options.Region
}
@@ -90,12 +92,12 @@ type AuthResolverParameters struct {
Region string
}
func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
params := &AuthResolverParameters{
Operation: operation,
}
bindAuthParamsRegion(params, input, options)
bindAuthParamsRegion(ctx, params, input, options)
return params
}
@@ -163,7 +165,10 @@ func (*resolveAuthSchemeMiddleware) ID() string {
func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
_, span := tracing.StartSpan(ctx, "ResolveAuthScheme")
defer span.End()
params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
if err != nil {
return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
@@ -175,6 +180,9 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid
}
ctx = setResolvedAuthScheme(ctx, scheme)
span.SetProperty("auth.scheme_id", scheme.Scheme.SchemeID())
span.End()
return next.HandleFinalize(ctx, in)
}
@@ -234,7 +242,10 @@ func (*getIdentityMiddleware) ID() string {
func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
rscheme := getResolvedAuthScheme(ctx)
innerCtx, span := tracing.StartSpan(ctx, "GetIdentity")
defer span.End()
rscheme := getResolvedAuthScheme(innerCtx)
if rscheme == nil {
return out, metadata, fmt.Errorf("no resolved auth scheme")
}
@@ -244,12 +255,20 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar
return out, metadata, fmt.Errorf("no identity resolver")
}
identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties)
identity, err := timeOperationMetric(ctx, "client.call.resolve_identity_duration",
func() (smithyauth.Identity, error) {
return resolver.GetIdentity(innerCtx, rscheme.IdentityProperties)
},
func(o *metrics.RecordMetricOptions) {
o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
})
if err != nil {
return out, metadata, fmt.Errorf("get identity: %w", err)
}
ctx = setIdentity(ctx, identity)
span.End()
return next.HandleFinalize(ctx, in)
}
@@ -265,6 +284,7 @@ func getIdentity(ctx context.Context) smithyauth.Identity {
}
type signRequestMiddleware struct {
options Options
}
func (*signRequestMiddleware) ID() string {
@@ -274,6 +294,9 @@ func (*signRequestMiddleware) ID() string {
func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "SignRequest")
defer span.End()
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request)
@@ -294,9 +317,15 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar
return out, metadata, fmt.Errorf("no signer")
}
if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil {
_, err = timeOperationMetric(ctx, "client.call.signing_duration", func() (any, error) {
return nil, signer.SignRequest(ctx, req, identity, rscheme.SignerProperties)
}, func(o *metrics.RecordMetricOptions) {
o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
})
if err != nil {
return out, metadata, fmt.Errorf("sign request: %w", err)
}
span.End()
return next.HandleFinalize(ctx, in)
}

122
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go generated vendored
View File

@@ -13,11 +13,22 @@ import (
smithyio "github.com/aws/smithy-go/io"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/ptr"
smithytime "github.com/aws/smithy-go/time"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"io"
"strings"
"time"
)
func deserializeS3Expires(v string) (*time.Time, error) {
t, err := smithytime.ParseHTTPDate(v)
if err != nil {
return nil, nil
}
return &t, nil
}
type awsRestjson1_deserializeOpCreateToken struct {
}
@@ -33,6 +44,10 @@ func (m *awsRestjson1_deserializeOpCreateToken) HandleDeserialize(ctx context.Co
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -72,6 +87,7 @@ func (m *awsRestjson1_deserializeOpCreateToken) HandleDeserialize(ctx context.Co
}
}
span.End()
return out, metadata, err
}
@@ -254,6 +270,10 @@ func (m *awsRestjson1_deserializeOpCreateTokenWithIAM) HandleDeserialize(ctx con
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -293,6 +313,7 @@ func (m *awsRestjson1_deserializeOpCreateTokenWithIAM) HandleDeserialize(ctx con
}
}
span.End()
return out, metadata, err
}
@@ -492,6 +513,10 @@ func (m *awsRestjson1_deserializeOpRegisterClient) HandleDeserialize(ctx context
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -531,6 +556,7 @@ func (m *awsRestjson1_deserializeOpRegisterClient) HandleDeserialize(ctx context
}
}
span.End()
return out, metadata, err
}
@@ -581,12 +607,18 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response
case strings.EqualFold("InvalidClientMetadataException", errorCode):
return awsRestjson1_deserializeErrorInvalidClientMetadataException(response, errorBody)
case strings.EqualFold("InvalidRedirectUriException", errorCode):
return awsRestjson1_deserializeErrorInvalidRedirectUriException(response, errorBody)
case strings.EqualFold("InvalidRequestException", errorCode):
return awsRestjson1_deserializeErrorInvalidRequestException(response, errorBody)
case strings.EqualFold("InvalidScopeException", errorCode):
return awsRestjson1_deserializeErrorInvalidScopeException(response, errorBody)
case strings.EqualFold("UnsupportedGrantTypeException", errorCode):
return awsRestjson1_deserializeErrorUnsupportedGrantTypeException(response, errorBody)
default:
genericError := &smithy.GenericAPIError{
Code: errorCode,
@@ -705,6 +737,10 @@ func (m *awsRestjson1_deserializeOpStartDeviceAuthorization) HandleDeserialize(c
return out, metadata, err
}
_, span := tracing.StartSpan(ctx, "OperationDeserializer")
endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
defer endTimer()
defer span.End()
response, ok := out.RawResponse.(*smithyhttp.Response)
if !ok {
return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -744,6 +780,7 @@ func (m *awsRestjson1_deserializeOpStartDeviceAuthorization) HandleDeserialize(c
}
}
span.End()
return out, metadata, err
}
@@ -1158,6 +1195,42 @@ func awsRestjson1_deserializeErrorInvalidGrantException(response *smithyhttp.Res
return output
}
func awsRestjson1_deserializeErrorInvalidRedirectUriException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
output := &types.InvalidRedirectUriException{}
var buff [1024]byte
ringBuffer := smithyio.NewRingBuffer(buff[:])
body := io.TeeReader(errorBody, ringBuffer)
decoder := json.NewDecoder(body)
decoder.UseNumber()
var shape interface{}
if err := decoder.Decode(&shape); err != nil && err != io.EOF {
var snapshot bytes.Buffer
io.Copy(&snapshot, ringBuffer)
err = &smithy.DeserializationError{
Err: fmt.Errorf("failed to decode response body, %w", err),
Snapshot: snapshot.Bytes(),
}
return err
}
err := awsRestjson1_deserializeDocumentInvalidRedirectUriException(&output, shape)
if err != nil {
var snapshot bytes.Buffer
io.Copy(&snapshot, ringBuffer)
err = &smithy.DeserializationError{
Err: fmt.Errorf("failed to decode response body, %w", err),
Snapshot: snapshot.Bytes(),
}
return err
}
errorBody.Seek(0, io.SeekStart)
return output
}
func awsRestjson1_deserializeErrorInvalidRequestException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
output := &types.InvalidRequestException{}
var buff [1024]byte
@@ -1717,6 +1790,55 @@ func awsRestjson1_deserializeDocumentInvalidGrantException(v **types.InvalidGran
return nil
}
func awsRestjson1_deserializeDocumentInvalidRedirectUriException(v **types.InvalidRedirectUriException, value interface{}) error {
if v == nil {
return fmt.Errorf("unexpected nil of type %T", v)
}
if value == nil {
return nil
}
shape, ok := value.(map[string]interface{})
if !ok {
return fmt.Errorf("unexpected JSON type %v", value)
}
var sv *types.InvalidRedirectUriException
if *v == nil {
sv = &types.InvalidRedirectUriException{}
} else {
sv = *v
}
for key, value := range shape {
switch key {
case "error":
if value != nil {
jtv, ok := value.(string)
if !ok {
return fmt.Errorf("expected Error to be of type string, got %T instead", value)
}
sv.Error_ = ptr.String(jtv)
}
case "error_description":
if value != nil {
jtv, ok := value.(string)
if !ok {
return fmt.Errorf("expected ErrorDescription to be of type string, got %T instead", value)
}
sv.Error_description = ptr.String(jtv)
}
default:
_, _ = key, value
}
}
*v = sv
return nil
}
func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRequestException, value interface{}) error {
if v == nil {
return fmt.Errorf("unexpected nil of type %T", v)

43
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go generated vendored
View File

@@ -6,33 +6,44 @@
// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
// client (such as CLI or a native application) to register with IAM Identity
// Center. The service also enables the client to fetch the users access token
// upon successful authentication and authorization with IAM Identity Center. IAM
// Identity Center uses the sso and identitystore API namespaces. Considerations
// for Using This Guide Before you begin using this guide, we recommend that you
// first review the following important information about how the IAM Identity
// Center OIDC service works.
// upon successful authentication and authorization with IAM Identity Center.
//
// # API namespaces
//
// IAM Identity Center uses the sso and identitystore API namespaces. IAM Identity
// Center OpenID Connect uses the sso-oidc namespace.
//
// # Considerations for using this guide
//
// Before you begin using this guide, we recommend that you first review the
// following important information about how the IAM Identity Center OIDC service
// works.
//
// - The IAM Identity Center OIDC service currently implements only the portions
// of the OAuth 2.0 Device Authorization Grant standard (
// https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628) )
// that are necessary to enable single sign-on authentication with the CLI.
// of the OAuth 2.0 Device Authorization Grant standard ([https://tools.ietf.org/html/rfc8628] ) that are necessary to
// enable single sign-on authentication with the CLI.
//
// - With older versions of the CLI, the service only emits OIDC access tokens,
// so to obtain a new token, users must explicitly re-authenticate. To access the
// OIDC flow that supports token refresh and doesnt require re-authentication,
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with
// support for OIDC token refresh and configurable IAM Identity Center session
// durations. For more information, see Configure Amazon Web Services access
// portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html)
// .
// durations. For more information, see [Configure Amazon Web Services access portal session duration].
//
// - The access tokens provided by this service grant access to all Amazon Web
// Services account entitlements assigned to an IAM Identity Center user, not just
// a particular application.
//
// - The documentation in this guide does not describe the mechanism to convert
// the access token into Amazon Web Services Auth (“sigv4”) credentials for use
// with IAM-protected Amazon Web Services service endpoints. For more information,
// see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
// in the IAM Identity Center Portal API Reference Guide.
// see [GetRoleCredentials]in the IAM Identity Center Portal API Reference Guide.
//
// For general information about IAM Identity Center, see What is IAM Identity
// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
// in the IAM Identity Center User Guide.
// For general information about IAM Identity Center, see [What is IAM Identity Center?] in the IAM Identity
// Center User Guide.
//
// [Configure Amazon Web Services access portal session duration]: https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html
// [GetRoleCredentials]: https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html
// [https://tools.ietf.org/html/rfc8628]: https://tools.ietf.org/html/rfc8628
// [What is IAM Identity Center?]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
package ssooidc

36
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go generated vendored
View File

@@ -16,6 +16,7 @@ import (
smithyendpoints "github.com/aws/smithy-go/endpoints"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/ptr"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net/http"
"net/url"
@@ -216,6 +217,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
}
}
func bindRegion(region string) *string {
if region == "" {
return nil
}
return aws.String(endpoints.MapFIPSRegion(region))
}
// EndpointParameters provides the parameters that influence how endpoints are
// resolved.
type EndpointParameters struct {
@@ -281,6 +289,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
return p
}
type stringSlice []string
func (s stringSlice) Get(i int) *string {
if i < 0 || i >= len(s) {
return nil
}
v := s[i]
return &v
}
// EndpointResolverV2 provides the interface for resolving service endpoints.
type EndpointResolverV2 interface {
// ResolveEndpoint attempts to resolve the endpoint with the provided options,
@@ -458,10 +477,10 @@ type endpointParamsBinder interface {
bindEndpointParams(*EndpointParameters)
}
func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
params := &EndpointParameters{}
params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
params.Region = bindRegion(options.Region)
params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
params.Endpoint = options.BaseEndpoint
@@ -484,6 +503,9 @@ func (*resolveEndpointV2Middleware) ID() string {
func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "ResolveEndpoint")
defer span.End()
if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
return next.HandleFinalize(ctx, in)
}
@@ -497,12 +519,17 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
}
params := bindEndpointParams(getOperationInput(ctx), m.options)
endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration",
func() (smithyendpoints.Endpoint, error) {
return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
})
if err != nil {
return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
}
span.SetProperty("client.call.resolved_endpoint", endpt.URI.String())
if endpt.URI.RawPath == "" && req.URL.RawPath != "" {
endpt.URI.RawPath = endpt.URI.Path
}
@@ -524,5 +551,6 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
rscheme.SignerProperties.SetAll(&o.SignerProperties)
}
span.End()
return next.HandleFinalize(ctx, in)
}

4
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json generated vendored
View File

@@ -3,8 +3,7 @@
"github.com/aws/aws-sdk-go-v2": "v1.4.0",
"github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
"github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
"github.com/aws/smithy-go": "v1.4.0",
"github.com/google/go-cmp": "v0.5.4"
"github.com/aws/smithy-go": "v1.4.0"
},
"files": [
"api_client.go",
@@ -25,6 +24,7 @@
"options.go",
"protocol_test.go",
"serializers.go",
"snapshot_test.go",
"types/errors.go",
"types/types.go",
"validators.go"

2
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go generated vendored
View File

@@ -3,4 +3,4 @@
package ssooidc
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.21.7"
const goModuleVersion = "1.28.13"

34
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go generated vendored
View File

@@ -94,7 +94,7 @@ var partitionRegexp = struct {
AwsUsGov *regexp.Regexp
}{
Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"),
AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -187,6 +187,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "ap-south-1",
},
},
endpoints.EndpointKey{
Region: "ap-south-2",
}: endpoints.Endpoint{
Hostname: "oidc.ap-south-2.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "ap-south-2",
},
},
endpoints.EndpointKey{
Region: "ap-southeast-1",
}: endpoints.Endpoint{
@@ -211,6 +219,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "ap-southeast-3",
},
},
endpoints.EndpointKey{
Region: "ap-southeast-4",
}: endpoints.Endpoint{
Hostname: "oidc.ap-southeast-4.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "ap-southeast-4",
},
},
endpoints.EndpointKey{
Region: "ca-central-1",
}: endpoints.Endpoint{
@@ -219,6 +235,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "ca-central-1",
},
},
endpoints.EndpointKey{
Region: "ca-west-1",
}: endpoints.Endpoint{
Hostname: "oidc.ca-west-1.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "ca-west-1",
},
},
endpoints.EndpointKey{
Region: "eu-central-1",
}: endpoints.Endpoint{
@@ -251,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
Region: "eu-south-1",
},
},
endpoints.EndpointKey{
Region: "eu-south-2",
}: endpoints.Endpoint{
Hostname: "oidc.eu-south-2.amazonaws.com",
CredentialScope: endpoints.CredentialScope{
Region: "eu-south-2",
},
},
endpoints.EndpointKey{
Region: "eu-west-1",
}: endpoints.Endpoint{

39
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go generated vendored
View File

@@ -9,7 +9,9 @@ import (
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
smithyauth "github.com/aws/smithy-go/auth"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net/http"
)
@@ -50,8 +52,10 @@ type Options struct {
// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
// value for this field will likely prevent you from using any endpoint-related
// service features released after the introduction of EndpointResolverV2 and
// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
// endpoint, set the client option BaseEndpoint instead.
// BaseEndpoint.
//
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
// the client option BaseEndpoint instead.
EndpointResolver EndpointResolver
// Resolves the endpoint used for a particular service operation. This should be
@@ -64,23 +68,29 @@ type Options struct {
// The logger writer interface to write logging messages to.
Logger logging.Logger
// The client meter provider.
MeterProvider metrics.MeterProvider
// The region to send requests to. (Required)
Region string
// RetryMaxAttempts specifies the maximum number attempts an API client will call
// an operation that fails with a retryable error. A value of 0 is ignored, and
// will not be used to configure the API client created default retryer, or modify
// per operation call's retry max attempts. If specified in an operation call's
// functional options with a value that is different than the constructed client's
// Options, the Client's Retryer will be wrapped to use the operation's specific
// RetryMaxAttempts value.
// per operation call's retry max attempts.
//
// If specified in an operation call's functional options with a value that is
// different than the constructed client's Options, the Client's Retryer will be
// wrapped to use the operation's specific RetryMaxAttempts value.
RetryMaxAttempts int
// RetryMode specifies the retry mode the API client will be created with, if
// Retryer option is not also specified. When creating a new API Clients this
// member will only be used if the Retryer Options member is nil. This value will
// be ignored if Retryer is not nil. Currently does not support per operation call
// overrides, may in the future.
// Retryer option is not also specified.
//
// When creating a new API Clients this member will only be used if the Retryer
// Options member is nil. This value will be ignored if Retryer is not nil.
//
// Currently does not support per operation call overrides, may in the future.
RetryMode aws.RetryMode
// Retryer guides how HTTP requests should be retried in case of recoverable
@@ -95,10 +105,14 @@ type Options struct {
// within your applications.
RuntimeEnvironment aws.RuntimeEnvironment
// The client tracer provider.
TracerProvider tracing.TracerProvider
// The initial DefaultsMode used when the client options were constructed. If the
// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
// value was at that point in time. Currently does not support per operation call
// overrides, may in the future.
// value was at that point in time.
//
// Currently does not support per operation call overrides, may in the future.
resolvedDefaultsMode aws.DefaultsMode
// The HTTP client to invoke API calls with. Defaults to client's default HTTP
@@ -143,6 +157,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
// this field will likely prevent you from using any endpoint-related service
// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
//
// To migrate an EndpointResolver implementation that uses a custom endpoint, set
// the client option BaseEndpoint instead.
func WithEndpointResolver(v EndpointResolver) func(*Options) {

81
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go generated vendored
View File

@@ -10,6 +10,7 @@ import (
"github.com/aws/smithy-go/encoding/httpbinding"
smithyjson "github.com/aws/smithy-go/encoding/json"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
@@ -23,6 +24,10 @@ func (*awsRestjson1_serializeOpCreateToken) ID() string {
func (m *awsRestjson1_serializeOpCreateToken) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -66,6 +71,8 @@ func (m *awsRestjson1_serializeOpCreateToken) HandleSerialize(ctx context.Contex
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsCreateTokenInput(v *CreateTokenInput, encoder *httpbinding.Encoder) error {
@@ -95,6 +102,11 @@ func awsRestjson1_serializeOpDocumentCreateTokenInput(v *CreateTokenInput, value
ok.String(*v.Code)
}
if v.CodeVerifier != nil {
ok := object.Key("codeVerifier")
ok.String(*v.CodeVerifier)
}
if v.DeviceCode != nil {
ok := object.Key("deviceCode")
ok.String(*v.DeviceCode)
@@ -135,6 +147,10 @@ func (*awsRestjson1_serializeOpCreateTokenWithIAM) ID() string {
func (m *awsRestjson1_serializeOpCreateTokenWithIAM) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -178,6 +194,8 @@ func (m *awsRestjson1_serializeOpCreateTokenWithIAM) HandleSerialize(ctx context
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsCreateTokenWithIAMInput(v *CreateTokenWithIAMInput, encoder *httpbinding.Encoder) error {
@@ -207,6 +225,11 @@ func awsRestjson1_serializeOpDocumentCreateTokenWithIAMInput(v *CreateTokenWithI
ok.String(*v.Code)
}
if v.CodeVerifier != nil {
ok := object.Key("codeVerifier")
ok.String(*v.CodeVerifier)
}
if v.GrantType != nil {
ok := object.Key("grantType")
ok.String(*v.GrantType)
@@ -257,6 +280,10 @@ func (*awsRestjson1_serializeOpRegisterClient) ID() string {
func (m *awsRestjson1_serializeOpRegisterClient) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -300,6 +327,8 @@ func (m *awsRestjson1_serializeOpRegisterClient) HandleSerialize(ctx context.Con
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsRegisterClientInput(v *RegisterClientInput, encoder *httpbinding.Encoder) error {
@@ -324,6 +353,30 @@ func awsRestjson1_serializeOpDocumentRegisterClientInput(v *RegisterClientInput,
ok.String(*v.ClientType)
}
if v.EntitledApplicationArn != nil {
ok := object.Key("entitledApplicationArn")
ok.String(*v.EntitledApplicationArn)
}
if v.GrantTypes != nil {
ok := object.Key("grantTypes")
if err := awsRestjson1_serializeDocumentGrantTypes(v.GrantTypes, ok); err != nil {
return err
}
}
if v.IssuerUrl != nil {
ok := object.Key("issuerUrl")
ok.String(*v.IssuerUrl)
}
if v.RedirectUris != nil {
ok := object.Key("redirectUris")
if err := awsRestjson1_serializeDocumentRedirectUris(v.RedirectUris, ok); err != nil {
return err
}
}
if v.Scopes != nil {
ok := object.Key("scopes")
if err := awsRestjson1_serializeDocumentScopes(v.Scopes, ok); err != nil {
@@ -344,6 +397,10 @@ func (*awsRestjson1_serializeOpStartDeviceAuthorization) ID() string {
func (m *awsRestjson1_serializeOpStartDeviceAuthorization) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
out middleware.SerializeOutput, metadata middleware.Metadata, err error,
) {
_, span := tracing.StartSpan(ctx, "OperationSerializer")
endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
defer endTimer()
defer span.End()
request, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -387,6 +444,8 @@ func (m *awsRestjson1_serializeOpStartDeviceAuthorization) HandleSerialize(ctx c
}
in.Request = request
endTimer()
span.End()
return next.HandleSerialize(ctx, in)
}
func awsRestjson1_serializeOpHttpBindingsStartDeviceAuthorizationInput(v *StartDeviceAuthorizationInput, encoder *httpbinding.Encoder) error {
@@ -419,6 +478,28 @@ func awsRestjson1_serializeOpDocumentStartDeviceAuthorizationInput(v *StartDevic
return nil
}
func awsRestjson1_serializeDocumentGrantTypes(v []string, value smithyjson.Value) error {
array := value.Array()
defer array.Close()
for i := range v {
av := array.Value()
av.String(v[i])
}
return nil
}
func awsRestjson1_serializeDocumentRedirectUris(v []string, value smithyjson.Value) error {
array := value.Array()
defer array.Close()
for i := range v {
av := array.Value()
av.String(v[i])
}
return nil
}
func awsRestjson1_serializeDocumentScopes(v []string, value smithyjson.Value) error {
array := value.Array()
defer array.Close()

32
vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go generated vendored
View File

@@ -188,7 +188,7 @@ func (e *InvalidClientMetadataException) ErrorCode() string {
func (e *InvalidClientMetadataException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// Indicates that a request contains an invalid grant. This can occur if a client
// makes a CreateToken request with an invalid grant type.
// makes a CreateTokenrequest with an invalid grant type.
type InvalidGrantException struct {
Message *string
@@ -217,6 +217,36 @@ func (e *InvalidGrantException) ErrorCode() string {
}
func (e *InvalidGrantException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// Indicates that one or more redirect URI in the request is not supported for
// this operation.
type InvalidRedirectUriException struct {
Message *string
ErrorCodeOverride *string
Error_ *string
Error_description *string
noSmithyDocumentSerde
}
func (e *InvalidRedirectUriException) Error() string {
return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage())
}
func (e *InvalidRedirectUriException) ErrorMessage() string {
if e.Message == nil {
return ""
}
return *e.Message
}
func (e *InvalidRedirectUriException) ErrorCode() string {
if e == nil || e.ErrorCodeOverride == nil {
return "InvalidRedirectUriException"
}
return *e.ErrorCodeOverride
}
func (e *InvalidRedirectUriException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
// Indicates that something is wrong with the input to the request. For example, a
// required parameter might be missing or out of range.
type InvalidRequestException struct {

219
vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md generated vendored
View File

@@ -1,3 +1,222 @@
# v1.33.13 (2025-02-04)
* No change notes available for this release.
# v1.33.12 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.11 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.10 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.33.9 (2025-01-17)
* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
# v1.33.8 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.7 (2025-01-14)
* No change notes available for this release.
# v1.33.6 (2025-01-10)
* **Documentation**: Fixed typos in the descriptions.
# v1.33.5 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.4 (2025-01-08)
* No change notes available for this release.
# v1.33.3 (2024-12-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.2 (2024-12-02)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.1 (2024-11-18)
* **Dependency Update**: Update to smithy-go v1.22.1.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.33.0 (2024-11-14)
* **Feature**: This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks.
# v1.32.4 (2024-11-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.32.3 (2024-10-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.32.2 (2024-10-08)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.32.1 (2024-10-07)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.32.0 (2024-10-04)
* **Feature**: Add support for HTTP client metrics.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.31.4 (2024-10-03)
* No change notes available for this release.
# v1.31.3 (2024-09-27)
* No change notes available for this release.
# v1.31.2 (2024-09-25)
* No change notes available for this release.
# v1.31.1 (2024-09-23)
* No change notes available for this release.
# v1.31.0 (2024-09-20)
* **Feature**: Add tracing and metrics support to service clients.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.30.8 (2024-09-17)
* **Bug Fix**: **BREAKFIX**: Only generate AccountIDEndpointMode config for services that use it. This is a compiler break, but removes no actual functionality, as no services currently use the account ID in endpoint resolution.
# v1.30.7 (2024-09-04)
* No change notes available for this release.
# v1.30.6 (2024-09-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.30.5 (2024-08-22)
* No change notes available for this release.
# v1.30.4 (2024-08-15)
* **Dependency Update**: Bump minimum Go version to 1.21.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.30.3 (2024-07-10.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.30.2 (2024-07-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.30.1 (2024-06-28)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.30.0 (2024-06-26)
* **Feature**: Support list-of-string endpoint parameter.
# v1.29.1 (2024-06-19)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.0 (2024-06-18)
* **Feature**: Track usage of various AWS SDK features in user-agent string.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.13 (2024-06-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.12 (2024-06-07)
* **Bug Fix**: Add clock skew correction on all service clients
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.11 (2024-06-03)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.10 (2024-05-23)
* No change notes available for this release.
# v1.28.9 (2024-05-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.8 (2024-05-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.7 (2024-05-08)
* **Bug Fix**: GoDoc improvement
# v1.28.6 (2024-03-29)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.5 (2024-03-18)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.4 (2024-03-07)
* **Bug Fix**: Remove dependency on go-cmp.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.3 (2024-03-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.2 (2024-03-04)
* **Bug Fix**: Update internal/presigned-url dependency for corrected API name.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.1 (2024-02-23)
* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.0 (2024-02-22)
* **Feature**: Add middleware stack snapshot tests.
# v1.27.2 (2024-02-21)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.27.1 (2024-02-20)
* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
# v1.27.0 (2024-02-13)
* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.26.7 (2024-01-04)
* **Dependency Update**: Updated to the latest SDK module versions

465
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go generated vendored
View File

@@ -4,6 +4,7 @@ package sts
import (
"context"
"errors"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/defaults"
@@ -15,25 +16,160 @@ import (
internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding"
presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url"
smithy "github.com/aws/smithy-go"
smithyauth "github.com/aws/smithy-go/auth"
smithydocument "github.com/aws/smithy-go/document"
"github.com/aws/smithy-go/logging"
"github.com/aws/smithy-go/metrics"
"github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/tracing"
smithyhttp "github.com/aws/smithy-go/transport/http"
"net"
"net/http"
"sync/atomic"
"time"
)
const ServiceID = "STS"
const ServiceAPIVersion = "2011-06-15"
type operationMetrics struct {
Duration metrics.Float64Histogram
SerializeDuration metrics.Float64Histogram
ResolveIdentityDuration metrics.Float64Histogram
ResolveEndpointDuration metrics.Float64Histogram
SignRequestDuration metrics.Float64Histogram
DeserializeDuration metrics.Float64Histogram
}
func (m *operationMetrics) histogramFor(name string) metrics.Float64Histogram {
switch name {
case "client.call.duration":
return m.Duration
case "client.call.serialization_duration":
return m.SerializeDuration
case "client.call.resolve_identity_duration":
return m.ResolveIdentityDuration
case "client.call.resolve_endpoint_duration":
return m.ResolveEndpointDuration
case "client.call.signing_duration":
return m.SignRequestDuration
case "client.call.deserialization_duration":
return m.DeserializeDuration
default:
panic("unrecognized operation metric")
}
}
func timeOperationMetric[T any](
ctx context.Context, metric string, fn func() (T, error),
opts ...metrics.RecordMetricOption,
) (T, error) {
instr := getOperationMetrics(ctx).histogramFor(metric)
opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
start := time.Now()
v, err := fn()
end := time.Now()
elapsed := end.Sub(start)
instr.Record(ctx, float64(elapsed)/1e9, opts...)
return v, err
}
func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() {
instr := getOperationMetrics(ctx).histogramFor(metric)
opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
var ended bool
start := time.Now()
return func() {
if ended {
return
}
ended = true
end := time.Now()
elapsed := end.Sub(start)
instr.Record(ctx, float64(elapsed)/1e9, opts...)
}
}
func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
return func(o *metrics.RecordMetricOptions) {
o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
}
}
type operationMetricsKey struct{}
func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) {
meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/sts")
om := &operationMetrics{}
var err error
om.Duration, err = operationMetricTimer(meter, "client.call.duration",
"Overall call duration (including retries and time to send or receive request and response body)")
if err != nil {
return nil, err
}
om.SerializeDuration, err = operationMetricTimer(meter, "client.call.serialization_duration",
"The time it takes to serialize a message body")
if err != nil {
return nil, err
}
om.ResolveIdentityDuration, err = operationMetricTimer(meter, "client.call.auth.resolve_identity_duration",
"The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity Provider")
if err != nil {
return nil, err
}
om.ResolveEndpointDuration, err = operationMetricTimer(meter, "client.call.resolve_endpoint_duration",
"The time it takes to resolve an endpoint (endpoint resolver, not DNS) for the request")
if err != nil {
return nil, err
}
om.SignRequestDuration, err = operationMetricTimer(meter, "client.call.auth.signing_duration",
"The time it takes to sign a request")
if err != nil {
return nil, err
}
om.DeserializeDuration, err = operationMetricTimer(meter, "client.call.deserialization_duration",
"The time it takes to deserialize a message body")
if err != nil {
return nil, err
}
return context.WithValue(parent, operationMetricsKey{}, om), nil
}
func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Histogram, error) {
return m.Float64Histogram(name, func(o *metrics.InstrumentOptions) {
o.UnitLabel = "s"
o.Description = desc
})
}
func getOperationMetrics(ctx context.Context) *operationMetrics {
return ctx.Value(operationMetricsKey{}).(*operationMetrics)
}
func operationTracer(p tracing.TracerProvider) tracing.Tracer {
return p.Tracer("github.com/aws/aws-sdk-go-v2/service/sts")
}
// Client provides the API client to make operations call for AWS Security Token
// Service.
type Client struct {
options Options
// Difference between the time reported by the server and the client
timeOffset *atomic.Int64
}
// New returns an initialized Client based on the functional options. Provide
@@ -54,6 +190,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
resolveEndpointResolverV2(&options)
resolveTracerProvider(&options)
resolveMeterProvider(&options)
resolveAuthSchemeResolver(&options)
for _, fn := range optFns {
@@ -72,6 +212,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
options: options,
}
initializeTimeOffsetResolver(client)
return client
}
@@ -84,8 +226,15 @@ func (c *Client) Options() Options {
return c.options.Copy()
}
func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) {
func (c *Client) invokeOperation(
ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error,
) (
result interface{}, metadata middleware.Metadata, err error,
) {
ctx = middleware.ClearStackValues(ctx)
ctx = middleware.WithServiceID(ctx, ServiceID)
ctx = middleware.WithOperationName(ctx, opID)
stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
options := c.options.Copy()
@@ -109,15 +258,56 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
}
}
handler := middleware.DecorateHandler(smithyhttp.NewClientHandler(options.HTTPClient), stack)
result, metadata, err = handler.Handle(ctx, params)
ctx, err = withOperationMetrics(ctx, options.MeterProvider)
if err != nil {
return nil, metadata, err
}
tracer := operationTracer(options.TracerProvider)
spanName := fmt.Sprintf("%s.%s", ServiceID, opID)
ctx = tracing.WithOperationTracer(ctx, tracer)
ctx, span := tracer.StartSpan(ctx, spanName, func(o *tracing.SpanOptions) {
o.Kind = tracing.SpanKindClient
o.Properties.Set("rpc.system", "aws-api")
o.Properties.Set("rpc.method", opID)
o.Properties.Set("rpc.service", ServiceID)
})
endTimer := startMetricTimer(ctx, "client.call.duration")
defer endTimer()
defer span.End()
handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) {
o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sts")
})
decorated := middleware.DecorateHandler(handler, stack)
result, metadata, err = decorated.Handle(ctx, params)
if err != nil {
span.SetProperty("exception.type", fmt.Sprintf("%T", err))
span.SetProperty("exception.message", err.Error())
var aerr smithy.APIError
if errors.As(err, &aerr) {
span.SetProperty("api.error_code", aerr.ErrorCode())
span.SetProperty("api.error_message", aerr.ErrorMessage())
span.SetProperty("api.error_fault", aerr.ErrorFault().String())
}
err = &smithy.OperationError{
ServiceID: ServiceID,
OperationName: opID,
Err: err,
}
}
span.SetProperty("error", err != nil)
if err == nil {
span.SetStatus(tracing.SpanStatusOK)
} else {
span.SetStatus(tracing.SpanStatusError)
}
return result, metadata, err
}
@@ -155,7 +345,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o
if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
return fmt.Errorf("add ResolveEndpointV2: %v", err)
}
if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
if err := stack.Finalize.Insert(&signRequestMiddleware{options: options}, "ResolveEndpointV2", middleware.After); err != nil {
return fmt.Errorf("add Signing: %w", err)
}
return nil
@@ -365,17 +555,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
}
func addClientUserAgent(stack *middleware.Stack, options Options) error {
if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sts", goModuleVersion)(stack); err != nil {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sts", goModuleVersion)
if len(options.AppID) > 0 {
return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
}
return nil
}
func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
id := (*awsmiddleware.RequestUserAgent)(nil).ID()
mw, ok := stack.Build.Get(id)
if !ok {
mw = awsmiddleware.NewRequestUserAgent()
if err := stack.Build.Add(mw, middleware.After); err != nil {
return nil, err
}
}
ua, ok := mw.(*awsmiddleware.RequestUserAgent)
if !ok {
return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
}
return ua, nil
}
type HTTPSignerV4 interface {
SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}
@@ -394,12 +604,97 @@ func newDefaultV4Signer(o Options) *v4.Signer {
})
}
func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
mo := retry.AddRetryMiddlewaresOptions{
Retryer: o.Retryer,
LogRetryAttempts: o.ClientLogMode.IsRetries(),
func addClientRequestID(stack *middleware.Stack) error {
return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
}
func addComputeContentLength(stack *middleware.Stack) error {
return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
}
func addRawResponseToMetadata(stack *middleware.Stack) error {
return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
}
func addRecordResponseTiming(stack *middleware.Stack) error {
return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
}
func addSpanRetryLoop(stack *middleware.Stack, options Options) error {
return stack.Finalize.Insert(&spanRetryLoop{options: options}, "Retry", middleware.Before)
}
type spanRetryLoop struct {
options Options
}
func (*spanRetryLoop) ID() string {
return "spanRetryLoop"
}
func (m *spanRetryLoop) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
middleware.FinalizeOutput, middleware.Metadata, error,
) {
tracer := operationTracer(m.options.TracerProvider)
ctx, span := tracer.StartSpan(ctx, "RetryLoop")
defer span.End()
return next.HandleFinalize(ctx, in)
}
func addStreamingEventsPayload(stack *middleware.Stack) error {
return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
}
func addUnsignedPayload(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
}
func addComputePayloadSHA256(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
}
func addContentSHA256Header(stack *middleware.Stack) error {
return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
}
func addIsWaiterUserAgent(o *Options) {
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
return nil
})
}
func addIsPaginatorUserAgent(o *Options) {
o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
return nil
})
}
func addRetry(stack *middleware.Stack, o Options) error {
attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
m.LogAttempts = o.ClientLogMode.IsRetries()
m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sts")
})
if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil {
return err
}
return retry.AddRetryMiddlewares(stack, mo)
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
return err
}
return nil
}
// resolves dual-stack endpoint configuration
@@ -432,12 +727,68 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
return nil
}
func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
if mode == aws.AccountIDEndpointModeDisabled {
return nil
}
if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
return aws.String(ca.Credentials.AccountID)
}
return nil
}
func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
if err := stack.Build.Add(&mw, middleware.After); err != nil {
return err
}
return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
}
func initializeTimeOffsetResolver(c *Client) {
c.timeOffset = new(atomic.Int64)
}
func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
switch options.Retryer.(type) {
case *retry.Standard:
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
case *retry.AdaptiveMode:
ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
}
return nil
}
func resolveTracerProvider(options *Options) {
if options.TracerProvider == nil {
options.TracerProvider = &tracing.NopTracerProvider{}
}
}
func resolveMeterProvider(options *Options) {
if options.MeterProvider == nil {
options.MeterProvider = metrics.NopMeterProvider{}
}
}
func addRecursionDetection(stack *middleware.Stack) error {
return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
}
func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
}
func addResponseErrorMiddleware(stack *middleware.Stack) error {
return awshttp.AddResponseErrorMiddleware(stack)
return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
}
// HTTPPresignerV4 represents presigner interface used by presign url client
@@ -581,7 +932,7 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op
if err != nil {
return err
}
err = presignedurlcust.AddAsIsPresigingMiddleware(stack)
err = presignedurlcust.AddAsIsPresigningMiddleware(stack)
if err != nil {
return err
}
@@ -625,3 +976,89 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
DisableHTTPS: o.EndpointOptions.DisableHTTPS,
}, "ResolveEndpointV2", middleware.After)
}
type spanInitializeStart struct {
}
func (*spanInitializeStart) ID() string {
return "spanInitializeStart"
}
func (m *spanInitializeStart) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
middleware.InitializeOutput, middleware.Metadata, error,
) {
ctx, _ = tracing.StartSpan(ctx, "Initialize")
return next.HandleInitialize(ctx, in)
}
type spanInitializeEnd struct {
}
func (*spanInitializeEnd) ID() string {
return "spanInitializeEnd"
}
func (m *spanInitializeEnd) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
middleware.InitializeOutput, middleware.Metadata, error,
) {
ctx, span := tracing.PopSpan(ctx)
span.End()
return next.HandleInitialize(ctx, in)
}
type spanBuildRequestStart struct {
}
func (*spanBuildRequestStart) ID() string {
return "spanBuildRequestStart"
}
func (m *spanBuildRequestStart) HandleSerialize(
ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler,
) (
middleware.SerializeOutput, middleware.Metadata, error,
) {
ctx, _ = tracing.StartSpan(ctx, "BuildRequest")
return next.HandleSerialize(ctx, in)
}
type spanBuildRequestEnd struct {
}
func (*spanBuildRequestEnd) ID() string {
return "spanBuildRequestEnd"
}
func (m *spanBuildRequestEnd) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
) (
middleware.BuildOutput, middleware.Metadata, error,
) {
ctx, span := tracing.PopSpan(ctx)
span.End()
return next.HandleBuild(ctx, in)
}
func addSpanInitializeStart(stack *middleware.Stack) error {
return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before)
}
func addSpanInitializeEnd(stack *middleware.Stack) error {
return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After)
}
func addSpanBuildRequestStart(stack *middleware.Stack) error {
return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before)
}
func addSpanBuildRequestEnd(stack *middleware.Stack) error {
return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After)
}

498
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go generated vendored
View File

@@ -16,69 +16,98 @@ import (
// Amazon Web Services resources. These temporary credentials consist of an access
// key ID, a secret access key, and a security token. Typically, you use AssumeRole
// within your account or for cross-account access. For a comparison of AssumeRole
// with other API operations that produce temporary credentials, see Requesting
// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. Permissions The temporary security credentials created by
// AssumeRole can be used to make API calls to any Amazon Web Services service
// with the following exception: You cannot call the Amazon Web Services STS
// GetFederationToken or GetSessionToken API operations. (Optional) You can pass
// inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. When you create a role, you create two policies: a role
// trust policy that specifies who can assume the role, and a permissions policy
// that specifies what can be done with the role. You specify the trusted principal
// that is allowed to assume the role in the role trust policy. To assume a role
// from a different account, your Amazon Web Services account must be trusted by
// the role. The trust relationship is defined in the role's trust policy when the
// role is created. That trust policy states which accounts are allowed to delegate
// that access to users in the account. A user who wants to access a role in a
// different account must also have permissions that are delegated from the account
// administrator. The administrator must attach a policy that allows the user to
// call AssumeRole for the ARN of the role in the other account. To allow a user
// to assume a role in the same account, you can do either of the following:
// with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the
// IAM User Guide.
//
// # Permissions
//
// The temporary security credentials created by AssumeRole can be used to make
// API calls to any Amazon Web Services service with the following exception: You
// cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
// API operations.
//
// (Optional) You can pass inline or managed session policies to this operation.
// You can pass a single JSON policy document to use as an inline session policy.
// You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use
// as managed session policies. The plaintext that you use for both inline and
// managed session policies can't exceed 2,048 characters. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see [Session Policies]in the IAM User Guide.
//
// When you create a role, you create two policies: a role trust policy that
// specifies who can assume the role, and a permissions policy that specifies what
// can be done with the role. You specify the trusted principal that is allowed to
// assume the role in the role trust policy.
//
// To assume a role from a different account, your Amazon Web Services account
// must be trusted by the role. The trust relationship is defined in the role's
// trust policy when the role is created. That trust policy states which accounts
// are allowed to delegate that access to users in the account.
//
// A user who wants to access a role in a different account must also have
// permissions that are delegated from the account administrator. The administrator
// must attach a policy that allows the user to call AssumeRole for the ARN of the
// role in the other account.
//
// To allow a user to assume a role in the same account, you can do either of the
// following:
//
// - Attach a policy to the user that allows the user to call AssumeRole (as long
// as the role's trust policy trusts the account).
//
// - Add the user as a principal directly in the role's trust policy.
//
// You can do either because the roles trust policy acts as an IAM resource-based
// policy. When a resource-based policy grants access to a principal in the same
// account, no additional identity-based policy is required. For more information
// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your
// session. These tags are called session tags. For more information about session
// tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. An administrator must grant you the permissions necessary
// to pass session tags. The administrator can also create granular permissions to
// allow you to pass only specific session tags. For more information, see
// Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include
// multi-factor authentication (MFA) information when you call AssumeRole . This is
// useful for cross-account scenarios to ensure that the user that assumes the role
// has been authenticated with an Amazon Web Services MFA device. In that scenario,
// the trust policy of the role being assumed includes a condition that tests for
// MFA authentication. If the caller does not include valid MFA information, the
// request to assume the role is denied. The condition in a trust policy that tests
// for MFA authentication might look like the following example. "Condition":
// {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see
// Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
// in the IAM User Guide guide. To use MFA with AssumeRole , you pass values for
// the SerialNumber and TokenCode parameters. The SerialNumber value identifies
// the user's hardware or virtual MFA device. The TokenCode is the time-based
// one-time password (TOTP) that the MFA device produces.
// about trust policies and resource-based policies, see [IAM Policies]in the IAM User Guide.
//
// # Tags
//
// (Optional) You can pass tag key-value pairs to your session. These tags are
// called session tags. For more information about session tags, see [Passing Session Tags in STS]in the IAM
// User Guide.
//
// An administrator must grant you the permissions necessary to pass session tags.
// The administrator can also create granular permissions to allow you to pass only
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
//
// You can set the session tags as transitive. Transitive tags persist during role
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
//
// # Using MFA with AssumeRole
//
// (Optional) You can include multi-factor authentication (MFA) information when
// you call AssumeRole . This is useful for cross-account scenarios to ensure that
// the user that assumes the role has been authenticated with an Amazon Web
// Services MFA device. In that scenario, the trust policy of the role being
// assumed includes a condition that tests for MFA authentication. If the caller
// does not include valid MFA information, the request to assume the role is
// denied. The condition in a trust policy that tests for MFA authentication might
// look like the following example.
//
// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
//
// For more information, see [Configuring MFA-Protected API Access] in the IAM User Guide guide.
//
// To use MFA with AssumeRole , you pass values for the SerialNumber and TokenCode
// parameters. The SerialNumber value identifies the user's hardware or virtual
// MFA device. The TokenCode is the time-based one-time password (TOTP) that the
// MFA device produces.
//
// [Configuring MFA-Protected API Access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
// [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
if params == nil {
params = &AssumeRoleInput{}
@@ -101,17 +130,27 @@ type AssumeRoleInput struct {
// This member is required.
RoleArn *string
// An identifier for the assumed role session. Use the role session name to
// uniquely identify a session when the same role is assumed by different
// principals or for different reasons. In cross-account scenarios, the role
// session name is visible to, and can be logged by the account that owns the role.
// The role session name is also used in the ARN of the assumed role principal.
// This means that subsequent cross-account API requests that use the temporary
// security credentials will expose the role session name to the external account
// in their CloudTrail logs. The regex used to validate this parameter is a string
// of characters consisting of upper- and lower-case alphanumeric characters with
// no spaces. You can also include underscores or any of the following characters:
// =,.@-
// An identifier for the assumed role session.
//
// Use the role session name to uniquely identify a session when the same role is
// assumed by different principals or for different reasons. In cross-account
// scenarios, the role session name is visible to, and can be logged by the account
// that owns the role. The role session name is also used in the ARN of the assumed
// role principal. This means that subsequent cross-account API requests that use
// the temporary security credentials will expose the role session name to the
// external account in their CloudTrail logs.
//
// For security purposes, administrators can view this field in [CloudTrail logs] to help identify
// who performed an action in Amazon Web Services. Your administrator might require
// that you specify your user name as the session name when you assume the role.
// For more information, see [sts:RoleSessionName]sts:RoleSessionName .
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@-
//
// [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
// [sts:RoleSessionName]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
//
// This member is required.
RoleSessionName *string
@@ -122,23 +161,27 @@ type AssumeRoleInput struct {
// hours. If you specify a value higher than this setting or the administrator
// setting (whichever is lower), the operation fails. For example, if you specify a
// session duration of 12 hours, but your administrator set the maximum session
// duration to 6 hours, your operation fails. Role chaining limits your Amazon Web
// Services CLI or Amazon Web Services API role session to a maximum of one hour.
// When you use the AssumeRole API operation to assume a role, you can specify the
// duration of your role session with the DurationSeconds parameter. You can
// specify a parameter value of up to 43200 seconds (12 hours), depending on the
// maximum session duration setting for your role. However, if you assume a role
// using role chaining and provide a DurationSeconds parameter value greater than
// one hour, the operation fails. To learn how to view the maximum value for your
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
// DurationSeconds parameter is separate from the duration of a console session
// that you might request using the returned credentials. The request to the
// federation endpoint for a console sign-in token takes a SessionDuration
// duration to 6 hours, your operation fails.
//
// Role chaining limits your Amazon Web Services CLI or Amazon Web Services API
// role session to a maximum of one hour. When you use the AssumeRole API
// operation to assume a role, you can specify the duration of your role session
// with the DurationSeconds parameter. You can specify a parameter value of up to
// 43200 seconds (12 hours), depending on the maximum session duration setting for
// your role. However, if you assume a role using role chaining and provide a
// DurationSeconds parameter value greater than one hour, the operation fails. To
// learn how to view the maximum value for your role, see [Update the maximum session duration for a role].
//
// By default, the value is set to 3600 seconds.
//
// The DurationSeconds parameter is separate from the duration of a console
// session that you might request using the returned credentials. The request to
// the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
//
// [Update the maximum session duration for a role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
DurationSeconds *int32
// A unique identifier that might be required when you assume a role in another
@@ -149,63 +192,82 @@ type AssumeRoleInput struct {
// the administrator of the trusting account might send an external ID to the
// administrator of the trusted account. That way, only someone with the ID can
// assume the role, rather than everyone in the account. For more information about
// the external ID, see How to Use an External ID When Granting Access to Your
// Amazon Web Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
// in the IAM User Guide. The regex used to validate this parameter is a string of
// characters consisting of upper- and lower-case alphanumeric characters with no
// spaces. You can also include underscores or any of the following characters:
// =,.@:/-
// the external ID, see [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]in the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@:/-
//
// [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
ExternalId *string
// An IAM policy in JSON format that you want to use as an inline session policy.
//
// This parameter is optional. Passing policies to this operation returns new
// temporary credentials. The resulting session's permissions are the intersection
// of the role's identity-based policy and the session policies. You can use the
// role's temporary credentials in subsequent Amazon Web Services API calls to
// access resources in the account that owns the role. You cannot use session
// policies to grant more permissions than those allowed by the identity-based
// policy of the role that is being assumed. For more information, see Session
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. The JSON policy characters can
// be any ASCII character from the space character to the end of the valid
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
// Services conversion compresses the passed inline session policy, managed policy
// ARNs, and session tags into a packed binary format that has a separate limit.
// Your request can fail for this limit even if your plaintext meets the other
// requirements. The PackedPolicySize response element indicates by percentage how
// close the policies and tags for your request are to the upper size limit.
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
// User Guide.
//
// The plaintext that you use for both inline and managed session policies can't
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters.
//
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates
// by percentage how close the policies and tags for your request are to the upper
// size limit.
//
// For more information about role session permissions, see [Session policies].
//
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
// use as managed session policies. The policies must exist in the same account as
// the role. This parameter is optional. You can provide up to 10 managed policy
// ARNs. However, the plaintext that you use for both inline and managed session
// policies can't exceed 2,048 characters. For more information about ARNs, see
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
// compresses the passed inline session policy, managed policy ARNs, and session
// tags into a packed binary format that has a separate limit. Your request can
// fail for this limit even if your plaintext meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
// the role.
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plaintext that you use for both inline and managed session policies
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
// Amazon Web Services General Reference.
//
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates
// by percentage how close the policies and tags for your request are to the upper
// size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
//
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
PolicyArns []types.PolicyDescriptorType
// A list of previously acquired trusted context assertions in the format of a
// JSON array. The trusted context assertion is signed and encrypted by Amazon Web
// Services STS. The following is an example of a ProvidedContext value that
// includes a single trusted context assertion and the ARN of the context provider
// from which the trusted context assertion was generated.
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
// Services STS.
//
// The following is an example of a ProvidedContext value that includes a single
// trusted context assertion and the ARN of the context provider from which the
// trusted context assertion was generated.
//
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
ProvidedContexts []types.ProvidedContext
// The identification number of the MFA device that is associated with the user
@@ -213,79 +275,99 @@ type AssumeRoleInput struct {
// the role being assumed includes a condition that requires MFA authentication.
// The value is either the serial number for a hardware device (such as
// GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
// arn:aws:iam::123456789012:mfa/user ). The regex used to validate this parameter
// is a string of characters consisting of upper- and lower-case alphanumeric
// characters with no spaces. You can also include underscores or any of the
// following characters: =,.@-
// arn:aws:iam::123456789012:mfa/user ).
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@-
SerialNumber *string
// The source identity specified by the principal that is calling the AssumeRole
// operation. You can require users to specify a source identity when they assume a
// role. You do this by using the sts:SourceIdentity condition key in a role trust
// policy. You can use source identity information in CloudTrail logs to determine
// who took actions with a role. You can use the aws:SourceIdentity condition key
// to further control access to Amazon Web Services resources based on the value of
// source identity. For more information about using source identity, see Monitor
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide. The regex used to validate this parameter is a string of
// characters consisting of upper- and lower-case alphanumeric characters with no
// spaces. You can also include underscores or any of the following characters:
// =,.@-. You cannot use a value that begins with the text aws: . This prefix is
// reserved for Amazon Web Services internal use.
// operation. The source identity value persists across [chained role]sessions.
//
// You can require users to specify a source identity when they assume a role. You
// do this by using the [sts:SourceIdentity]sts:SourceIdentity condition key in a role trust policy.
// You can use source identity information in CloudTrail logs to determine who took
// actions with a role. You can use the aws:SourceIdentity condition key to
// further control access to Amazon Web Services resources based on the value of
// source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
// IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: +=,.@-. You cannot use a
// value that begins with the text aws: . This prefix is reserved for Amazon Web
// Services internal use.
//
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
// [sts:SourceIdentity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity
SourceIdentity *string
// A list of session tags that you want to pass. Each session tag consists of a
// key name and an associated value. For more information about session tags, see
// Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. This parameter is optional. You can pass up to 50 session
// tags. The plaintext session tag keys cant exceed 128 characters, and the values
// cant exceed 256 characters. For these and additional limits, see IAM and STS
// Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is already attached to the role. When you do, session
// tags override a role tag with the same key. Tag keyvalue pairs are not case
// sensitive, but case is preserved. This means that you cannot have separate
// Department and department tag keys. Assume that the role has the Department =
// Marketing tag and you pass the department = engineering session tag. Department
// and department are not saved as separate tags, and the session tag passed in
// the request takes precedence over the role tag. Additionally, if you used
// temporary credentials to perform this operation, the new session inherits any
// transitive session tags from the calling session. If you pass a session tag with
// the same key as an inherited tag, the operation fails. To view the inherited
// tags for a session, see the CloudTrail logs. For more information, see Viewing
// Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
// key name and an associated value. For more information about session tags, see [Tagging Amazon Web Services STS Sessions]
// in the IAM User Guide.
//
// This parameter is optional. You can pass up to 50 session tags. The plaintext
// session tag keys cant exceed 128 characters, and the values cant exceed 256
// characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
//
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates
// by percentage how close the policies and tags for your request are to the upper
// size limit.
//
// You can pass a session tag with the same key as a tag that is already attached
// to the role. When you do, session tags override a role tag with the same key.
//
// Tag keyvalue pairs are not case sensitive, but case is preserved. This means
// that you cannot have separate Department and department tag keys. Assume that
// the role has the Department = Marketing tag and you pass the department =
// engineering session tag. Department and department are not saved as separate
// tags, and the session tag passed in the request takes precedence over the role
// tag.
//
// Additionally, if you used temporary credentials to perform this operation, the
// new session inherits any transitive session tags from the calling session. If
// you pass a session tag with the same key as an inherited tag, the operation
// fails. To view the inherited tags for a session, see the CloudTrail logs. For
// more information, see [Viewing Session Tags in CloudTrail]in the IAM User Guide.
//
// [Tagging Amazon Web Services STS Sessions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
// [Viewing Session Tags in CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
Tags []types.Tag
// The value provided by the MFA device, if the trust policy of the role being
// assumed requires MFA. (In other words, if the policy includes a condition that
// tests for MFA). If the role being assumed requires MFA and if the TokenCode
// value is missing or expired, the AssumeRole call returns an "access denied"
// error. The format for this parameter, as described by its regex pattern, is a
// sequence of six numeric digits.
// error.
//
// The format for this parameter, as described by its regex pattern, is a sequence
// of six numeric digits.
TokenCode *string
// A list of keys for session tags that you want to set as transitive. If you set
// a tag key as transitive, the corresponding key and value passes to subsequent
// sessions in a role chain. For more information, see Chaining Roles with Session
// Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. This parameter is optional. When you set session tags as
// transitive, the session policy and session tags packed binary limit is not
// affected. If you choose not to specify a transitive tag key, then no tags are
// passed from this session to any subsequent sessions.
// sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
//
// This parameter is optional. The transitive status of a session tag does not
// impact its packed binary size.
//
// If you choose not to specify a transitive tag key, then no tags are passed from
// this session to any subsequent sessions.
//
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
TransitiveTagKeys []string
noSmithyDocumentSerde
}
// Contains the response to a successful AssumeRole request, including temporary
// Amazon Web Services credentials that can be used to make Amazon Web Services
// requests.
// Contains the response to a successful AssumeRole request, including temporary Amazon Web
// Services credentials that can be used to make Amazon Web Services requests.
type AssumeRoleOutput struct {
// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
@@ -296,9 +378,10 @@ type AssumeRoleOutput struct {
AssumedRoleUser *types.AssumedRoleUser
// The temporary security credentials, which include an access key ID, a secret
// access key, and a security (or session) token. The size of the security token
// that STS API operations return is not fixed. We strongly recommend that you make
// no assumptions about the maximum size.
// access key, and a security (or session) token.
//
// The size of the security token that STS API operations return is not fixed. We
// strongly recommend that you make no assumptions about the maximum size.
Credentials *types.Credentials
// A percentage value that indicates the packed size of the session policies and
@@ -308,17 +391,21 @@ type AssumeRoleOutput struct {
PackedPolicySize *int32
// The source identity specified by the principal that is calling the AssumeRole
// operation. You can require users to specify a source identity when they assume a
// role. You do this by using the sts:SourceIdentity condition key in a role trust
// policy. You can use source identity information in CloudTrail logs to determine
// who took actions with a role. You can use the aws:SourceIdentity condition key
// to further control access to Amazon Web Services resources based on the value of
// source identity. For more information about using source identity, see Monitor
// and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide. The regex used to validate this parameter is a string of
// characters consisting of upper- and lower-case alphanumeric characters with no
// spaces. You can also include underscores or any of the following characters:
// =,.@-
// operation.
//
// You can require users to specify a source identity when they assume a role. You
// do this by using the sts:SourceIdentity condition key in a role trust policy.
// You can use source identity information in CloudTrail logs to determine who took
// actions with a role. You can use the aws:SourceIdentity condition key to
// further control access to Amazon Web Services resources based on the value of
// source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
// IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@-
//
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
SourceIdentity *string
// Metadata pertaining to the operation's result.
@@ -349,25 +436,28 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
if err = addComputePayloadSHA256(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -382,13 +472,19 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRole(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -403,6 +499,18 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

404
vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go generated vendored
View File

@@ -16,92 +16,132 @@ import (
// mechanism for tying an enterprise identity store or directory to role-based
// Amazon Web Services access without user-specific credentials or configuration.
// For a comparison of AssumeRoleWithSAML with the other API operations that
// produce temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
// in the IAM User Guide. The temporary security credentials returned by this
// operation consist of an access key ID, a secret access key, and a security
// token. Applications can use these temporary security credentials to sign calls
// to Amazon Web Services services. Session Duration By default, the temporary
// security credentials created by AssumeRoleWithSAML last for one hour. However,
// you can use the optional DurationSeconds parameter to specify the duration of
// your session. Your role session lasts for the duration that you specify, or
// until the time specified in the SAML authentication response's
// SessionNotOnOrAfter value, whichever is shorter. You can provide a
// DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
// duration setting for the role. This setting can have a value from 1 hour to 12
// hours. To learn how to view the maximum value for your role, see View the
// Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you use
// the AssumeRole* API operations or the assume-role* CLI commands. However the
// limit does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide. Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
// limits your CLI or Amazon Web Services API role session to a maximum of one
// produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide.
//
// The temporary security credentials returned by this operation consist of an
// access key ID, a secret access key, and a security token. Applications can use
// these temporary security credentials to sign calls to Amazon Web Services
// services.
//
// # Session Duration
//
// By default, the temporary security credentials created by AssumeRoleWithSAML
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. Your role session lasts for the
// duration that you specify, or until the time specified in the SAML
// authentication response's SessionNotOnOrAfter value, whichever is shorter. You
// can provide a DurationSeconds value from 900 seconds (15 minutes) up to the
// maximum session duration setting for the role. This setting can have a value
// from 1 hour to 12 hours. To learn how to view the maximum value for your role,
// see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. The maximum session duration limit applies when you
// use the AssumeRole* API operations or the assume-role* CLI commands. However
// the limit does not apply when you use those operations to create a console URL.
// For more information, see [Using IAM Roles]in the IAM User Guide.
//
// [Role chaining]limits your CLI or Amazon Web Services API role session to a maximum of one
// hour. When you use the AssumeRole API operation to assume a role, you can
// specify the duration of your role session with the DurationSeconds parameter.
// You can specify a parameter value of up to 43200 seconds (12 hours), depending
// on the maximum session duration setting for your role. However, if you assume a
// role using role chaining and provide a DurationSeconds parameter value greater
// than one hour, the operation fails. Permissions The temporary security
// credentials created by AssumeRoleWithSAML can be used to make API calls to any
// Amazon Web Services service with the following exception: you cannot call the
// STS GetFederationToken or GetSessionToken API operations. (Optional) You can
// pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// to this operation. You can pass a single JSON policy document to use as an
// inline session policy. You can also specify up to 10 managed policy Amazon
// Resource Names (ARNs) to use as managed session policies. The plaintext that you
// use for both inline and managed session policies can't exceed 2,048 characters.
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. Calling AssumeRoleWithSAML does not require the use of
// Amazon Web Services security credentials. The identity of the caller is
// validated by using keys in the metadata document that is uploaded for the SAML
// provider entity for your identity provider. Calling AssumeRoleWithSAML can
// result in an entry in your CloudTrail logs. The entry includes the value in the
// NameID element of the SAML assertion. We recommend that you use a NameIDType
// that is not associated with any personally identifiable information (PII). For
// example, you could instead use the persistent identifier (
// urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ). Tags (Optional) You can
// configure your IdP to pass attributes into your SAML assertion as session tags.
// Each session tag consists of a key name and an associated value. For more
// information about session tags, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide. You can pass up to 50 session tags. The plaintext session
// tag keys cant exceed 128 characters and the values cant exceed 256 characters.
// For these and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide. An Amazon Web Services conversion compresses the passed
// inline session policy, managed policy ARNs, and session tags into a packed
// binary format that has a separate limit. Your request can fail for this limit
// even if your plaintext meets the other requirements. The PackedPolicySize
// response element indicates by percentage how close the policies and tags for
// your request are to the upper size limit. You can pass a session tag with the
// same key as a tag that is attached to the role. When you do, session tags
// override the role's tags with the same key. An administrator must grant you the
// permissions necessary to pass session tags. The administrator can also create
// granular permissions to allow you to pass only specific session tags. For more
// information, see Tutorial: Using Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
// in the IAM User Guide. You can set the session tags as transitive. Transitive
// tags persist during role chaining. For more information, see Chaining Roles
// with Session Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. SAML Configuration Before your application can call
// AssumeRoleWithSAML , you must configure your SAML identity provider (IdP) to
// issue the claims required by Amazon Web Services. Additionally, you must use
// Identity and Access Management (IAM) to create a SAML provider entity in your
// Amazon Web Services account that represents your identity provider. You must
// also create an IAM role that specifies this SAML provider in its trust policy.
// than one hour, the operation fails.
//
// # Permissions
//
// The temporary security credentials created by AssumeRoleWithSAML can be used to
// make API calls to any Amazon Web Services service with the following exception:
// you cannot call the STS GetFederationToken or GetSessionToken API operations.
//
// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a
// single JSON policy document to use as an inline session policy. You can also
// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
// session policies. The plaintext that you use for both inline and managed session
// policies can't exceed 2,048 characters. Passing policies to this operation
// returns new temporary credentials. The resulting session's permissions are the
// intersection of the role's identity-based policy and the session policies. You
// can use the role's temporary credentials in subsequent Amazon Web Services API
// calls to access resources in the account that owns the role. You cannot use
// session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see [Session Policies]in the IAM User Guide.
//
// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services
// security credentials. The identity of the caller is validated by using keys in
// the metadata document that is uploaded for the SAML provider entity for your
// identity provider.
//
// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The
// entry includes the value in the NameID element of the SAML assertion. We
// recommend that you use a NameIDType that is not associated with any personally
// identifiable information (PII). For example, you could instead use the
// persistent identifier ( urn:oasis:names:tc:SAML:2.0:nameid-format:persistent ).
//
// # Tags
//
// (Optional) You can configure your IdP to pass attributes into your SAML
// assertion as session tags. Each session tag consists of a key name and an
// associated value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User
// Guide.
//
// You can pass up to 50 session tags. The plaintext session tag keys cant exceed
// 128 characters and the values cant exceed 256 characters. For these and
// additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
//
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates
// by percentage how close the policies and tags for your request are to the upper
// size limit.
//
// You can pass a session tag with the same key as a tag that is attached to the
// role. When you do, session tags override the role's tags with the same key.
//
// An administrator must grant you the permissions necessary to pass session tags.
// The administrator can also create granular permissions to allow you to pass only
// specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
//
// You can set the session tags as transitive. Transitive tags persist during role
// chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
//
// # SAML Configuration
//
// Before your application can call AssumeRoleWithSAML , you must configure your
// SAML identity provider (IdP) to issue the claims required by Amazon Web
// Services. Additionally, you must use Identity and Access Management (IAM) to
// create a SAML provider entity in your Amazon Web Services account that
// represents your identity provider. You must also create an IAM role that
// specifies this SAML provider in its trust policy.
//
// For more information, see the following resources:
// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
// in the IAM User Guide.
// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
// in the IAM User Guide.
// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
// in the IAM User Guide.
// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
// in the IAM User Guide.
//
// [About SAML 2.0-based Federation]
// - in the IAM User Guide.
//
// [Creating SAML Identity Providers]
// - in the IAM User Guide.
//
// [Configuring a Relying Party and Claims]
// - in the IAM User Guide.
//
// [Creating a Role for SAML 2.0 Federation]
// - in the IAM User Guide.
//
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
// [Creating a Role for SAML 2.0 Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
// [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
// [Creating SAML Identity Providers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
// [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
// [Configuring a Relying Party and Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html
// [Role chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining
// [Using IAM Roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
// [About SAML 2.0-based Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
// [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
func (c *Client) AssumeRoleWithSAML(ctx context.Context, params *AssumeRoleWithSAMLInput, optFns ...func(*Options)) (*AssumeRoleWithSAMLOutput, error) {
if params == nil {
params = &AssumeRoleWithSAMLInput{}
@@ -130,9 +170,11 @@ type AssumeRoleWithSAMLInput struct {
// This member is required.
RoleArn *string
// The base64 encoded SAML authentication response provided by the IdP. For more
// information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
// in the IAM User Guide.
// The base64 encoded SAML authentication response provided by the IdP.
//
// For more information, see [Configuring a Relying Party and Adding Claims] in the IAM User Guide.
//
// [Configuring a Relying Party and Adding Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html
//
// This member is required.
SAMLAssertion *string
@@ -146,92 +188,117 @@ type AssumeRoleWithSAMLInput struct {
// than this setting, the operation fails. For example, if you specify a session
// duration of 12 hours, but your administrator set the maximum session duration to
// 6 hours, your operation fails. To learn how to view the maximum value for your
// role, see View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. By default, the value is set to 3600 seconds. The
// DurationSeconds parameter is separate from the duration of a console session
// that you might request using the returned credentials. The request to the
// federation endpoint for a console sign-in token takes a SessionDuration
// role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide.
//
// By default, the value is set to 3600 seconds.
//
// The DurationSeconds parameter is separate from the duration of a console
// session that you might request using the returned credentials. The request to
// the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
// information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
//
// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
// [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
DurationSeconds *int32
// An IAM policy in JSON format that you want to use as an inline session policy.
//
// This parameter is optional. Passing policies to this operation returns new
// temporary credentials. The resulting session's permissions are the intersection
// of the role's identity-based policy and the session policies. You can use the
// role's temporary credentials in subsequent Amazon Web Services API calls to
// access resources in the account that owns the role. You cannot use session
// policies to grant more permissions than those allowed by the identity-based
// policy of the role that is being assumed. For more information, see Session
// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide. The plaintext that you use for both inline and managed
// session policies can't exceed 2,048 characters. The JSON policy characters can
// be any ASCII character from the space character to the end of the valid
// character list (\u0020 through \u00FF). It can also include the tab (\u0009),
// linefeed (\u000A), and carriage return (\u000D) characters. An Amazon Web
// Services conversion compresses the passed inline session policy, managed policy
// ARNs, and session tags into a packed binary format that has a separate limit.
// Your request can fail for this limit even if your plaintext meets the other
// requirements. The PackedPolicySize response element indicates by percentage how
// close the policies and tags for your request are to the upper size limit.
// policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
// User Guide.
//
// The plaintext that you use for both inline and managed session policies can't
// exceed 2,048 characters. The JSON policy characters can be any ASCII character
// from the space character to the end of the valid character list (\u0020 through
// \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
// return (\u000D) characters.
//
// For more information about role session permissions, see [Session policies].
//
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates
// by percentage how close the policies and tags for your request are to the upper
// size limit.
//
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
Policy *string
// The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
// use as managed session policies. The policies must exist in the same account as
// the role. This parameter is optional. You can provide up to 10 managed policy
// ARNs. However, the plaintext that you use for both inline and managed session
// policies can't exceed 2,048 characters. For more information about ARNs, see
// Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// in the Amazon Web Services General Reference. An Amazon Web Services conversion
// compresses the passed inline session policy, managed policy ARNs, and session
// tags into a packed binary format that has a separate limit. Your request can
// fail for this limit even if your plaintext meets the other requirements. The
// PackedPolicySize response element indicates by percentage how close the policies
// and tags for your request are to the upper size limit. Passing policies to this
// operation returns new temporary credentials. The resulting session's permissions
// are the intersection of the role's identity-based policy and the session
// policies. You can use the role's temporary credentials in subsequent Amazon Web
// Services API calls to access resources in the account that owns the role. You
// cannot use session policies to grant more permissions than those allowed by the
// identity-based policy of the role that is being assumed. For more information,
// see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
// in the IAM User Guide.
// the role.
//
// This parameter is optional. You can provide up to 10 managed policy ARNs.
// However, the plaintext that you use for both inline and managed session policies
// can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
// Amazon Web Services General Reference.
//
// An Amazon Web Services conversion compresses the passed inline session policy,
// managed policy ARNs, and session tags into a packed binary format that has a
// separate limit. Your request can fail for this limit even if your plaintext
// meets the other requirements. The PackedPolicySize response element indicates
// by percentage how close the policies and tags for your request are to the upper
// size limit.
//
// Passing policies to this operation returns new temporary credentials. The
// resulting session's permissions are the intersection of the role's
// identity-based policy and the session policies. You can use the role's temporary
// credentials in subsequent Amazon Web Services API calls to access resources in
// the account that owns the role. You cannot use session policies to grant more
// permissions than those allowed by the identity-based policy of the role that is
// being assumed. For more information, see [Session Policies]in the IAM User Guide.
//
// [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
// [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
PolicyArns []types.PolicyDescriptorType
noSmithyDocumentSerde
}
// Contains the response to a successful AssumeRoleWithSAML request, including
// temporary Amazon Web Services credentials that can be used to make Amazon Web
// Services requests.
// Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web
// Services credentials that can be used to make Amazon Web Services requests.
type AssumeRoleWithSAMLOutput struct {
// The identifiers for the temporary security credentials that the operation
// returns.
AssumedRoleUser *types.AssumedRoleUser
// The value of the Recipient attribute of the SubjectConfirmationData element of
// The value of the Recipient attribute of the SubjectConfirmationData element of
// the SAML assertion.
Audience *string
// The temporary security credentials, which include an access key ID, a secret
// access key, and a security (or session) token. The size of the security token
// that STS API operations return is not fixed. We strongly recommend that you make
// no assumptions about the maximum size.
// access key, and a security (or session) token.
//
// The size of the security token that STS API operations return is not fixed. We
// strongly recommend that you make no assumptions about the maximum size.
Credentials *types.Credentials
// The value of the Issuer element of the SAML assertion.
Issuer *string
// A hash value based on the concatenation of the following:
//
// - The Issuer response value.
//
// - The Amazon Web Services account ID.
//
// - The friendly name (the last part of the ARN) of the SAML provider in IAM.
//
// The combination of NameQualifier and Subject can be used to uniquely identify a
// user. The following pseudocode shows how the hash value is calculated: BASE64 (
// SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
// user.
//
// The following pseudocode shows how the hash value is calculated:
//
// BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )
NameQualifier *string
// A percentage value that indicates the packed size of the session policies and
@@ -240,31 +307,37 @@ type AssumeRoleWithSAMLOutput struct {
// allowed space.
PackedPolicySize *int32
// The value in the SourceIdentity attribute in the SAML assertion. You can
// require users to set a source identity value when they assume a role. You do
// this by using the sts:SourceIdentity condition key in a role trust policy. That
// way, actions that are taken with the role are associated with that user. After
// the source identity is set, the value cannot be changed. It is present in the
// request for all actions that are taken by the role and persists across chained
// role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
// sessions. You can configure your SAML identity provider to use an attribute
// associated with your users, like user name or email, as the source identity when
// calling AssumeRoleWithSAML . You do this by adding an attribute to the SAML
// assertion. For more information about using source identity, see Monitor and
// control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
// in the IAM User Guide. The regex used to validate this parameter is a string of
// characters consisting of upper- and lower-case alphanumeric characters with no
// spaces. You can also include underscores or any of the following characters:
// =,.@-
// The value in the SourceIdentity attribute in the SAML assertion. The source
// identity value persists across [chained role]sessions.
//
// You can require users to set a source identity value when they assume a role.
// You do this by using the sts:SourceIdentity condition key in a role trust
// policy. That way, actions that are taken with the role are associated with that
// user. After the source identity is set, the value cannot be changed. It is
// present in the request for all actions that are taken by the role and persists
// across [chained role]sessions. You can configure your SAML identity provider to use an
// attribute associated with your users, like user name or email, as the source
// identity when calling AssumeRoleWithSAML . You do this by adding an attribute to
// the SAML assertion. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in
// the IAM User Guide.
//
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can also
// include underscores or any of the following characters: =,.@-
//
// [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts
// [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
SourceIdentity *string
// The value of the NameID element in the Subject element of the SAML assertion.
Subject *string
// The format of the name ID, as defined by the Format attribute in the NameID
// The format of the name ID, as defined by the Format attribute in the NameID
// element of the SAML assertion. Typical examples of the format are transient or
// persistent . If the format includes the prefix
// urn:oasis:names:tc:SAML:2.0:nameid-format , that prefix is removed. For example,
// persistent .
//
// If the format includes the prefix urn:oasis:names:tc:SAML:2.0:nameid-format ,
// that prefix is removed. For example,
// urn:oasis:names:tc:SAML:2.0:nameid-format:transient is returned as transient .
// If the format includes any other prefix, the format is returned with no
// modifications.
@@ -298,22 +371,25 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
if err = addClientRequestID(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
if err = addRetry(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addSpanRetryLoop(stack, options); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
@@ -328,13 +404,19 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithSAML(options.Region), middleware.Before); err != nil {
return err
}
if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -349,6 +431,18 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
if err = addSpanInitializeStart(stack); err != nil {
return err
}
if err = addSpanInitializeEnd(stack); err != nil {
return err
}
if err = addSpanBuildRequestStart(stack); err != nil {
return err
}
if err = addSpanBuildRequestEnd(stack); err != nil {
return err
}
return nil
}

Some files were not shown because too many files have changed in this diff Show More