Update dependencies

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1730200266,
+        "lastModified": 1743964447,
-        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
+        "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
+        "rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8",
         "type": "github"
       },
       "original": {

go.mod

@@ -1,37 +1,36 @@
 module ben.soroos.net/tsnet-proxy
 
-go 1.23.1
+go 1.24.0
 
-toolchain go1.23.2
+toolchain go1.24.1
 
-require tailscale.com v1.76.3
+require tailscale.com v1.82.0
 
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/akutz/memconn v0.1.0 // indirect
 	github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.36.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.26.5 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.29.5 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.58 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.44.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.13 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/aws/smithy-go v1.22.2 // indirect
-	github.com/bits-and-blooms/bitset v1.13.0 // indirect
 	github.com/coder/websocket v1.8.12 // indirect
 	github.com/coreos/go-iptables v0.7.1-0.20240112124308-65c67c9f46e6 // indirect
 	github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa // indirect
 	github.com/digitalocean/go-smbios v0.0.0-20180907143718-390a4f403a8e // indirect
-	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gaissmai/bart v0.11.1 // indirect
+	github.com/gaissmai/bart v0.18.0 // indirect
-	github.com/go-json-experiment/json v0.0.0-20231102232822-2e55bd4e08b0 // indirect
+	github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -39,18 +38,17 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gorilla/csrf v1.7.2 // indirect
+	github.com/gorilla/csrf v1.7.3-0.20250123201450-9dd6af1f6d30 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hdevalence/ed25519consensus v0.2.0 // indirect
-	github.com/illarion/gonotify/v2 v2.0.3 // indirect
+	github.com/illarion/gonotify/v3 v3.0.2 // indirect
 	github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 // indirect
 	github.com/jsimonetti/rtnetlink v1.4.0 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a // indirect
 	github.com/mdlayher/genetlink v1.3.2 // indirect
-	github.com/mdlayher/netlink v1.7.2 // indirect
+	github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 // indirect
 	github.com/mdlayher/sdnotify v1.0.0 // indirect
 	github.com/mdlayher/socket v0.5.0 // indirect
 	github.com/miekg/dns v1.1.58 // indirect
@@ -60,30 +58,28 @@ require (
 	github.com/safchain/ethtool v0.3.0 // indirect
 	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e // indirect
 	github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 // indirect
-	github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 // indirect
 	github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect
 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a // indirect
 	github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7 // indirect
-	github.com/tailscale/peercred v0.0.0-20240214030740-b535050b2aa4 // indirect
+	github.com/tailscale/peercred v0.0.0-20250107143737-35a0c7bd7edc // indirect
-	github.com/tailscale/web-client-prebuilt v0.0.0-20240226180453-5db17b287bf1 // indirect
+	github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976 // indirect
-	github.com/tailscale/wireguard-go v0.0.0-20240905161824-799c1978fafc // indirect
+	github.com/tailscale/wireguard-go v0.0.0-20250107165329-0b8b35511f19 // indirect
-	github.com/tcnksm/go-httpstat v0.2.0 // indirect
+	github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
-	github.com/u-root/uio v0.0.0-20240118234441-a3c409a6018e // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go4.org/mem v0.0.0-20220726221520-4f986261bf13 // indirect
+	go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
-	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
+	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
-	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/mod v0.23.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/net v0.36.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/term v0.22.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/time v0.10.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	golang.zx2c4.com/wireguard/windows v0.5.3 // indirect
-	gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 // indirect
+	gvisor.dev/gvisor v0.0.0-20250205023644-9414b50a5633 // indirect
 )

go.sum

@@ -10,36 +10,34 @@ github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7V
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
+github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk=
-github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2 v1.36.0/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM=
-github.com/aws/aws-sdk-go-v2/config v1.26.5 h1:lodGSevz7d+kkFJodfauThRxK9mdJbyutUxGq1NNhvw=
+github.com/aws/aws-sdk-go-v2/config v1.29.5 h1:4lS2IB+wwkj5J43Tq/AwvnscBerBJtQQ6YS7puzCI1k=
-github.com/aws/aws-sdk-go-v2/config v1.26.5/go.mod h1:DxHrz6diQJOc9EwDslVRh84VjjrE17g+pVZXUeSxaDU=
+github.com/aws/aws-sdk-go-v2/config v1.29.5/go.mod h1:SNzldMlDVbN6nWxM7XsUiNXPSa1LWlqiXtvh/1PrJGg=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.58 h1:/d7FUpAPU8Lf2KUdjniQvfNdlMID0Sd9pS23FJ3SS9Y=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.58/go.mod h1:aVYW33Ow10CyMQGFgC0ptMRIqJWvJ4nxZb0sUiuQT/A=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27 h1:7lOW8NUwE9UZekS1DYoiPdVAqZ6A+LheHWb+mHbNOq8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27/go.mod h1:w1BASFIPOPUae7AgaH4SbjNbfdkxuggLyGfNFTn8ITY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 h1:lWm9ucLSRFiI4dQQafLrEOmEDGry3Swrz0BIRdiHJqQ=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31/go.mod h1:Huu6GG0YTfbPphQkDSo4dEGmQRTKb9k9G7RdtyQWxuI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 h1:ACxDklUKKXb48+eg5ROZXi1vDgfMyfIA/WyvqHcHI0o=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31/go.mod h1:yadnfsDwqXeVaohbGc/RaD287PuyRw2wugkh5ZL2J6k=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.12 h1:O+8vD2rGjfihBewr5bT+QUfYUHIxCVgG61LHoT59shM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.12/go.mod h1:usVdWJaosa66NMvmCrr08NcWDBRv4E6+YFG2pUdw1Lk=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.44.7 h1:a8HvP/+ew3tKwSXqL3BCSjiuicr+XTU2eFYeogV9GJE=
 github.com/aws/aws-sdk-go-v2/service/ssm v1.44.7/go.mod h1:Q7XIWsMo0JcMpI/6TGD6XXcXcV1DbTj6e9BKNntIMIM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.14 h1:c5WJ3iHz7rLIgArznb3JCSQT3uUMiz9DLZhIX+1G8ok=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.14/go.mod h1:+JJQTxB6N4niArC14YNtxcQtwEqzS3o9Z32n7q33Rfs=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.13 h1:f1L/JtUkVODD+k1+IiSJUUv8A++2qVr+Xvb3xWXETMU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.13/go.mod h1:tvqlFoja8/s0o+UruA1Nrezo/df0PzdunMDDurUfg6U=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.13 h1:3LXNnmtH3TURctC23hnC0p/39Q5gre3FI7BNOiDcVWc=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.13/go.mod h1:7Yn+p66q/jt38qMoVfNvjbm3D89mGBnkwDcijgtih8w=
-github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
+github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
-github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
-github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
-github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/cilium/ebpf v0.15.0 h1:7NxJhNiBT3NG8pZJ3c+yfrVdHY8ScgKD27sScgjLMMk=
 github.com/cilium/ebpf v0.15.0/go.mod h1:DHp1WyrLeiBh19Cf/tfiSMhqheEiK8fXFZ4No0P1Hso=
 github.com/coder/websocket v1.8.12 h1:5bUXkEPPIbewrnkU8LTCLVaxi4N4J8ahufH2vlo4NAo=
@@ -61,14 +59,14 @@ github.com/dsnet/try v0.0.3 h1:ptR59SsrcFUYbT/FhAbKTV6iLkeD6O18qfIWRml2fqI=
 github.com/dsnet/try v0.0.3/go.mod h1:WBM8tRpUmnXXhY1U6/S8dt6UWdHTQ7y8A5YSkRCkq40=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/gaissmai/bart v0.11.1 h1:5Uv5XwsaFBRo4E5VBcb9TzY8B7zxFf+U7isDxqOrRfc=
+github.com/gaissmai/bart v0.18.0 h1:jQLBT/RduJu0pv/tLwXE+xKPgtWJejbxuXAR+wLJafo=
-github.com/gaissmai/bart v0.11.1/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg=
+github.com/gaissmai/bart v0.18.0/go.mod h1:JJzMAhNF5Rjo4SF4jWBrANuJfqY+FvsFhW7t1UZJ+XY=
 github.com/github/fakeca v0.1.0 h1:Km/MVOFvclqxPM9dZBC4+QE564nU4gz4iZ0D9pMw28I=
 github.com/github/fakeca v0.1.0/go.mod h1:+bormgoGMMuamOscx7N91aOuUST7wdaJ2rNjeohylyo=
-github.com/go-json-experiment/json v0.0.0-20231102232822-2e55bd4e08b0 h1:ymLjT4f35nQbASLnvxEde4XOBL+Sn7rFuV+FOJqkljg=
+github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874 h1:F8d1AJ6M9UQCavhwmO6ZsrYLfG8zVFWfEfMS2MXPkSY=
-github.com/go-json-experiment/json v0.0.0-20231102232822-2e55bd4e08b0/go.mod h1:6daplAwHHGbUGib4990V3Il26O0OC4aRyvewaaAihaA=
+github.com/go-json-experiment/json v0.0.0-20250223041408-d3c622f1b874/go.mod h1:TiCD2a1pcmjd7YnhGH0f/zKNcCD06B029pHhzV23c2M=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 h1:sQspH8M4niEijh3PFscJRLDnkL547IeP7kpPe3uUhEg=
@@ -85,14 +83,14 @@ github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 h1:wG8RYIyctLhdF
 github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806/go.mod h1:Beg6V6zZ3oEn0JuiUQ4wqwuyqqzasOltcoXPtgLbFp4=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/csrf v1.7.2 h1:oTUjx0vyf2T+wkrx09Trsev1TE+/EbDAeHtSTbtC2eI=
+github.com/gorilla/csrf v1.7.3-0.20250123201450-9dd6af1f6d30 h1:fiJdrgVBkjZ5B1HJ2WQwNOaXB+QyYcNXTA3t1XYLz0M=
-github.com/gorilla/csrf v1.7.2/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk=
+github.com/gorilla/csrf v1.7.3-0.20250123201450-9dd6af1f6d30/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk=
 github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
 github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/hdevalence/ed25519consensus v0.2.0 h1:37ICyZqdyj0lAZ8P4D1d1id3HqbbG1N3iBb1Tb4rdcU=
 github.com/hdevalence/ed25519consensus v0.2.0/go.mod h1:w3BHWjwJbFU29IRHL1Iqkw3sus+7FctEyM4RqDxYNzo=
-github.com/illarion/gonotify/v2 v2.0.3 h1:B6+SKPo/0Sw8cRJh1aLzNEeNVFfzE3c6N+o+vyxM+9A=
+github.com/illarion/gonotify/v3 v3.0.2 h1:O7S6vcopHexutmpObkeWsnzMJt/r1hONIEogeVNmJMk=
-github.com/illarion/gonotify/v2 v2.0.3/go.mod h1:38oIJTgFqupkEydkkClkbL6i5lXV/bxdH9do5TALPEE=
+github.com/illarion/gonotify/v3 v3.0.2/go.mod h1:HWGPdPe817GfvY3w7cx6zkbzNZfi3QjcBm/wgVvEL1U=
 github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2 h1:9K06NfxkBh25x56yVhWWlKFE8YpicaSfHwoV8SFbueA=
 github.com/insomniacslk/dhcp v0.0.0-20231206064809-8c70d406f6d2/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI=
 github.com/jellydator/ttlcache/v3 v3.1.0 h1:0gPFG0IHHP6xyUyXq+JaD8fwkDCqgqwohXNJBcYE71g=
@@ -101,13 +99,10 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
-github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
 github.com/jsimonetti/rtnetlink v1.4.0 h1:Z1BF0fRgcETPEa0Kt0MRk3yV5+kF1FWTni6KUFKrq2I=
 github.com/jsimonetti/rtnetlink v1.4.0/go.mod h1:5W1jDvWdnthFJ7fxYX1GMK07BUpI4oskfOqvPteYS6E=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
 github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a h1:+RR6SqnTkDLWyICxS1xpjCi/3dhyV+TgZwA6Ww3KncQ=
 github.com/kortschak/wol v0.0.0-20200729010619-da482cc4850a/go.mod h1:YTtCCM3ryyfiu4F7t8HQ1mxvp1UBdWM2r6Xa+nGWvDk=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
@@ -118,8 +113,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=
 github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o=
-github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
+github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42 h1:A1Cq6Ysb0GM0tpKMbdCXCIfBclan4oHk1Jb+Hrejirg=
-github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
+github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42/go.mod h1:BB4YCPDOzfy7FniQ/lxuYQ3dgmM2cZumHbK8RpTjN2o=
 github.com/mdlayher/sdnotify v1.0.0 h1:Ma9XeLVN/l0qpyx1tNeMSeTjCPH6NtuD6/N9XdTlQ3c=
 github.com/mdlayher/sdnotify v1.0.0/go.mod h1:HQUmpM4XgYkhDLtd+Uad8ZFK1T9D5+pNxnXQjCeJlGE=
 github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
@@ -128,9 +123,10 @@ github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
 github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
-github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
 github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=
@@ -140,107 +136,103 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus-community/pro-bing v0.4.0 h1:YMbv+i08gQz97OZZBwLyvmmQEEzyfyrrjEaAchdy3R4=
 github.com/prometheus-community/pro-bing v0.4.0/go.mod h1:b7wRYZtCcPmt4Sz319BykUU241rWLe1VFXyiyWK/dH4=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
-github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/safchain/ethtool v0.3.0 h1:gimQJpsI6sc1yIqP/y8GYgiXn/NjgvpM0RNoWLVVmP0=
 github.com/safchain/ethtool v0.3.0/go.mod h1:SA9BwrgyAqNo7M+uaL6IYbxpm5wk3L7Mm6ocLW+CJUs=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e h1:PtWT87weP5LWHEY//SWsYkSO3RWRZo4OSWagh3YD2vQ=
 github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e/go.mod h1:XrBNfAFN+pwoWuksbFS9Ccxnopa15zJGgXRFN90l3K4=
 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55 h1:Gzfnfk2TWrk8Jj4P4c1a3CtQyMaTVCznlkLZI++hok4=
 github.com/tailscale/go-winio v0.0.0-20231025203758-c4f33415bf55/go.mod h1:4k4QO+dQ3R5FofL+SanAUZe+/QfeK0+OIuwDIRu2vSg=
-github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4 h1:rXZGgEa+k2vJM8xT0PoSKfVXwFGPQ3z3CJfmnHJkZZw=
+github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca h1:ecjHwH73Yvqf/oIdQ2vxAX+zc6caQsYdPzsxNW1J3G8=
-github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
+github.com/tailscale/golang-x-crypto v0.0.0-20250218230618-9a281fd8faca/go.mod h1:ikbF+YT089eInTp9f2vmvy4+ZVnW5hzX1q2WknxSprQ=
 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 h1:4chzWmimtJPxRs2O36yuGRW3f9SYV+bMTTvMBI0EKio=
 github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05/go.mod h1:PdCqy9JzfWMJf1H5UJW2ip33/d4YkoKN0r67yKH1mG8=
 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a h1:SJy1Pu0eH1C29XwJucQo73FrleVK6t4kYz4NVhp34Yw=
 github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a/go.mod h1:DFSS3NAGHthKo1gTlmEcSBiZrRJXi28rLNd/1udP1c8=
 github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7 h1:uFsXVBE9Qr4ZoF094vE6iYTLDl0qCiKzYXlL6UeWObU=
 github.com/tailscale/netlink v1.1.1-0.20240822203006-4d49adab4de7/go.mod h1:NzVQi3Mleb+qzq8VmcWpSkcSYxXIg0DkI6XDzpVkhJ0=
-github.com/tailscale/peercred v0.0.0-20240214030740-b535050b2aa4 h1:Gz0rz40FvFVLTBk/K8UNAenb36EbDSnh+q7Z9ldcC8w=
+github.com/tailscale/peercred v0.0.0-20250107143737-35a0c7bd7edc h1:24heQPtnFR+yfntqhI3oAu9i27nEojcQ4NuBQOo5ZFA=
-github.com/tailscale/peercred v0.0.0-20240214030740-b535050b2aa4/go.mod h1:phI29ccmHQBc+wvroosENp1IF9195449VDnFDhJ4rJU=
+github.com/tailscale/peercred v0.0.0-20250107143737-35a0c7bd7edc/go.mod h1:f93CXfllFsO9ZQVq+Zocb1Gp4G5Fz0b0rXHLOzt/Djc=
-github.com/tailscale/web-client-prebuilt v0.0.0-20240226180453-5db17b287bf1 h1:tdUdyPqJ0C97SJfjB9tW6EylTtreyee9C44de+UBG0g=
+github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976 h1:UBPHPtv8+nEAy2PD8RyAhOYvau1ek0HDJqLS/Pysi14=
-github.com/tailscale/web-client-prebuilt v0.0.0-20240226180453-5db17b287bf1/go.mod h1:agQPE6y6ldqCOui2gkIh7ZMztTkIQKH049tv8siLuNQ=
+github.com/tailscale/web-client-prebuilt v0.0.0-20250124233751-d4cd19a26976/go.mod h1:agQPE6y6ldqCOui2gkIh7ZMztTkIQKH049tv8siLuNQ=
 github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6 h1:l10Gi6w9jxvinoiq15g8OToDdASBni4CyJOdHY1Hr8M=
 github.com/tailscale/wf v0.0.0-20240214030419-6fbb0a674ee6/go.mod h1:ZXRML051h7o4OcI0d3AaILDIad/Xw0IkXaHM17dic1Y=
-github.com/tailscale/wireguard-go v0.0.0-20240905161824-799c1978fafc h1:cezaQN9pvKVaw56Ma5qr/G646uKIYP0yQf+OyWN/okc=
+github.com/tailscale/wireguard-go v0.0.0-20250107165329-0b8b35511f19 h1:BcEJP2ewTIK2ZCsqgl6YGpuO6+oKqqag5HHb7ehljKw=
-github.com/tailscale/wireguard-go v0.0.0-20240905161824-799c1978fafc/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
+github.com/tailscale/wireguard-go v0.0.0-20250107165329-0b8b35511f19/go.mod h1:BOm5fXUBFM+m9woLNBoxI9TaBXXhGNP50LX/TGIvGb4=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e h1:zOGKqN5D5hHhiYUp091JqK7DPCqSARyUfduhGUY8Bek=
 github.com/tailscale/xnet v0.0.0-20240729143630-8497ac4dab2e/go.mod h1:orPd6JZXXRyuDusYilywte7k094d7dycXXU5YnWsrwg=
 github.com/tc-hib/winres v0.2.1 h1:YDE0FiP0VmtRaDn7+aaChp1KiF4owBiJa5l964l5ujA=
 github.com/tc-hib/winres v0.2.1/go.mod h1:C/JaNhH3KBvhNKVbvdlDWkbMDO9H4fKKDaN7/07SSuk=
-github.com/tcnksm/go-httpstat v0.2.0 h1:rP7T5e5U2HfmOBmZzGgGZjBQ5/GluWUylujl0tJ04I0=
-github.com/tcnksm/go-httpstat v0.2.0/go.mod h1:s3JVJFtQxtBEBC9dwcdTTXS9xFnM3SXAZwPG41aurT8=
 github.com/u-root/u-root v0.12.0 h1:K0AuBFriwr0w/PGS3HawiAw89e3+MU7ks80GpghAsNs=
 github.com/u-root/u-root v0.12.0/go.mod h1:FYjTOh4IkIZHhjsd17lb8nYW6udgXdJhG1c0r6u0arI=
-github.com/u-root/uio v0.0.0-20240118234441-a3c409a6018e h1:BA9O3BmlTmpjbvajAwzWx4Wo2TRVdpPXZEeemGQcajw=
+github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 h1:pyC9PaHYZFgEKFdlp3G8RaCKgVpHZnecvArXvPXcFkM=
-github.com/u-root/uio v0.0.0-20240118234441-a3c409a6018e/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
+github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-go4.org/mem v0.0.0-20220726221520-4f986261bf13 h1:CbZeCBZ0aZj8EfVgnqQcYZgf0lpZ3H9rmp5nkDTAst8=
+go4.org/mem v0.0.0-20240501181205-ae6ca9944745 h1:Tl++JLUCe4sxGu8cTpDzRLd3tN7US4hOxG5YpKCzkek=
-go4.org/mem v0.0.0-20220726221520-4f986261bf13/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
+go4.org/mem v0.0.0-20240501181205-ae6ca9944745/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac h1:l5+whBCLH3iH2ZNHYLbAe58bo7yrN4mVcnkHDYz5vvs=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
+golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac/go.mod h1:hH+7mtFmImwwcMvScyxUhjuVHR3HGaDPMn9rMSUUbxo=
 golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f h1:phY1HzDcf18Aq9A8KkmRtY9WvOFIxN8wgfvy6Zm1DV8=
 golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
-golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
+golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
-golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
+golang.org/x/image v0.24.0/go.mod h1:4b/ITuLfqYq1hqZcjofwctIhi7sZh2WaCjvsBNjjya8=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
 golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 h1:TU8z2Lh3Bbq77w0t1eG8yRlLcNHzZu3x6mhoH2Mk0c8=
+gvisor.dev/gvisor v0.0.0-20250205023644-9414b50a5633 h1:2gap+Kh/3F47cO6hAu3idFvsJ0ue6TRcEi2IUkv/F8k=
-gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
+gvisor.dev/gvisor v0.0.0-20250205023644-9414b50a5633/go.mod h1:5DMfjtclAbTIjbXqO1qCe2K5GKKxWz2JHvCChuTcJEM=
 honnef.co/go/tools v0.5.1 h1:4bH5o3b5ZULQ4UrBmP+63W9r7qIkqJClEA9ko5YKx+I=
 honnef.co/go/tools v0.5.1/go.mod h1:e9irvo83WDG9/irijV44wr3tbhcFeRnfpVlRqVwpzMs=
 howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
 howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
 software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=
 software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI=
-tailscale.com v1.76.3 h1:UBfYxqgsSAjutLix2doZBfTw8bBuE7Cj1DzsREow1wA=
+tailscale.com v1.82.0 h1:pposomel4h6Je4brJydcdc2ixNQWDaZyGr5v5MdRr/o=
-tailscale.com v1.76.3/go.mod h1:myCwmhYBvMCF/5OgBYuIW42zscuEo30bAml7wABVZLk=
+tailscale.com v1.82.0/go.mod h1:iU6kohVzG+bP0/5XjqBAnW8/6nSG/Du++bO+x7VJZD0=

vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go

@@ -0,0 +1,18 @@
+package aws
+
+// AccountIDEndpointMode controls how a resolved AWS account ID is handled for endpoint routing.
+type AccountIDEndpointMode string
+
+const (
+	// AccountIDEndpointModeUnset indicates the AWS account ID will not be used for endpoint routing
+	AccountIDEndpointModeUnset AccountIDEndpointMode = ""
+
+	// AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if present
+	AccountIDEndpointModePreferred = "preferred"
+
+	// AccountIDEndpointModeRequired indicates an error will be returned if the AWS account ID is not resolved from identity
+	AccountIDEndpointModeRequired = "required"
+
+	// AccountIDEndpointModeDisabled indicates the AWS account ID will be ignored during endpoint routing
+	AccountIDEndpointModeDisabled = "disabled"
+)

vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go

@@ -0,0 +1,33 @@
+package aws
+
+// RequestChecksumCalculation controls request checksum calculation workflow
+type RequestChecksumCalculation int
+
+const (
+	// RequestChecksumCalculationUnset is the unset value for RequestChecksumCalculation
+	RequestChecksumCalculationUnset RequestChecksumCalculation = iota
+
+	// RequestChecksumCalculationWhenSupported indicates request checksum will be calculated
+	// if the operation supports input checksums
+	RequestChecksumCalculationWhenSupported
+
+	// RequestChecksumCalculationWhenRequired indicates request checksum will be calculated
+	// if required by the operation or if user elects to set a checksum algorithm in request
+	RequestChecksumCalculationWhenRequired
+)
+
+// ResponseChecksumValidation controls response checksum validation workflow
+type ResponseChecksumValidation int
+
+const (
+	// ResponseChecksumValidationUnset is the unset value for ResponseChecksumValidation
+	ResponseChecksumValidationUnset ResponseChecksumValidation = iota
+
+	// ResponseChecksumValidationWhenSupported indicates response checksum will be validated
+	// if the operation supports output checksums
+	ResponseChecksumValidationWhenSupported
+
+	// ResponseChecksumValidationWhenRequired indicates response checksum will only
+	// be validated if the operation requires output checksum validation
+	ResponseChecksumValidationWhenRequired
+)

vendor/github.com/aws/aws-sdk-go-v2/aws/config.go

@@ -162,6 +162,36 @@ type Config struct {
 	// This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or
 	// the shared config profile attribute request_min_compression_size_bytes
 	RequestMinCompressSizeBytes int64
+
+	// Controls how a resolved AWS account ID is handled for endpoint routing.
+	AccountIDEndpointMode AccountIDEndpointMode
+
+	// RequestChecksumCalculation determines when request checksum calculation is performed.
+	//
+	// There are two possible values for this setting:
+	//
+	// 1. RequestChecksumCalculationWhenSupported (default): The checksum is always calculated
+	//    if the operation supports it, regardless of whether the user sets an algorithm in the request.
+	//
+	// 2. RequestChecksumCalculationWhenRequired: The checksum is only calculated if the user
+	//    explicitly sets a checksum algorithm in the request.
+	//
+	// This setting is sourced from the environment variable AWS_REQUEST_CHECKSUM_CALCULATION
+	// or the shared config profile attribute "request_checksum_calculation".
+	RequestChecksumCalculation RequestChecksumCalculation
+
+	// ResponseChecksumValidation determines when response checksum validation is performed
+	//
+	// There are two possible values for this setting:
+	//
+	// 1. ResponseChecksumValidationWhenSupported (default): The checksum is always validated
+	//    if the operation supports it, regardless of whether the user sets the validation mode to ENABLED in request.
+	//
+	// 2. ResponseChecksumValidationWhenRequired: The checksum is only validated if the user
+	//    explicitly sets the validation mode to ENABLED in the request
+	// This variable is sourced from environment variable AWS_RESPONSE_CHECKSUM_VALIDATION or
+	// the shared config profile attribute "response_checksum_validation".
+	ResponseChecksumValidation ResponseChecksumValidation
 }
 
 // NewConfig returns a new Config pointer that can be chained with builder

vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go

@@ -90,6 +90,9 @@ type Credentials struct {
 	// The time the credentials will expire at. Should be ignored if CanExpire
 	// is false.
 	Expires time.Time
+
+	// The ID of the account for the credentials.
+	AccountID string
 }
 
 // Expired returns if the credentials have expired.

vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go

@@ -70,6 +70,10 @@ func GetUseFIPSEndpoint(options ...interface{}) (value FIPSEndpointState, found
 // The SDK will automatically resolve these endpoints per API client using an
 // internal endpoint resolvers. If you'd like to provide custom endpoint
 // resolving behavior you can implement the EndpointResolver interface.
+//
+// Deprecated: This structure was used with the global [EndpointResolver]
+// interface, which has been deprecated in favor of service-specific endpoint
+// resolution. See the deprecation docs on that interface for more information.
 type Endpoint struct {
 	// The base URL endpoint the SDK API clients will use to make API calls to.
 	// The SDK will suffix URI path and query elements to this endpoint.
@@ -124,6 +128,8 @@ type Endpoint struct {
 }
 
 // EndpointSource is the endpoint source type.
+//
+// Deprecated: The global [Endpoint] structure is deprecated.
 type EndpointSource int
 
 const (
@@ -161,19 +167,25 @@ func (e *EndpointNotFoundError) Unwrap() error {
 // API clients will fallback to attempting to resolve the endpoint using its
 // internal default endpoint resolver.
 //
-// Deprecated: See EndpointResolverWithOptions
+// Deprecated: The global endpoint resolution interface is deprecated. The API
+// for endpoint resolution is now unique to each service and is set via the
+// EndpointResolverV2 field on service client options. Setting a value for
+// EndpointResolver on aws.Config or service client options will prevent you
+// from using any endpoint-related service features released after the
+// introduction of EndpointResolverV2. You may also encounter broken or
+// unexpected behavior when using the old global interface with services that
+// use many endpoint-related customizations such as S3.
 type EndpointResolver interface {
 	ResolveEndpoint(service, region string) (Endpoint, error)
 }
 
 // EndpointResolverFunc wraps a function to satisfy the EndpointResolver interface.
 //
-// Deprecated: See EndpointResolverWithOptionsFunc
+// Deprecated: The global endpoint resolution interface is deprecated. See
+// deprecation docs on [EndpointResolver].
 type EndpointResolverFunc func(service, region string) (Endpoint, error)
 
 // ResolveEndpoint calls the wrapped function and returns the results.
-//
-// Deprecated: See EndpointResolverWithOptions.ResolveEndpoint
 func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint, error) {
 	return e(service, region)
 }
@@ -184,11 +196,17 @@ func (e EndpointResolverFunc) ResolveEndpoint(service, region string) (Endpoint,
 // available. If the EndpointResolverWithOptions returns an EndpointNotFoundError error,
 // API clients will fallback to attempting to resolve the endpoint using its
 // internal default endpoint resolver.
+//
+// Deprecated: The global endpoint resolution interface is deprecated. See
+// deprecation docs on [EndpointResolver].
 type EndpointResolverWithOptions interface {
 	ResolveEndpoint(service, region string, options ...interface{}) (Endpoint, error)
 }
 
 // EndpointResolverWithOptionsFunc wraps a function to satisfy the EndpointResolverWithOptions interface.
+//
+// Deprecated: The global endpoint resolution interface is deprecated. See
+// deprecation docs on [EndpointResolver].
 type EndpointResolverWithOptionsFunc func(service, region string, options ...interface{}) (Endpoint, error)
 
 // ResolveEndpoint calls the wrapped function and returns the results.

vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go

@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.24.1"
+const goModuleVersion = "1.36.0"

vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go

@@ -139,16 +139,16 @@ func AddRecordResponseTiming(stack *middleware.Stack) error {
 // raw response within the response metadata.
 type rawResponseKey struct{}
 
-// addRawResponse middleware adds raw response on to the metadata
+// AddRawResponse middleware adds raw response on to the metadata
-type addRawResponse struct{}
+type AddRawResponse struct{}
 
 // ID the identifier for the ClientRequestID
-func (m *addRawResponse) ID() string {
+func (m *AddRawResponse) ID() string {
 	return "AddRawResponseToMetadata"
 }
 
 // HandleDeserialize adds raw response on the middleware metadata
-func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
+func (m AddRawResponse) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
 	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
 ) {
 	out, metadata, err = next.HandleDeserialize(ctx, in)
@@ -159,7 +159,7 @@ func (m addRawResponse) HandleDeserialize(ctx context.Context, in middleware.Des
 // AddRawResponseToMetadata adds middleware to the middleware stack that
 // store raw response on to the metadata.
 func AddRawResponseToMetadata(stack *middleware.Stack) error {
-	return stack.Deserialize.Add(&addRawResponse{}, middleware.Before)
+	return stack.Deserialize.Add(&AddRawResponse{}, middleware.Before)
 }
 
 // GetRawResponse returns raw response set on metadata

vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go

@@ -1,319 +0,0 @@
-// Package metrics implements metrics gathering for SDK development purposes.
-//
-// This package is designated as private and is intended for use only by the
-// AWS client runtime. The exported API therein is not considered stable and
-// is subject to breaking changes without notice.
-package metrics
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/aws/smithy-go/middleware"
-)
-
-const (
-	// ServiceIDKey is the key for the service ID metric.
-	ServiceIDKey = "ServiceId"
-	// OperationNameKey is the key for the operation name metric.
-	OperationNameKey = "OperationName"
-	// ClientRequestIDKey is the key for the client request ID metric.
-	ClientRequestIDKey = "ClientRequestId"
-	// APICallDurationKey is the key for the API call duration metric.
-	APICallDurationKey = "ApiCallDuration"
-	// APICallSuccessfulKey is the key for the API call successful metric.
-	APICallSuccessfulKey = "ApiCallSuccessful"
-	// MarshallingDurationKey is the key for the marshalling duration metric.
-	MarshallingDurationKey = "MarshallingDuration"
-	// InThroughputKey is the key for the input throughput metric.
-	InThroughputKey = "InThroughput"
-	// OutThroughputKey is the key for the output throughput metric.
-	OutThroughputKey = "OutThroughput"
-	// RetryCountKey is the key for the retry count metric.
-	RetryCountKey = "RetryCount"
-	// HTTPStatusCodeKey is the key for the HTTP status code metric.
-	HTTPStatusCodeKey = "HttpStatusCode"
-	// AWSExtendedRequestIDKey is the key for the AWS extended request ID metric.
-	AWSExtendedRequestIDKey = "AwsExtendedRequestId"
-	// AWSRequestIDKey is the key for the AWS request ID metric.
-	AWSRequestIDKey = "AwsRequestId"
-	// BackoffDelayDurationKey is the key for the backoff delay duration metric.
-	BackoffDelayDurationKey = "BackoffDelayDuration"
-	// StreamThroughputKey is the key for the stream throughput metric.
-	StreamThroughputKey = "Throughput"
-	// ConcurrencyAcquireDurationKey is the key for the concurrency acquire duration metric.
-	ConcurrencyAcquireDurationKey = "ConcurrencyAcquireDuration"
-	// PendingConcurrencyAcquiresKey is the key for the pending concurrency acquires metric.
-	PendingConcurrencyAcquiresKey = "PendingConcurrencyAcquires"
-	// SigningDurationKey is the key for the signing duration metric.
-	SigningDurationKey = "SigningDuration"
-	// UnmarshallingDurationKey is the key for the unmarshalling duration metric.
-	UnmarshallingDurationKey = "UnmarshallingDuration"
-	// TimeToFirstByteKey is the key for the time to first byte metric.
-	TimeToFirstByteKey = "TimeToFirstByte"
-	// ServiceCallDurationKey is the key for the service call duration metric.
-	ServiceCallDurationKey = "ServiceCallDuration"
-	// EndpointResolutionDurationKey is the key for the endpoint resolution duration metric.
-	EndpointResolutionDurationKey = "EndpointResolutionDuration"
-	// AttemptNumberKey is the key for the attempt number metric.
-	AttemptNumberKey = "AttemptNumber"
-	// MaxConcurrencyKey is the key for the max concurrency metric.
-	MaxConcurrencyKey = "MaxConcurrency"
-	// AvailableConcurrencyKey is the key for the available concurrency metric.
-	AvailableConcurrencyKey = "AvailableConcurrency"
-)
-
-// MetricPublisher provides the interface to provide custom MetricPublishers.
-// PostRequestMetrics will be invoked by the MetricCollection middleware to post request.
-// PostStreamMetrics will be invoked by ReadCloserWithMetrics to post stream metrics.
-type MetricPublisher interface {
-	PostRequestMetrics(*MetricData) error
-	PostStreamMetrics(*MetricData) error
-}
-
-// Serializer provides the interface to provide custom Serializers.
-// Serialize will transform any input object in its corresponding string representation.
-type Serializer interface {
-	Serialize(obj interface{}) (string, error)
-}
-
-// DefaultSerializer is an implementation of the Serializer interface.
-type DefaultSerializer struct{}
-
-// Serialize uses the default JSON serializer to obtain the string representation of an object.
-func (DefaultSerializer) Serialize(obj interface{}) (string, error) {
-	bytes, err := json.Marshal(obj)
-	if err != nil {
-		return "", err
-	}
-	return string(bytes), nil
-}
-
-type metricContextKey struct{}
-
-// MetricContext contains fields to store metric-related information.
-type MetricContext struct {
-	connectionCounter *SharedConnectionCounter
-	publisher         MetricPublisher
-	data              *MetricData
-}
-
-// MetricData stores the collected metric data.
-type MetricData struct {
-	RequestStartTime           time.Time
-	RequestEndTime             time.Time
-	APICallDuration            time.Duration
-	SerializeStartTime         time.Time
-	SerializeEndTime           time.Time
-	MarshallingDuration        time.Duration
-	ResolveEndpointStartTime   time.Time
-	ResolveEndpointEndTime     time.Time
-	EndpointResolutionDuration time.Duration
-	InThroughput               float64
-	OutThroughput              float64
-	RetryCount                 int
-	Success                    uint8
-	StatusCode                 int
-	ClientRequestID            string
-	ServiceID                  string
-	OperationName              string
-	PartitionID                string
-	Region                     string
-	RequestContentLength       int64
-	Stream                     StreamMetrics
-	Attempts                   []AttemptMetrics
-}
-
-// StreamMetrics stores metrics related to streaming data.
-type StreamMetrics struct {
-	ReadDuration time.Duration
-	ReadBytes    int64
-	Throughput   float64
-}
-
-// AttemptMetrics stores metrics related to individual attempts.
-type AttemptMetrics struct {
-	ServiceCallStart           time.Time
-	ServiceCallEnd             time.Time
-	ServiceCallDuration        time.Duration
-	FirstByteTime              time.Time
-	TimeToFirstByte            time.Duration
-	ConnRequestedTime          time.Time
-	ConnObtainedTime           time.Time
-	ConcurrencyAcquireDuration time.Duration
-	CredentialFetchStartTime   time.Time
-	CredentialFetchEndTime     time.Time
-	SignStartTime              time.Time
-	SignEndTime                time.Time
-	SigningDuration            time.Duration
-	DeserializeStartTime       time.Time
-	DeserializeEndTime         time.Time
-	UnMarshallingDuration      time.Duration
-	RetryDelay                 time.Duration
-	ResponseContentLength      int64
-	StatusCode                 int
-	RequestID                  string
-	ExtendedRequestID          string
-	HTTPClient                 string
-	MaxConcurrency             int
-	PendingConnectionAcquires  int
-	AvailableConcurrency       int
-	ActiveRequests             int
-	ReusedConnection           bool
-}
-
-// Data returns the MetricData associated with the MetricContext.
-func (mc *MetricContext) Data() *MetricData {
-	return mc.data
-}
-
-// ConnectionCounter returns the SharedConnectionCounter associated with the MetricContext.
-func (mc *MetricContext) ConnectionCounter() *SharedConnectionCounter {
-	return mc.connectionCounter
-}
-
-// Publisher returns the MetricPublisher associated with the MetricContext.
-func (mc *MetricContext) Publisher() MetricPublisher {
-	return mc.publisher
-}
-
-// ComputeRequestMetrics calculates and populates derived metrics based on the collected data.
-func (md *MetricData) ComputeRequestMetrics() {
-
-	for idx := range md.Attempts {
-		attempt := &md.Attempts[idx]
-		attempt.ConcurrencyAcquireDuration = attempt.ConnObtainedTime.Sub(attempt.ConnRequestedTime)
-		attempt.SigningDuration = attempt.SignEndTime.Sub(attempt.SignStartTime)
-		attempt.UnMarshallingDuration = attempt.DeserializeEndTime.Sub(attempt.DeserializeStartTime)
-		attempt.TimeToFirstByte = attempt.FirstByteTime.Sub(attempt.ServiceCallStart)
-		attempt.ServiceCallDuration = attempt.ServiceCallEnd.Sub(attempt.ServiceCallStart)
-	}
-
-	md.APICallDuration = md.RequestEndTime.Sub(md.RequestStartTime)
-	md.MarshallingDuration = md.SerializeEndTime.Sub(md.SerializeStartTime)
-	md.EndpointResolutionDuration = md.ResolveEndpointEndTime.Sub(md.ResolveEndpointStartTime)
-
-	md.RetryCount = len(md.Attempts) - 1
-
-	latestAttempt, err := md.LatestAttempt()
-
-	if err != nil {
-		fmt.Printf("error retrieving attempts data due to: %s. Skipping Throughput metrics", err.Error())
-	} else {
-
-		md.StatusCode = latestAttempt.StatusCode
-
-		if md.Success == 1 {
-			if latestAttempt.ResponseContentLength > 0 && latestAttempt.ServiceCallDuration > 0 {
-				md.InThroughput = float64(latestAttempt.ResponseContentLength) / latestAttempt.ServiceCallDuration.Seconds()
-			}
-			if md.RequestContentLength > 0 && latestAttempt.ServiceCallDuration > 0 {
-				md.OutThroughput = float64(md.RequestContentLength) / latestAttempt.ServiceCallDuration.Seconds()
-			}
-		}
-	}
-}
-
-// LatestAttempt returns the latest attempt metrics.
-// It returns an error if no attempts are initialized.
-func (md *MetricData) LatestAttempt() (*AttemptMetrics, error) {
-	if md.Attempts == nil || len(md.Attempts) == 0 {
-		return nil, fmt.Errorf("no attempts initialized. NewAttempt() should be called first")
-	}
-	return &md.Attempts[len(md.Attempts)-1], nil
-}
-
-// NewAttempt initializes new attempt metrics.
-func (md *MetricData) NewAttempt() {
-	if md.Attempts == nil {
-		md.Attempts = []AttemptMetrics{}
-	}
-	md.Attempts = append(md.Attempts, AttemptMetrics{})
-}
-
-// SharedConnectionCounter is a counter shared across API calls.
-type SharedConnectionCounter struct {
-	mu sync.Mutex
-
-	activeRequests           int
-	pendingConnectionAcquire int
-}
-
-// ActiveRequests returns the count of active requests.
-func (cc *SharedConnectionCounter) ActiveRequests() int {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	return cc.activeRequests
-}
-
-// PendingConnectionAcquire returns the count of pending connection acquires.
-func (cc *SharedConnectionCounter) PendingConnectionAcquire() int {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	return cc.pendingConnectionAcquire
-}
-
-// AddActiveRequest increments the count of active requests.
-func (cc *SharedConnectionCounter) AddActiveRequest() {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	cc.activeRequests++
-}
-
-// RemoveActiveRequest decrements the count of active requests.
-func (cc *SharedConnectionCounter) RemoveActiveRequest() {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	cc.activeRequests--
-}
-
-// AddPendingConnectionAcquire increments the count of pending connection acquires.
-func (cc *SharedConnectionCounter) AddPendingConnectionAcquire() {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	cc.pendingConnectionAcquire++
-}
-
-// RemovePendingConnectionAcquire decrements the count of pending connection acquires.
-func (cc *SharedConnectionCounter) RemovePendingConnectionAcquire() {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	cc.pendingConnectionAcquire--
-}
-
-// InitMetricContext initializes the metric context with the provided counter and publisher.
-// It returns the updated context.
-func InitMetricContext(
-	ctx context.Context, counter *SharedConnectionCounter, publisher MetricPublisher,
-) context.Context {
-	if middleware.GetStackValue(ctx, metricContextKey{}) == nil {
-		ctx = middleware.WithStackValue(ctx, metricContextKey{}, &MetricContext{
-			connectionCounter: counter,
-			publisher:         publisher,
-			data: &MetricData{
-				Attempts: []AttemptMetrics{},
-				Stream:   StreamMetrics{},
-			},
-		})
-	}
-	return ctx
-}
-
-// Context returns the metric context from the given context.
-// It returns nil if the metric context is not found.
-func Context(ctx context.Context) *MetricContext {
-	mctx := middleware.GetStackValue(ctx, metricContextKey{})
-	if mctx == nil {
-		return nil
-	}
-	return mctx.(*MetricContext)
-}

vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
@@ -11,18 +12,22 @@ import (
 func AddRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
 	// add error wrapper middleware before operation deserializers so that it can wrap the error response
 	// returned by operation deserializers
-	return stack.Deserialize.Insert(&requestIDRetriever{}, "OperationDeserializer", middleware.Before)
+	return stack.Deserialize.Insert(&RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
 }
 
-type requestIDRetriever struct {
+// RequestIDRetriever middleware captures the AWS service request ID from the
+// raw response.
+type RequestIDRetriever struct {
 }
 
 // ID returns the middleware identifier
-func (m *requestIDRetriever) ID() string {
+func (m *RequestIDRetriever) ID() string {
 	return "RequestIDRetriever"
 }
 
-func (m *requestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
+// HandleDeserialize pulls the AWS request ID from the response, storing it in
+// operation metadata.
+func (m *RequestIDRetriever) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
 	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
 ) {
 	out, metadata, err = next.HandleDeserialize(ctx, in)
@@ -41,6 +46,9 @@ func (m *requestIDRetriever) HandleDeserialize(ctx context.Context, in middlewar
 		if v := resp.Header.Get(h); len(v) != 0 {
 			// set reqID on metadata for successful responses.
 			SetRequestIDMetadata(&metadata, v)
+
+			span, _ := tracing.GetSpan(ctx)
+			span.SetProperty("aws.request_id", v)
 			break
 		}
 	}

vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"runtime"
+	"sort"
 	"strings"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -30,8 +31,12 @@ const (
 	FrameworkMetadata
 	AdditionalMetadata
 	ApplicationIdentifier
+	FeatureMetadata2
 )
 
+// Hardcoded value to specify which version of the user agent we're using
+const uaMetadata = "ua/2.1"
+
 func (k SDKAgentKeyType) string() string {
 	switch k {
 	case APIMetadata:
@@ -50,6 +55,8 @@ func (k SDKAgentKeyType) string() string {
 		return "lib"
 	case ApplicationIdentifier:
 		return "app"
+	case FeatureMetadata2:
+		return "m"
 	case AdditionalMetadata:
 		fallthrough
 	default:
@@ -64,12 +71,42 @@ var validChars = map[rune]bool{
 	'-': true, '.': true, '^': true, '_': true, '`': true, '|': true, '~': true,
 }
 
-// requestUserAgent is a build middleware that set the User-Agent for the request.
+// UserAgentFeature enumerates tracked SDK features.
-type requestUserAgent struct {
+type UserAgentFeature string
+
+// Enumerates UserAgentFeature.
+const (
+	UserAgentFeatureResourceModel                 UserAgentFeature = "A" // n/a (we don't generate separate resource types)
+	UserAgentFeatureWaiter                                         = "B"
+	UserAgentFeaturePaginator                                      = "C"
+	UserAgentFeatureRetryModeLegacy                                = "D" // n/a (equivalent to standard)
+	UserAgentFeatureRetryModeStandard                              = "E"
+	UserAgentFeatureRetryModeAdaptive                              = "F"
+	UserAgentFeatureS3Transfer                                     = "G"
+	UserAgentFeatureS3CryptoV1N                                    = "H" // n/a (crypto client is external)
+	UserAgentFeatureS3CryptoV2                                     = "I" // n/a
+	UserAgentFeatureS3ExpressBucket                                = "J"
+	UserAgentFeatureS3AccessGrants                                 = "K" // not yet implemented
+	UserAgentFeatureGZIPRequestCompression                         = "L"
+	UserAgentFeatureProtocolRPCV2CBOR                              = "M"
+	UserAgentFeatureRequestChecksumCRC32                           = "U"
+	UserAgentFeatureRequestChecksumCRC32C                          = "V"
+	UserAgentFeatureRequestChecksumCRC64                           = "W"
+	UserAgentFeatureRequestChecksumSHA1                            = "X"
+	UserAgentFeatureRequestChecksumSHA256                          = "Y"
+	UserAgentFeatureRequestChecksumWhenSupported                   = "Z"
+	UserAgentFeatureRequestChecksumWhenRequired                    = "a"
+	UserAgentFeatureResponseChecksumWhenSupported                  = "b"
+	UserAgentFeatureResponseChecksumWhenRequired                   = "c"
+)
+
+// RequestUserAgent is a build middleware that set the User-Agent for the request.
+type RequestUserAgent struct {
 	sdkAgent, userAgent *smithyhttp.UserAgentBuilder
+	features            map[UserAgentFeature]struct{}
 }
 
-// newRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
+// NewRequestUserAgent returns a new requestUserAgent which will set the User-Agent and X-Amz-User-Agent for the
 // request.
 //
 // User-Agent example:
@@ -79,14 +116,16 @@ type requestUserAgent struct {
 // X-Amz-User-Agent example:
 //
 //	aws-sdk-go-v2/1.2.3 md/GOOS/linux md/GOARCH/amd64 lang/go/1.15
-func newRequestUserAgent() *requestUserAgent {
+func NewRequestUserAgent() *RequestUserAgent {
 	userAgent, sdkAgent := smithyhttp.NewUserAgentBuilder(), smithyhttp.NewUserAgentBuilder()
 	addProductName(userAgent)
+	addUserAgentMetadata(userAgent)
 	addProductName(sdkAgent)
 
-	r := &requestUserAgent{
+	r := &RequestUserAgent{
 		sdkAgent:  sdkAgent,
 		userAgent: userAgent,
+		features:  map[UserAgentFeature]struct{}{},
 	}
 
 	addSDKMetadata(r)
@@ -94,7 +133,7 @@ func newRequestUserAgent() *requestUserAgent {
 	return r
 }
 
-func addSDKMetadata(r *requestUserAgent) {
+func addSDKMetadata(r *RequestUserAgent) {
 	r.AddSDKAgentKey(OperatingSystemMetadata, getNormalizedOSName())
 	r.AddSDKAgentKeyValue(LanguageMetadata, "go", languageVersion)
 	r.AddSDKAgentKeyValue(AdditionalMetadata, "GOOS", runtime.GOOS)
@@ -108,6 +147,10 @@ func addProductName(builder *smithyhttp.UserAgentBuilder) {
 	builder.AddKeyValue(aws.SDKName, aws.SDKVersion)
 }
 
+func addUserAgentMetadata(builder *smithyhttp.UserAgentBuilder) {
+	builder.AddKey(uaMetadata)
+}
+
 // AddUserAgentKey retrieves a requestUserAgent from the provided stack, or initializes one.
 func AddUserAgentKey(key string) func(*middleware.Stack) error {
 	return func(stack *middleware.Stack) error {
@@ -162,18 +205,18 @@ func AddRequestUserAgentMiddleware(stack *middleware.Stack) error {
 	return err
 }
 
-func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error) {
+func getOrAddRequestUserAgent(stack *middleware.Stack) (*RequestUserAgent, error) {
-	id := (*requestUserAgent)(nil).ID()
+	id := (*RequestUserAgent)(nil).ID()
 	bm, ok := stack.Build.Get(id)
 	if !ok {
-		bm = newRequestUserAgent()
+		bm = NewRequestUserAgent()
 		err := stack.Build.Add(bm, middleware.After)
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	requestUserAgent, ok := bm.(*requestUserAgent)
+	requestUserAgent, ok := bm.(*RequestUserAgent)
 	if !ok {
 		return nil, fmt.Errorf("%T for %s middleware did not match expected type", bm, id)
 	}
@@ -182,34 +225,40 @@ func getOrAddRequestUserAgent(stack *middleware.Stack) (*requestUserAgent, error
 }
 
 // AddUserAgentKey adds the component identified by name to the User-Agent string.
-func (u *requestUserAgent) AddUserAgentKey(key string) {
+func (u *RequestUserAgent) AddUserAgentKey(key string) {
 	u.userAgent.AddKey(strings.Map(rules, key))
 }
 
 // AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
-func (u *requestUserAgent) AddUserAgentKeyValue(key, value string) {
+func (u *RequestUserAgent) AddUserAgentKeyValue(key, value string) {
 	u.userAgent.AddKeyValue(strings.Map(rules, key), strings.Map(rules, value))
 }
 
-// AddUserAgentKey adds the component identified by name to the User-Agent string.
+// AddUserAgentFeature adds the feature ID to the tracking list to be emitted
-func (u *requestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
+// in the final User-Agent string.
+func (u *RequestUserAgent) AddUserAgentFeature(feature UserAgentFeature) {
+	u.features[feature] = struct{}{}
+}
+
+// AddSDKAgentKey adds the component identified by name to the User-Agent string.
+func (u *RequestUserAgent) AddSDKAgentKey(keyType SDKAgentKeyType, key string) {
 	// TODO: should target sdkAgent
 	u.userAgent.AddKey(keyType.string() + "/" + strings.Map(rules, key))
 }
 
-// AddUserAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
+// AddSDKAgentKeyValue adds the key identified by the given name and value to the User-Agent string.
-func (u *requestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
+func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, value string) {
 	// TODO: should target sdkAgent
 	u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
 }
 
 // ID the name of the middleware.
-func (u *requestUserAgent) ID() string {
+func (u *RequestUserAgent) ID() string {
 	return "UserAgent"
 }
 
 // HandleBuild adds or appends the constructed user agent to the request.
-func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
+func (u *RequestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
 	out middleware.BuildOutput, metadata middleware.Metadata, err error,
 ) {
 	switch req := in.Request.(type) {
@@ -224,12 +273,15 @@ func (u *requestUserAgent) HandleBuild(ctx context.Context, in middleware.BuildI
 	return next.HandleBuild(ctx, in)
 }
 
-func (u *requestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
+func (u *RequestUserAgent) addHTTPUserAgent(request *smithyhttp.Request) {
 	const userAgent = "User-Agent"
+	if len(u.features) > 0 {
+		updateHTTPHeader(request, userAgent, buildFeatureMetrics(u.features))
+	}
 	updateHTTPHeader(request, userAgent, u.userAgent.Build())
 }
 
-func (u *requestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
+func (u *RequestUserAgent) addHTTPSDKAgent(request *smithyhttp.Request) {
 	const sdkAgent = "X-Amz-User-Agent"
 	updateHTTPHeader(request, sdkAgent, u.sdkAgent.Build())
 }
@@ -259,3 +311,13 @@ func rules(r rune) rune {
 		return '-'
 	}
 }
+
+func buildFeatureMetrics(features map[UserAgentFeature]struct{}) string {
+	fs := make([]string, 0, len(features))
+	for f := range features {
+		fs = append(fs, string(f))
+	}
+
+	sort.Strings(fs)
+	return fmt.Sprintf("%s/%s", FeatureMetadata2.string(), strings.Join(fs, ","))
+}

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go

@@ -1,8 +1,8 @@
 package query
 
 import (
-	"fmt"
 	"net/url"
+	"strconv"
 )
 
 // Array represents the encoding of Query lists and sets. A Query array is a
@@ -21,19 +21,8 @@ type Array struct {
 	// keys for each element in the list. For example, an entry might have the
 	// key "ParentStructure.ListName.member.MemberName.1".
 	//
-	// While this is currently represented as a string that gets added to, it
+	// When the array is not flat the prefix will contain the memberName otherwise the memberName is ignored
-	// could also be represented as a stack that only gets condensed into a
-	// string when a finalized key is created. This could potentially reduce
-	// allocations.
 	prefix string
-	// Whether the list is flat or not. A list that is not flat will produce the
-	// following entry to the url.Values for a given entry:
-	//     ListName.MemberName.1=value
-	// A list that is flat will produce the following:
-	//     ListName.1=value
-	flat bool
-	// The location name of the member. In most cases this should be "member".
-	memberName string
 	// Elements are stored in values, so we keep track of the list size here.
 	size int32
 	// Empty lists are encoded as "<prefix>=", if we add a value later we will
@@ -45,11 +34,14 @@ func newArray(values url.Values, prefix string, flat bool, memberName string) *A
 	emptyValue := newValue(values, prefix, flat)
 	emptyValue.String("")
 
+	if !flat {
+		// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+		prefix = prefix + keySeparator + memberName
+	}
+
 	return &Array{
 		values:     values,
 		prefix:     prefix,
-		flat:       flat,
-		memberName: memberName,
 		emptyValue: emptyValue,
 	}
 }
@@ -63,10 +55,7 @@ func (a *Array) Value() Value {
 
 	// Query lists start a 1, so adjust the size first
 	a.size++
-	prefix := a.prefix
-	if !a.flat {
-		prefix = fmt.Sprintf("%s.%s", prefix, a.memberName)
-	}
 	// Lists can't have flat members
-	return newValue(a.values, fmt.Sprintf("%s.%d", prefix, a.size), false)
+	// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+	return newValue(a.values, a.prefix+keySeparator+strconv.FormatInt(int64(a.size), 10), false)
 }

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go

@@ -1,9 +1,6 @@
 package query
 
-import (
+import "net/url"
-	"fmt"
-	"net/url"
-)
 
 // Object represents the encoding of Query structures and unions. A Query
 // object is a representation of a mapping of string keys to arbitrary
@@ -56,14 +53,16 @@ func (o *Object) FlatKey(name string) Value {
 
 func (o *Object) key(name string, flatValue bool) Value {
 	if o.prefix != "" {
-		return newValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
+		// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+		return newValue(o.values, o.prefix+keySeparator+name, flatValue)
 	}
 	return newValue(o.values, name, flatValue)
 }
 
 func (o *Object) keyWithValues(name string, flatValue bool) Value {
 	if o.prefix != "" {
-		return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
+		// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+		return newAppendValue(o.values, o.prefix+keySeparator+name, flatValue)
 	}
 	return newAppendValue(o.values, name, flatValue)
 }

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go

@@ -7,6 +7,8 @@ import (
 	"github.com/aws/smithy-go/encoding/httpbinding"
 )
 
+const keySeparator = "."
+
 // Value represents a Query Value type.
 type Value struct {
 	// The query values to add the value to.

vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go

@@ -0,0 +1,20 @@
+package ratelimit
+
+import "context"
+
+// None implements a no-op rate limiter which effectively disables client-side
+// rate limiting (also known as "retry quotas").
+//
+// GetToken does nothing and always returns a nil error. The returned
+// token-release function does nothing, and always returns a nil error.
+//
+// AddTokens does nothing and always returns a nil error.
+var None = &none{}
+
+type none struct{}
+
+func (*none) GetToken(ctx context.Context, cost uint) (func() error, error) {
+	return func() error { return nil }, nil
+}
+
+func (*none) AddTokens(v uint) error { return nil }

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/attempt_metrics.go

@@ -0,0 +1,51 @@
+package retry
+
+import (
+	"context"
+
+	"github.com/aws/smithy-go/metrics"
+	"github.com/aws/smithy-go/middleware"
+)
+
+type attemptMetrics struct {
+	Attempts metrics.Int64Counter
+	Errors   metrics.Int64Counter
+
+	AttemptDuration metrics.Float64Histogram
+}
+
+func newAttemptMetrics(meter metrics.Meter) (*attemptMetrics, error) {
+	m := &attemptMetrics{}
+	var err error
+
+	m.Attempts, err = meter.Int64Counter("client.call.attempts", func(o *metrics.InstrumentOptions) {
+		o.UnitLabel = "{attempt}"
+		o.Description = "The number of attempts for an individual operation"
+	})
+	if err != nil {
+		return nil, err
+	}
+	m.Errors, err = meter.Int64Counter("client.call.errors", func(o *metrics.InstrumentOptions) {
+		o.UnitLabel = "{error}"
+		o.Description = "The number of errors for an operation"
+	})
+	if err != nil {
+		return nil, err
+	}
+	m.AttemptDuration, err = meter.Float64Histogram("client.call.attempt_duration", func(o *metrics.InstrumentOptions) {
+		o.UnitLabel = "s"
+		o.Description = "The time it takes to connect to the service, send the request, and get back HTTP status code and headers (including time queued waiting to be sent)"
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return m, nil
+}
+
+func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
+	return func(o *metrics.RecordMetricOptions) {
+		o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
+		o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
+	}
+}

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go

@@ -2,17 +2,22 @@ package retry
 
 import (
 	"context"
+	"errors"
 	"fmt"
-	"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
 	"strconv"
 	"strings"
 	"time"
 
+	internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
+	"github.com/aws/smithy-go"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddle "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go/logging"
+	"github.com/aws/smithy-go/metrics"
 	smithymiddle "github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	"github.com/aws/smithy-go/transport/http"
 )
 
@@ -35,10 +40,17 @@ type Attempt struct {
 	// attempts are reached.
 	LogAttempts bool
 
+	// A Meter instance for recording retry-related metrics.
+	OperationMeter metrics.Meter
+
 	retryer       aws.RetryerV2
 	requestCloner RequestCloner
 }
 
+// define the threshold at which we will consider certain kind of errors to be probably
+// caused by clock skew
+const skewThreshold = 4 * time.Minute
+
 // NewAttemptMiddleware returns a new Attempt retry middleware.
 func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optFns ...func(*Attempt)) *Attempt {
 	m := &Attempt{
@@ -48,6 +60,10 @@ func NewAttemptMiddleware(retryer aws.Retryer, requestCloner RequestCloner, optF
 	for _, fn := range optFns {
 		fn(m)
 	}
+	if m.OperationMeter == nil {
+		m.OperationMeter = metrics.NopMeterProvider{}.Meter("")
+	}
+
 	return m
 }
 
@@ -73,6 +89,11 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
 	maxAttempts := r.retryer.MaxAttempts()
 	releaseRetryToken := nopRelease
 
+	retryMetrics, err := newAttemptMetrics(r.OperationMeter)
+	if err != nil {
+		return out, metadata, err
+	}
+
 	for {
 		attemptNum++
 		attemptInput := in
@@ -86,8 +107,29 @@ func (r *Attempt) HandleFinalize(ctx context.Context, in smithymiddle.FinalizeIn
 			AttemptClockSkew: attemptClockSkew,
 		})
 
+		// Setting clock skew to be used on other context (like signing)
+		ctx = internalcontext.SetAttemptSkewContext(ctx, attemptClockSkew)
+
 		var attemptResult AttemptResult
+
+		attemptCtx, span := tracing.StartSpan(attemptCtx, "Attempt", func(o *tracing.SpanOptions) {
+			o.Properties.Set("operation.attempt", attemptNum)
+		})
+		retryMetrics.Attempts.Add(ctx, 1, withOperationMetadata(ctx))
+
+		start := sdk.NowTime()
 		out, attemptResult, releaseRetryToken, err = r.handleAttempt(attemptCtx, attemptInput, releaseRetryToken, next)
+		elapsed := sdk.NowTime().Sub(start)
+
+		retryMetrics.AttemptDuration.Record(ctx, float64(elapsed)/1e9, withOperationMetadata(ctx))
+		if err != nil {
+			retryMetrics.Errors.Add(ctx, 1, withOperationMetadata(ctx), func(o *metrics.RecordMetricOptions) {
+				o.Properties.Set("exception.type", errorType(err))
+			})
+		}
+
+		span.End()
+
 		attemptClockSkew, _ = awsmiddle.GetAttemptSkew(attemptResult.ResponseMetadata)
 
 		// AttemptResult Retried states that the attempt was not successful, and
@@ -185,6 +227,8 @@ func (r *Attempt) handleAttempt(
 		return out, attemptResult, nopRelease, err
 	}
 
+	err = wrapAsClockSkew(ctx, err)
+
 	//------------------------------
 	// Is Retryable and Should Retry
 	//------------------------------
@@ -226,13 +270,6 @@ func (r *Attempt) handleAttempt(
 	// that time. Potentially early exist if the sleep is canceled via the
 	// context.
 	retryDelay, reqErr := r.retryer.RetryDelay(attemptNum, err)
-	mctx := metrics.Context(ctx)
-	if mctx != nil {
-		attempt, err := mctx.Data().LatestAttempt()
-		if err != nil {
-			attempt.RetryDelay = retryDelay
-		}
-	}
 	if reqErr != nil {
 		return out, attemptResult, releaseRetryToken, reqErr
 	}
@@ -247,6 +284,37 @@ func (r *Attempt) handleAttempt(
 	return out, attemptResult, releaseRetryToken, err
 }
 
+// errors that, if detected when we know there's a clock skew,
+// can be retried and have a high chance of success
+var possibleSkewCodes = map[string]struct{}{
+	"InvalidSignatureException": {},
+	"SignatureDoesNotMatch":     {},
+	"AuthFailure":               {},
+}
+
+var definiteSkewCodes = map[string]struct{}{
+	"RequestExpired":       {},
+	"RequestInTheFuture":   {},
+	"RequestTimeTooSkewed": {},
+}
+
+// wrapAsClockSkew checks if this error could be related to a clock skew
+// error and if so, wrap the error.
+func wrapAsClockSkew(ctx context.Context, err error) error {
+	var v interface{ ErrorCode() string }
+	if !errors.As(err, &v) {
+		return err
+	}
+	if _, ok := definiteSkewCodes[v.ErrorCode()]; ok {
+		return &retryableClockSkewError{Err: err}
+	}
+	_, isPossibleSkewCode := possibleSkewCodes[v.ErrorCode()]
+	if skew := internalcontext.GetAttemptSkewContext(ctx); skew > skewThreshold && isPossibleSkewCode {
+		return &retryableClockSkewError{Err: err}
+	}
+	return err
+}
+
 // MetricsHeader attaches SDK request metric header for retries to the transport
 type MetricsHeader struct{}
 
@@ -338,3 +406,13 @@ func AddRetryMiddlewares(stack *smithymiddle.Stack, options AddRetryMiddlewaresO
 	}
 	return nil
 }
+
+// Determines the value of exception.type for metrics purposes. We prefer an
+// API-specific error code, otherwise it's just the Go type for the value.
+func errorType(err error) string {
+	var terr smithy.APIError
+	if errors.As(err, &terr) {
+		return terr.ErrorCode()
+	}
+	return fmt.Sprintf("%T", err)
+}

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go

@@ -2,6 +2,7 @@ package retry
 
 import (
 	"errors"
+	"fmt"
 	"net"
 	"net/url"
 	"strings"
@@ -115,7 +116,13 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
 	case errors.As(err, &conErr) && conErr.ConnectionError():
 		retryable = true
 
+	case strings.Contains(err.Error(), "use of closed network connection"):
+		fallthrough
 	case strings.Contains(err.Error(), "connection reset"):
+		// The errors "connection reset" and "use of closed network connection"
+		// are effectively the same. It appears to be the difference between
+		// sync and async read of TCP RST in the stdlib's net.Conn read loop.
+		// see #2737
 		retryable = true
 
 	case errors.As(err, &urlErr):
@@ -199,3 +206,23 @@ func (r RetryableErrorCode) IsErrorRetryable(err error) aws.Ternary {
 
 	return aws.TrueTernary
 }
+
+// retryableClockSkewError marks errors that can be caused by clock skew
+// (difference between server time and client time).
+// This is returned when there's certain confidence that adjusting the client time
+// could allow a retry to succeed
+type retryableClockSkewError struct{ Err error }
+
+func (e *retryableClockSkewError) Error() string {
+	return fmt.Sprintf("Probable clock skew error: %v", e.Err)
+}
+
+// Unwrap returns the wrapped error.
+func (e *retryableClockSkewError) Unwrap() error {
+	return e.Err
+}
+
+// RetryableError allows the retryer to retry this request
+func (e *retryableClockSkewError) RetryableError() bool {
+	return true
+}

vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go

@@ -123,6 +123,17 @@ type StandardOptions struct {
 
 	// Provides the rate limiting strategy for rate limiting attempt retries
 	// across all attempts the retryer is being used with.
+	//
+	// A RateLimiter operates as a token bucket with a set capacity, where
+	// attempt failures events consume tokens. A retry attempt that attempts to
+	// consume more tokens than what's available results in operation failure.
+	// The default implementation is parameterized as follows:
+	//   - a capacity of 500 (DefaultRetryRateTokens)
+	//   - a retry caused by a timeout costs 10 tokens (DefaultRetryCost)
+	//   - a retry caused by other errors costs 5 tokens (DefaultRetryTimeoutCost)
+	//   - an operation that succeeds on the 1st attempt adds 1 token (DefaultNoRetryIncrement)
+	//
+	// You can disable rate limiting by setting this field to ratelimit.None.
 	RateLimiter RateLimiter
 
 	// The cost to deduct from the RateLimiter's token bucket per retry.

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go

@@ -8,6 +8,7 @@ var IgnoredHeaders = Rules{
 			"User-Agent":        struct{}{},
 			"X-Amzn-Trace-Id":   struct{}{},
 			"Expect":            struct{}{},
+			"Transfer-Encoding": struct{}{},
 		},
 	},
 }
@@ -38,7 +39,6 @@ var RequiredSignedHeaders = Rules{
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
 			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
-			"X-Amz-Expected-Bucket-Owner":                                 struct{}{},
 			"X-Amz-Grant-Full-control":                                    struct{}{},
 			"X-Amz-Grant-Read":                                            struct{}{},
 			"X-Amz-Grant-Read-Acp":                                        struct{}{},
@@ -46,7 +46,6 @@ var RequiredSignedHeaders = Rules{
 			"X-Amz-Grant-Write-Acp":                                       struct{}{},
 			"X-Amz-Metadata-Directive":                                    struct{}{},
 			"X-Amz-Mfa":                                                   struct{}{},
-			"X-Amz-Request-Payer":                                         struct{}{},
 			"X-Amz-Server-Side-Encryption":                                struct{}{},
 			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
 			"X-Amz-Server-Side-Encryption-Context":                        struct{}{},

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go

@@ -11,11 +11,11 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
-	"github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics"
 	v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4"
 	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
@@ -85,12 +85,12 @@ func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
 	}
 
 	if req.IsHTTPS() {
-		return (&unsignedPayload{}).HandleFinalize(ctx, in, next)
+		return (&UnsignedPayload{}).HandleFinalize(ctx, in, next)
 	}
-	return (&computePayloadSHA256{}).HandleFinalize(ctx, in, next)
+	return (&ComputePayloadSHA256{}).HandleFinalize(ctx, in, next)
 }
 
-// unsignedPayload sets the SigV4 request payload hash to unsigned.
+// UnsignedPayload sets the SigV4 request payload hash to unsigned.
 //
 // Will not set the Unsigned Payload magic SHA value, if a SHA has already been
 // stored in the context. (e.g. application pre-computed SHA256 before making
@@ -98,21 +98,21 @@ func (m *dynamicPayloadSigningMiddleware) HandleFinalize(
 //
 // This middleware does not check the X-Amz-Content-Sha256 header, if that
 // header is serialized a middleware must translate it into the context.
-type unsignedPayload struct{}
+type UnsignedPayload struct{}
 
 // AddUnsignedPayloadMiddleware adds unsignedPayload to the operation
 // middleware stack
 func AddUnsignedPayloadMiddleware(stack *middleware.Stack) error {
-	return stack.Finalize.Insert(&unsignedPayload{}, "ResolveEndpointV2", middleware.After)
+	return stack.Finalize.Insert(&UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
 }
 
 // ID returns the unsignedPayload identifier
-func (m *unsignedPayload) ID() string {
+func (m *UnsignedPayload) ID() string {
 	return computePayloadHashMiddlewareID
 }
 
 // HandleFinalize sets the payload hash magic value to the unsigned sentinel.
-func (m *unsignedPayload) HandleFinalize(
+func (m *UnsignedPayload) HandleFinalize(
 	ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
 ) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -123,7 +123,7 @@ func (m *unsignedPayload) HandleFinalize(
 	return next.HandleFinalize(ctx, in)
 }
 
-// computePayloadSHA256 computes SHA256 payload hash to sign.
+// ComputePayloadSHA256 computes SHA256 payload hash to sign.
 //
 // Will not set the Unsigned Payload magic SHA value, if a SHA has already been
 // stored in the context. (e.g. application pre-computed SHA256 before making
@@ -131,12 +131,12 @@ func (m *unsignedPayload) HandleFinalize(
 //
 // This middleware does not check the X-Amz-Content-Sha256 header, if that
 // header is serialized a middleware must translate it into the context.
-type computePayloadSHA256 struct{}
+type ComputePayloadSHA256 struct{}
 
 // AddComputePayloadSHA256Middleware adds computePayloadSHA256 to the
 // operation middleware stack
 func AddComputePayloadSHA256Middleware(stack *middleware.Stack) error {
-	return stack.Finalize.Insert(&computePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
+	return stack.Finalize.Insert(&ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
 }
 
 // RemoveComputePayloadSHA256Middleware removes computePayloadSHA256 from the
@@ -147,13 +147,13 @@ func RemoveComputePayloadSHA256Middleware(stack *middleware.Stack) error {
 }
 
 // ID is the middleware name
-func (m *computePayloadSHA256) ID() string {
+func (m *ComputePayloadSHA256) ID() string {
 	return computePayloadHashMiddlewareID
 }
 
 // HandleFinalize computes the payload hash for the request, storing it to the
 // context. This is a no-op if a caller has previously set that value.
-func (m *computePayloadSHA256) HandleFinalize(
+func (m *ComputePayloadSHA256) HandleFinalize(
 	ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
 ) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -162,6 +162,9 @@ func (m *computePayloadSHA256) HandleFinalize(
 		return next.HandleFinalize(ctx, in)
 	}
 
+	_, span := tracing.StartSpan(ctx, "ComputePayloadSHA256")
+	defer span.End()
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &HashComputationError{
@@ -187,6 +190,7 @@ func (m *computePayloadSHA256) HandleFinalize(
 
 	ctx = SetPayloadHash(ctx, hex.EncodeToString(hash.Sum(nil)))
 
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }
 
@@ -196,35 +200,35 @@ func (m *computePayloadSHA256) HandleFinalize(
 // Use this to disable computing the Payload SHA256 checksum and instead use
 // UNSIGNED-PAYLOAD for the SHA256 value.
 func SwapComputePayloadSHA256ForUnsignedPayloadMiddleware(stack *middleware.Stack) error {
-	_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &unsignedPayload{})
+	_, err := stack.Finalize.Swap(computePayloadHashMiddlewareID, &UnsignedPayload{})
 	return err
 }
 
-// contentSHA256Header sets the X-Amz-Content-Sha256 header value to
+// ContentSHA256Header sets the X-Amz-Content-Sha256 header value to
 // the Payload hash stored in the context.
-type contentSHA256Header struct{}
+type ContentSHA256Header struct{}
 
 // AddContentSHA256HeaderMiddleware adds ContentSHA256Header to the
 // operation middleware stack
 func AddContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
-	return stack.Finalize.Insert(&contentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
+	return stack.Finalize.Insert(&ContentSHA256Header{}, computePayloadHashMiddlewareID, middleware.After)
 }
 
 // RemoveContentSHA256HeaderMiddleware removes contentSHA256Header middleware
 // from the operation middleware stack
 func RemoveContentSHA256HeaderMiddleware(stack *middleware.Stack) error {
-	_, err := stack.Finalize.Remove((*contentSHA256Header)(nil).ID())
+	_, err := stack.Finalize.Remove((*ContentSHA256Header)(nil).ID())
 	return err
 }
 
 // ID returns the ContentSHA256HeaderMiddleware identifier
-func (m *contentSHA256Header) ID() string {
+func (m *ContentSHA256Header) ID() string {
 	return "SigV4ContentSHA256Header"
 }
 
 // HandleFinalize sets the X-Amz-Content-Sha256 header value to the Payload hash
 // stored in the context.
-func (m *contentSHA256Header) HandleFinalize(
+func (m *ContentSHA256Header) HandleFinalize(
 	ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
 ) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -301,22 +305,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
 		return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")}
 	}
 
-	mctx := metrics.Context(ctx)
-
-	if mctx != nil {
-		if attempt, err := mctx.Data().LatestAttempt(); err == nil {
-			attempt.CredentialFetchStartTime = sdk.NowTime()
-		}
-	}
-
 	credentials, err := s.credentialsProvider.Retrieve(ctx)
-
-	if mctx != nil {
-		if attempt, err := mctx.Data().LatestAttempt(); err == nil {
-			attempt.CredentialFetchEndTime = sdk.NowTime()
-		}
-	}
-
 	if err != nil {
 		return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)}
 	}
@@ -337,20 +326,7 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
 		})
 	}
 
-	if mctx != nil {
-		if attempt, err := mctx.Data().LatestAttempt(); err == nil {
-			attempt.SignStartTime = sdk.NowTime()
-		}
-	}
-
 	err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...)
-
-	if mctx != nil {
-		if attempt, err := mctx.Data().LatestAttempt(); err == nil {
-			attempt.SignEndTime = sdk.NowTime()
-		}
-	}
-
 	if err != nil {
 		return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)}
 	}
@@ -360,18 +336,21 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl
 	return next.HandleFinalize(ctx, in)
 }
 
-type streamingEventsPayload struct{}
+// StreamingEventsPayload signs input event stream messages.
+type StreamingEventsPayload struct{}
 
 // AddStreamingEventsPayload adds the streamingEventsPayload middleware to the stack.
 func AddStreamingEventsPayload(stack *middleware.Stack) error {
-	return stack.Finalize.Add(&streamingEventsPayload{}, middleware.Before)
+	return stack.Finalize.Add(&StreamingEventsPayload{}, middleware.Before)
 }
 
-func (s *streamingEventsPayload) ID() string {
+// ID identifies the middleware.
+func (s *StreamingEventsPayload) ID() string {
 	return computePayloadHashMiddlewareID
 }
 
-func (s *streamingEventsPayload) HandleFinalize(
+// HandleFinalize marks the input stream to be signed with SigV4.
+func (s *StreamingEventsPayload) HandleFinalize(
 	ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
 ) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
@@ -393,8 +372,9 @@ func GetSignedRequestSignature(r *http.Request) ([]byte, error) {
 	const authHeaderSignatureElem = "Signature="
 
 	if auth := r.Header.Get(authorizationHeader); len(auth) != 0 {
-		ps := strings.Split(auth, ", ")
+		ps := strings.Split(auth, ",")
 		for _, p := range ps {
+			p = strings.TrimSpace(p)
 			if idx := strings.Index(p, authHeaderSignatureElem); idx >= 0 {
 				sig := p[len(authHeaderSignatureElem):]
 				if len(sig) == 0 {

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go

@@ -1,48 +1,41 @@
-// Package v4 implements signing for AWS V4 signer
+// Package v4 implements the AWS signature version 4 algorithm (commonly known
+// as SigV4).
 //
-// Provides request signing for request that need to be signed with
+// For more information about SigV4, see [Signing AWS API requests] in the IAM
-// AWS V4 Signatures.
+// user guide.
 //
-// # Standalone Signer
+// While this implementation CAN work in an external context, it is developed
+// primarily for SDK use and you may encounter fringe behaviors around header
+// canonicalization.
 //
-// Generally using the signer outside of the SDK should not require any additional
+// # Pre-escaping a request URI
 //
-//	The signer does this by taking advantage of the URL.EscapedPath method. If your request URI requires
+// AWS v4 signature validation requires that the canonical string's URI path
+// component must be the escaped form of the HTTP request's path.
 //
-// additional escaping you many need to use the URL.Opaque to define what the raw URI should be sent
+// The Go HTTP client will perform escaping automatically on the HTTP request.
-// to the service as.
+// This may cause signature validation errors because the request differs from
+// the URI path or query from which the signature was generated.
 //
-// The signer will first check the URL.Opaque field, and use its value if set.
+// Because of this, we recommend that you explicitly escape the request when
-// The signer does require the URL.Opaque field to be set in the form of:
+// using this signer outside of the SDK to prevent possible signature mismatch.
+// This can be done by setting URL.Opaque on the request. The signer will
+// prefer that value, falling back to the return of URL.EscapedPath if unset.
+//
+// When setting URL.Opaque you must do so in the form of:
 //
 //	"//<hostname>/<path>"
 //
 //	// e.g.
 //	"//example.com/some/path"
 //
-// The leading "//" and hostname are required or the URL.Opaque escaping will
+// The leading "//" and hostname are required or the escaping will not work
-// not work correctly.
+// correctly.
 //
-// If URL.Opaque is not set the signer will fallback to the URL.EscapedPath()
+// The TestStandaloneSign unit test provides a complete example of using the
-// method and using the returned value.
+// signer outside of the SDK and pre-escaping the URI path.
 //
-// AWS v4 signature validation requires that the canonical string's URI path
+// [Signing AWS API requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
-// element must be the URI escaped form of the HTTP request's path.
-// http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
-//
-// The Go HTTP client will perform escaping automatically on the request. Some
-// of these escaping may cause signature validation errors because the HTTP
-// request differs from the URI path or query that the signature was generated.
-// https://golang.org/pkg/net/url/#URL.EscapedPath
-//
-// Because of this, it is recommended that when using the signer outside of the
-// SDK that explicitly escaping the request prior to being signed is preferable,
-// and will help prevent signature validation errors. This can be done by setting
-// the URL.Opaque or URL.RawPath. The SDK will use URL.Opaque first and then
-// call URL.EscapedPath() if Opaque is not set.
-//
-// Test `TestStandaloneSign` provides a complete example of using the signer
-// outside of the SDK and pre-escaping the URI path.
 package v4
 
 import (
@@ -401,7 +394,18 @@ func (s *httpSigner) buildCredentialScope() string {
 func buildQuery(r v4Internal.Rule, header http.Header) (url.Values, http.Header) {
 	query := url.Values{}
 	unsignedHeaders := http.Header{}
+
+	// A list of headers to be converted to lower case to mitigate a limitation from S3
+	lowerCaseHeaders := map[string]string{
+		"X-Amz-Expected-Bucket-Owner": "x-amz-expected-bucket-owner", // see #2508
+		"X-Amz-Request-Payer":         "x-amz-request-payer",         // see #2764
+	}
+
 	for k, h := range header {
+		if newKey, ok := lowerCaseHeaders[k]; ok {
+			k = newKey
+		}
+
 		if r.IsValid(k) {
 			query[k] = h
 		} else {

vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go

@@ -1,13 +1,16 @@
 package http
 
 import (
+	"context"
 	"crypto/tls"
-	"github.com/aws/aws-sdk-go-v2/aws"
 	"net"
 	"net/http"
 	"reflect"
 	"sync"
 	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/smithy-go/tracing"
 )
 
 // Defaults for the HTTPTransportBuilder.
@@ -179,7 +182,7 @@ func defaultHTTPTransport() *http.Transport {
 
 	tr := &http.Transport{
 		Proxy:                 http.ProxyFromEnvironment,
-		DialContext:           dialer.DialContext,
+		DialContext:           traceDialContext(dialer.DialContext),
 		TLSHandshakeTimeout:   DefaultHTTPTransportTLSHandleshakeTimeout,
 		MaxIdleConns:          DefaultHTTPTransportMaxIdleConns,
 		MaxIdleConnsPerHost:   DefaultHTTPTransportMaxIdleConnsPerHost,
@@ -194,6 +197,35 @@ func defaultHTTPTransport() *http.Transport {
 	return tr
 }
 
+type dialContext func(ctx context.Context, network, addr string) (net.Conn, error)
+
+func traceDialContext(dc dialContext) dialContext {
+	return func(ctx context.Context, network, addr string) (net.Conn, error) {
+		span, _ := tracing.GetSpan(ctx)
+		span.SetProperty("net.peer.name", addr)
+
+		conn, err := dc(ctx, network, addr)
+		if err != nil {
+			return conn, err
+		}
+
+		raddr := conn.RemoteAddr()
+		if raddr == nil {
+			return conn, err
+		}
+
+		host, port, err := net.SplitHostPort(raddr.String())
+		if err != nil { // don't blow up just because we couldn't parse
+			span.SetProperty("net.peer.addr", raddr.String())
+		} else {
+			span.SetProperty("net.peer.host", host)
+			span.SetProperty("net.peer.port", port)
+		}
+
+		return conn, err
+	}
+}
+
 // shallowCopyStruct creates a shallow copy of the passed in source struct, and
 // returns that copy of the same struct type.
 func shallowCopyStruct(src interface{}) interface{} {

vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error_middleware.go

@@ -12,18 +12,20 @@ import (
 func AddResponseErrorMiddleware(stack *middleware.Stack) error {
 	// add error wrapper middleware before request id retriever middleware so that it can wrap the error response
 	// returned by operation deserializers
-	return stack.Deserialize.Insert(&responseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
+	return stack.Deserialize.Insert(&ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
 }
 
-type responseErrorWrapper struct {
+// ResponseErrorWrapper wraps operation errors with ResponseError.
+type ResponseErrorWrapper struct {
 }
 
 // ID returns the middleware identifier
-func (m *responseErrorWrapper) ID() string {
+func (m *ResponseErrorWrapper) ID() string {
 	return "ResponseErrorWrapper"
 }
 
-func (m *responseErrorWrapper) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
+// HandleDeserialize wraps the stack error with smithyhttp.ResponseError.
+func (m *ResponseErrorWrapper) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
 	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
 ) {
 	out, metadata, err = next.HandleDeserialize(ctx, in)

vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md

@@ -1,3 +1,265 @@
+# v1.29.5 (2025-02-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.4 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.3 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.2 (2025-01-24)
+
+* **Bug Fix**: Fix env config naming and usage of deprecated ioutil
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.29.1 (2025-01-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.0 (2025-01-15)
+
+* **Feature**: S3 client behavior is updated to always calculate a checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). The checksum algorithm used by default now becomes CRC32. Checksum behavior can be configured using `when_supported` and `when_required` options - in code using RequestChecksumCalculation, in shared config using request_checksum_calculation, or as env variable using AWS_REQUEST_CHECKSUM_CALCULATION. The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using `when_supported` and `when_required` options - in code using ResponseChecksumValidation, in shared config using response_checksum_validation, or as env variable using AWS_RESPONSE_CHECKSUM_VALIDATION.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.11 (2025-01-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.10 (2025-01-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.9 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.8 (2025-01-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.7 (2024-12-19)
+
+* **Bug Fix**: Fix improper use of printf-style functions.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.6 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.5 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.4 (2024-11-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.3 (2024-11-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.2 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.1 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.0 (2024-10-16)
+
+* **Feature**: Adds the LoadOptions hook `WithBaseEndpoint` for setting global endpoint override in-code.
+
+# v1.27.43 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.42 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.41 (2024-10-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.40 (2024-10-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.39 (2024-09-27)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.38 (2024-09-25)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.37 (2024-09-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.36 (2024-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.35 (2024-09-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.34 (2024-09-16)
+
+* **Bug Fix**: Read `AWS_CONTAINER_CREDENTIALS_FULL_URI` env variable if set when reading a profile with `credential_source`. Also ensure `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` is always read before it
+
+# v1.27.33 (2024-09-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.32 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.31 (2024-08-26)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.30 (2024-08-23)
+
+* **Bug Fix**: Don't fail credentials unit tests if credentials are found on a file
+
+# v1.27.29 (2024-08-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.28 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.27 (2024-07-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.26 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.25 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.24 (2024-07-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.23 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.22 (2024-06-26)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.21 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.20 (2024-06-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.19 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.18 (2024-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.17 (2024-06-03)
+
+* **Documentation**: Add deprecation docs to global endpoint resolution interfaces. These APIs were previously deprecated with the introduction of service-specific endpoint resolution (EndpointResolverV2 and BaseEndpoint on service client options).
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.16 (2024-05-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.15 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.14 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.13 (2024-05-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.12 (2024-05-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.11 (2024-04-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.10 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.9 (2024-03-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.8 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.7 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.6 (2024-03-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.5 (2024-03-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.4 (2024-02-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.3 (2024-02-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.2 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.1 (2024-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.6 (2024-01-22)
+
+* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.26.5 (2024-01-18)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/config/config.go

@@ -80,6 +80,15 @@ var defaultAWSConfigResolvers = []awsConfigResolver{
 
 	// Sets the RequestMinCompressSizeBytes if present in env var or shared config profile
 	resolveRequestMinCompressSizeBytes,
+
+	// Sets the AccountIDEndpointMode if present in env var or shared config profile
+	resolveAccountIDEndpointMode,
+
+	// Sets the RequestChecksumCalculation if present in env var or shared config profile
+	resolveRequestChecksumCalculation,
+
+	// Sets the ResponseChecksumValidation if present in env var or shared config profile
+	resolveResponseChecksumValidation,
 }
 
 // A Config represents a generic configuration value or set of values. This type
@@ -209,7 +218,7 @@ func resolveConfigLoaders(options *LoadOptions) []loader {
 	loaders[0] = loadEnvConfig
 
 	// specification of a profile should cause a load failure if it doesn't exist
-	if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" {
+	if os.Getenv(awsProfileEnv) != "" || options.SharedConfigProfile != "" {
 		loaders[1] = loadSharedConfig
 	} else {
 		loaders[1] = loadSharedConfigIgnoreNotExist

vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"strconv"
 	"strings"
@@ -21,83 +20,89 @@ const CredentialsSourceName = "EnvConfigCredentials"
 
 // Environment variables that will be read for configuration values.
 const (
-	awsAccessKeyIDEnvVar = "AWS_ACCESS_KEY_ID"
+	awsAccessKeyIDEnv = "AWS_ACCESS_KEY_ID"
-	awsAccessKeyEnvVar   = "AWS_ACCESS_KEY"
+	awsAccessKeyEnv   = "AWS_ACCESS_KEY"
 
-	awsSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY"
+	awsSecretAccessKeyEnv = "AWS_SECRET_ACCESS_KEY"
-	awsSecretKeyEnvVar       = "AWS_SECRET_KEY"
+	awsSecretKeyEnv       = "AWS_SECRET_KEY"
 
-	awsSessionTokenEnvVar = "AWS_SESSION_TOKEN"
+	awsSessionTokenEnv = "AWS_SESSION_TOKEN"
 
-	awsContainerCredentialsEndpointEnvVar     = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
+	awsContainerCredentialsFullURIEnv     = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
-	awsContainerCredentialsRelativePathEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
+	awsContainerCredentialsRelativeURIEnv = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
-	awsContainerPProviderAuthorizationEnvVar  = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
+	awsContainerAuthorizationTokenEnv     = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
 
-	awsRegionEnvVar        = "AWS_REGION"
+	awsRegionEnv        = "AWS_REGION"
-	awsDefaultRegionEnvVar = "AWS_DEFAULT_REGION"
+	awsDefaultRegionEnv = "AWS_DEFAULT_REGION"
 
-	awsProfileEnvVar        = "AWS_PROFILE"
+	awsProfileEnv        = "AWS_PROFILE"
-	awsDefaultProfileEnvVar = "AWS_DEFAULT_PROFILE"
+	awsDefaultProfileEnv = "AWS_DEFAULT_PROFILE"
 
-	awsSharedCredentialsFileEnvVar = "AWS_SHARED_CREDENTIALS_FILE"
+	awsSharedCredentialsFileEnv = "AWS_SHARED_CREDENTIALS_FILE"
 
-	awsConfigFileEnvVar = "AWS_CONFIG_FILE"
+	awsConfigFileEnv = "AWS_CONFIG_FILE"
 
-	awsCustomCABundleEnvVar = "AWS_CA_BUNDLE"
+	awsCABundleEnv = "AWS_CA_BUNDLE"
 
-	awsWebIdentityTokenFilePathEnvVar = "AWS_WEB_IDENTITY_TOKEN_FILE"
+	awsWebIdentityTokenFileEnv = "AWS_WEB_IDENTITY_TOKEN_FILE"
 
-	awsRoleARNEnvVar         = "AWS_ROLE_ARN"
+	awsRoleARNEnv         = "AWS_ROLE_ARN"
-	awsRoleSessionNameEnvVar = "AWS_ROLE_SESSION_NAME"
+	awsRoleSessionNameEnv = "AWS_ROLE_SESSION_NAME"
 
-	awsEnableEndpointDiscoveryEnvVar = "AWS_ENABLE_ENDPOINT_DISCOVERY"
+	awsEnableEndpointDiscoveryEnv = "AWS_ENABLE_ENDPOINT_DISCOVERY"
 
-	awsS3UseARNRegionEnvVar = "AWS_S3_USE_ARN_REGION"
+	awsS3UseARNRegionEnv = "AWS_S3_USE_ARN_REGION"
 
-	awsEc2MetadataServiceEndpointModeEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
+	awsEc2MetadataServiceEndpointModeEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
 
-	awsEc2MetadataServiceEndpointEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
+	awsEc2MetadataServiceEndpointEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
 
-	awsEc2MetadataDisabled         = "AWS_EC2_METADATA_DISABLED"
+	awsEc2MetadataDisabledEnv   = "AWS_EC2_METADATA_DISABLED"
-	awsEc2MetadataV1DisabledEnvVar = "AWS_EC2_METADATA_V1_DISABLED"
+	awsEc2MetadataV1DisabledEnv = "AWS_EC2_METADATA_V1_DISABLED"
 
-	awsS3DisableMultiRegionAccessPointEnvVar = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
+	awsS3DisableMultiRegionAccessPointsEnv = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
 
-	awsUseDualStackEndpoint = "AWS_USE_DUALSTACK_ENDPOINT"
+	awsUseDualStackEndpointEnv = "AWS_USE_DUALSTACK_ENDPOINT"
 
-	awsUseFIPSEndpoint = "AWS_USE_FIPS_ENDPOINT"
+	awsUseFIPSEndpointEnv = "AWS_USE_FIPS_ENDPOINT"
 
-	awsDefaultMode = "AWS_DEFAULTS_MODE"
+	awsDefaultsModeEnv = "AWS_DEFAULTS_MODE"
 
-	awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS"
+	awsMaxAttemptsEnv = "AWS_MAX_ATTEMPTS"
-	awsRetryMode        = "AWS_RETRY_MODE"
+	awsRetryModeEnv   = "AWS_RETRY_MODE"
-	awsSdkAppID         = "AWS_SDK_UA_APP_ID"
+	awsSdkUaAppIDEnv  = "AWS_SDK_UA_APP_ID"
 
-	awsIgnoreConfiguredEndpoints = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS"
+	awsIgnoreConfiguredEndpointURLEnv = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS"
-	awsEndpointURL               = "AWS_ENDPOINT_URL"
+	awsEndpointURLEnv                 = "AWS_ENDPOINT_URL"
 
-	awsDisableRequestCompression      = "AWS_DISABLE_REQUEST_COMPRESSION"
+	awsDisableRequestCompressionEnv      = "AWS_DISABLE_REQUEST_COMPRESSION"
-	awsRequestMinCompressionSizeBytes = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
+	awsRequestMinCompressionSizeBytesEnv = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
 
 	awsS3DisableExpressSessionAuthEnv = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"
+
+	awsAccountIDEnv             = "AWS_ACCOUNT_ID"
+	awsAccountIDEndpointModeEnv = "AWS_ACCOUNT_ID_ENDPOINT_MODE"
+
+	awsRequestChecksumCalculation = "AWS_REQUEST_CHECKSUM_CALCULATION"
+	awsResponseChecksumValidation = "AWS_RESPONSE_CHECKSUM_VALIDATION"
 )
 
 var (
 	credAccessEnvKeys = []string{
-		awsAccessKeyIDEnvVar,
+		awsAccessKeyIDEnv,
-		awsAccessKeyEnvVar,
+		awsAccessKeyEnv,
 	}
 	credSecretEnvKeys = []string{
-		awsSecretAccessKeyEnvVar,
+		awsSecretAccessKeyEnv,
-		awsSecretKeyEnvVar,
+		awsSecretKeyEnv,
 	}
 	regionEnvKeys = []string{
-		awsRegionEnvVar,
+		awsRegionEnv,
-		awsDefaultRegionEnvVar,
+		awsDefaultRegionEnv,
 	}
 	profileEnvKeys = []string{
-		awsProfileEnvVar,
+		awsProfileEnv,
-		awsDefaultProfileEnvVar,
+		awsDefaultProfileEnv,
 	}
 )
 
@@ -290,6 +295,15 @@ type EnvConfig struct {
 	// will only bypass the modified endpoint routing and signing behaviors
 	// associated with the feature.
 	S3DisableExpressAuth *bool
+
+	// Indicates whether account ID will be required/ignored in endpoint2.0 routing
+	AccountIDEndpointMode aws.AccountIDEndpointMode
+
+	// Indicates whether request checksum should be calculated
+	RequestChecksumCalculation aws.RequestChecksumCalculation
+
+	// Indicates whether response checksum should be validated
+	ResponseChecksumValidation aws.ResponseChecksumValidation
 }
 
 // loadEnvConfig reads configuration values from the OS's environment variables.
@@ -309,79 +323,80 @@ func NewEnvConfig() (EnvConfig, error) {
 	setStringFromEnvVal(&creds.AccessKeyID, credAccessEnvKeys)
 	setStringFromEnvVal(&creds.SecretAccessKey, credSecretEnvKeys)
 	if creds.HasKeys() {
-		creds.SessionToken = os.Getenv(awsSessionTokenEnvVar)
+		creds.AccountID = os.Getenv(awsAccountIDEnv)
+		creds.SessionToken = os.Getenv(awsSessionTokenEnv)
 		cfg.Credentials = creds
 	}
 
-	cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsEndpointEnvVar)
+	cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsFullURIEnv)
-	cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativePathEnvVar)
+	cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativeURIEnv)
-	cfg.ContainerAuthorizationToken = os.Getenv(awsContainerPProviderAuthorizationEnvVar)
+	cfg.ContainerAuthorizationToken = os.Getenv(awsContainerAuthorizationTokenEnv)
 
 	setStringFromEnvVal(&cfg.Region, regionEnvKeys)
 	setStringFromEnvVal(&cfg.SharedConfigProfile, profileEnvKeys)
 
-	cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnvVar)
+	cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnv)
-	cfg.SharedConfigFile = os.Getenv(awsConfigFileEnvVar)
+	cfg.SharedConfigFile = os.Getenv(awsConfigFileEnv)
 
-	cfg.CustomCABundle = os.Getenv(awsCustomCABundleEnvVar)
+	cfg.CustomCABundle = os.Getenv(awsCABundleEnv)
 
-	cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFilePathEnvVar)
+	cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFileEnv)
 
-	cfg.RoleARN = os.Getenv(awsRoleARNEnvVar)
+	cfg.RoleARN = os.Getenv(awsRoleARNEnv)
-	cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar)
+	cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnv)
 
-	cfg.AppID = os.Getenv(awsSdkAppID)
+	cfg.AppID = os.Getenv(awsSdkUaAppIDEnv)
 
-	if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompression}); err != nil {
+	if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompressionEnv}); err != nil {
 		return cfg, err
 	}
-	if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytes}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil {
+	if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytesEnv}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil {
 		return cfg, err
 	}
 
-	if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil {
+	if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnv}); err != nil {
 		return cfg, err
 	}
 
-	if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnvVar}); err != nil {
+	if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnv}); err != nil {
 		return cfg, err
 	}
 
-	setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabled})
+	setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabledEnv})
-	if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnvVar}); err != nil {
+	if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnv}); err != nil {
 		return cfg, err
 	}
-	cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnvVar)
+	cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnv)
-	if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnvVar}); err != nil {
+	if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnv}); err != nil {
 		return cfg, err
 	}
 
-	if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointEnvVar}); err != nil {
+	if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointsEnv}); err != nil {
 		return cfg, err
 	}
 
-	if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpoint}); err != nil {
+	if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpointEnv}); err != nil {
 		return cfg, err
 	}
 
-	if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpoint}); err != nil {
+	if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpointEnv}); err != nil {
 		return cfg, err
 	}
 
-	if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultMode}); err != nil {
+	if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultsModeEnv}); err != nil {
 		return cfg, err
 	}
 
-	if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsRetryMaxAttempts}); err != nil {
+	if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsMaxAttemptsEnv}); err != nil {
 		return cfg, err
 	}
-	if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryMode}); err != nil {
+	if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryModeEnv}); err != nil {
 		return cfg, err
 	}
 
-	setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURL})
+	setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURLEnv})
 
-	if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpoints}); err != nil {
+	if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpointURLEnv}); err != nil {
 		return cfg, err
 	}
 
@@ -389,6 +404,17 @@ func NewEnvConfig() (EnvConfig, error) {
 		return cfg, err
 	}
 
+	if err := setAIDEndPointModeFromEnvVal(&cfg.AccountIDEndpointMode, []string{awsAccountIDEndpointModeEnv}); err != nil {
+		return cfg, err
+	}
+
+	if err := setRequestChecksumCalculationFromEnvVal(&cfg.RequestChecksumCalculation, []string{awsRequestChecksumCalculation}); err != nil {
+		return cfg, err
+	}
+	if err := setResponseChecksumValidationFromEnvVal(&cfg.ResponseChecksumValidation, []string{awsResponseChecksumValidation}); err != nil {
+		return cfg, err
+	}
+
 	return cfg, nil
 }
 
@@ -417,6 +443,18 @@ func (c EnvConfig) getRequestMinCompressSizeBytes(context.Context) (int64, bool,
 	return *c.RequestMinCompressSizeBytes, true, nil
 }
 
+func (c EnvConfig) getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpointMode, bool, error) {
+	return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
+}
+
+func (c EnvConfig) getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error) {
+	return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil
+}
+
+func (c EnvConfig) getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error) {
+	return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil
+}
+
 // GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
 // and not 0.
 func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
@@ -491,6 +529,67 @@ func setEC2IMDSEndpointMode(mode *imds.EndpointModeState, keys []string) error {
 	return nil
 }
 
+func setAIDEndPointModeFromEnvVal(m *aws.AccountIDEndpointMode, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue
+		}
+
+		switch value {
+		case "preferred":
+			*m = aws.AccountIDEndpointModePreferred
+		case "required":
+			*m = aws.AccountIDEndpointModeRequired
+		case "disabled":
+			*m = aws.AccountIDEndpointModeDisabled
+		default:
+			return fmt.Errorf("invalid value for environment variable, %s=%s, must be preferred/required/disabled", k, value)
+		}
+		break
+	}
+	return nil
+}
+
+func setRequestChecksumCalculationFromEnvVal(m *aws.RequestChecksumCalculation, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue
+		}
+
+		switch strings.ToLower(value) {
+		case checksumWhenSupported:
+			*m = aws.RequestChecksumCalculationWhenSupported
+		case checksumWhenRequired:
+			*m = aws.RequestChecksumCalculationWhenRequired
+		default:
+			return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value)
+		}
+	}
+	return nil
+}
+
+func setResponseChecksumValidationFromEnvVal(m *aws.ResponseChecksumValidation, keys []string) error {
+	for _, k := range keys {
+		value := os.Getenv(k)
+		if len(value) == 0 {
+			continue
+		}
+
+		switch strings.ToLower(value) {
+		case checksumWhenSupported:
+			*m = aws.ResponseChecksumValidationWhenSupported
+		case checksumWhenRequired:
+			*m = aws.ResponseChecksumValidationWhenRequired
+		default:
+			return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value)
+		}
+
+	}
+	return nil
+}
+
 // GetRegion returns the AWS Region if set in the environment. Returns an empty
 // string if not set.
 func (c EnvConfig) getRegion(ctx context.Context) (string, bool, error) {
@@ -547,7 +646,7 @@ func (c EnvConfig) getCustomCABundle(context.Context) (io.Reader, bool, error) {
 		return nil, false, nil
 	}
 
-	b, err := ioutil.ReadFile(c.CustomCABundle)
+	b, err := os.ReadFile(c.CustomCABundle)
 	if err != nil {
 		return nil, false, err
 	}
@@ -571,7 +670,7 @@ func (c EnvConfig) getBaseEndpoint(context.Context) (string, bool, error) {
 // GetServiceBaseEndpoint is used to retrieve a normalized SDK ID for use
 // with configured endpoints.
 func (c EnvConfig) GetServiceBaseEndpoint(ctx context.Context, sdkID string) (string, bool, error) {
-	if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURL, normalizeEnv(sdkID))); endpt != "" {
+	if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURLEnv, normalizeEnv(sdkID))); endpt != "" {
 		return endpt, true, nil
 	}
 	return "", false, nil

vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go

@@ -3,4 +3,4 @@
 package config
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.26.5"
+const goModuleVersion = "1.29.5"

vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go

@@ -215,6 +215,19 @@ type LoadOptions struct {
 
 	// Whether S3 Express auth is disabled.
 	S3DisableExpressAuth *bool
+
+	// Whether account id should be built into endpoint resolution
+	AccountIDEndpointMode aws.AccountIDEndpointMode
+
+	// Specify if request checksum should be calculated
+	RequestChecksumCalculation aws.RequestChecksumCalculation
+
+	// Specifies if response checksum should be validated
+	ResponseChecksumValidation aws.ResponseChecksumValidation
+
+	// Service endpoint override. This value is not necessarily final and is
+	// passed to the service's EndpointResolverV2 for further delegation.
+	BaseEndpoint string
 }
 
 func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) {
@@ -278,6 +291,31 @@ func (o LoadOptions) getRequestMinCompressSizeBytes(ctx context.Context) (int64,
 	return *o.RequestMinCompressSizeBytes, true, nil
 }
 
+func (o LoadOptions) getAccountIDEndpointMode(ctx context.Context) (aws.AccountIDEndpointMode, bool, error) {
+	return o.AccountIDEndpointMode, len(o.AccountIDEndpointMode) > 0, nil
+}
+
+func (o LoadOptions) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) {
+	return o.RequestChecksumCalculation, o.RequestChecksumCalculation > 0, nil
+}
+
+func (o LoadOptions) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) {
+	return o.ResponseChecksumValidation, o.ResponseChecksumValidation > 0, nil
+}
+
+func (o LoadOptions) getBaseEndpoint(context.Context) (string, bool, error) {
+	return o.BaseEndpoint, o.BaseEndpoint != "", nil
+}
+
+// GetServiceBaseEndpoint satisfies (internal/configsources).ServiceBaseEndpointProvider.
+//
+// The sdkID value is unused because LoadOptions only supports setting a GLOBAL
+// endpoint override. In-code, per-service endpoint overrides are performed via
+// functional options in service client space.
+func (o LoadOptions) GetServiceBaseEndpoint(context.Context, string) (string, bool, error) {
+	return o.BaseEndpoint, o.BaseEndpoint != "", nil
+}
+
 // WithRegion is a helper function to construct functional options
 // that sets Region on config's LoadOptions. Setting the region to
 // an empty string, will result in the region value being ignored.
@@ -323,6 +361,37 @@ func WithRequestMinCompressSizeBytes(RequestMinCompressSizeBytes *int64) LoadOpt
 	}
 }
 
+// WithAccountIDEndpointMode is a helper function to construct functional options
+// that sets AccountIDEndpointMode on config's LoadOptions
+func WithAccountIDEndpointMode(m aws.AccountIDEndpointMode) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		if m != "" {
+			o.AccountIDEndpointMode = m
+		}
+		return nil
+	}
+}
+
+// WithRequestChecksumCalculation is a helper function to construct functional options
+// that sets RequestChecksumCalculation on config's LoadOptions
+func WithRequestChecksumCalculation(c aws.RequestChecksumCalculation) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		if c > 0 {
+			o.RequestChecksumCalculation = c
+		}
+		return nil
+	}
+}
+
+// WithResponseChecksumValidation is a helper function to construct functional options
+// that sets ResponseChecksumValidation on config's LoadOptions
+func WithResponseChecksumValidation(v aws.ResponseChecksumValidation) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		o.ResponseChecksumValidation = v
+		return nil
+	}
+}
+
 // getDefaultRegion returns DefaultRegion from config's LoadOptions
 func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) {
 	if len(o.DefaultRegion) == 0 {
@@ -824,7 +893,14 @@ func (o LoadOptions) getEndpointResolver(ctx context.Context) (aws.EndpointResol
 // the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
 // are made, the last call overrides the previous call values.
 //
-// Deprecated: See WithEndpointResolverWithOptions
+// Deprecated: The global endpoint resolution interface is deprecated. The API
+// for endpoint resolution is now unique to each service and is set via the
+// EndpointResolverV2 field on service client options. Use of
+// WithEndpointResolver or WithEndpointResolverWithOptions will prevent you
+// from using any endpoint-related service features released after the
+// introduction of EndpointResolverV2. You may also encounter broken or
+// unexpected behavior when using the old global interface with services that
+// use many endpoint-related customizations such as S3.
 func WithEndpointResolver(v aws.EndpointResolver) LoadOptionsFunc {
 	return func(o *LoadOptions) error {
 		o.EndpointResolver = v
@@ -844,6 +920,9 @@ func (o LoadOptions) getEndpointResolverWithOptions(ctx context.Context) (aws.En
 // that sets the EndpointResolverWithOptions on LoadOptions. If the EndpointResolverWithOptions is set to nil,
 // the EndpointResolver value is ignored. If multiple WithEndpointResolver calls
 // are made, the last call overrides the previous call values.
+//
+// Deprecated: The global endpoint resolution interface is deprecated. See
+// deprecation docs on [WithEndpointResolver].
 func WithEndpointResolverWithOptions(v aws.EndpointResolverWithOptions) LoadOptionsFunc {
 	return func(o *LoadOptions) error {
 		o.EndpointResolverWithOptions = v
@@ -1112,3 +1191,19 @@ func WithS3DisableExpressAuth(v bool) LoadOptionsFunc {
 		return nil
 	}
 }
+
+// WithBaseEndpoint is a helper function to construct functional options that
+// sets BaseEndpoint on config's LoadOptions. Empty values have no effect, and
+// subsequent calls to this API override previous ones.
+//
+// This is an in-code setting, therefore, any value set using this hook takes
+// precedence over and will override ALL environment and shared config
+// directives that set endpoint URLs. Functional options on service clients
+// have higher specificity, and functional options that modify the value of
+// BaseEndpoint on a client will take precedence over this setting.
+func WithBaseEndpoint(v string) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		o.BaseEndpoint = v
+		return nil
+	}
+}

vendor/github.com/aws/aws-sdk-go-v2/config/provider.go

@@ -225,6 +225,57 @@ func getRequestMinCompressSizeBytes(ctx context.Context, configs configs) (value
 	return
 }
 
+// accountIDEndpointModeProvider provides access to the AccountIDEndpointMode
+type accountIDEndpointModeProvider interface {
+	getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpointMode, bool, error)
+}
+
+func getAccountIDEndpointMode(ctx context.Context, configs configs) (value aws.AccountIDEndpointMode, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(accountIDEndpointModeProvider); ok {
+			value, found, err = p.getAccountIDEndpointMode(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
+
+// requestChecksumCalculationProvider provides access to the RequestChecksumCalculation
+type requestChecksumCalculationProvider interface {
+	getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error)
+}
+
+func getRequestChecksumCalculation(ctx context.Context, configs configs) (value aws.RequestChecksumCalculation, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(requestChecksumCalculationProvider); ok {
+			value, found, err = p.getRequestChecksumCalculation(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
+
+// responseChecksumValidationProvider provides access to the ResponseChecksumValidation
+type responseChecksumValidationProvider interface {
+	getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error)
+}
+
+func getResponseChecksumValidation(ctx context.Context, configs configs) (value aws.ResponseChecksumValidation, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(responseChecksumValidationProvider); ok {
+			value, found, err = p.getResponseChecksumValidation(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
+
 // ec2IMDSRegionProvider provides access to the ec2 imds region
 // configuration value
 type ec2IMDSRegionProvider interface {

vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go

@@ -166,6 +166,52 @@ func resolveRequestMinCompressSizeBytes(ctx context.Context, cfg *aws.Config, co
 	return nil
 }
 
+// resolveAccountIDEndpointMode extracts the AccountIDEndpointMode from the configs slice's
+// SharedConfig or EnvConfig
+func resolveAccountIDEndpointMode(ctx context.Context, cfg *aws.Config, configs configs) error {
+	m, found, err := getAccountIDEndpointMode(ctx, configs)
+	if err != nil {
+		return err
+	}
+
+	if !found {
+		m = aws.AccountIDEndpointModePreferred
+	}
+
+	cfg.AccountIDEndpointMode = m
+	return nil
+}
+
+// resolveRequestChecksumCalculation extracts the RequestChecksumCalculation from the configs slice's
+// SharedConfig or EnvConfig
+func resolveRequestChecksumCalculation(ctx context.Context, cfg *aws.Config, configs configs) error {
+	c, found, err := getRequestChecksumCalculation(ctx, configs)
+	if err != nil {
+		return err
+	}
+
+	if !found {
+		c = aws.RequestChecksumCalculationWhenSupported
+	}
+	cfg.RequestChecksumCalculation = c
+	return nil
+}
+
+// resolveResponseValidation extracts the ResponseChecksumValidation from the configs slice's
+// SharedConfig or EnvConfig
+func resolveResponseChecksumValidation(ctx context.Context, cfg *aws.Config, configs configs) error {
+	c, found, err := getResponseChecksumValidation(ctx, configs)
+	if err != nil {
+		return err
+	}
+
+	if !found {
+		c = aws.ResponseChecksumValidationWhenSupported
+	}
+	cfg.ResponseChecksumValidation = c
+	return nil
+}
+
 // resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default
 // region if region had not been resolved from other sources.
 func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error {

vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go

@@ -162,12 +162,12 @@ func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *En
 		// Get credentials from CredentialProcess
 		err = processCredentials(ctx, cfg, sharedConfig, configs)
 
-	case len(envConfig.ContainerCredentialsEndpoint) != 0:
-		err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
-
 	case len(envConfig.ContainerCredentialsRelativePath) != 0:
 		err = resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
 
+	case len(envConfig.ContainerCredentialsEndpoint) != 0:
+		err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
+
 	default:
 		err = resolveEC2RoleCredentials(ctx, cfg, configs)
 	}
@@ -355,10 +355,13 @@ func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *Env
 		cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials}
 
 	case credSourceECSContainer:
-		if len(envConfig.ContainerCredentialsRelativePath) == 0 {
+		if len(envConfig.ContainerCredentialsRelativePath) != 0 {
-			return fmt.Errorf("EcsContainer was specified as the credential_source, but 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' was not set")
-		}
 			return resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
+		}
+		if len(envConfig.ContainerCredentialsEndpoint) != 0 {
+			return resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
+		}
+		return fmt.Errorf("EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was set")
 
 	default:
 		return fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment")

vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go

@@ -115,6 +115,14 @@ const (
 	requestMinCompressionSizeBytes = "request_min_compression_size_bytes"
 
 	s3DisableExpressSessionAuthKey = "s3_disable_express_session_auth"
+
+	accountIDKey          = "aws_account_id"
+	accountIDEndpointMode = "account_id_endpoint_mode"
+
+	requestChecksumCalculationKey = "request_checksum_calculation"
+	responseChecksumValidationKey = "response_checksum_validation"
+	checksumWhenSupported         = "when_supported"
+	checksumWhenRequired          = "when_required"
 )
 
 // defaultSharedConfigProfile allows for swapping the default profile for testing
@@ -341,6 +349,14 @@ type SharedConfig struct {
 	// will only bypass the modified endpoint routing and signing behaviors
 	// associated with the feature.
 	S3DisableExpressAuth *bool
+
+	AccountIDEndpointMode aws.AccountIDEndpointMode
+
+	// RequestChecksumCalculation indicates if the request checksum should be calculated
+	RequestChecksumCalculation aws.RequestChecksumCalculation
+
+	// ResponseChecksumValidation indicates if the response checksum should be validated
+	ResponseChecksumValidation aws.ResponseChecksumValidation
 }
 
 func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) {
@@ -1124,12 +1140,24 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
 		return fmt.Errorf("failed to load %s from shared config, %w", requestMinCompressionSizeBytes, err)
 	}
 
+	if err := updateAIDEndpointMode(&c.AccountIDEndpointMode, section, accountIDEndpointMode); err != nil {
+		return fmt.Errorf("failed to load %s from shared config, %w", accountIDEndpointMode, err)
+	}
+
+	if err := updateRequestChecksumCalculation(&c.RequestChecksumCalculation, section, requestChecksumCalculationKey); err != nil {
+		return fmt.Errorf("failed to load %s from shared config, %w", requestChecksumCalculationKey, err)
+	}
+	if err := updateResponseChecksumValidation(&c.ResponseChecksumValidation, section, responseChecksumValidationKey); err != nil {
+		return fmt.Errorf("failed to load %s from shared config, %w", responseChecksumValidationKey, err)
+	}
+
 	// Shared Credentials
 	creds := aws.Credentials{
 		AccessKeyID:     section.String(accessKeyIDKey),
 		SecretAccessKey: section.String(secretAccessKey),
 		SessionToken:    section.String(sessionTokenKey),
 		Source:          fmt.Sprintf("SharedConfigCredentials: %s", section.SourceFile[accessKeyIDKey]),
+		AccountID:       section.String(accountIDKey),
 	}
 
 	if creds.HasKeys() {
@@ -1177,6 +1205,62 @@ func updateDisableRequestCompression(disable **bool, sec ini.Section, key string
 	return nil
 }
 
+func updateAIDEndpointMode(m *aws.AccountIDEndpointMode, sec ini.Section, key string) error {
+	if !sec.Has(key) {
+		return nil
+	}
+
+	v := sec.String(key)
+	switch v {
+	case "preferred":
+		*m = aws.AccountIDEndpointModePreferred
+	case "required":
+		*m = aws.AccountIDEndpointModeRequired
+	case "disabled":
+		*m = aws.AccountIDEndpointModeDisabled
+	default:
+		return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be preferred/required/disabled", key, v)
+	}
+
+	return nil
+}
+
+func updateRequestChecksumCalculation(m *aws.RequestChecksumCalculation, sec ini.Section, key string) error {
+	if !sec.Has(key) {
+		return nil
+	}
+
+	v := sec.String(key)
+	switch strings.ToLower(v) {
+	case checksumWhenSupported:
+		*m = aws.RequestChecksumCalculationWhenSupported
+	case checksumWhenRequired:
+		*m = aws.RequestChecksumCalculationWhenRequired
+	default:
+		return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v)
+	}
+
+	return nil
+}
+
+func updateResponseChecksumValidation(m *aws.ResponseChecksumValidation, sec ini.Section, key string) error {
+	if !sec.Has(key) {
+		return nil
+	}
+
+	v := sec.String(key)
+	switch strings.ToLower(v) {
+	case checksumWhenSupported:
+		*m = aws.ResponseChecksumValidationWhenSupported
+	case checksumWhenRequired:
+		*m = aws.ResponseChecksumValidationWhenRequired
+	default:
+		return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v)
+	}
+
+	return nil
+}
+
 func (c SharedConfig) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) {
 	if c.RequestMinCompressSizeBytes == nil {
 		return 0, false, nil
@@ -1191,6 +1275,18 @@ func (c SharedConfig) getDisableRequestCompression(ctx context.Context) (bool, b
 	return *c.DisableRequestCompression, true, nil
 }
 
+func (c SharedConfig) getAccountIDEndpointMode(ctx context.Context) (aws.AccountIDEndpointMode, bool, error) {
+	return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
+}
+
+func (c SharedConfig) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) {
+	return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil
+}
+
+func (c SharedConfig) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) {
+	return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil
+}
+
 func updateDefaultsMode(mode *aws.DefaultsMode, section ini.Section, key string) error {
 	if !section.Has(key) {
 		return nil

vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md

@@ -1,3 +1,245 @@
+# v1.17.58 (2025-02-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.57 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.56 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.55 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.17.54 (2025-01-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.53 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.52 (2025-01-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.51 (2025-01-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.50 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.49 (2025-01-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.48 (2024-12-19)
+
+* **Bug Fix**: Fix improper use of printf-style functions.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.47 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.46 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.45 (2024-11-14)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.44 (2024-11-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.43 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.42 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.41 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.40 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.39 (2024-10-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.38 (2024-10-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.37 (2024-09-27)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.36 (2024-09-25)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.35 (2024-09-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.34 (2024-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.33 (2024-09-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.32 (2024-09-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.31 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.30 (2024-08-26)
+
+* **Bug Fix**: Save SSO cached token expiry in UTC to ensure cross-SDK compatibility.
+
+# v1.17.29 (2024-08-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.28 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.27 (2024-07-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.26 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.25 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.24 (2024-07-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.23 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.22 (2024-06-26)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.21 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.20 (2024-06-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.19 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.18 (2024-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.17 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.16 (2024-05-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.15 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.14 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.13 (2024-05-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.12 (2024-05-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.11 (2024-04-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.10 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.9 (2024-03-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.8 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.7 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.6 (2024-03-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.5 (2024-03-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.4 (2024-02-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.3 (2024-02-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.2 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.1 (2024-02-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.16.16 (2024-01-18)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go

@@ -128,6 +128,7 @@ type GetCredentialsOutput struct {
 	AccessKeyID     string
 	SecretAccessKey string
 	Token           string
+	AccountID       string
 }
 
 // EndpointError is an error returned from the endpoint service

vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go

@@ -152,6 +152,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
 		SecretAccessKey: resp.SecretAccessKey,
 		SessionToken:    resp.Token,
 		Source:          ProviderName,
+		AccountID:       resp.AccountID,
 	}
 
 	if resp.Expiration != nil {

vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go

@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.16.16"
+const goModuleVersion = "1.17.58"

vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go

@@ -167,6 +167,9 @@ type CredentialProcessResponse struct {
 
 	// The date on which the current credentials expire.
 	Expiration *time.Time
+
+	// The ID of the account for credentials
+	AccountID string `json:"AccountId"`
 }
 
 // Retrieve executes the credential process command and returns the
@@ -208,6 +211,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
 		AccessKeyID:     resp.AccessKeyID,
 		SecretAccessKey: resp.SecretAccessKey,
 		SessionToken:    resp.SessionToken,
+		AccountID:       resp.AccountID,
 	}
 
 	// Handle expiration

vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go

@@ -225,7 +225,7 @@ func (r *rfc3339) UnmarshalJSON(bytes []byte) (err error) {
 }
 
 func (r *rfc3339) MarshalJSON() ([]byte, error) {
-	value := time.Time(*r).Format(time.RFC3339)
+	value := time.Time(*r).UTC().Format(time.RFC3339)
 
 	// Use JSON unmarshal to unescape the quoted value making use of JSON's
 	// quoting rules.

vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go

@@ -129,6 +129,7 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
 		CanExpire:       true,
 		Expires:         time.Unix(0, output.RoleCredentials.Expiration*int64(time.Millisecond)).UTC(),
 		Source:          ProviderName,
+		AccountID:       p.options.AccountID,
 	}, nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go

@@ -308,6 +308,11 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
 		return aws.Credentials{Source: ProviderName}, err
 	}
 
+	var accountID string
+	if resp.AssumedRoleUser != nil {
+		accountID = getAccountID(resp.AssumedRoleUser)
+	}
+
 	return aws.Credentials{
 		AccessKeyID:     *resp.Credentials.AccessKeyId,
 		SecretAccessKey: *resp.Credentials.SecretAccessKey,
@@ -316,5 +321,6 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
 
 		CanExpire: true,
 		Expires:   *resp.Credentials.Expiration,
+		AccountID: accountID,
 	}, nil
 }

vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -135,6 +136,11 @@ func (p *WebIdentityRoleProvider) Retrieve(ctx context.Context) (aws.Credentials
 		return aws.Credentials{}, fmt.Errorf("failed to retrieve credentials, %w", err)
 	}
 
+	var accountID string
+	if resp.AssumedRoleUser != nil {
+		accountID = getAccountID(resp.AssumedRoleUser)
+	}
+
 	// InvalidIdentityToken error is a temporary error that can occur
 	// when assuming an Role with a JWT web identity token.
 
@@ -145,6 +151,19 @@ func (p *WebIdentityRoleProvider) Retrieve(ctx context.Context) (aws.Credentials
 		Source:          WebIdentityProviderName,
 		CanExpire:       true,
 		Expires:         *resp.Credentials.Expiration,
+		AccountID:       accountID,
 	}
 	return value, nil
 }
+
+// extract accountID from arn with format "arn:partition:service:region:account-id:[resource-section]"
+func getAccountID(u *types.AssumedRoleUser) string {
+	if u.Arn == nil {
+		return ""
+	}
+	parts := strings.Split(*u.Arn, ":")
+	if len(parts) < 5 {
+		return ""
+	}
+	return parts[4]
+}

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md

@@ -1,3 +1,140 @@
+# v1.16.27 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.26 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.25 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.16.24 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.23 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.22 (2024-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.21 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.20 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.19 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.18 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.17 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.16 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.15 (2024-10-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.14 (2024-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.13 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.12 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.11 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.10 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.9 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.8 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.7 (2024-06-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.6 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.5 (2024-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.4 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.3 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.2 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.1 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.0 (2024-03-21)
+
+* **Feature**: Add config switch `DisableDefaultTimeout` that allows you to disable the default operation timeout (5 seconds) for IMDS calls.
+
+# v1.15.4 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.3 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.2 (2024-02-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.1 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.14.11 (2024-01-04)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go

@@ -185,6 +185,10 @@ type Options struct {
 	// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
 	EnableFallback aws.Ternary
 
+	// By default, all IMDS client operations enforce a 5-second timeout. You
+	// can disable that behavior with this setting.
+	DisableDefaultTimeout bool
+
 	// provides the caching of API tokens used for operation calls. If unset,
 	// the API token will not be retrieved for the operation.
 	tokenProvider *tokenProvider

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/doc.go

@@ -3,8 +3,9 @@
 //
 // All Client operation calls have a default timeout. If the operation is not
 // completed before this timeout expires, the operation will be canceled. This
-// timeout can be overridden by providing Context with a timeout or deadline
+// timeout can be overridden through the following:
-// with calling the client's operations.
+//   - Set the options flag DisableDefaultTimeout
+//   - Provide a Context with a timeout or deadline with calling the client's operations.
 //
 // See the EC2 IMDS user guide for more information on using the API.
 // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go

@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.11"
+const goModuleVersion = "1.16.27"

vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go

@@ -56,6 +56,7 @@ func addRequestMiddleware(stack *middleware.Stack,
 
 	// Operation timeout
 	err = stack.Initialize.Add(&operationTimeout{
+		Disabled:       options.DisableDefaultTimeout,
 		DefaultTimeout: defaultOperationTimeout,
 	}, middleware.Before)
 	if err != nil {
@@ -260,6 +261,7 @@ const (
 // Otherwise the timeout cleanup will race the resource being consumed
 // upstream.
 type operationTimeout struct {
+	Disabled       bool
 	DefaultTimeout time.Duration
 }
 
@@ -270,6 +272,10 @@ func (m *operationTimeout) HandleInitialize(
 ) (
 	output middleware.InitializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if m.Disabled {
+		return next.HandleInitialize(ctx, input)
+	}
+
 	if _, ok := ctx.Deadline(); !ok && m.DefaultTimeout != 0 {
 		var cancelFn func()
 		ctx, cancelFn = context.WithTimeout(ctx, m.DefaultTimeout)

vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
 	"github.com/aws/aws-sdk-go-v2/internal/sdk"
 	"github.com/aws/smithy-go"
 	"github.com/aws/smithy-go/auth"
@@ -39,7 +40,10 @@ func (v *V4SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request
 	}
 
 	hash := v4.GetPayloadHash(ctx)
-	err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, sdk.NowTime(), func(o *v4.SignerOptions) {
+	signingTime := sdk.NowTime()
+	skew := internalcontext.GetAttemptSkewContext(ctx)
+	signingTime = signingTime.Add(skew)
+	err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, signingTime, func(o *v4.SignerOptions) {
 		o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props)
 
 		o.Logger = v.Logger

vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md

@@ -1,3 +1,135 @@
+# v1.3.31 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.30 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.29 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.3.28 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.27 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.26 (2024-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.25 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.24 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.23 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.22 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.21 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.20 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.19 (2024-10-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.18 (2024-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.17 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.16 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.15 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.14 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.13 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.12 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.11 (2024-06-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.10 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.9 (2024-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.8 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.7 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.6 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.5 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.4 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.3 (2024-03-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.2 (2024-02-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.1 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.2.10 (2024-01-04)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go

@@ -3,4 +3,4 @@
 package configsources
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.2.10"
+const goModuleVersion = "1.3.31"

vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go

@@ -0,0 +1,52 @@
+package context
+
+import (
+	"context"
+	"time"
+
+	"github.com/aws/smithy-go/middleware"
+)
+
+type s3BackendKey struct{}
+type checksumInputAlgorithmKey struct{}
+type clockSkew struct{}
+
+const (
+	// S3BackendS3Express identifies the S3Express backend
+	S3BackendS3Express = "S3Express"
+)
+
+// SetS3Backend stores the resolved endpoint backend within the request
+// context, which is required for a variety of custom S3 behaviors.
+func SetS3Backend(ctx context.Context, typ string) context.Context {
+	return middleware.WithStackValue(ctx, s3BackendKey{}, typ)
+}
+
+// GetS3Backend retrieves the stored endpoint backend within the context.
+func GetS3Backend(ctx context.Context) string {
+	v, _ := middleware.GetStackValue(ctx, s3BackendKey{}).(string)
+	return v
+}
+
+// SetChecksumInputAlgorithm sets the request checksum algorithm on the
+// context.
+func SetChecksumInputAlgorithm(ctx context.Context, value string) context.Context {
+	return middleware.WithStackValue(ctx, checksumInputAlgorithmKey{}, value)
+}
+
+// GetChecksumInputAlgorithm returns the checksum algorithm from the context.
+func GetChecksumInputAlgorithm(ctx context.Context) string {
+	v, _ := middleware.GetStackValue(ctx, checksumInputAlgorithmKey{}).(string)
+	return v
+}
+
+// SetAttemptSkewContext sets the clock skew value on the context
+func SetAttemptSkewContext(ctx context.Context, v time.Duration) context.Context {
+	return middleware.WithStackValue(ctx, clockSkew{}, v)
+}
+
+// GetAttemptSkewContext gets the clock skew value from the context
+func GetAttemptSkewContext(ctx context.Context) time.Duration {
+	x, _ := middleware.GetStackValue(ctx, clockSkew{}).(time.Duration)
+	return x
+}

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go

@@ -17,6 +17,7 @@ type PartitionConfig struct {
 	DualStackDnsSuffix   string `json:"dualStackDnsSuffix"`
 	SupportsFIPS         bool   `json:"supportsFIPS"`
 	SupportsDualStack    bool   `json:"supportsDualStack"`
+	ImplicitGlobalRegion string `json:"implicitGlobalRegion"`
 }
 
 type RegionOverrides struct {

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go

@@ -18,6 +18,7 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "api.aws",
 			SupportsFIPS:         true,
 			SupportsDualStack:    true,
+			ImplicitGlobalRegion: "us-east-1",
 		},
 		Regions: map[string]RegionOverrides{
 			"af-south-1": {
@@ -111,6 +112,13 @@ var partitions = []Partition{
 				SupportsFIPS:       nil,
 				SupportsDualStack:  nil,
 			},
+			"ca-west-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
 			"eu-central-1": {
 				Name:               nil,
 				DnsSuffix:          nil,
@@ -234,6 +242,7 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "api.amazonwebservices.com.cn",
 			SupportsFIPS:         true,
 			SupportsDualStack:    true,
+			ImplicitGlobalRegion: "cn-northwest-1",
 		},
 		Regions: map[string]RegionOverrides{
 			"aws-cn-global": {
@@ -268,6 +277,7 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "api.aws",
 			SupportsFIPS:         true,
 			SupportsDualStack:    true,
+			ImplicitGlobalRegion: "us-gov-west-1",
 		},
 		Regions: map[string]RegionOverrides{
 			"aws-us-gov-global": {
@@ -302,6 +312,7 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "c2s.ic.gov",
 			SupportsFIPS:         true,
 			SupportsDualStack:    false,
+			ImplicitGlobalRegion: "us-iso-east-1",
 		},
 		Regions: map[string]RegionOverrides{
 			"aws-iso-global": {
@@ -336,6 +347,7 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "sc2s.sgov.gov",
 			SupportsFIPS:         true,
 			SupportsDualStack:    false,
+			ImplicitGlobalRegion: "us-isob-east-1",
 		},
 		Regions: map[string]RegionOverrides{
 			"aws-iso-b-global": {
@@ -363,8 +375,17 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "cloud.adc-e.uk",
 			SupportsFIPS:         true,
 			SupportsDualStack:    false,
+			ImplicitGlobalRegion: "eu-isoe-west-1",
+		},
+		Regions: map[string]RegionOverrides{
+			"eu-isoe-west-1": {
+				Name:               nil,
+				DnsSuffix:          nil,
+				DualStackDnsSuffix: nil,
+				SupportsFIPS:       nil,
+				SupportsDualStack:  nil,
+			},
 		},
-		Regions: map[string]RegionOverrides{},
 	},
 	{
 		ID:          "aws-iso-f",
@@ -375,6 +396,7 @@ var partitions = []Partition{
 			DualStackDnsSuffix:   "csp.hci.ic.gov",
 			SupportsFIPS:         true,
 			SupportsDualStack:    false,
+			ImplicitGlobalRegion: "us-isof-south-1",
 		},
 		Regions: map[string]RegionOverrides{},
 	},

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json

@@ -9,7 +9,7 @@
       "supportsDualStack" : true,
       "supportsFIPS" : true
     },
-    "regionRegex" : "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$",
+    "regionRegex" : "^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$",
     "regions" : {
       "af-south-1" : {
         "description" : "Africa (Cape Town)"
@@ -44,6 +44,12 @@
       "ap-southeast-4" : {
         "description" : "Asia Pacific (Melbourne)"
       },
+      "ap-southeast-5" : {
+        "description" : "Asia Pacific (Malaysia)"
+      },
+      "ap-southeast-7" : {
+        "description" : "Asia Pacific (Thailand)"
+      },
       "aws-global" : {
         "description" : "AWS Standard global region"
       },
@@ -86,6 +92,9 @@
       "me-south-1" : {
         "description" : "Middle East (Bahrain)"
       },
+      "mx-central-1" : {
+        "description" : "Mexico (Central)"
+      },
       "sa-east-1" : {
         "description" : "South America (Sao Paulo)"
       },
@@ -198,7 +207,11 @@
       "supportsFIPS" : true
     },
     "regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$",
-    "regions" : { }
+    "regions" : {
+      "eu-isoe-west-1" : {
+        "description" : "EU ISOE West"
+      }
+    }
   }, {
     "id" : "aws-iso-f",
     "outputs" : {

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md

@@ -1,3 +1,137 @@
+# v2.6.31 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.30 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.29 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v2.6.28 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.27 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.26 (2024-12-19)
+
+* **Bug Fix**: Fix improper use of printf-style functions.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.25 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.24 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.23 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.22 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.21 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.20 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.19 (2024-10-04)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.18 (2024-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.17 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.16 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.15 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.14 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.13 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.12 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.11 (2024-06-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.10 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.9 (2024-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.8 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.7 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.6 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.5 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.4 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.3 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.2 (2024-02-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.1 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.6.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v2.5.10 (2024-01-04)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go

@@ -3,4 +3,4 @@
 package endpoints
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "2.5.10"
+const goModuleVersion = "2.6.31"

vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md

@@ -1,3 +1,19 @@
+# v1.8.2 (2025-01-24)
+
+* **Bug Fix**: Refactor filepath.Walk to filepath.WalkDir
+
+# v1.8.1 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+
+# v1.8.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+
+# v1.7.3 (2024-01-22)
+
+* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons.
+
 # v1.7.2 (2023-12-08)
 
 * **Bug Fix**: Correct loading of [services *] sections into shared config.

vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go

@@ -3,4 +3,4 @@
 package ini
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.7.2"
+const goModuleVersion = "1.8.2"

vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go

@@ -67,12 +67,8 @@ func unquote(s string) string {
 
 // applies various legacy conversions to property values:
 //   - remote wrapping single/doublequotes
-//   - expand escaped quote and newline sequences
 func legacyStrconv(s string) string {
 	s = unquote(s)
-	s = strings.ReplaceAll(s, `\"`, `"`)
-	s = strings.ReplaceAll(s, `\'`, `'`)
-	s = strings.ReplaceAll(s, `\n`, "\n")
 	return s
 }
 

vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go

@@ -0,0 +1,42 @@
+package middleware
+
+import (
+	"context"
+	"sync/atomic"
+	"time"
+
+	internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
+	"github.com/aws/smithy-go/middleware"
+)
+
+// AddTimeOffsetMiddleware sets a value representing clock skew on the request context.
+// This can be read by other operations (such as signing) to correct the date value they send
+// on the request
+type AddTimeOffsetMiddleware struct {
+	Offset *atomic.Int64
+}
+
+// ID the identifier for AddTimeOffsetMiddleware
+func (m *AddTimeOffsetMiddleware) ID() string { return "AddTimeOffsetMiddleware" }
+
+// HandleBuild sets a value for attemptSkew on the request context if one is set on the client.
+func (m AddTimeOffsetMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
+	out middleware.BuildOutput, metadata middleware.Metadata, err error,
+) {
+	if m.Offset != nil {
+		offset := time.Duration(m.Offset.Load())
+		ctx = internalcontext.SetAttemptSkewContext(ctx, offset)
+	}
+	return next.HandleBuild(ctx, in)
+}
+
+// HandleDeserialize gets the clock skew context from the context, and if set, sets it on the pointer
+// held by AddTimeOffsetMiddleware
+func (m *AddTimeOffsetMiddleware) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) (
+	out middleware.DeserializeOutput, metadata middleware.Metadata, err error,
+) {
+	if v := internalcontext.GetAttemptSkewContext(ctx); v != 0 {
+		m.Offset.Store(v.Nanoseconds())
+	}
+	return next.HandleDeserialize(ctx, in)
+}

vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md

@@ -1,3 +1,39 @@
+# v1.12.2 (2025-01-24)
+
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.12.1 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+
+# v1.12.0 (2024-10-04)
+
+* **Feature**: Add support for HTTP client metrics.
+
+# v1.11.5 (2024-09-20)
+
+* No change notes available for this release.
+
+# v1.11.4 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+
+# v1.11.3 (2024-06-28)
+
+* No change notes available for this release.
+
+# v1.11.2 (2024-03-29)
+
+* No change notes available for this release.
+
+# v1.11.1 (2024-02-21)
+
+* No change notes available for this release.
+
+# v1.11.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+
 # v1.10.4 (2023-12-07)
 
 * No change notes available for this release.

vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go

@@ -3,4 +3,4 @@
 package acceptencoding
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.10.4"
+const goModuleVersion = "1.12.2"

vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md

@@ -1,3 +1,145 @@
+# v1.12.12 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.11 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.10 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.12.9 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.8 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.7 (2024-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.6 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.5 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.4 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.3 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.2 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.1 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.12.0 (2024-10-04)
+
+* **Feature**: Add support for HTTP client metrics.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.20 (2024-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.19 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.18 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.17 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.16 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.15 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.14 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.13 (2024-06-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.12 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.11 (2024-06-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.10 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.9 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.8 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.7 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.6 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.5 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.4 (2024-03-05)
+
+* **Bug Fix**: Restore typo'd API `AddAsIsInternalPresigingMiddleware` as an alias for backwards compatibility.
+
+# v1.11.3 (2024-03-04)
+
+* **Bug Fix**: Correct a typo in internal AddAsIsPresigningMiddleware API.
+
+# v1.11.2 (2024-02-23)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.1 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.11.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.10.10 (2024-01-04)
 
 * **Dependency Update**: Updated to the latest SDK module versions

vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/context.go

@@ -27,13 +27,21 @@ func GetIsPresigning(ctx context.Context) bool {
 
 type isPresigningKey struct{}
 
-// AddAsIsPresigingMiddleware adds a middleware to the head of the stack that
+// AddAsIsPresigningMiddleware adds a middleware to the head of the stack that
 // will update the stack's context to be flagged as being invoked for the
 // purpose of presigning.
-func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
+func AddAsIsPresigningMiddleware(stack *middleware.Stack) error {
 	return stack.Initialize.Add(asIsPresigningMiddleware{}, middleware.Before)
 }
 
+// AddAsIsPresigingMiddleware is an alias for backwards compatibility.
+//
+// Deprecated: This API was released with a typo. Use
+// [AddAsIsPresigningMiddleware] instead.
+func AddAsIsPresigingMiddleware(stack *middleware.Stack) error {
+	return AddAsIsPresigningMiddleware(stack)
+}
+
 type asIsPresigningMiddleware struct{}
 
 func (asIsPresigningMiddleware) ID() string { return "AsIsPresigningMiddleware" }

vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go

@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.10.10"
+const goModuleVersion = "1.12.12"

vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md

@@ -1,3 +1,201 @@
+# v1.24.14 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.13 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.12 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.24.11 (2025-01-17)
+
+* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
+
+# v1.24.10 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.9 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.8 (2024-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.7 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.6 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.5 (2024-11-07)
+
+* **Bug Fix**: Adds case-insensitive handling of error message fields in service responses
+
+# v1.24.4 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.3 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.2 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.1 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.0 (2024-10-04)
+
+* **Feature**: Add support for HTTP client metrics.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.4 (2024-10-03)
+
+* No change notes available for this release.
+
+# v1.23.3 (2024-09-27)
+
+* No change notes available for this release.
+
+# v1.23.2 (2024-09-25)
+
+* No change notes available for this release.
+
+# v1.23.1 (2024-09-23)
+
+* No change notes available for this release.
+
+# v1.23.0 (2024-09-20)
+
+* **Feature**: Add tracing and metrics support to service clients.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.8 (2024-09-17)
+
+* **Bug Fix**: **BREAKFIX**: Only generate AccountIDEndpointMode config for services that use it. This is a compiler break, but removes no actual functionality, as no services currently use the account ID in endpoint resolution.
+
+# v1.22.7 (2024-09-04)
+
+* No change notes available for this release.
+
+# v1.22.6 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.5 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.4 (2024-07-18)
+
+* No change notes available for this release.
+
+# v1.22.3 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.2 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.1 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.0 (2024-06-26)
+
+* **Feature**: Support list-of-string endpoint parameter.
+
+# v1.21.1 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.0 (2024-06-18)
+
+* **Feature**: Track usage of various AWS SDK features in user-agent string.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.12 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.11 (2024-06-07)
+
+* **Bug Fix**: Add clock skew correction on all service clients
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.10 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.9 (2024-05-23)
+
+* No change notes available for this release.
+
+# v1.20.8 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.7 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.6 (2024-05-08)
+
+* **Bug Fix**: GoDoc improvement
+
+# v1.20.5 (2024-04-05)
+
+* No change notes available for this release.
+
+# v1.20.4 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.3 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.2 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.1 (2024-02-23)
+
+* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.0 (2024-02-22)
+
+* **Feature**: Add middleware stack snapshot tests.
+
+# v1.19.2 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.1 (2024-02-20)
+
+* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
+
+# v1.19.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.7 (2024-01-18)
 
 * No change notes available for this release.

vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go

@@ -4,6 +4,7 @@ package sso
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
@@ -14,22 +15,157 @@ import (
 	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
 	internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
+	internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
 	smithy "github.com/aws/smithy-go"
+	smithyauth "github.com/aws/smithy-go/auth"
 	smithydocument "github.com/aws/smithy-go/document"
 	"github.com/aws/smithy-go/logging"
+	"github.com/aws/smithy-go/metrics"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"net"
 	"net/http"
+	"sync/atomic"
 	"time"
 )
 
 const ServiceID = "SSO"
 const ServiceAPIVersion = "2019-06-10"
 
+type operationMetrics struct {
+	Duration                metrics.Float64Histogram
+	SerializeDuration       metrics.Float64Histogram
+	ResolveIdentityDuration metrics.Float64Histogram
+	ResolveEndpointDuration metrics.Float64Histogram
+	SignRequestDuration     metrics.Float64Histogram
+	DeserializeDuration     metrics.Float64Histogram
+}
+
+func (m *operationMetrics) histogramFor(name string) metrics.Float64Histogram {
+	switch name {
+	case "client.call.duration":
+		return m.Duration
+	case "client.call.serialization_duration":
+		return m.SerializeDuration
+	case "client.call.resolve_identity_duration":
+		return m.ResolveIdentityDuration
+	case "client.call.resolve_endpoint_duration":
+		return m.ResolveEndpointDuration
+	case "client.call.signing_duration":
+		return m.SignRequestDuration
+	case "client.call.deserialization_duration":
+		return m.DeserializeDuration
+	default:
+		panic("unrecognized operation metric")
+	}
+}
+
+func timeOperationMetric[T any](
+	ctx context.Context, metric string, fn func() (T, error),
+	opts ...metrics.RecordMetricOption,
+) (T, error) {
+	instr := getOperationMetrics(ctx).histogramFor(metric)
+	opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
+
+	start := time.Now()
+	v, err := fn()
+	end := time.Now()
+
+	elapsed := end.Sub(start)
+	instr.Record(ctx, float64(elapsed)/1e9, opts...)
+	return v, err
+}
+
+func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() {
+	instr := getOperationMetrics(ctx).histogramFor(metric)
+	opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
+
+	var ended bool
+	start := time.Now()
+	return func() {
+		if ended {
+			return
+		}
+		ended = true
+
+		end := time.Now()
+
+		elapsed := end.Sub(start)
+		instr.Record(ctx, float64(elapsed)/1e9, opts...)
+	}
+}
+
+func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
+	return func(o *metrics.RecordMetricOptions) {
+		o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
+		o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
+	}
+}
+
+type operationMetricsKey struct{}
+
+func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) {
+	meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/sso")
+	om := &operationMetrics{}
+
+	var err error
+
+	om.Duration, err = operationMetricTimer(meter, "client.call.duration",
+		"Overall call duration (including retries and time to send or receive request and response body)")
+	if err != nil {
+		return nil, err
+	}
+	om.SerializeDuration, err = operationMetricTimer(meter, "client.call.serialization_duration",
+		"The time it takes to serialize a message body")
+	if err != nil {
+		return nil, err
+	}
+	om.ResolveIdentityDuration, err = operationMetricTimer(meter, "client.call.auth.resolve_identity_duration",
+		"The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity Provider")
+	if err != nil {
+		return nil, err
+	}
+	om.ResolveEndpointDuration, err = operationMetricTimer(meter, "client.call.resolve_endpoint_duration",
+		"The time it takes to resolve an endpoint (endpoint resolver, not DNS) for the request")
+	if err != nil {
+		return nil, err
+	}
+	om.SignRequestDuration, err = operationMetricTimer(meter, "client.call.auth.signing_duration",
+		"The time it takes to sign a request")
+	if err != nil {
+		return nil, err
+	}
+	om.DeserializeDuration, err = operationMetricTimer(meter, "client.call.deserialization_duration",
+		"The time it takes to deserialize a message body")
+	if err != nil {
+		return nil, err
+	}
+
+	return context.WithValue(parent, operationMetricsKey{}, om), nil
+}
+
+func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Histogram, error) {
+	return m.Float64Histogram(name, func(o *metrics.InstrumentOptions) {
+		o.UnitLabel = "s"
+		o.Description = desc
+	})
+}
+
+func getOperationMetrics(ctx context.Context) *operationMetrics {
+	return ctx.Value(operationMetricsKey{}).(*operationMetrics)
+}
+
+func operationTracer(p tracing.TracerProvider) tracing.Tracer {
+	return p.Tracer("github.com/aws/aws-sdk-go-v2/service/sso")
+}
+
 // Client provides the API client to make operations call for AWS Single Sign-On.
 type Client struct {
 	options Options
+
+	// Difference between the time reported by the server and the client
+	timeOffset *atomic.Int64
 }
 
 // New returns an initialized Client based on the functional options. Provide
@@ -50,6 +186,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveEndpointResolverV2(&options)
 
+	resolveTracerProvider(&options)
+
+	resolveMeterProvider(&options)
+
 	resolveAuthSchemeResolver(&options)
 
 	for _, fn := range optFns {
@@ -68,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
 		options: options,
 	}
 
+	initializeTimeOffsetResolver(client)
+
 	return client
 }
 
@@ -80,8 +222,15 @@ func (c *Client) Options() Options {
 	return c.options.Copy()
 }
 
-func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) {
+func (c *Client) invokeOperation(
+	ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error,
+) (
+	result interface{}, metadata middleware.Metadata, err error,
+) {
 	ctx = middleware.ClearStackValues(ctx)
+	ctx = middleware.WithServiceID(ctx, ServiceID)
+	ctx = middleware.WithOperationName(ctx, opID)
+
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
 
@@ -105,15 +254,56 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 		}
 	}
 
-	handler := middleware.DecorateHandler(smithyhttp.NewClientHandler(options.HTTPClient), stack)
+	ctx, err = withOperationMetrics(ctx, options.MeterProvider)
-	result, metadata, err = handler.Handle(ctx, params)
 	if err != nil {
+		return nil, metadata, err
+	}
+
+	tracer := operationTracer(options.TracerProvider)
+	spanName := fmt.Sprintf("%s.%s", ServiceID, opID)
+
+	ctx = tracing.WithOperationTracer(ctx, tracer)
+
+	ctx, span := tracer.StartSpan(ctx, spanName, func(o *tracing.SpanOptions) {
+		o.Kind = tracing.SpanKindClient
+		o.Properties.Set("rpc.system", "aws-api")
+		o.Properties.Set("rpc.method", opID)
+		o.Properties.Set("rpc.service", ServiceID)
+	})
+	endTimer := startMetricTimer(ctx, "client.call.duration")
+	defer endTimer()
+	defer span.End()
+
+	handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) {
+		o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso")
+	})
+	decorated := middleware.DecorateHandler(handler, stack)
+	result, metadata, err = decorated.Handle(ctx, params)
+	if err != nil {
+		span.SetProperty("exception.type", fmt.Sprintf("%T", err))
+		span.SetProperty("exception.message", err.Error())
+
+		var aerr smithy.APIError
+		if errors.As(err, &aerr) {
+			span.SetProperty("api.error_code", aerr.ErrorCode())
+			span.SetProperty("api.error_message", aerr.ErrorMessage())
+			span.SetProperty("api.error_fault", aerr.ErrorFault().String())
+		}
+
 		err = &smithy.OperationError{
 			ServiceID:     ServiceID,
 			OperationName: opID,
 			Err:           err,
 		}
 	}
+
+	span.SetProperty("error", err != nil)
+	if err == nil {
+		span.SetStatus(tracing.SpanStatusOK)
+	} else {
+		span.SetStatus(tracing.SpanStatusError)
+	}
+
 	return result, metadata, err
 }
 
@@ -151,7 +341,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o
 	if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
 		return fmt.Errorf("add ResolveEndpointV2: %v", err)
 	}
-	if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
+	if err := stack.Finalize.Insert(&signRequestMiddleware{options: options}, "ResolveEndpointV2", middleware.After); err != nil {
 		return fmt.Errorf("add Signing: %w", err)
 	}
 	return nil
@@ -361,17 +551,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 }
 
 func addClientUserAgent(stack *middleware.Stack, options Options) error {
-	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)(stack); err != nil {
+	ua, err := getOrAddRequestUserAgent(stack)
+	if err != nil {
 		return err
 	}
 
+	ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "sso", goModuleVersion)
 	if len(options.AppID) > 0 {
-		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+		ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
 	}
 
 	return nil
 }
 
+func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
+	id := (*awsmiddleware.RequestUserAgent)(nil).ID()
+	mw, ok := stack.Build.Get(id)
+	if !ok {
+		mw = awsmiddleware.NewRequestUserAgent()
+		if err := stack.Build.Add(mw, middleware.After); err != nil {
+			return nil, err
+		}
+	}
+
+	ua, ok := mw.(*awsmiddleware.RequestUserAgent)
+	if !ok {
+		return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
+	}
+
+	return ua, nil
+}
+
 type HTTPSignerV4 interface {
 	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
 }
@@ -390,12 +600,97 @@ func newDefaultV4Signer(o Options) *v4.Signer {
 	})
 }
 
-func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
+func addClientRequestID(stack *middleware.Stack) error {
-	mo := retry.AddRetryMiddlewaresOptions{
+	return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
-		Retryer:          o.Retryer,
+}
-		LogRetryAttempts: o.ClientLogMode.IsRetries(),
+
+func addComputeContentLength(stack *middleware.Stack) error {
+	return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
+}
+
+func addRawResponseToMetadata(stack *middleware.Stack) error {
+	return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
+}
+
+func addRecordResponseTiming(stack *middleware.Stack) error {
+	return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
+}
+
+func addSpanRetryLoop(stack *middleware.Stack, options Options) error {
+	return stack.Finalize.Insert(&spanRetryLoop{options: options}, "Retry", middleware.Before)
+}
+
+type spanRetryLoop struct {
+	options Options
+}
+
+func (*spanRetryLoop) ID() string {
+	return "spanRetryLoop"
+}
+
+func (m *spanRetryLoop) HandleFinalize(
+	ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
+) (
+	middleware.FinalizeOutput, middleware.Metadata, error,
+) {
+	tracer := operationTracer(m.options.TracerProvider)
+	ctx, span := tracer.StartSpan(ctx, "RetryLoop")
+	defer span.End()
+
+	return next.HandleFinalize(ctx, in)
+}
+func addStreamingEventsPayload(stack *middleware.Stack) error {
+	return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
+}
+
+func addUnsignedPayload(stack *middleware.Stack) error {
+	return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
+}
+
+func addComputePayloadSHA256(stack *middleware.Stack) error {
+	return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
+}
+
+func addContentSHA256Header(stack *middleware.Stack) error {
+	return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
+}
+
+func addIsWaiterUserAgent(o *Options) {
+	o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
+		ua, err := getOrAddRequestUserAgent(stack)
+		if err != nil {
+			return err
 		}
-	return retry.AddRetryMiddlewares(stack, mo)
+
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
+		return nil
+	})
+}
+
+func addIsPaginatorUserAgent(o *Options) {
+	o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
+		ua, err := getOrAddRequestUserAgent(stack)
+		if err != nil {
+			return err
+		}
+
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
+		return nil
+	})
+}
+
+func addRetry(stack *middleware.Stack, o Options) error {
+	attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
+		m.LogAttempts = o.ClientLogMode.IsRetries()
+		m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso")
+	})
+	if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil {
+		return err
+	}
+	if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
+		return err
+	}
+	return nil
 }
 
 // resolves dual-stack endpoint configuration
@@ -428,12 +723,68 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
 	return nil
 }
 
+func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
+	if mode == aws.AccountIDEndpointModeDisabled {
+		return nil
+	}
+
+	if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
+		return aws.String(ca.Credentials.AccountID)
+	}
+
+	return nil
+}
+
+func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
+	mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
+	if err := stack.Build.Add(&mw, middleware.After); err != nil {
+		return err
+	}
+	return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
+}
+func initializeTimeOffsetResolver(c *Client) {
+	c.timeOffset = new(atomic.Int64)
+}
+
+func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
+	ua, err := getOrAddRequestUserAgent(stack)
+	if err != nil {
+		return err
+	}
+
+	switch options.Retryer.(type) {
+	case *retry.Standard:
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
+	case *retry.AdaptiveMode:
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
+	}
+	return nil
+}
+
+func resolveTracerProvider(options *Options) {
+	if options.TracerProvider == nil {
+		options.TracerProvider = &tracing.NopTracerProvider{}
+	}
+}
+
+func resolveMeterProvider(options *Options) {
+	if options.MeterProvider == nil {
+		options.MeterProvider = metrics.NopMeterProvider{}
+	}
+}
+
+func addRecursionDetection(stack *middleware.Stack) error {
+	return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
+}
+
 func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
-	return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
+	return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
+
 }
 
 func addResponseErrorMiddleware(stack *middleware.Stack) error {
-	return awshttp.AddResponseErrorMiddleware(stack)
+	return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
+
 }
 
 func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
@@ -473,3 +824,89 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
 		DisableHTTPS: o.EndpointOptions.DisableHTTPS,
 	}, "ResolveEndpointV2", middleware.After)
 }
+
+type spanInitializeStart struct {
+}
+
+func (*spanInitializeStart) ID() string {
+	return "spanInitializeStart"
+}
+
+func (m *spanInitializeStart) HandleInitialize(
+	ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
+) (
+	middleware.InitializeOutput, middleware.Metadata, error,
+) {
+	ctx, _ = tracing.StartSpan(ctx, "Initialize")
+
+	return next.HandleInitialize(ctx, in)
+}
+
+type spanInitializeEnd struct {
+}
+
+func (*spanInitializeEnd) ID() string {
+	return "spanInitializeEnd"
+}
+
+func (m *spanInitializeEnd) HandleInitialize(
+	ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
+) (
+	middleware.InitializeOutput, middleware.Metadata, error,
+) {
+	ctx, span := tracing.PopSpan(ctx)
+	span.End()
+
+	return next.HandleInitialize(ctx, in)
+}
+
+type spanBuildRequestStart struct {
+}
+
+func (*spanBuildRequestStart) ID() string {
+	return "spanBuildRequestStart"
+}
+
+func (m *spanBuildRequestStart) HandleSerialize(
+	ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler,
+) (
+	middleware.SerializeOutput, middleware.Metadata, error,
+) {
+	ctx, _ = tracing.StartSpan(ctx, "BuildRequest")
+
+	return next.HandleSerialize(ctx, in)
+}
+
+type spanBuildRequestEnd struct {
+}
+
+func (*spanBuildRequestEnd) ID() string {
+	return "spanBuildRequestEnd"
+}
+
+func (m *spanBuildRequestEnd) HandleBuild(
+	ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
+) (
+	middleware.BuildOutput, middleware.Metadata, error,
+) {
+	ctx, span := tracing.PopSpan(ctx)
+	span.End()
+
+	return next.HandleBuild(ctx, in)
+}
+
+func addSpanInitializeStart(stack *middleware.Stack) error {
+	return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before)
+}
+
+func addSpanInitializeEnd(stack *middleware.Stack) error {
+	return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After)
+}
+
+func addSpanBuildRequestStart(stack *middleware.Stack) error {
+	return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before)
+}
+
+func addSpanBuildRequestEnd(stack *middleware.Stack) error {
+	return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After)
+}

vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go

@@ -30,9 +30,10 @@ func (c *Client) GetRoleCredentials(ctx context.Context, params *GetRoleCredenti
 
 type GetRoleCredentialsInput struct {
 
-	// The token issued by the CreateToken API call. For more information, see
+	// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
-	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// IAM Identity Center OIDC API Reference Guide.
-	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
 	//
 	// This member is required.
 	AccessToken *string
@@ -83,22 +84,25 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -113,13 +117,19 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRoleCredentialsValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRoleCredentials(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -134,6 +144,18 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go

@@ -29,9 +29,10 @@ func (c *Client) ListAccountRoles(ctx context.Context, params *ListAccountRolesI
 
 type ListAccountRolesInput struct {
 
-	// The token issued by the CreateToken API call. For more information, see
+	// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
-	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// IAM Identity Center OIDC API Reference Guide.
-	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
 	//
 	// This member is required.
 	AccessToken *string
@@ -88,22 +89,25 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -118,13 +122,19 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListAccountRolesValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccountRoles(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -139,17 +149,21 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 
-// ListAccountRolesAPIClient is a client that implements the ListAccountRoles
-// operation.
-type ListAccountRolesAPIClient interface {
-	ListAccountRoles(context.Context, *ListAccountRolesInput, ...func(*Options)) (*ListAccountRolesOutput, error)
-}
-
-var _ ListAccountRolesAPIClient = (*Client)(nil)
-
 // ListAccountRolesPaginatorOptions is the paginator options for ListAccountRoles
 type ListAccountRolesPaginatorOptions struct {
 	// The number of items that clients can request per page.
@@ -213,6 +227,9 @@ func (p *ListAccountRolesPaginator) NextPage(ctx context.Context, optFns ...func
 	}
 	params.MaxResults = limit
 
+	optFns = append([]func(*Options){
+		addIsPaginatorUserAgent,
+	}, optFns...)
 	result, err := p.client.ListAccountRoles(ctx, &params, optFns...)
 	if err != nil {
 		return nil, err
@@ -232,6 +249,14 @@ func (p *ListAccountRolesPaginator) NextPage(ctx context.Context, optFns ...func
 	return result, nil
 }
 
+// ListAccountRolesAPIClient is a client that implements the ListAccountRoles
+// operation.
+type ListAccountRolesAPIClient interface {
+	ListAccountRoles(context.Context, *ListAccountRolesInput, ...func(*Options)) (*ListAccountRolesOutput, error)
+}
+
+var _ ListAccountRolesAPIClient = (*Client)(nil)
+
 func newServiceMetadataMiddleware_opListAccountRoles(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,

vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go

@@ -12,9 +12,10 @@ import (
 )
 
 // Lists all AWS accounts assigned to the user. These AWS accounts are assigned by
-// the administrator of the account. For more information, see Assign User Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
+// the administrator of the account. For more information, see [Assign User Access]in the IAM Identity
-// in the IAM Identity Center User Guide. This operation returns a paginated
+// Center User Guide. This operation returns a paginated response.
-// response.
+//
+// [Assign User Access]: https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers
 func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, optFns ...func(*Options)) (*ListAccountsOutput, error) {
 	if params == nil {
 		params = &ListAccountsInput{}
@@ -32,9 +33,10 @@ func (c *Client) ListAccounts(ctx context.Context, params *ListAccountsInput, op
 
 type ListAccountsInput struct {
 
-	// The token issued by the CreateToken API call. For more information, see
+	// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
-	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// IAM Identity Center OIDC API Reference Guide.
-	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
 	//
 	// This member is required.
 	AccessToken *string
@@ -86,22 +88,25 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -116,13 +121,19 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListAccountsValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccounts(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -137,16 +148,21 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 
-// ListAccountsAPIClient is a client that implements the ListAccounts operation.
-type ListAccountsAPIClient interface {
-	ListAccounts(context.Context, *ListAccountsInput, ...func(*Options)) (*ListAccountsOutput, error)
-}
-
-var _ ListAccountsAPIClient = (*Client)(nil)
-
 // ListAccountsPaginatorOptions is the paginator options for ListAccounts
 type ListAccountsPaginatorOptions struct {
 	// This is the number of items clients can request per page.
@@ -210,6 +226,9 @@ func (p *ListAccountsPaginator) NextPage(ctx context.Context, optFns ...func(*Op
 	}
 	params.MaxResults = limit
 
+	optFns = append([]func(*Options){
+		addIsPaginatorUserAgent,
+	}, optFns...)
 	result, err := p.client.ListAccounts(ctx, &params, optFns...)
 	if err != nil {
 		return nil, err
@@ -229,6 +248,13 @@ func (p *ListAccountsPaginator) NextPage(ctx context.Context, optFns ...func(*Op
 	return result, nil
 }
 
+// ListAccountsAPIClient is a client that implements the ListAccounts operation.
+type ListAccountsAPIClient interface {
+	ListAccounts(context.Context, *ListAccountsInput, ...func(*Options)) (*ListAccountsOutput, error)
+}
+
+var _ ListAccountsAPIClient = (*Client)(nil)
+
 func newServiceMetadataMiddleware_opListAccounts(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,

vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go

@@ -12,16 +12,20 @@ import (
 
 // Removes the locally stored SSO tokens from the client-side cache and sends an
 // API call to the IAM Identity Center service to invalidate the corresponding
-// server-side IAM Identity Center sign in session. If a user uses IAM Identity
+// server-side IAM Identity Center sign in session.
-// Center to access the AWS CLI, the user’s IAM Identity Center sign in session is
+//
-// used to obtain an IAM session, as specified in the corresponding IAM Identity
+// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
-// Center permission set. More specifically, IAM Identity Center assumes an IAM
+// Identity Center sign in session is used to obtain an IAM session, as specified
-// role in the target account on behalf of the user, and the corresponding
+// in the corresponding IAM Identity Center permission set. More specifically, IAM
-// temporary AWS credentials are returned to the client. After user logout, any
+// Identity Center assumes an IAM role in the target account on behalf of the user,
-// existing IAM role sessions that were created by using IAM Identity Center
+// and the corresponding temporary AWS credentials are returned to the client.
-// permission sets continue based on the duration configured in the permission set.
+//
-// For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
+// After user logout, any existing IAM role sessions that were created by using
-// in the IAM Identity Center User Guide.
+// IAM Identity Center permission sets continue based on the duration configured in
+// the permission set. For more information, see [User authentications]in the IAM Identity Center User
+// Guide.
+//
+// [User authentications]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
 func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func(*Options)) (*LogoutOutput, error) {
 	if params == nil {
 		params = &LogoutInput{}
@@ -39,9 +43,10 @@ func (c *Client) Logout(ctx context.Context, params *LogoutInput, optFns ...func
 
 type LogoutInput struct {
 
-	// The token issued by the CreateToken API call. For more information, see
+	// The token issued by the CreateToken API call. For more information, see [CreateToken] in the
-	// CreateToken (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+	// IAM Identity Center OIDC API Reference Guide.
-	// in the IAM Identity Center OIDC API Reference Guide.
+	//
+	// [CreateToken]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
 	//
 	// This member is required.
 	AccessToken *string
@@ -78,22 +83,25 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -108,13 +116,19 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpLogoutValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opLogout(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -129,6 +143,18 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go

@@ -8,11 +8,13 @@ import (
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	smithy "github.com/aws/smithy-go"
 	smithyauth "github.com/aws/smithy-go/auth"
+	"github.com/aws/smithy-go/metrics"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
+func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
 	params.Region = options.Region
 }
 
@@ -90,12 +92,12 @@ type AuthResolverParameters struct {
 	Region string
 }
 
-func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
+func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
 	params := &AuthResolverParameters{
 		Operation: operation,
 	}
 
-	bindAuthParamsRegion(params, input, options)
+	bindAuthParamsRegion(ctx, params, input, options)
 
 	return params
 }
@@ -169,7 +171,10 @@ func (*resolveAuthSchemeMiddleware) ID() string {
 func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
-	params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
+	_, span := tracing.StartSpan(ctx, "ResolveAuthScheme")
+	defer span.End()
+
+	params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
 	options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
 	if err != nil {
 		return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
@@ -181,6 +186,9 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid
 	}
 
 	ctx = setResolvedAuthScheme(ctx, scheme)
+
+	span.SetProperty("auth.scheme_id", scheme.Scheme.SchemeID())
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }
 
@@ -240,7 +248,10 @@ func (*getIdentityMiddleware) ID() string {
 func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
-	rscheme := getResolvedAuthScheme(ctx)
+	innerCtx, span := tracing.StartSpan(ctx, "GetIdentity")
+	defer span.End()
+
+	rscheme := getResolvedAuthScheme(innerCtx)
 	if rscheme == nil {
 		return out, metadata, fmt.Errorf("no resolved auth scheme")
 	}
@@ -250,12 +261,20 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar
 		return out, metadata, fmt.Errorf("no identity resolver")
 	}
 
-	identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties)
+	identity, err := timeOperationMetric(ctx, "client.call.resolve_identity_duration",
+		func() (smithyauth.Identity, error) {
+			return resolver.GetIdentity(innerCtx, rscheme.IdentityProperties)
+		},
+		func(o *metrics.RecordMetricOptions) {
+			o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
+		})
 	if err != nil {
 		return out, metadata, fmt.Errorf("get identity: %w", err)
 	}
 
 	ctx = setIdentity(ctx, identity)
+
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }
 
@@ -271,6 +290,7 @@ func getIdentity(ctx context.Context) smithyauth.Identity {
 }
 
 type signRequestMiddleware struct {
+	options Options
 }
 
 func (*signRequestMiddleware) ID() string {
@@ -280,6 +300,9 @@ func (*signRequestMiddleware) ID() string {
 func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "SignRequest")
+	defer span.End()
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request)
@@ -300,9 +323,15 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar
 		return out, metadata, fmt.Errorf("no signer")
 	}
 
-	if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil {
+	_, err = timeOperationMetric(ctx, "client.call.signing_duration", func() (any, error) {
+		return nil, signer.SignRequest(ctx, req, identity, rscheme.SignerProperties)
+	}, func(o *metrics.RecordMetricOptions) {
+		o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
+	})
+	if err != nil {
 		return out, metadata, fmt.Errorf("sign request: %w", err)
 	}
 
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }

vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go

@@ -13,12 +13,23 @@ import (
 	smithyio "github.com/aws/smithy-go/io"
 	"github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/ptr"
+	smithytime "github.com/aws/smithy-go/time"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
 	"io/ioutil"
 	"strings"
+	"time"
 )
 
+func deserializeS3Expires(v string) (*time.Time, error) {
+	t, err := smithytime.ParseHTTPDate(v)
+	if err != nil {
+		return nil, nil
+	}
+	return &t, nil
+}
+
 type awsRestjson1_deserializeOpGetRoleCredentials struct {
 }
 
@@ -34,6 +45,10 @@ func (m *awsRestjson1_deserializeOpGetRoleCredentials) HandleDeserialize(ctx con
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -73,6 +88,7 @@ func (m *awsRestjson1_deserializeOpGetRoleCredentials) HandleDeserialize(ctx con
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -190,6 +206,10 @@ func (m *awsRestjson1_deserializeOpListAccountRoles) HandleDeserialize(ctx conte
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -229,6 +249,7 @@ func (m *awsRestjson1_deserializeOpListAccountRoles) HandleDeserialize(ctx conte
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -355,6 +376,10 @@ func (m *awsRestjson1_deserializeOpListAccounts) HandleDeserialize(ctx context.C
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -394,6 +419,7 @@ func (m *awsRestjson1_deserializeOpListAccounts) HandleDeserialize(ctx context.C
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -520,6 +546,10 @@ func (m *awsRestjson1_deserializeOpLogout) HandleDeserialize(ctx context.Context
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -537,6 +567,7 @@ func (m *awsRestjson1_deserializeOpLogout) HandleDeserialize(ctx context.Context
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -858,7 +889,7 @@ func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRe
 
 	for key, value := range shape {
 		switch key {
-		case "message":
+		case "message", "Message":
 			if value != nil {
 				jtv, ok := value.(string)
 				if !ok {
@@ -898,7 +929,7 @@ func awsRestjson1_deserializeDocumentResourceNotFoundException(v **types.Resourc
 
 	for key, value := range shape {
 		switch key {
-		case "message":
+		case "message", "Message":
 			if value != nil {
 				jtv, ok := value.(string)
 				if !ok {
@@ -1092,7 +1123,7 @@ func awsRestjson1_deserializeDocumentTooManyRequestsException(v **types.TooManyR
 
 	for key, value := range shape {
 		switch key {
-		case "message":
+		case "message", "Message":
 			if value != nil {
 				jtv, ok := value.(string)
 				if !ok {
@@ -1132,7 +1163,7 @@ func awsRestjson1_deserializeDocumentUnauthorizedException(v **types.Unauthorize
 
 	for key, value := range shape {
 		switch key {
-		case "message":
+		case "message", "Message":
 			if value != nil {
 				jtv, ok := value.(string)
 				if !ok {

vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go

@@ -6,16 +6,22 @@
 // AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
 // service that makes it easy for you to assign user access to IAM Identity Center
 // resources such as the AWS access portal. Users can get AWS account applications
-// and roles assigned to them and get federated into the application. Although AWS
+// and roles assigned to them and get federated into the application.
-// Single Sign-On was renamed, the sso and identitystore API namespaces will
+//
-// continue to retain their original name for backward compatibility purposes. For
+// Although AWS Single Sign-On was renamed, the sso and identitystore API
-// more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed)
+// namespaces will continue to retain their original name for backward
-// . This reference guide describes the IAM Identity Center Portal operations that
+// compatibility purposes. For more information, see [IAM Identity Center rename].
+//
+// This reference guide describes the IAM Identity Center Portal operations that
 // you can call programatically and includes detailed information on data types and
-// errors. AWS provides SDKs that consist of libraries and sample code for various
+// errors.
+//
+// AWS provides SDKs that consist of libraries and sample code for various
 // programming languages and platforms, such as Java, Ruby, .Net, iOS, or Android.
 // The SDKs provide a convenient way to create programmatic access to IAM Identity
 // Center and other AWS services. For more information about the AWS SDKs,
-// including how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/)
+// including how to download and install them, see [Tools for Amazon Web Services].
-// .
+//
+// [Tools for Amazon Web Services]: http://aws.amazon.com/tools/
+// [IAM Identity Center rename]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed
 package sso

vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go

@@ -16,6 +16,7 @@ import (
 	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/ptr"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"net/http"
 	"net/url"
@@ -216,6 +217,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
 	}
 }
 
+func bindRegion(region string) *string {
+	if region == "" {
+		return nil
+	}
+	return aws.String(endpoints.MapFIPSRegion(region))
+}
+
 // EndpointParameters provides the parameters that influence how endpoints are
 // resolved.
 type EndpointParameters struct {
@@ -281,6 +289,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
 	return p
 }
 
+type stringSlice []string
+
+func (s stringSlice) Get(i int) *string {
+	if i < 0 || i >= len(s) {
+		return nil
+	}
+
+	v := s[i]
+	return &v
+}
+
 // EndpointResolverV2 provides the interface for resolving service endpoints.
 type EndpointResolverV2 interface {
 	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
@@ -458,10 +477,10 @@ type endpointParamsBinder interface {
 	bindEndpointParams(*EndpointParameters)
 }
 
-func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
+func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
 	params := &EndpointParameters{}
 
-	params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
+	params.Region = bindRegion(options.Region)
 	params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
 	params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
 	params.Endpoint = options.BaseEndpoint
@@ -484,6 +503,9 @@ func (*resolveEndpointV2Middleware) ID() string {
 func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "ResolveEndpoint")
+	defer span.End()
+
 	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
 		return next.HandleFinalize(ctx, in)
 	}
@@ -497,12 +519,17 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
 		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
 	}
 
-	params := bindEndpointParams(getOperationInput(ctx), m.options)
+	params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
-	endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
+	endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration",
+		func() (smithyendpoints.Endpoint, error) {
+			return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
+		})
 	if err != nil {
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
+	span.SetProperty("client.call.resolved_endpoint", endpt.URI.String())
+
 	if endpt.URI.RawPath == "" && req.URL.RawPath != "" {
 		endpt.URI.RawPath = endpt.URI.Path
 	}
@@ -524,5 +551,6 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
 		rscheme.SignerProperties.SetAll(&o.SignerProperties)
 	}
 
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }

vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json

@@ -3,8 +3,7 @@
         "github.com/aws/aws-sdk-go-v2": "v1.4.0",
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
-        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/aws/smithy-go": "v1.4.0"
-        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -25,6 +24,7 @@
         "options.go",
         "protocol_test.go",
         "serializers.go",
+        "snapshot_test.go",
         "types/errors.go",
         "types/types.go",
         "validators.go"

vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go

@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.7"
+const goModuleVersion = "1.24.14"

vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go

@@ -94,7 +94,7 @@ var partitionRegexp = struct {
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -187,6 +187,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ap-south-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ap-south-2",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.ap-south-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ap-south-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ap-southeast-1",
 			}: endpoints.Endpoint{
@@ -211,6 +219,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ap-southeast-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ap-southeast-4",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.ap-southeast-4.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ap-southeast-4",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ca-central-1",
 			}: endpoints.Endpoint{
@@ -219,6 +235,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ca-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ca-west-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.ca-west-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ca-west-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-central-1",
 			}: endpoints.Endpoint{
@@ -251,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-south-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-south-2",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.eu-south-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-south-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-west-1",
 			}: endpoints.Endpoint{

vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go

@@ -9,7 +9,9 @@ import (
 	internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
 	smithyauth "github.com/aws/smithy-go/auth"
 	"github.com/aws/smithy-go/logging"
+	"github.com/aws/smithy-go/metrics"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"net/http"
 )
@@ -50,8 +52,10 @@ type Options struct {
 	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
 	// value for this field will likely prevent you from using any endpoint-related
 	// service features released after the introduction of EndpointResolverV2 and
-	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// BaseEndpoint.
-	// endpoint, set the client option BaseEndpoint instead.
+	//
+	// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+	// the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
 	// Resolves the endpoint used for a particular service operation. This should be
@@ -64,23 +68,29 @@ type Options struct {
 	// The logger writer interface to write logging messages to.
 	Logger logging.Logger
 
+	// The client meter provider.
+	MeterProvider metrics.MeterProvider
+
 	// The region to send requests to. (Required)
 	Region string
 
 	// RetryMaxAttempts specifies the maximum number attempts an API client will call
 	// an operation that fails with a retryable error. A value of 0 is ignored, and
 	// will not be used to configure the API client created default retryer, or modify
-	// per operation call's retry max attempts. If specified in an operation call's
+	// per operation call's retry max attempts.
-	// functional options with a value that is different than the constructed client's
+	//
-	// Options, the Client's Retryer will be wrapped to use the operation's specific
+	// If specified in an operation call's functional options with a value that is
-	// RetryMaxAttempts value.
+	// different than the constructed client's Options, the Client's Retryer will be
+	// wrapped to use the operation's specific RetryMaxAttempts value.
 	RetryMaxAttempts int
 
 	// RetryMode specifies the retry mode the API client will be created with, if
-	// Retryer option is not also specified. When creating a new API Clients this
+	// Retryer option is not also specified.
-	// member will only be used if the Retryer Options member is nil. This value will
+	//
-	// be ignored if Retryer is not nil. Currently does not support per operation call
+	// When creating a new API Clients this member will only be used if the Retryer
-	// overrides, may in the future.
+	// Options member is nil. This value will be ignored if Retryer is not nil.
+	//
+	// Currently does not support per operation call overrides, may in the future.
 	RetryMode aws.RetryMode
 
 	// Retryer guides how HTTP requests should be retried in case of recoverable
@@ -95,10 +105,14 @@ type Options struct {
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
 
+	// The client tracer provider.
+	TracerProvider tracing.TracerProvider
+
 	// The initial DefaultsMode used when the client options were constructed. If the
 	// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
-	// value was at that point in time. Currently does not support per operation call
+	// value was at that point in time.
-	// overrides, may in the future.
+	//
+	// Currently does not support per operation call overrides, may in the future.
 	resolvedDefaultsMode aws.DefaultsMode
 
 	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
@@ -143,6 +157,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 // Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
 // this field will likely prevent you from using any endpoint-related service
 // features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+//
 // To migrate an EndpointResolver implementation that uses a custom endpoint, set
 // the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {

vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go

@@ -8,6 +8,7 @@ import (
 	smithy "github.com/aws/smithy-go"
 	"github.com/aws/smithy-go/encoding/httpbinding"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
@@ -21,6 +22,10 @@ func (*awsRestjson1_serializeOpGetRoleCredentials) ID() string {
 func (m *awsRestjson1_serializeOpGetRoleCredentials) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -57,6 +62,8 @@ func (m *awsRestjson1_serializeOpGetRoleCredentials) HandleSerialize(ctx context
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsGetRoleCredentialsInput(v *GetRoleCredentialsInput, encoder *httpbinding.Encoder) error {
@@ -64,7 +71,7 @@ func awsRestjson1_serializeOpHttpBindingsGetRoleCredentialsInput(v *GetRoleCrede
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.AccessToken != nil && len(*v.AccessToken) > 0 {
+	if v.AccessToken != nil {
 		locationName := "X-Amz-Sso_bearer_token"
 		encoder.SetHeader(locationName).String(*v.AccessToken)
 	}
@@ -90,6 +97,10 @@ func (*awsRestjson1_serializeOpListAccountRoles) ID() string {
 func (m *awsRestjson1_serializeOpListAccountRoles) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -126,6 +137,8 @@ func (m *awsRestjson1_serializeOpListAccountRoles) HandleSerialize(ctx context.C
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsListAccountRolesInput(v *ListAccountRolesInput, encoder *httpbinding.Encoder) error {
@@ -133,7 +146,7 @@ func awsRestjson1_serializeOpHttpBindingsListAccountRolesInput(v *ListAccountRol
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.AccessToken != nil && len(*v.AccessToken) > 0 {
+	if v.AccessToken != nil {
 		locationName := "X-Amz-Sso_bearer_token"
 		encoder.SetHeader(locationName).String(*v.AccessToken)
 	}
@@ -163,6 +176,10 @@ func (*awsRestjson1_serializeOpListAccounts) ID() string {
 func (m *awsRestjson1_serializeOpListAccounts) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -199,6 +216,8 @@ func (m *awsRestjson1_serializeOpListAccounts) HandleSerialize(ctx context.Conte
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsListAccountsInput(v *ListAccountsInput, encoder *httpbinding.Encoder) error {
@@ -206,7 +225,7 @@ func awsRestjson1_serializeOpHttpBindingsListAccountsInput(v *ListAccountsInput,
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.AccessToken != nil && len(*v.AccessToken) > 0 {
+	if v.AccessToken != nil {
 		locationName := "X-Amz-Sso_bearer_token"
 		encoder.SetHeader(locationName).String(*v.AccessToken)
 	}
@@ -232,6 +251,10 @@ func (*awsRestjson1_serializeOpLogout) ID() string {
 func (m *awsRestjson1_serializeOpLogout) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -268,6 +291,8 @@ func (m *awsRestjson1_serializeOpLogout) HandleSerialize(ctx context.Context, in
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsLogoutInput(v *LogoutInput, encoder *httpbinding.Encoder) error {
@@ -275,7 +300,7 @@ func awsRestjson1_serializeOpHttpBindingsLogoutInput(v *LogoutInput, encoder *ht
 		return fmt.Errorf("unsupported serialization of nil %T", v)
 	}
 
-	if v.AccessToken != nil && len(*v.AccessToken) > 0 {
+	if v.AccessToken != nil {
 		locationName := "X-Amz-Sso_bearer_token"
 		encoder.SetHeader(locationName).String(*v.AccessToken)
 	}

vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go

@@ -25,22 +25,24 @@ type AccountInfo struct {
 type RoleCredentials struct {
 
 	// The identifier used for the temporary security credentials. For more
-	// information, see Using Temporary Security Credentials to Request Access to AWS
+	// information, see [Using Temporary Security Credentials to Request Access to AWS Resources]in the AWS IAM User Guide.
-	// Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	//
-	// in the AWS IAM User Guide.
+	// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
 	AccessKeyId *string
 
 	// The date on which temporary security credentials expire.
 	Expiration int64
 
-	// The key that is used to sign the request. For more information, see Using
+	// The key that is used to sign the request. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources] in the AWS
-	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// IAM User Guide.
-	// in the AWS IAM User Guide.
+	//
+	// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
 	SecretAccessKey *string
 
-	// The token used for temporary credentials. For more information, see Using
+	// The token used for temporary credentials. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources] in the AWS
-	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// IAM User Guide.
-	// in the AWS IAM User Guide.
+	//
+	// [Using Temporary Security Credentials to Request Access to AWS Resources]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
 	SessionToken *string
 
 	noSmithyDocumentSerde

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md

@@ -1,3 +1,198 @@
+# v1.28.13 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.12 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.11 (2025-01-24)
+
+* **Documentation**: Fixed typos in the descriptions.
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.28.10 (2025-01-17)
+
+* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
+
+# v1.28.9 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.8 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.7 (2024-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.6 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.5 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.4 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.3 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.2 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.1 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.0 (2024-10-04)
+
+* **Feature**: Add support for HTTP client metrics.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.4 (2024-10-03)
+
+* No change notes available for this release.
+
+# v1.27.3 (2024-09-27)
+
+* No change notes available for this release.
+
+# v1.27.2 (2024-09-25)
+
+* No change notes available for this release.
+
+# v1.27.1 (2024-09-23)
+
+* No change notes available for this release.
+
+# v1.27.0 (2024-09-20)
+
+* **Feature**: Add tracing and metrics support to service clients.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.8 (2024-09-17)
+
+* **Bug Fix**: **BREAKFIX**: Only generate AccountIDEndpointMode config for services that use it. This is a compiler break, but removes no actual functionality, as no services currently use the account ID in endpoint resolution.
+
+# v1.26.7 (2024-09-04)
+
+* No change notes available for this release.
+
+# v1.26.6 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.5 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.4 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.3 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.2 (2024-07-03)
+
+* No change notes available for this release.
+
+# v1.26.1 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.26.0 (2024-06-26)
+
+* **Feature**: Support list-of-string endpoint parameter.
+
+# v1.25.1 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.25.0 (2024-06-18)
+
+* **Feature**: Track usage of various AWS SDK features in user-agent string.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.6 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.5 (2024-06-07)
+
+* **Bug Fix**: Add clock skew correction on all service clients
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.4 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.3 (2024-05-23)
+
+* No change notes available for this release.
+
+# v1.24.2 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.1 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.24.0 (2024-05-10)
+
+* **Feature**: Updated request parameters for PKCE support.
+
+# v1.23.5 (2024-05-08)
+
+* **Bug Fix**: GoDoc improvement
+
+# v1.23.4 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.3 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.2 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.1 (2024-02-23)
+
+* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.0 (2024-02-22)
+
+* **Feature**: Add middleware stack snapshot tests.
+
+# v1.22.2 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.22.1 (2024-02-20)
+
+* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
+
+# v1.22.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.21.7 (2024-01-16)
 
 * No change notes available for this release.

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go

@@ -4,6 +4,7 @@ package ssooidc
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
@@ -14,22 +15,157 @@ import (
 	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
 	internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources"
+	internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware"
 	smithy "github.com/aws/smithy-go"
+	smithyauth "github.com/aws/smithy-go/auth"
 	smithydocument "github.com/aws/smithy-go/document"
 	"github.com/aws/smithy-go/logging"
+	"github.com/aws/smithy-go/metrics"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"net"
 	"net/http"
+	"sync/atomic"
 	"time"
 )
 
 const ServiceID = "SSO OIDC"
 const ServiceAPIVersion = "2019-06-10"
 
+type operationMetrics struct {
+	Duration                metrics.Float64Histogram
+	SerializeDuration       metrics.Float64Histogram
+	ResolveIdentityDuration metrics.Float64Histogram
+	ResolveEndpointDuration metrics.Float64Histogram
+	SignRequestDuration     metrics.Float64Histogram
+	DeserializeDuration     metrics.Float64Histogram
+}
+
+func (m *operationMetrics) histogramFor(name string) metrics.Float64Histogram {
+	switch name {
+	case "client.call.duration":
+		return m.Duration
+	case "client.call.serialization_duration":
+		return m.SerializeDuration
+	case "client.call.resolve_identity_duration":
+		return m.ResolveIdentityDuration
+	case "client.call.resolve_endpoint_duration":
+		return m.ResolveEndpointDuration
+	case "client.call.signing_duration":
+		return m.SignRequestDuration
+	case "client.call.deserialization_duration":
+		return m.DeserializeDuration
+	default:
+		panic("unrecognized operation metric")
+	}
+}
+
+func timeOperationMetric[T any](
+	ctx context.Context, metric string, fn func() (T, error),
+	opts ...metrics.RecordMetricOption,
+) (T, error) {
+	instr := getOperationMetrics(ctx).histogramFor(metric)
+	opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
+
+	start := time.Now()
+	v, err := fn()
+	end := time.Now()
+
+	elapsed := end.Sub(start)
+	instr.Record(ctx, float64(elapsed)/1e9, opts...)
+	return v, err
+}
+
+func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() {
+	instr := getOperationMetrics(ctx).histogramFor(metric)
+	opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...)
+
+	var ended bool
+	start := time.Now()
+	return func() {
+		if ended {
+			return
+		}
+		ended = true
+
+		end := time.Now()
+
+		elapsed := end.Sub(start)
+		instr.Record(ctx, float64(elapsed)/1e9, opts...)
+	}
+}
+
+func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption {
+	return func(o *metrics.RecordMetricOptions) {
+		o.Properties.Set("rpc.service", middleware.GetServiceID(ctx))
+		o.Properties.Set("rpc.method", middleware.GetOperationName(ctx))
+	}
+}
+
+type operationMetricsKey struct{}
+
+func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) {
+	meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc")
+	om := &operationMetrics{}
+
+	var err error
+
+	om.Duration, err = operationMetricTimer(meter, "client.call.duration",
+		"Overall call duration (including retries and time to send or receive request and response body)")
+	if err != nil {
+		return nil, err
+	}
+	om.SerializeDuration, err = operationMetricTimer(meter, "client.call.serialization_duration",
+		"The time it takes to serialize a message body")
+	if err != nil {
+		return nil, err
+	}
+	om.ResolveIdentityDuration, err = operationMetricTimer(meter, "client.call.auth.resolve_identity_duration",
+		"The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity Provider")
+	if err != nil {
+		return nil, err
+	}
+	om.ResolveEndpointDuration, err = operationMetricTimer(meter, "client.call.resolve_endpoint_duration",
+		"The time it takes to resolve an endpoint (endpoint resolver, not DNS) for the request")
+	if err != nil {
+		return nil, err
+	}
+	om.SignRequestDuration, err = operationMetricTimer(meter, "client.call.auth.signing_duration",
+		"The time it takes to sign a request")
+	if err != nil {
+		return nil, err
+	}
+	om.DeserializeDuration, err = operationMetricTimer(meter, "client.call.deserialization_duration",
+		"The time it takes to deserialize a message body")
+	if err != nil {
+		return nil, err
+	}
+
+	return context.WithValue(parent, operationMetricsKey{}, om), nil
+}
+
+func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Histogram, error) {
+	return m.Float64Histogram(name, func(o *metrics.InstrumentOptions) {
+		o.UnitLabel = "s"
+		o.Description = desc
+	})
+}
+
+func getOperationMetrics(ctx context.Context) *operationMetrics {
+	return ctx.Value(operationMetricsKey{}).(*operationMetrics)
+}
+
+func operationTracer(p tracing.TracerProvider) tracing.Tracer {
+	return p.Tracer("github.com/aws/aws-sdk-go-v2/service/ssooidc")
+}
+
 // Client provides the API client to make operations call for AWS SSO OIDC.
 type Client struct {
 	options Options
+
+	// Difference between the time reported by the server and the client
+	timeOffset *atomic.Int64
 }
 
 // New returns an initialized Client based on the functional options. Provide
@@ -50,6 +186,10 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveEndpointResolverV2(&options)
 
+	resolveTracerProvider(&options)
+
+	resolveMeterProvider(&options)
+
 	resolveAuthSchemeResolver(&options)
 
 	for _, fn := range optFns {
@@ -68,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client {
 		options: options,
 	}
 
+	initializeTimeOffsetResolver(client)
+
 	return client
 }
 
@@ -80,8 +222,15 @@ func (c *Client) Options() Options {
 	return c.options.Copy()
 }
 
-func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) {
+func (c *Client) invokeOperation(
+	ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error,
+) (
+	result interface{}, metadata middleware.Metadata, err error,
+) {
 	ctx = middleware.ClearStackValues(ctx)
+	ctx = middleware.WithServiceID(ctx, ServiceID)
+	ctx = middleware.WithOperationName(ctx, opID)
+
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
 
@@ -105,15 +254,56 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 		}
 	}
 
-	handler := middleware.DecorateHandler(smithyhttp.NewClientHandler(options.HTTPClient), stack)
+	ctx, err = withOperationMetrics(ctx, options.MeterProvider)
-	result, metadata, err = handler.Handle(ctx, params)
 	if err != nil {
+		return nil, metadata, err
+	}
+
+	tracer := operationTracer(options.TracerProvider)
+	spanName := fmt.Sprintf("%s.%s", ServiceID, opID)
+
+	ctx = tracing.WithOperationTracer(ctx, tracer)
+
+	ctx, span := tracer.StartSpan(ctx, spanName, func(o *tracing.SpanOptions) {
+		o.Kind = tracing.SpanKindClient
+		o.Properties.Set("rpc.system", "aws-api")
+		o.Properties.Set("rpc.method", opID)
+		o.Properties.Set("rpc.service", ServiceID)
+	})
+	endTimer := startMetricTimer(ctx, "client.call.duration")
+	defer endTimer()
+	defer span.End()
+
+	handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) {
+		o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc")
+	})
+	decorated := middleware.DecorateHandler(handler, stack)
+	result, metadata, err = decorated.Handle(ctx, params)
+	if err != nil {
+		span.SetProperty("exception.type", fmt.Sprintf("%T", err))
+		span.SetProperty("exception.message", err.Error())
+
+		var aerr smithy.APIError
+		if errors.As(err, &aerr) {
+			span.SetProperty("api.error_code", aerr.ErrorCode())
+			span.SetProperty("api.error_message", aerr.ErrorMessage())
+			span.SetProperty("api.error_fault", aerr.ErrorFault().String())
+		}
+
 		err = &smithy.OperationError{
 			ServiceID:     ServiceID,
 			OperationName: opID,
 			Err:           err,
 		}
 	}
+
+	span.SetProperty("error", err != nil)
+	if err == nil {
+		span.SetStatus(tracing.SpanStatusOK)
+	} else {
+		span.SetStatus(tracing.SpanStatusError)
+	}
+
 	return result, metadata, err
 }
 
@@ -151,7 +341,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o
 	if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil {
 		return fmt.Errorf("add ResolveEndpointV2: %v", err)
 	}
-	if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil {
+	if err := stack.Finalize.Insert(&signRequestMiddleware{options: options}, "ResolveEndpointV2", middleware.After); err != nil {
 		return fmt.Errorf("add Signing: %w", err)
 	}
 	return nil
@@ -361,17 +551,37 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 }
 
 func addClientUserAgent(stack *middleware.Stack, options Options) error {
-	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)(stack); err != nil {
+	ua, err := getOrAddRequestUserAgent(stack)
+	if err != nil {
 		return err
 	}
 
+	ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ssooidc", goModuleVersion)
 	if len(options.AppID) > 0 {
-		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+		ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)
 	}
 
 	return nil
 }
 
+func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) {
+	id := (*awsmiddleware.RequestUserAgent)(nil).ID()
+	mw, ok := stack.Build.Get(id)
+	if !ok {
+		mw = awsmiddleware.NewRequestUserAgent()
+		if err := stack.Build.Add(mw, middleware.After); err != nil {
+			return nil, err
+		}
+	}
+
+	ua, ok := mw.(*awsmiddleware.RequestUserAgent)
+	if !ok {
+		return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id)
+	}
+
+	return ua, nil
+}
+
 type HTTPSignerV4 interface {
 	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
 }
@@ -390,12 +600,97 @@ func newDefaultV4Signer(o Options) *v4.Signer {
 	})
 }
 
-func addRetryMiddlewares(stack *middleware.Stack, o Options) error {
+func addClientRequestID(stack *middleware.Stack) error {
-	mo := retry.AddRetryMiddlewaresOptions{
+	return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After)
-		Retryer:          o.Retryer,
+}
-		LogRetryAttempts: o.ClientLogMode.IsRetries(),
+
+func addComputeContentLength(stack *middleware.Stack) error {
+	return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After)
+}
+
+func addRawResponseToMetadata(stack *middleware.Stack) error {
+	return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before)
+}
+
+func addRecordResponseTiming(stack *middleware.Stack) error {
+	return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After)
+}
+
+func addSpanRetryLoop(stack *middleware.Stack, options Options) error {
+	return stack.Finalize.Insert(&spanRetryLoop{options: options}, "Retry", middleware.Before)
+}
+
+type spanRetryLoop struct {
+	options Options
+}
+
+func (*spanRetryLoop) ID() string {
+	return "spanRetryLoop"
+}
+
+func (m *spanRetryLoop) HandleFinalize(
+	ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
+) (
+	middleware.FinalizeOutput, middleware.Metadata, error,
+) {
+	tracer := operationTracer(m.options.TracerProvider)
+	ctx, span := tracer.StartSpan(ctx, "RetryLoop")
+	defer span.End()
+
+	return next.HandleFinalize(ctx, in)
+}
+func addStreamingEventsPayload(stack *middleware.Stack) error {
+	return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before)
+}
+
+func addUnsignedPayload(stack *middleware.Stack) error {
+	return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After)
+}
+
+func addComputePayloadSHA256(stack *middleware.Stack) error {
+	return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After)
+}
+
+func addContentSHA256Header(stack *middleware.Stack) error {
+	return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After)
+}
+
+func addIsWaiterUserAgent(o *Options) {
+	o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
+		ua, err := getOrAddRequestUserAgent(stack)
+		if err != nil {
+			return err
 		}
-	return retry.AddRetryMiddlewares(stack, mo)
+
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter)
+		return nil
+	})
+}
+
+func addIsPaginatorUserAgent(o *Options) {
+	o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error {
+		ua, err := getOrAddRequestUserAgent(stack)
+		if err != nil {
+			return err
+		}
+
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator)
+		return nil
+	})
+}
+
+func addRetry(stack *middleware.Stack, o Options) error {
+	attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) {
+		m.LogAttempts = o.ClientLogMode.IsRetries()
+		m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc")
+	})
+	if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil {
+		return err
+	}
+	if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
+		return err
+	}
+	return nil
 }
 
 // resolves dual-stack endpoint configuration
@@ -428,12 +723,68 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error {
 	return nil
 }
 
+func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string {
+	if mode == aws.AccountIDEndpointModeDisabled {
+		return nil
+	}
+
+	if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" {
+		return aws.String(ca.Credentials.AccountID)
+	}
+
+	return nil
+}
+
+func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error {
+	mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset}
+	if err := stack.Build.Add(&mw, middleware.After); err != nil {
+		return err
+	}
+	return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before)
+}
+func initializeTimeOffsetResolver(c *Client) {
+	c.timeOffset = new(atomic.Int64)
+}
+
+func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
+	ua, err := getOrAddRequestUserAgent(stack)
+	if err != nil {
+		return err
+	}
+
+	switch options.Retryer.(type) {
+	case *retry.Standard:
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard)
+	case *retry.AdaptiveMode:
+		ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive)
+	}
+	return nil
+}
+
+func resolveTracerProvider(options *Options) {
+	if options.TracerProvider == nil {
+		options.TracerProvider = &tracing.NopTracerProvider{}
+	}
+}
+
+func resolveMeterProvider(options *Options) {
+	if options.MeterProvider == nil {
+		options.MeterProvider = metrics.NopMeterProvider{}
+	}
+}
+
+func addRecursionDetection(stack *middleware.Stack) error {
+	return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After)
+}
+
 func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error {
-	return awsmiddleware.AddRequestIDRetrieverMiddleware(stack)
+	return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before)
+
 }
 
 func addResponseErrorMiddleware(stack *middleware.Stack) error {
-	return awshttp.AddResponseErrorMiddleware(stack)
+	return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before)
+
 }
 
 func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
@@ -473,3 +824,89 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
 		DisableHTTPS: o.EndpointOptions.DisableHTTPS,
 	}, "ResolveEndpointV2", middleware.After)
 }
+
+type spanInitializeStart struct {
+}
+
+func (*spanInitializeStart) ID() string {
+	return "spanInitializeStart"
+}
+
+func (m *spanInitializeStart) HandleInitialize(
+	ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
+) (
+	middleware.InitializeOutput, middleware.Metadata, error,
+) {
+	ctx, _ = tracing.StartSpan(ctx, "Initialize")
+
+	return next.HandleInitialize(ctx, in)
+}
+
+type spanInitializeEnd struct {
+}
+
+func (*spanInitializeEnd) ID() string {
+	return "spanInitializeEnd"
+}
+
+func (m *spanInitializeEnd) HandleInitialize(
+	ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
+) (
+	middleware.InitializeOutput, middleware.Metadata, error,
+) {
+	ctx, span := tracing.PopSpan(ctx)
+	span.End()
+
+	return next.HandleInitialize(ctx, in)
+}
+
+type spanBuildRequestStart struct {
+}
+
+func (*spanBuildRequestStart) ID() string {
+	return "spanBuildRequestStart"
+}
+
+func (m *spanBuildRequestStart) HandleSerialize(
+	ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler,
+) (
+	middleware.SerializeOutput, middleware.Metadata, error,
+) {
+	ctx, _ = tracing.StartSpan(ctx, "BuildRequest")
+
+	return next.HandleSerialize(ctx, in)
+}
+
+type spanBuildRequestEnd struct {
+}
+
+func (*spanBuildRequestEnd) ID() string {
+	return "spanBuildRequestEnd"
+}
+
+func (m *spanBuildRequestEnd) HandleBuild(
+	ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
+) (
+	middleware.BuildOutput, middleware.Metadata, error,
+) {
+	ctx, span := tracing.PopSpan(ctx)
+	span.End()
+
+	return next.HandleBuild(ctx, in)
+}
+
+func addSpanInitializeStart(stack *middleware.Stack) error {
+	return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before)
+}
+
+func addSpanInitializeEnd(stack *middleware.Stack) error {
+	return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After)
+}
+
+func addSpanBuildRequestStart(stack *middleware.Stack) error {
+	return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before)
+}
+
+func addSpanBuildRequestEnd(stack *middleware.Stack) error {
+	return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After)
+}

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go

@@ -12,7 +12,7 @@ import (
 
 // Creates and returns access and refresh tokens for clients that are
 // authenticated using client secrets. The access token can be used to fetch
-// short-term credentials for the assigned AWS accounts or to access application
+// short-lived credentials for the assigned AWS accounts or to access application
 // APIs using bearer authentication.
 func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error) {
 	if params == nil {
@@ -32,34 +32,42 @@ func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optF
 type CreateTokenInput struct {
 
 	// The unique identifier string for the client or application. This value comes
-	// from the result of the RegisterClient API.
+	// from the result of the RegisterClientAPI.
 	//
 	// This member is required.
 	ClientId *string
 
 	// A secret string generated for the client. This value should come from the
-	// persisted result of the RegisterClient API.
+	// persisted result of the RegisterClientAPI.
 	//
 	// This member is required.
 	ClientSecret *string
 
-	// Supports the following OAuth grant types: Device Code and Refresh Token.
+	// Supports the following OAuth grant types: Authorization Code, Device Code, and
-	// Specify either of the following values, depending on the grant type that you
+	// Refresh Token. Specify one of the following values, depending on the grant type
-	// want: * Device Code - urn:ietf:params:oauth:grant-type:device_code * Refresh
+	// that you want:
-	// Token - refresh_token For information about how to obtain the device code, see
+	//
-	// the StartDeviceAuthorization topic.
+	// * Authorization Code - authorization_code
+	//
+	// * Device Code - urn:ietf:params:oauth:grant-type:device_code
+	//
+	// * Refresh Token - refresh_token
 	//
 	// This member is required.
 	GrantType *string
 
 	// Used only when calling this API for the Authorization Code grant type. The
-	// short-term code is used to identify this authorization request. This grant type
+	// short-lived code is used to identify this authorization request.
-	// is currently unsupported for the CreateToken API.
 	Code *string
 
-	// Used only when calling this API for the Device Code grant type. This short-term
+	// Used only when calling this API for the Authorization Code grant type. This
-	// code is used to identify this authorization request. This comes from the result
+	// value is generated by the client and presented to validate the original code
-	// of the StartDeviceAuthorization API.
+	// challenge value the client passed at authorization time.
+	CodeVerifier *string
+
+	// Used only when calling this API for the Device Code grant type. This
+	// short-lived code is used to identify this authorization request. This comes from
+	// the result of the StartDeviceAuthorizationAPI.
 	DeviceCode *string
 
 	// Used only when calling this API for the Authorization Code grant type. This
@@ -68,17 +76,19 @@ type CreateTokenInput struct {
 	RedirectUri *string
 
 	// Used only when calling this API for the Refresh Token grant type. This token is
-	// used to refresh short-term tokens, such as the access token, that might expire.
+	// used to refresh short-lived tokens, such as the access token, that might expire.
+	//
 	// For more information about the features and limitations of the current IAM
 	// Identity Center OIDC implementation, see Considerations for Using this Guide in
-	// the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// the [IAM Identity Center OIDC API Reference].
-	// .
+	//
+	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
 	RefreshToken *string
 
 	// The list of scopes for which authorization is requested. The access token that
 	// is issued is limited to the scopes that are granted. If this value is not
 	// specified, IAM Identity Center authorizes all scopes that are configured for the
-	// client during the call to RegisterClient .
+	// client during the call to RegisterClient.
 	Scope []string
 
 	noSmithyDocumentSerde
@@ -86,7 +96,8 @@ type CreateTokenInput struct {
 
 type CreateTokenOutput struct {
 
-	// A bearer token to access AWS accounts and applications assigned to a user.
+	// A bearer token to access Amazon Web Services accounts and applications assigned
+	// to a user.
 	AccessToken *string
 
 	// Indicates the time in seconds when an access token will expire.
@@ -94,18 +105,22 @@ type CreateTokenOutput struct {
 
 	// The idToken is not implemented or supported. For more information about the
 	// features and limitations of the current IAM Identity Center OIDC implementation,
-	// see Considerations for Using this Guide in the IAM Identity Center OIDC API
+	// see Considerations for Using this Guide in the [IAM Identity Center OIDC API Reference].
-	// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	//
-	// . A JSON Web Token (JWT) that identifies who is associated with the issued
+	// A JSON Web Token (JWT) that identifies who is associated with the issued access
-	// access token.
+	// token.
+	//
+	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
 	IdToken *string
 
 	// A token that, if present, can be used to refresh a previously issued access
-	// token that might have expired. For more information about the features and
+	// token that might have expired.
-	// limitations of the current IAM Identity Center OIDC implementation, see
+	//
-	// Considerations for Using this Guide in the IAM Identity Center OIDC API
+	// For more information about the features and limitations of the current IAM
-	// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// Identity Center OIDC implementation, see Considerations for Using this Guide in
-	// .
+	// the [IAM Identity Center OIDC API Reference].
+	//
+	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
 	RefreshToken *string
 
 	// Used to notify the client that the returned token is an access token. The
@@ -140,22 +155,25 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -170,13 +188,19 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateTokenValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -191,6 +215,18 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go

@@ -6,15 +6,14 @@ import (
 	"context"
 	"fmt"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
-	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Creates and returns access and refresh tokens for clients and applications that
 // are authenticated using IAM entities. The access token can be used to fetch
-// short-term credentials for the assigned AWS accounts or to access application
+// short-lived credentials for the assigned Amazon Web Services accounts or to
-// APIs using bearer authentication.
+// access application APIs using bearer authentication.
 func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) {
 	if params == nil {
 		params = &CreateTokenWithIAMInput{}
@@ -40,10 +39,15 @@ type CreateTokenWithIAMInput struct {
 
 	// Supports the following OAuth grant types: Authorization Code, Refresh Token,
 	// JWT Bearer, and Token Exchange. Specify one of the following values, depending
-	// on the grant type that you want: * Authorization Code - authorization_code *
+	// on the grant type that you want:
-	// Refresh Token - refresh_token * JWT Bearer -
+	//
-	// urn:ietf:params:oauth:grant-type:jwt-bearer * Token Exchange -
+	// * Authorization Code - authorization_code
-	// urn:ietf:params:oauth:grant-type:token-exchange
+	//
+	// * Refresh Token - refresh_token
+	//
+	// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
+	//
+	// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
 	//
 	// This member is required.
 	GrantType *string
@@ -55,28 +59,38 @@ type CreateTokenWithIAMInput struct {
 	Assertion *string
 
 	// Used only when calling this API for the Authorization Code grant type. This
-	// short-term code is used to identify this authorization request. The code is
+	// short-lived code is used to identify this authorization request. The code is
 	// obtained through a redirect from IAM Identity Center to a redirect URI persisted
 	// in the Authorization Code GrantOptions for the application.
 	Code *string
 
+	// Used only when calling this API for the Authorization Code grant type. This
+	// value is generated by the client and presented to validate the original code
+	// challenge value the client passed at authorization time.
+	CodeVerifier *string
+
 	// Used only when calling this API for the Authorization Code grant type. This
 	// value specifies the location of the client or application that has registered to
 	// receive the authorization code.
 	RedirectUri *string
 
 	// Used only when calling this API for the Refresh Token grant type. This token is
-	// used to refresh short-term tokens, such as the access token, that might expire.
+	// used to refresh short-lived tokens, such as the access token, that might expire.
+	//
 	// For more information about the features and limitations of the current IAM
 	// Identity Center OIDC implementation, see Considerations for Using this Guide in
-	// the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// the [IAM Identity Center OIDC API Reference].
-	// .
+	//
+	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
 	RefreshToken *string
 
 	// Used only when calling this API for the Token Exchange grant type. This value
 	// specifies the type of token that the requester can receive. The following values
-	// are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token *
+	// are supported:
-	// Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
+	//
+	// * Access Token - urn:ietf:params:oauth:token-type:access_token
+	//
+	// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
 	RequestedTokenType *string
 
 	// The list of scopes for which authorization is requested. The access token that
@@ -95,8 +109,9 @@ type CreateTokenWithIAMInput struct {
 
 	// Used only when calling this API for the Token Exchange grant type. This value
 	// specifies the type of token that is passed as the subject of the exchange. The
-	// following value is supported: * Access Token -
+	// following value is supported:
-	// urn:ietf:params:oauth:token-type:access_token
+	//
+	// * Access Token - urn:ietf:params:oauth:token-type:access_token
 	SubjectTokenType *string
 
 	noSmithyDocumentSerde
@@ -104,7 +119,8 @@ type CreateTokenWithIAMInput struct {
 
 type CreateTokenWithIAMOutput struct {
 
-	// A bearer token to access AWS accounts and applications assigned to a user.
+	// A bearer token to access Amazon Web Services accounts and applications assigned
+	// to a user.
 	AccessToken *string
 
 	// Indicates the time in seconds when an access token will expire.
@@ -115,17 +131,21 @@ type CreateTokenWithIAMOutput struct {
 	IdToken *string
 
 	// Indicates the type of tokens that are issued by IAM Identity Center. The
-	// following values are supported: * Access Token -
+	// following values are supported:
-	// urn:ietf:params:oauth:token-type:access_token * Refresh Token -
+	//
-	// urn:ietf:params:oauth:token-type:refresh_token
+	// * Access Token - urn:ietf:params:oauth:token-type:access_token
+	//
+	// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
 	IssuedTokenType *string
 
 	// A token that, if present, can be used to refresh a previously issued access
-	// token that might have expired. For more information about the features and
+	// token that might have expired.
-	// limitations of the current IAM Identity Center OIDC implementation, see
+	//
-	// Considerations for Using this Guide in the IAM Identity Center OIDC API
+	// For more information about the features and limitations of the current IAM
-	// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html)
+	// Identity Center OIDC implementation, see Considerations for Using this Guide in
-	// .
+	// the [IAM Identity Center OIDC API Reference].
+	//
+	// [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html
 	RefreshToken *string
 
 	// The list of scopes for which authorization is granted. The access token that is
@@ -164,25 +184,28 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
+	if err = addComputePayloadSHA256(stack); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -197,13 +220,19 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -218,6 +247,18 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go

@@ -10,9 +10,9 @@ import (
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-// Registers a client with IAM Identity Center. This allows clients to initiate
+// Registers a public client with IAM Identity Center. This allows clients to
-// device authorization. The output should be persisted for reuse through many
+// perform authorization using the authorization code grant with Proof Key for Code
-// authentication requests.
+// Exchange (PKCE) or the device code grant.
 func (c *Client) RegisterClient(ctx context.Context, params *RegisterClientInput, optFns ...func(*Options)) (*RegisterClientOutput, error) {
 	if params == nil {
 		params = &RegisterClientInput{}
@@ -41,6 +41,33 @@ type RegisterClientInput struct {
 	// This member is required.
 	ClientType *string
 
+	// This IAM Identity Center application ARN is used to define
+	// administrator-managed configuration for public client access to resources. At
+	// authorization, the scopes, grants, and redirect URI available to this client
+	// will be restricted by this application resource.
+	EntitledApplicationArn *string
+
+	// The list of OAuth 2.0 grant types that are defined by the client. This list is
+	// used to restrict the token granting flows available to the client. Supports the
+	// following OAuth 2.0 grant types: Authorization Code, Device Code, and Refresh
+	// Token.
+	//
+	// * Authorization Code - authorization_code
+	//
+	// * Device Code - urn:ietf:params:oauth:grant-type:device_code
+	//
+	// * Refresh Token - refresh_token
+	GrantTypes []string
+
+	// The IAM Identity Center Issuer URL associated with an instance of IAM Identity
+	// Center. This value is needed for user access to resources through the client.
+	IssuerUrl *string
+
+	// The list of redirect URI that are defined by the client. At completion of
+	// authorization, this list is used to restrict what locations the user agent can
+	// be redirected back to.
+	RedirectUris []string
+
 	// The list of scopes that are defined by the client. Upon authorization, this
 	// list is used to restrict permissions when granting an access token.
 	Scopes []string
@@ -98,22 +125,25 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -128,13 +158,19 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpRegisterClientValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRegisterClient(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -149,6 +185,18 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack,
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go

@@ -30,22 +30,23 @@ func (c *Client) StartDeviceAuthorization(ctx context.Context, params *StartDevi
 type StartDeviceAuthorizationInput struct {
 
 	// The unique identifier string for the client that is registered with IAM
-	// Identity Center. This value should come from the persisted result of the
+	// Identity Center. This value should come from the persisted result of the RegisterClientAPI
-	// RegisterClient API operation.
+	// operation.
 	//
 	// This member is required.
 	ClientId *string
 
 	// A secret string that is generated for the client. This value should come from
-	// the persisted result of the RegisterClient API operation.
+	// the persisted result of the RegisterClientAPI operation.
 	//
 	// This member is required.
 	ClientSecret *string
 
-	// The URL for the Amazon Web Services access portal. For more information, see
+	// The URL for the Amazon Web Services access portal. For more information, see [Using the Amazon Web Services access portal]
-	// Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
 	// in the IAM Identity Center User Guide.
 	//
+	// [Using the Amazon Web Services access portal]: https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html
+	//
 	// This member is required.
 	StartUrl *string
 
@@ -106,22 +107,25 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
+	if err = addClientRequestID(stack); err != nil {
 		return err
 	}
-	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
+	if err = addComputeContentLength(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
-	if err = addRetryMiddlewares(stack, options); err != nil {
+	if err = addRetry(stack, options); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
+	if err = addRawResponseToMetadata(stack); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
+	if err = addRecordResponseTiming(stack); err != nil {
+		return err
+	}
+	if err = addSpanRetryLoop(stack, options); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack, options); err != nil {
@@ -136,13 +140,19 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTimeOffsetBuild(stack, c); err != nil {
+		return err
+	}
+	if err = addUserAgentRetryMode(stack, options); err != nil {
+		return err
+	}
 	if err = addOpStartDeviceAuthorizationValidationMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartDeviceAuthorization(options.Region), middleware.Before); err != nil {
 		return err
 	}
-	if err = awsmiddleware.AddRecursionDetection(stack); err != nil {
+	if err = addRecursionDetection(stack); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
@@ -157,6 +167,18 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa
 	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
 		return err
 	}
+	if err = addSpanInitializeStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanInitializeEnd(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestStart(stack); err != nil {
+		return err
+	}
+	if err = addSpanBuildRequestEnd(stack); err != nil {
+		return err
+	}
 	return nil
 }
 

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go

@@ -8,11 +8,13 @@ import (
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	smithy "github.com/aws/smithy-go"
 	smithyauth "github.com/aws/smithy-go/auth"
+	"github.com/aws/smithy-go/metrics"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
-func bindAuthParamsRegion(params *AuthResolverParameters, _ interface{}, options Options) {
+func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) {
 	params.Region = options.Region
 }
 
@@ -90,12 +92,12 @@ type AuthResolverParameters struct {
 	Region string
 }
 
-func bindAuthResolverParams(operation string, input interface{}, options Options) *AuthResolverParameters {
+func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters {
 	params := &AuthResolverParameters{
 		Operation: operation,
 	}
 
-	bindAuthParamsRegion(params, input, options)
+	bindAuthParamsRegion(ctx, params, input, options)
 
 	return params
 }
@@ -163,7 +165,10 @@ func (*resolveAuthSchemeMiddleware) ID() string {
 func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
-	params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options)
+	_, span := tracing.StartSpan(ctx, "ResolveAuthScheme")
+	defer span.End()
+
+	params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options)
 	options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params)
 	if err != nil {
 		return out, metadata, fmt.Errorf("resolve auth scheme: %w", err)
@@ -175,6 +180,9 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid
 	}
 
 	ctx = setResolvedAuthScheme(ctx, scheme)
+
+	span.SetProperty("auth.scheme_id", scheme.Scheme.SchemeID())
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }
 
@@ -234,7 +242,10 @@ func (*getIdentityMiddleware) ID() string {
 func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
-	rscheme := getResolvedAuthScheme(ctx)
+	innerCtx, span := tracing.StartSpan(ctx, "GetIdentity")
+	defer span.End()
+
+	rscheme := getResolvedAuthScheme(innerCtx)
 	if rscheme == nil {
 		return out, metadata, fmt.Errorf("no resolved auth scheme")
 	}
@@ -244,12 +255,20 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar
 		return out, metadata, fmt.Errorf("no identity resolver")
 	}
 
-	identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties)
+	identity, err := timeOperationMetric(ctx, "client.call.resolve_identity_duration",
+		func() (smithyauth.Identity, error) {
+			return resolver.GetIdentity(innerCtx, rscheme.IdentityProperties)
+		},
+		func(o *metrics.RecordMetricOptions) {
+			o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
+		})
 	if err != nil {
 		return out, metadata, fmt.Errorf("get identity: %w", err)
 	}
 
 	ctx = setIdentity(ctx, identity)
+
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }
 
@@ -265,6 +284,7 @@ func getIdentity(ctx context.Context) smithyauth.Identity {
 }
 
 type signRequestMiddleware struct {
+	options Options
 }
 
 func (*signRequestMiddleware) ID() string {
@@ -274,6 +294,9 @@ func (*signRequestMiddleware) ID() string {
 func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "SignRequest")
+	defer span.End()
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request)
@@ -294,9 +317,15 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar
 		return out, metadata, fmt.Errorf("no signer")
 	}
 
-	if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil {
+	_, err = timeOperationMetric(ctx, "client.call.signing_duration", func() (any, error) {
+		return nil, signer.SignRequest(ctx, req, identity, rscheme.SignerProperties)
+	}, func(o *metrics.RecordMetricOptions) {
+		o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID())
+	})
+	if err != nil {
 		return out, metadata, fmt.Errorf("sign request: %w", err)
 	}
 
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go

@@ -13,11 +13,22 @@ import (
 	smithyio "github.com/aws/smithy-go/io"
 	"github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/ptr"
+	smithytime "github.com/aws/smithy-go/time"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"io"
 	"strings"
+	"time"
 )
 
+func deserializeS3Expires(v string) (*time.Time, error) {
+	t, err := smithytime.ParseHTTPDate(v)
+	if err != nil {
+		return nil, nil
+	}
+	return &t, nil
+}
+
 type awsRestjson1_deserializeOpCreateToken struct {
 }
 
@@ -33,6 +44,10 @@ func (m *awsRestjson1_deserializeOpCreateToken) HandleDeserialize(ctx context.Co
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -72,6 +87,7 @@ func (m *awsRestjson1_deserializeOpCreateToken) HandleDeserialize(ctx context.Co
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -254,6 +270,10 @@ func (m *awsRestjson1_deserializeOpCreateTokenWithIAM) HandleDeserialize(ctx con
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -293,6 +313,7 @@ func (m *awsRestjson1_deserializeOpCreateTokenWithIAM) HandleDeserialize(ctx con
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -492,6 +513,10 @@ func (m *awsRestjson1_deserializeOpRegisterClient) HandleDeserialize(ctx context
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -531,6 +556,7 @@ func (m *awsRestjson1_deserializeOpRegisterClient) HandleDeserialize(ctx context
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -581,12 +607,18 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response
 	case strings.EqualFold("InvalidClientMetadataException", errorCode):
 		return awsRestjson1_deserializeErrorInvalidClientMetadataException(response, errorBody)
 
+	case strings.EqualFold("InvalidRedirectUriException", errorCode):
+		return awsRestjson1_deserializeErrorInvalidRedirectUriException(response, errorBody)
+
 	case strings.EqualFold("InvalidRequestException", errorCode):
 		return awsRestjson1_deserializeErrorInvalidRequestException(response, errorBody)
 
 	case strings.EqualFold("InvalidScopeException", errorCode):
 		return awsRestjson1_deserializeErrorInvalidScopeException(response, errorBody)
 
+	case strings.EqualFold("UnsupportedGrantTypeException", errorCode):
+		return awsRestjson1_deserializeErrorUnsupportedGrantTypeException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -705,6 +737,10 @@ func (m *awsRestjson1_deserializeOpStartDeviceAuthorization) HandleDeserialize(c
 		return out, metadata, err
 	}
 
+	_, span := tracing.StartSpan(ctx, "OperationDeserializer")
+	endTimer := startMetricTimer(ctx, "client.call.deserialization_duration")
+	defer endTimer()
+	defer span.End()
 	response, ok := out.RawResponse.(*smithyhttp.Response)
 	if !ok {
 		return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)}
@@ -744,6 +780,7 @@ func (m *awsRestjson1_deserializeOpStartDeviceAuthorization) HandleDeserialize(c
 		}
 	}
 
+	span.End()
 	return out, metadata, err
 }
 
@@ -1158,6 +1195,42 @@ func awsRestjson1_deserializeErrorInvalidGrantException(response *smithyhttp.Res
 	return output
 }
 
+func awsRestjson1_deserializeErrorInvalidRedirectUriException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
+	output := &types.InvalidRedirectUriException{}
+	var buff [1024]byte
+	ringBuffer := smithyio.NewRingBuffer(buff[:])
+
+	body := io.TeeReader(errorBody, ringBuffer)
+	decoder := json.NewDecoder(body)
+	decoder.UseNumber()
+	var shape interface{}
+	if err := decoder.Decode(&shape); err != nil && err != io.EOF {
+		var snapshot bytes.Buffer
+		io.Copy(&snapshot, ringBuffer)
+		err = &smithy.DeserializationError{
+			Err:      fmt.Errorf("failed to decode response body, %w", err),
+			Snapshot: snapshot.Bytes(),
+		}
+		return err
+	}
+
+	err := awsRestjson1_deserializeDocumentInvalidRedirectUriException(&output, shape)
+
+	if err != nil {
+		var snapshot bytes.Buffer
+		io.Copy(&snapshot, ringBuffer)
+		err = &smithy.DeserializationError{
+			Err:      fmt.Errorf("failed to decode response body, %w", err),
+			Snapshot: snapshot.Bytes(),
+		}
+		return err
+	}
+
+	errorBody.Seek(0, io.SeekStart)
+
+	return output
+}
+
 func awsRestjson1_deserializeErrorInvalidRequestException(response *smithyhttp.Response, errorBody *bytes.Reader) error {
 	output := &types.InvalidRequestException{}
 	var buff [1024]byte
@@ -1717,6 +1790,55 @@ func awsRestjson1_deserializeDocumentInvalidGrantException(v **types.InvalidGran
 	return nil
 }
 
+func awsRestjson1_deserializeDocumentInvalidRedirectUriException(v **types.InvalidRedirectUriException, value interface{}) error {
+	if v == nil {
+		return fmt.Errorf("unexpected nil of type %T", v)
+	}
+	if value == nil {
+		return nil
+	}
+
+	shape, ok := value.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("unexpected JSON type %v", value)
+	}
+
+	var sv *types.InvalidRedirectUriException
+	if *v == nil {
+		sv = &types.InvalidRedirectUriException{}
+	} else {
+		sv = *v
+	}
+
+	for key, value := range shape {
+		switch key {
+		case "error":
+			if value != nil {
+				jtv, ok := value.(string)
+				if !ok {
+					return fmt.Errorf("expected Error to be of type string, got %T instead", value)
+				}
+				sv.Error_ = ptr.String(jtv)
+			}
+
+		case "error_description":
+			if value != nil {
+				jtv, ok := value.(string)
+				if !ok {
+					return fmt.Errorf("expected ErrorDescription to be of type string, got %T instead", value)
+				}
+				sv.Error_description = ptr.String(jtv)
+			}
+
+		default:
+			_, _ = key, value
+
+		}
+	}
+	*v = sv
+	return nil
+}
+
 func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRequestException, value interface{}) error {
 	if v == nil {
 		return fmt.Errorf("unexpected nil of type %T", v)

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go

@@ -6,33 +6,44 @@
 // IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
 // client (such as CLI or a native application) to register with IAM Identity
 // Center. The service also enables the client to fetch the user’s access token
-// upon successful authentication and authorization with IAM Identity Center. IAM
+// upon successful authentication and authorization with IAM Identity Center.
-// Identity Center uses the sso and identitystore API namespaces. Considerations
+//
-// for Using This Guide Before you begin using this guide, we recommend that you
+// # API namespaces
-// first review the following important information about how the IAM Identity
+//
-// Center OIDC service works.
+// IAM Identity Center uses the sso and identitystore API namespaces. IAM Identity
+// Center OpenID Connect uses the sso-oidc namespace.
+//
+// # Considerations for using this guide
+//
+// Before you begin using this guide, we recommend that you first review the
+// following important information about how the IAM Identity Center OIDC service
+// works.
+//
 //   - The IAM Identity Center OIDC service currently implements only the portions
-//     of the OAuth 2.0 Device Authorization Grant standard (
+//     of the OAuth 2.0 Device Authorization Grant standard ([https://tools.ietf.org/html/rfc8628] ) that are necessary to
-//     https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628) )
+//     enable single sign-on authentication with the CLI.
-//     that are necessary to enable single sign-on authentication with the CLI.
+//
 //   - With older versions of the CLI, the service only emits OIDC access tokens,
 //     so to obtain a new token, users must explicitly re-authenticate. To access the
 //     OIDC flow that supports token refresh and doesn’t require re-authentication,
 //     update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with
 //     support for OIDC token refresh and configurable IAM Identity Center session
-//     durations. For more information, see Configure Amazon Web Services access
+//     durations. For more information, see [Configure Amazon Web Services access portal session duration].
-//     portal session duration  (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html)
+//
-//     .
 //   - The access tokens provided by this service grant access to all Amazon Web
 //     Services account entitlements assigned to an IAM Identity Center user, not just
 //     a particular application.
+//
 //   - The documentation in this guide does not describe the mechanism to convert
 //     the access token into Amazon Web Services Auth (“sigv4”) credentials for use
 //     with IAM-protected Amazon Web Services service endpoints. For more information,
-//     see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
+//     see [GetRoleCredentials]in the IAM Identity Center Portal API Reference Guide.
-//     in the IAM Identity Center Portal API Reference Guide.
 //
-// For general information about IAM Identity Center, see What is IAM Identity
+// For general information about IAM Identity Center, see [What is IAM Identity Center?] in the IAM Identity
-// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+// Center User Guide.
-// in the IAM Identity Center User Guide.
+//
+// [Configure Amazon Web Services access portal session duration]: https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html
+// [GetRoleCredentials]: https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html
+// [https://tools.ietf.org/html/rfc8628]: https://tools.ietf.org/html/rfc8628
+// [What is IAM Identity Center?]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
 package ssooidc

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go

@@ -16,6 +16,7 @@ import (
 	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	"github.com/aws/smithy-go/ptr"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"net/http"
 	"net/url"
@@ -216,6 +217,13 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) {
 	}
 }
 
+func bindRegion(region string) *string {
+	if region == "" {
+		return nil
+	}
+	return aws.String(endpoints.MapFIPSRegion(region))
+}
+
 // EndpointParameters provides the parameters that influence how endpoints are
 // resolved.
 type EndpointParameters struct {
@@ -281,6 +289,17 @@ func (p EndpointParameters) WithDefaults() EndpointParameters {
 	return p
 }
 
+type stringSlice []string
+
+func (s stringSlice) Get(i int) *string {
+	if i < 0 || i >= len(s) {
+		return nil
+	}
+
+	v := s[i]
+	return &v
+}
+
 // EndpointResolverV2 provides the interface for resolving service endpoints.
 type EndpointResolverV2 interface {
 	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
@@ -458,10 +477,10 @@ type endpointParamsBinder interface {
 	bindEndpointParams(*EndpointParameters)
 }
 
-func bindEndpointParams(input interface{}, options Options) *EndpointParameters {
+func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters {
 	params := &EndpointParameters{}
 
-	params.Region = aws.String(endpoints.MapFIPSRegion(options.Region))
+	params.Region = bindRegion(options.Region)
 	params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled)
 	params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled)
 	params.Endpoint = options.BaseEndpoint
@@ -484,6 +503,9 @@ func (*resolveEndpointV2Middleware) ID() string {
 func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) (
 	out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "ResolveEndpoint")
+	defer span.End()
+
 	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
 		return next.HandleFinalize(ctx, in)
 	}
@@ -497,12 +519,17 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
 		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
 	}
 
-	params := bindEndpointParams(getOperationInput(ctx), m.options)
+	params := bindEndpointParams(ctx, getOperationInput(ctx), m.options)
-	endpt, err := m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
+	endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration",
+		func() (smithyendpoints.Endpoint, error) {
+			return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params)
+		})
 	if err != nil {
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
+	span.SetProperty("client.call.resolved_endpoint", endpt.URI.String())
+
 	if endpt.URI.RawPath == "" && req.URL.RawPath != "" {
 		endpt.URI.RawPath = endpt.URI.Path
 	}
@@ -524,5 +551,6 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid
 		rscheme.SignerProperties.SetAll(&o.SignerProperties)
 	}
 
+	span.End()
 	return next.HandleFinalize(ctx, in)
 }

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json

@@ -3,8 +3,7 @@
         "github.com/aws/aws-sdk-go-v2": "v1.4.0",
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
-        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/aws/smithy-go": "v1.4.0"
-        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -25,6 +24,7 @@
         "options.go",
         "protocol_test.go",
         "serializers.go",
+        "snapshot_test.go",
         "types/errors.go",
         "types/types.go",
         "validators.go"

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go

@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.21.7"
+const goModuleVersion = "1.28.13"

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go

@@ -94,7 +94,7 @@ var partitionRegexp = struct {
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
@@ -187,6 +187,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ap-south-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ap-south-2",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.ap-south-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ap-south-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ap-southeast-1",
 			}: endpoints.Endpoint{
@@ -211,6 +219,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ap-southeast-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ap-southeast-4",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.ap-southeast-4.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ap-southeast-4",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "ca-central-1",
 			}: endpoints.Endpoint{
@@ -219,6 +235,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "ca-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "ca-west-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.ca-west-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "ca-west-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-central-1",
 			}: endpoints.Endpoint{
@@ -251,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-south-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-south-2",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.eu-south-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-south-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-west-1",
 			}: endpoints.Endpoint{

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go

@@ -9,7 +9,9 @@ import (
 	internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy"
 	smithyauth "github.com/aws/smithy-go/auth"
 	"github.com/aws/smithy-go/logging"
+	"github.com/aws/smithy-go/metrics"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"net/http"
 )
@@ -50,8 +52,10 @@ type Options struct {
 	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
 	// value for this field will likely prevent you from using any endpoint-related
 	// service features released after the introduction of EndpointResolverV2 and
-	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// BaseEndpoint.
-	// endpoint, set the client option BaseEndpoint instead.
+	//
+	// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+	// the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
 	// Resolves the endpoint used for a particular service operation. This should be
@@ -64,23 +68,29 @@ type Options struct {
 	// The logger writer interface to write logging messages to.
 	Logger logging.Logger
 
+	// The client meter provider.
+	MeterProvider metrics.MeterProvider
+
 	// The region to send requests to. (Required)
 	Region string
 
 	// RetryMaxAttempts specifies the maximum number attempts an API client will call
 	// an operation that fails with a retryable error. A value of 0 is ignored, and
 	// will not be used to configure the API client created default retryer, or modify
-	// per operation call's retry max attempts. If specified in an operation call's
+	// per operation call's retry max attempts.
-	// functional options with a value that is different than the constructed client's
+	//
-	// Options, the Client's Retryer will be wrapped to use the operation's specific
+	// If specified in an operation call's functional options with a value that is
-	// RetryMaxAttempts value.
+	// different than the constructed client's Options, the Client's Retryer will be
+	// wrapped to use the operation's specific RetryMaxAttempts value.
 	RetryMaxAttempts int
 
 	// RetryMode specifies the retry mode the API client will be created with, if
-	// Retryer option is not also specified. When creating a new API Clients this
+	// Retryer option is not also specified.
-	// member will only be used if the Retryer Options member is nil. This value will
+	//
-	// be ignored if Retryer is not nil. Currently does not support per operation call
+	// When creating a new API Clients this member will only be used if the Retryer
-	// overrides, may in the future.
+	// Options member is nil. This value will be ignored if Retryer is not nil.
+	//
+	// Currently does not support per operation call overrides, may in the future.
 	RetryMode aws.RetryMode
 
 	// Retryer guides how HTTP requests should be retried in case of recoverable
@@ -95,10 +105,14 @@ type Options struct {
 	// within your applications.
 	RuntimeEnvironment aws.RuntimeEnvironment
 
+	// The client tracer provider.
+	TracerProvider tracing.TracerProvider
+
 	// The initial DefaultsMode used when the client options were constructed. If the
 	// DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved
-	// value was at that point in time. Currently does not support per operation call
+	// value was at that point in time.
-	// overrides, may in the future.
+	//
+	// Currently does not support per operation call overrides, may in the future.
 	resolvedDefaultsMode aws.DefaultsMode
 
 	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
@@ -143,6 +157,7 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 // Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
 // this field will likely prevent you from using any endpoint-related service
 // features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+//
 // To migrate an EndpointResolver implementation that uses a custom endpoint, set
 // the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go

@@ -10,6 +10,7 @@ import (
 	"github.com/aws/smithy-go/encoding/httpbinding"
 	smithyjson "github.com/aws/smithy-go/encoding/json"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/tracing"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
@@ -23,6 +24,10 @@ func (*awsRestjson1_serializeOpCreateToken) ID() string {
 func (m *awsRestjson1_serializeOpCreateToken) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -66,6 +71,8 @@ func (m *awsRestjson1_serializeOpCreateToken) HandleSerialize(ctx context.Contex
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsCreateTokenInput(v *CreateTokenInput, encoder *httpbinding.Encoder) error {
@@ -95,6 +102,11 @@ func awsRestjson1_serializeOpDocumentCreateTokenInput(v *CreateTokenInput, value
 		ok.String(*v.Code)
 	}
 
+	if v.CodeVerifier != nil {
+		ok := object.Key("codeVerifier")
+		ok.String(*v.CodeVerifier)
+	}
+
 	if v.DeviceCode != nil {
 		ok := object.Key("deviceCode")
 		ok.String(*v.DeviceCode)
@@ -135,6 +147,10 @@ func (*awsRestjson1_serializeOpCreateTokenWithIAM) ID() string {
 func (m *awsRestjson1_serializeOpCreateTokenWithIAM) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -178,6 +194,8 @@ func (m *awsRestjson1_serializeOpCreateTokenWithIAM) HandleSerialize(ctx context
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsCreateTokenWithIAMInput(v *CreateTokenWithIAMInput, encoder *httpbinding.Encoder) error {
@@ -207,6 +225,11 @@ func awsRestjson1_serializeOpDocumentCreateTokenWithIAMInput(v *CreateTokenWithI
 		ok.String(*v.Code)
 	}
 
+	if v.CodeVerifier != nil {
+		ok := object.Key("codeVerifier")
+		ok.String(*v.CodeVerifier)
+	}
+
 	if v.GrantType != nil {
 		ok := object.Key("grantType")
 		ok.String(*v.GrantType)
@@ -257,6 +280,10 @@ func (*awsRestjson1_serializeOpRegisterClient) ID() string {
 func (m *awsRestjson1_serializeOpRegisterClient) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -300,6 +327,8 @@ func (m *awsRestjson1_serializeOpRegisterClient) HandleSerialize(ctx context.Con
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsRegisterClientInput(v *RegisterClientInput, encoder *httpbinding.Encoder) error {
@@ -324,6 +353,30 @@ func awsRestjson1_serializeOpDocumentRegisterClientInput(v *RegisterClientInput,
 		ok.String(*v.ClientType)
 	}
 
+	if v.EntitledApplicationArn != nil {
+		ok := object.Key("entitledApplicationArn")
+		ok.String(*v.EntitledApplicationArn)
+	}
+
+	if v.GrantTypes != nil {
+		ok := object.Key("grantTypes")
+		if err := awsRestjson1_serializeDocumentGrantTypes(v.GrantTypes, ok); err != nil {
+			return err
+		}
+	}
+
+	if v.IssuerUrl != nil {
+		ok := object.Key("issuerUrl")
+		ok.String(*v.IssuerUrl)
+	}
+
+	if v.RedirectUris != nil {
+		ok := object.Key("redirectUris")
+		if err := awsRestjson1_serializeDocumentRedirectUris(v.RedirectUris, ok); err != nil {
+			return err
+		}
+	}
+
 	if v.Scopes != nil {
 		ok := object.Key("scopes")
 		if err := awsRestjson1_serializeDocumentScopes(v.Scopes, ok); err != nil {
@@ -344,6 +397,10 @@ func (*awsRestjson1_serializeOpStartDeviceAuthorization) ID() string {
 func (m *awsRestjson1_serializeOpStartDeviceAuthorization) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	_, span := tracing.StartSpan(ctx, "OperationSerializer")
+	endTimer := startMetricTimer(ctx, "client.call.serialization_duration")
+	defer endTimer()
+	defer span.End()
 	request, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)}
@@ -387,6 +444,8 @@ func (m *awsRestjson1_serializeOpStartDeviceAuthorization) HandleSerialize(ctx c
 	}
 	in.Request = request
 
+	endTimer()
+	span.End()
 	return next.HandleSerialize(ctx, in)
 }
 func awsRestjson1_serializeOpHttpBindingsStartDeviceAuthorizationInput(v *StartDeviceAuthorizationInput, encoder *httpbinding.Encoder) error {
@@ -419,6 +478,28 @@ func awsRestjson1_serializeOpDocumentStartDeviceAuthorizationInput(v *StartDevic
 	return nil
 }
 
+func awsRestjson1_serializeDocumentGrantTypes(v []string, value smithyjson.Value) error {
+	array := value.Array()
+	defer array.Close()
+
+	for i := range v {
+		av := array.Value()
+		av.String(v[i])
+	}
+	return nil
+}
+
+func awsRestjson1_serializeDocumentRedirectUris(v []string, value smithyjson.Value) error {
+	array := value.Array()
+	defer array.Close()
+
+	for i := range v {
+		av := array.Value()
+		av.String(v[i])
+	}
+	return nil
+}
+
 func awsRestjson1_serializeDocumentScopes(v []string, value smithyjson.Value) error {
 	array := value.Array()
 	defer array.Close()

vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go

@@ -188,7 +188,7 @@ func (e *InvalidClientMetadataException) ErrorCode() string {
 func (e *InvalidClientMetadataException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
 // Indicates that a request contains an invalid grant. This can occur if a client
-// makes a CreateToken request with an invalid grant type.
+// makes a CreateTokenrequest with an invalid grant type.
 type InvalidGrantException struct {
 	Message *string
 
@@ -217,6 +217,36 @@ func (e *InvalidGrantException) ErrorCode() string {
 }
 func (e *InvalidGrantException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
 
+// Indicates that one or more redirect URI in the request is not supported for
+// this operation.
+type InvalidRedirectUriException struct {
+	Message *string
+
+	ErrorCodeOverride *string
+
+	Error_            *string
+	Error_description *string
+
+	noSmithyDocumentSerde
+}
+
+func (e *InvalidRedirectUriException) Error() string {
+	return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage())
+}
+func (e *InvalidRedirectUriException) ErrorMessage() string {
+	if e.Message == nil {
+		return ""
+	}
+	return *e.Message
+}
+func (e *InvalidRedirectUriException) ErrorCode() string {
+	if e == nil || e.ErrorCodeOverride == nil {
+		return "InvalidRedirectUriException"
+	}
+	return *e.ErrorCodeOverride
+}
+func (e *InvalidRedirectUriException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient }
+
 // Indicates that something is wrong with the input to the request. For example, a
 // required parameter might be missing or out of range.
 type InvalidRequestException struct {

vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md

@@ -1,3 +1,222 @@
+# v1.33.13 (2025-02-04)
+
+* No change notes available for this release.
+
+# v1.33.12 (2025-01-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.11 (2025-01-30)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.10 (2025-01-24)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+* **Dependency Update**: Upgrade to smithy-go v1.22.2.
+
+# v1.33.9 (2025-01-17)
+
+* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
+
+# v1.33.8 (2025-01-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.7 (2025-01-14)
+
+* No change notes available for this release.
+
+# v1.33.6 (2025-01-10)
+
+* **Documentation**: Fixed typos in the descriptions.
+
+# v1.33.5 (2025-01-09)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.4 (2025-01-08)
+
+* No change notes available for this release.
+
+# v1.33.3 (2024-12-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.2 (2024-12-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.1 (2024-11-18)
+
+* **Dependency Update**: Update to smithy-go v1.22.1.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.33.0 (2024-11-14)
+
+* **Feature**: This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks.
+
+# v1.32.4 (2024-11-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.32.3 (2024-10-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.32.2 (2024-10-08)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.32.1 (2024-10-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.32.0 (2024-10-04)
+
+* **Feature**: Add support for HTTP client metrics.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.31.4 (2024-10-03)
+
+* No change notes available for this release.
+
+# v1.31.3 (2024-09-27)
+
+* No change notes available for this release.
+
+# v1.31.2 (2024-09-25)
+
+* No change notes available for this release.
+
+# v1.31.1 (2024-09-23)
+
+* No change notes available for this release.
+
+# v1.31.0 (2024-09-20)
+
+* **Feature**: Add tracing and metrics support to service clients.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.8 (2024-09-17)
+
+* **Bug Fix**: **BREAKFIX**: Only generate AccountIDEndpointMode config for services that use it. This is a compiler break, but removes no actual functionality, as no services currently use the account ID in endpoint resolution.
+
+# v1.30.7 (2024-09-04)
+
+* No change notes available for this release.
+
+# v1.30.6 (2024-09-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.5 (2024-08-22)
+
+* No change notes available for this release.
+
+# v1.30.4 (2024-08-15)
+
+* **Dependency Update**: Bump minimum Go version to 1.21.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.3 (2024-07-10.2)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.2 (2024-07-10)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.1 (2024-06-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.30.0 (2024-06-26)
+
+* **Feature**: Support list-of-string endpoint parameter.
+
+# v1.29.1 (2024-06-19)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.29.0 (2024-06-18)
+
+* **Feature**: Track usage of various AWS SDK features in user-agent string.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.13 (2024-06-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.12 (2024-06-07)
+
+* **Bug Fix**: Add clock skew correction on all service clients
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.11 (2024-06-03)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.10 (2024-05-23)
+
+* No change notes available for this release.
+
+# v1.28.9 (2024-05-16)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.8 (2024-05-15)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.7 (2024-05-08)
+
+* **Bug Fix**: GoDoc improvement
+
+# v1.28.6 (2024-03-29)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.5 (2024-03-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.4 (2024-03-07)
+
+* **Bug Fix**: Remove dependency on go-cmp.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.3 (2024-03-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.2 (2024-03-04)
+
+* **Bug Fix**: Update internal/presigned-url dependency for corrected API name.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.1 (2024-02-23)
+
+* **Bug Fix**: Move all common, SDK-side middleware stack ops into the service client module to prevent cross-module compatibility issues in the future.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.28.0 (2024-02-22)
+
+* **Feature**: Add middleware stack snapshot tests.
+
+# v1.27.2 (2024-02-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.27.1 (2024-02-20)
+
+* **Bug Fix**: When sourcing values for a service's `EndpointParameters`, the lack of a configured region (i.e. `options.Region == ""`) will now translate to a `nil` value for `EndpointParameters.Region` instead of a pointer to the empty string `""`. This will result in a much more explicit error when calling an operation instead of an obscure hostname lookup failure.
+
+# v1.27.0 (2024-02-13)
+
+* **Feature**: Bump minimum Go version to 1.20 per our language support policy.
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.26.7 (2024-01-04)
 
 * **Dependency Update**: Updated to the latest SDK module versions