diff options
Diffstat (limited to 'vendor/github.com/aws/aws-sdk-go')
50 files changed, 3637 insertions, 1157 deletions
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go index 56fdfc2..99849c0 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go | |||
@@ -138,8 +138,27 @@ type RequestFailure interface { | |||
138 | RequestID() string | 138 | RequestID() string |
139 | } | 139 | } |
140 | 140 | ||
141 | // NewRequestFailure returns a new request error wrapper for the given Error | 141 | // NewRequestFailure returns a wrapped error with additional information for |
142 | // provided. | 142 | // request status code, and service requestID. |
143 | // | ||
144 | // Should be used to wrap all request which involve service requests. Even if | ||
145 | // the request failed without a service response, but had an HTTP status code | ||
146 | // that may be meaningful. | ||
143 | func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure { | 147 | func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure { |
144 | return newRequestError(err, statusCode, reqID) | 148 | return newRequestError(err, statusCode, reqID) |
145 | } | 149 | } |
150 | |||
151 | // UnmarshalError provides the interface for the SDK failing to unmarshal data. | ||
152 | type UnmarshalError interface { | ||
153 | awsError | ||
154 | Bytes() []byte | ||
155 | } | ||
156 | |||
157 | // NewUnmarshalError returns an initialized UnmarshalError error wrapper adding | ||
158 | // the bytes that fail to unmarshal to the error. | ||
159 | func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError { | ||
160 | return &unmarshalError{ | ||
161 | awsError: New("UnmarshalError", msg, err), | ||
162 | bytes: bytes, | ||
163 | } | ||
164 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go index 0202a00..9cf7eaf 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go | |||
@@ -1,6 +1,9 @@ | |||
1 | package awserr | 1 | package awserr |
2 | 2 | ||
3 | import "fmt" | 3 | import ( |
4 | "encoding/hex" | ||
5 | "fmt" | ||
6 | ) | ||
4 | 7 | ||
5 | // SprintError returns a string of the formatted error code. | 8 | // SprintError returns a string of the formatted error code. |
6 | // | 9 | // |
@@ -119,6 +122,7 @@ type requestError struct { | |||
119 | awsError | 122 | awsError |
120 | statusCode int | 123 | statusCode int |
121 | requestID string | 124 | requestID string |
125 | bytes []byte | ||
122 | } | 126 | } |
123 | 127 | ||
124 | // newRequestError returns a wrapped error with additional information for | 128 | // newRequestError returns a wrapped error with additional information for |
@@ -170,6 +174,29 @@ func (r requestError) OrigErrs() []error { | |||
170 | return []error{r.OrigErr()} | 174 | return []error{r.OrigErr()} |
171 | } | 175 | } |
172 | 176 | ||
177 | type unmarshalError struct { | ||
178 | awsError | ||
179 | bytes []byte | ||
180 | } | ||
181 | |||
182 | // Error returns the string representation of the error. | ||
183 | // Satisfies the error interface. | ||
184 | func (e unmarshalError) Error() string { | ||
185 | extra := hex.Dump(e.bytes) | ||
186 | return SprintError(e.Code(), e.Message(), extra, e.OrigErr()) | ||
187 | } | ||
188 | |||
189 | // String returns the string representation of the error. | ||
190 | // Alias for Error to satisfy the stringer interface. | ||
191 | func (e unmarshalError) String() string { | ||
192 | return e.Error() | ||
193 | } | ||
194 | |||
195 | // Bytes returns the bytes that failed to unmarshal. | ||
196 | func (e unmarshalError) Bytes() []byte { | ||
197 | return e.bytes | ||
198 | } | ||
199 | |||
173 | // An error list that satisfies the golang interface | 200 | // An error list that satisfies the golang interface |
174 | type errorList []error | 201 | type errorList []error |
175 | 202 | ||
@@ -181,7 +208,7 @@ func (e errorList) Error() string { | |||
181 | // How do we want to handle the array size being zero | 208 | // How do we want to handle the array size being zero |
182 | if size := len(e); size > 0 { | 209 | if size := len(e); size > 0 { |
183 | for i := 0; i < size; i++ { | 210 | for i := 0; i < size; i++ { |
184 | msg += fmt.Sprintf("%s", e[i].Error()) | 211 | msg += e[i].Error() |
185 | // We check the next index to see if it is within the slice. | 212 | // We check the next index to see if it is within the slice. |
186 | // If it is, then we append a newline. We do this, because unit tests | 213 | // If it is, then we append a newline. We do this, because unit tests |
187 | // could be broken with the additional '\n' | 214 | // could be broken with the additional '\n' |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go index 11c52c3..285e54d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go | |||
@@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) { | |||
185 | // SetValueAtPath sets a value at the case insensitive lexical path inside | 185 | // SetValueAtPath sets a value at the case insensitive lexical path inside |
186 | // of a structure. | 186 | // of a structure. |
187 | func SetValueAtPath(i interface{}, path string, v interface{}) { | 187 | func SetValueAtPath(i interface{}, path string, v interface{}) { |
188 | if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil { | 188 | rvals := rValuesAtPath(i, path, true, false, v == nil) |
189 | for _, rval := range rvals { | 189 | for _, rval := range rvals { |
190 | if rval.Kind() == reflect.Ptr && rval.IsNil() { | 190 | if rval.Kind() == reflect.Ptr && rval.IsNil() { |
191 | continue | 191 | continue |
192 | } | ||
193 | setValue(rval, v) | ||
194 | } | 192 | } |
193 | setValue(rval, v) | ||
195 | } | 194 | } |
196 | } | 195 | } |
197 | 196 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go index 7b5e127..8958c32 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go | |||
@@ -67,10 +67,14 @@ func logRequest(r *request.Request) { | |||
67 | if !bodySeekable { | 67 | if !bodySeekable { |
68 | r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body)) | 68 | r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body)) |
69 | } | 69 | } |
70 | // Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's | 70 | // Reset the request body because dumpRequest will re-wrap the |
71 | // Body as a NoOpCloser and will not be reset after read by the HTTP | 71 | // r.HTTPRequest's Body as a NoOpCloser and will not be reset after |
72 | // client reader. | 72 | // read by the HTTP client reader. |
73 | r.ResetBody() | 73 | if err := r.Error; err != nil { |
74 | r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, | ||
75 | r.ClientInfo.ServiceName, r.Operation.Name, err)) | ||
76 | return | ||
77 | } | ||
74 | } | 78 | } |
75 | 79 | ||
76 | r.Config.Logger.Log(fmt.Sprintf(logReqMsg, | 80 | r.Config.Logger.Log(fmt.Sprintf(logReqMsg, |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go index 894bbc7..4af5921 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go | |||
@@ -50,9 +50,10 @@ package credentials | |||
50 | 50 | ||
51 | import ( | 51 | import ( |
52 | "fmt" | 52 | "fmt" |
53 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
54 | "sync" | 53 | "sync" |
55 | "time" | 54 | "time" |
55 | |||
56 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
56 | ) | 57 | ) |
57 | 58 | ||
58 | // AnonymousCredentials is an empty Credential object that can be used as | 59 | // AnonymousCredentials is an empty Credential object that can be used as |
@@ -83,6 +84,12 @@ type Value struct { | |||
83 | ProviderName string | 84 | ProviderName string |
84 | } | 85 | } |
85 | 86 | ||
87 | // HasKeys returns if the credentials Value has both AccessKeyID and | ||
88 | // SecretAccessKey value set. | ||
89 | func (v Value) HasKeys() bool { | ||
90 | return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0 | ||
91 | } | ||
92 | |||
86 | // A Provider is the interface for any component which will provide credentials | 93 | // A Provider is the interface for any component which will provide credentials |
87 | // Value. A provider is required to manage its own Expired state, and what to | 94 | // Value. A provider is required to manage its own Expired state, and what to |
88 | // be expired means. | 95 | // be expired means. |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go index 0ed791b..43d4ed3 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go | |||
@@ -11,6 +11,7 @@ import ( | |||
11 | "github.com/aws/aws-sdk-go/aws/client" | 11 | "github.com/aws/aws-sdk-go/aws/client" |
12 | "github.com/aws/aws-sdk-go/aws/credentials" | 12 | "github.com/aws/aws-sdk-go/aws/credentials" |
13 | "github.com/aws/aws-sdk-go/aws/ec2metadata" | 13 | "github.com/aws/aws-sdk-go/aws/ec2metadata" |
14 | "github.com/aws/aws-sdk-go/aws/request" | ||
14 | "github.com/aws/aws-sdk-go/internal/sdkuri" | 15 | "github.com/aws/aws-sdk-go/internal/sdkuri" |
15 | ) | 16 | ) |
16 | 17 | ||
@@ -142,7 +143,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) { | |||
142 | } | 143 | } |
143 | 144 | ||
144 | if err := s.Err(); err != nil { | 145 | if err := s.Err(); err != nil { |
145 | return nil, awserr.New("SerializationError", "failed to read EC2 instance role from metadata service", err) | 146 | return nil, awserr.New(request.ErrCodeSerialization, |
147 | "failed to read EC2 instance role from metadata service", err) | ||
146 | } | 148 | } |
147 | 149 | ||
148 | return credsList, nil | 150 | return credsList, nil |
@@ -164,7 +166,7 @@ func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCred | |||
164 | respCreds := ec2RoleCredRespBody{} | 166 | respCreds := ec2RoleCredRespBody{} |
165 | if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil { | 167 | if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil { |
166 | return ec2RoleCredRespBody{}, | 168 | return ec2RoleCredRespBody{}, |
167 | awserr.New("SerializationError", | 169 | awserr.New(request.ErrCodeSerialization, |
168 | fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName), | 170 | fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName), |
169 | err) | 171 | err) |
170 | } | 172 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index ace5131..c2b2c5d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go | |||
@@ -39,6 +39,7 @@ import ( | |||
39 | "github.com/aws/aws-sdk-go/aws/client/metadata" | 39 | "github.com/aws/aws-sdk-go/aws/client/metadata" |
40 | "github.com/aws/aws-sdk-go/aws/credentials" | 40 | "github.com/aws/aws-sdk-go/aws/credentials" |
41 | "github.com/aws/aws-sdk-go/aws/request" | 41 | "github.com/aws/aws-sdk-go/aws/request" |
42 | "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" | ||
42 | ) | 43 | ) |
43 | 44 | ||
44 | // ProviderName is the name of the credentials provider. | 45 | // ProviderName is the name of the credentials provider. |
@@ -174,7 +175,7 @@ func unmarshalHandler(r *request.Request) { | |||
174 | 175 | ||
175 | out := r.Data.(*getCredentialsOutput) | 176 | out := r.Data.(*getCredentialsOutput) |
176 | if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil { | 177 | if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil { |
177 | r.Error = awserr.New("SerializationError", | 178 | r.Error = awserr.New(request.ErrCodeSerialization, |
178 | "failed to decode endpoint credentials", | 179 | "failed to decode endpoint credentials", |
179 | err, | 180 | err, |
180 | ) | 181 | ) |
@@ -185,11 +186,15 @@ func unmarshalError(r *request.Request) { | |||
185 | defer r.HTTPResponse.Body.Close() | 186 | defer r.HTTPResponse.Body.Close() |
186 | 187 | ||
187 | var errOut errorOutput | 188 | var errOut errorOutput |
188 | if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&errOut); err != nil { | 189 | err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body) |
189 | r.Error = awserr.New("SerializationError", | 190 | if err != nil { |
190 | "failed to decode endpoint credentials", | 191 | r.Error = awserr.NewRequestFailure( |
191 | err, | 192 | awserr.New(request.ErrCodeSerialization, |
193 | "failed to decode error message", err), | ||
194 | r.HTTPResponse.StatusCode, | ||
195 | r.RequestID, | ||
192 | ) | 196 | ) |
197 | return | ||
193 | } | 198 | } |
194 | 199 | ||
195 | // Response body format is not consistent between metadata endpoints. | 200 | // Response body format is not consistent between metadata endpoints. |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go index b6dbfd2..2e528d1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go | |||
@@ -200,7 +200,7 @@ type AssumeRoleProvider struct { | |||
200 | // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must | 200 | // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must |
201 | // have a value between 0 and 1. Any other value may lead to expected behavior. | 201 | // have a value between 0 and 1. Any other value may lead to expected behavior. |
202 | // With a MaxJitterFrac value of 0, default) will no jitter will be used. | 202 | // With a MaxJitterFrac value of 0, default) will no jitter will be used. |
203 | // | 203 | // |
204 | // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the | 204 | // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the |
205 | // AssumeRole call will be made with an arbitrary Duration between 27m and | 205 | // AssumeRole call will be made with an arbitrary Duration between 27m and |
206 | // 30m. | 206 | // 30m. |
@@ -258,7 +258,6 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(* | |||
258 | 258 | ||
259 | // Retrieve generates a new set of temporary credentials using STS. | 259 | // Retrieve generates a new set of temporary credentials using STS. |
260 | func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { | 260 | func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { |
261 | |||
262 | // Apply defaults where parameters are not set. | 261 | // Apply defaults where parameters are not set. |
263 | if p.RoleSessionName == "" { | 262 | if p.RoleSessionName == "" { |
264 | // Try to work out a role name that will hopefully end up unique. | 263 | // Try to work out a role name that will hopefully end up unique. |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go new file mode 100644 index 0000000..20510d9 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go | |||
@@ -0,0 +1,97 @@ | |||
1 | package stscreds | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "io/ioutil" | ||
6 | "strconv" | ||
7 | "time" | ||
8 | |||
9 | "github.com/aws/aws-sdk-go/aws" | ||
10 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
11 | "github.com/aws/aws-sdk-go/aws/client" | ||
12 | "github.com/aws/aws-sdk-go/aws/credentials" | ||
13 | "github.com/aws/aws-sdk-go/service/sts" | ||
14 | "github.com/aws/aws-sdk-go/service/sts/stsiface" | ||
15 | ) | ||
16 | |||
17 | const ( | ||
18 | // ErrCodeWebIdentity will be used as an error code when constructing | ||
19 | // a new error to be returned during session creation or retrieval. | ||
20 | ErrCodeWebIdentity = "WebIdentityErr" | ||
21 | |||
22 | // WebIdentityProviderName is the web identity provider name | ||
23 | WebIdentityProviderName = "WebIdentityCredentials" | ||
24 | ) | ||
25 | |||
26 | // now is used to return a time.Time object representing | ||
27 | // the current time. This can be used to easily test and | ||
28 | // compare test values. | ||
29 | var now = time.Now | ||
30 | |||
31 | // WebIdentityRoleProvider is used to retrieve credentials using | ||
32 | // an OIDC token. | ||
33 | type WebIdentityRoleProvider struct { | ||
34 | credentials.Expiry | ||
35 | |||
36 | client stsiface.STSAPI | ||
37 | ExpiryWindow time.Duration | ||
38 | |||
39 | tokenFilePath string | ||
40 | roleARN string | ||
41 | roleSessionName string | ||
42 | } | ||
43 | |||
44 | // NewWebIdentityCredentials will return a new set of credentials with a given | ||
45 | // configuration, role arn, and token file path. | ||
46 | func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials { | ||
47 | svc := sts.New(c) | ||
48 | p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path) | ||
49 | return credentials.NewCredentials(p) | ||
50 | } | ||
51 | |||
52 | // NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the | ||
53 | // provided stsiface.STSAPI | ||
54 | func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider { | ||
55 | return &WebIdentityRoleProvider{ | ||
56 | client: svc, | ||
57 | tokenFilePath: path, | ||
58 | roleARN: roleARN, | ||
59 | roleSessionName: roleSessionName, | ||
60 | } | ||
61 | } | ||
62 | |||
63 | // Retrieve will attempt to assume a role from a token which is located at | ||
64 | // 'WebIdentityTokenFilePath' specified destination and if that is empty an | ||
65 | // error will be returned. | ||
66 | func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) { | ||
67 | b, err := ioutil.ReadFile(p.tokenFilePath) | ||
68 | if err != nil { | ||
69 | errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath) | ||
70 | return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err) | ||
71 | } | ||
72 | |||
73 | sessionName := p.roleSessionName | ||
74 | if len(sessionName) == 0 { | ||
75 | // session name is used to uniquely identify a session. This simply | ||
76 | // uses unix time in nanoseconds to uniquely identify sessions. | ||
77 | sessionName = strconv.FormatInt(now().UnixNano(), 10) | ||
78 | } | ||
79 | resp, err := p.client.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{ | ||
80 | RoleArn: &p.roleARN, | ||
81 | RoleSessionName: &sessionName, | ||
82 | WebIdentityToken: aws.String(string(b)), | ||
83 | }) | ||
84 | if err != nil { | ||
85 | return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err) | ||
86 | } | ||
87 | |||
88 | p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow) | ||
89 | |||
90 | value := credentials.Value{ | ||
91 | AccessKeyID: aws.StringValue(resp.Credentials.AccessKeyId), | ||
92 | SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey), | ||
93 | SessionToken: aws.StringValue(resp.Credentials.SessionToken), | ||
94 | ProviderName: WebIdentityProviderName, | ||
95 | } | ||
96 | return value, nil | ||
97 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go index 152d785..25a66d1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go | |||
@@ -1,30 +1,61 @@ | |||
1 | // Package csm provides Client Side Monitoring (CSM) which enables sending metrics | 1 | // Package csm provides the Client Side Monitoring (CSM) client which enables |
2 | // via UDP connection. Using the Start function will enable the reporting of | 2 | // sending metrics via UDP connection to the CSM agent. This package provides |
3 | // metrics on a given port. If Start is called, with different parameters, again, | 3 | // control options, and configuration for the CSM client. The client can be |
4 | // a panic will occur. | 4 | // controlled manually, or automatically via the SDK's Session configuration. |
5 | // | 5 | // |
6 | // Pause can be called to pause any metrics publishing on a given port. Sessions | 6 | // Enabling CSM client via SDK's Session configuration |
7 | // that have had their handlers modified via InjectHandlers may still be used. | 7 | // |
8 | // However, the handlers will act as a no-op meaning no metrics will be published. | 8 | // The CSM client can be enabled automatically via SDK's Session configuration. |
9 | // The SDK's session configuration enables the CSM client if the AWS_CSM_PORT | ||
10 | // environment variable is set to a non-empty value. | ||
11 | // | ||
12 | // The configuration options for the CSM client via the SDK's session | ||
13 | // configuration are: | ||
14 | // | ||
15 | // * AWS_CSM_PORT=<port number> | ||
16 | // The port number the CSM agent will receive metrics on. | ||
17 | // | ||
18 | // * AWS_CSM_HOST=<hostname or ip> | ||
19 | // The hostname, or IP address the CSM agent will receive metrics on. | ||
20 | // Without port number. | ||
21 | // | ||
22 | // Manually enabling the CSM client | ||
23 | // | ||
24 | // The CSM client can be started, paused, and resumed manually. The Start | ||
25 | // function will enable the CSM client to publish metrics to the CSM agent. It | ||
26 | // is safe to call Start concurrently, but if Start is called additional times | ||
27 | // with different ClientID or address it will panic. | ||
9 | // | 28 | // |
10 | // Example: | ||
11 | // r, err := csm.Start("clientID", ":31000") | 29 | // r, err := csm.Start("clientID", ":31000") |
12 | // if err != nil { | 30 | // if err != nil { |
13 | // panic(fmt.Errorf("failed starting CSM: %v", err)) | 31 | // panic(fmt.Errorf("failed starting CSM: %v", err)) |
14 | // } | 32 | // } |
15 | // | 33 | // |
34 | // When controlling the CSM client manually, you must also inject its request | ||
35 | // handlers into the SDK's Session configuration for the SDK's API clients to | ||
36 | // publish metrics. | ||
37 | // | ||
16 | // sess, err := session.NewSession(&aws.Config{}) | 38 | // sess, err := session.NewSession(&aws.Config{}) |
17 | // if err != nil { | 39 | // if err != nil { |
18 | // panic(fmt.Errorf("failed loading session: %v", err)) | 40 | // panic(fmt.Errorf("failed loading session: %v", err)) |
19 | // } | 41 | // } |
20 | // | 42 | // |
43 | // // Add CSM client's metric publishing request handlers to the SDK's | ||
44 | // // Session Configuration. | ||
21 | // r.InjectHandlers(&sess.Handlers) | 45 | // r.InjectHandlers(&sess.Handlers) |
22 | // | 46 | // |
23 | // client := s3.New(sess) | 47 | // Controlling CSM client |
24 | // resp, err := client.GetObject(&s3.GetObjectInput{ | 48 | // |
25 | // Bucket: aws.String("bucket"), | 49 | // Once the CSM client has been enabled the Get function will return a Reporter |
26 | // Key: aws.String("key"), | 50 | // value that you can use to pause and resume the metrics published to the CSM |
27 | // }) | 51 | // agent. If Get function is called before the reporter is enabled with the |
52 | // Start function or via SDK's Session configuration nil will be returned. | ||
53 | // | ||
54 | // The Pause method can be called to stop the CSM client publishing metrics to | ||
55 | // the CSM agent. The Continue method will resume metric publishing. | ||
56 | // | ||
57 | // // Get the CSM client Reporter. | ||
58 | // r := csm.Get() | ||
28 | // | 59 | // |
29 | // // Will pause monitoring | 60 | // // Will pause monitoring |
30 | // r.Pause() | 61 | // r.Pause() |
@@ -35,12 +66,4 @@ | |||
35 | // | 66 | // |
36 | // // Resume monitoring | 67 | // // Resume monitoring |
37 | // r.Continue() | 68 | // r.Continue() |
38 | // | ||
39 | // Start returns a Reporter that is used to enable or disable monitoring. If | ||
40 | // access to the Reporter is required later, calling Get will return the Reporter | ||
41 | // singleton. | ||
42 | // | ||
43 | // Example: | ||
44 | // r := csm.Get() | ||
45 | // r.Continue() | ||
46 | package csm | 69 | package csm |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go index 2f0c6ea..4b19e28 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go | |||
@@ -2,6 +2,7 @@ package csm | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "fmt" | 4 | "fmt" |
5 | "strings" | ||
5 | "sync" | 6 | "sync" |
6 | ) | 7 | ) |
7 | 8 | ||
@@ -9,19 +10,40 @@ var ( | |||
9 | lock sync.Mutex | 10 | lock sync.Mutex |
10 | ) | 11 | ) |
11 | 12 | ||
12 | // Client side metric handler names | ||
13 | const ( | 13 | const ( |
14 | APICallMetricHandlerName = "awscsm.SendAPICallMetric" | 14 | // DefaultPort is used when no port is specified. |
15 | APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" | 15 | DefaultPort = "31000" |
16 | |||
17 | // DefaultHost is the host that will be used when none is specified. | ||
18 | DefaultHost = "127.0.0.1" | ||
16 | ) | 19 | ) |
17 | 20 | ||
18 | // Start will start the a long running go routine to capture | 21 | // AddressWithDefaults returns a CSM address built from the host and port |
22 | // values. If the host or port is not set, default values will be used | ||
23 | // instead. If host is "localhost" it will be replaced with "127.0.0.1". | ||
24 | func AddressWithDefaults(host, port string) string { | ||
25 | if len(host) == 0 || strings.EqualFold(host, "localhost") { | ||
26 | host = DefaultHost | ||
27 | } | ||
28 | |||
29 | if len(port) == 0 { | ||
30 | port = DefaultPort | ||
31 | } | ||
32 | |||
33 | // Only IP6 host can contain a colon | ||
34 | if strings.Contains(host, ":") { | ||
35 | return "[" + host + "]:" + port | ||
36 | } | ||
37 | |||
38 | return host + ":" + port | ||
39 | } | ||
40 | |||
41 | // Start will start a long running go routine to capture | ||
19 | // client side metrics. Calling start multiple time will only | 42 | // client side metrics. Calling start multiple time will only |
20 | // start the metric listener once and will panic if a different | 43 | // start the metric listener once and will panic if a different |
21 | // client ID or port is passed in. | 44 | // client ID or port is passed in. |
22 | // | 45 | // |
23 | // Example: | 46 | // r, err := csm.Start("clientID", "127.0.0.1:31000") |
24 | // r, err := csm.Start("clientID", "127.0.0.1:8094") | ||
25 | // if err != nil { | 47 | // if err != nil { |
26 | // panic(fmt.Errorf("expected no error, but received %v", err)) | 48 | // panic(fmt.Errorf("expected no error, but received %v", err)) |
27 | // } | 49 | // } |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go index 0b5571a..c7008d8 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go | |||
@@ -10,11 +10,6 @@ import ( | |||
10 | "github.com/aws/aws-sdk-go/aws/request" | 10 | "github.com/aws/aws-sdk-go/aws/request" |
11 | ) | 11 | ) |
12 | 12 | ||
13 | const ( | ||
14 | // DefaultPort is used when no port is specified | ||
15 | DefaultPort = "31000" | ||
16 | ) | ||
17 | |||
18 | // Reporter will gather metrics of API requests made and | 13 | // Reporter will gather metrics of API requests made and |
19 | // send those metrics to the CSM endpoint. | 14 | // send those metrics to the CSM endpoint. |
20 | type Reporter struct { | 15 | type Reporter struct { |
@@ -96,7 +91,7 @@ func getMetricException(err awserr.Error) metricException { | |||
96 | 91 | ||
97 | switch code { | 92 | switch code { |
98 | case "RequestError", | 93 | case "RequestError", |
99 | "SerializationError", | 94 | request.ErrCodeSerialization, |
100 | request.CanceledErrorCode: | 95 | request.CanceledErrorCode: |
101 | return sdkException{ | 96 | return sdkException{ |
102 | requestException{exception: code, message: msg}, | 97 | requestException{exception: code, message: msg}, |
@@ -123,7 +118,7 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) { | |||
123 | Type: aws.String("ApiCall"), | 118 | Type: aws.String("ApiCall"), |
124 | AttemptCount: aws.Int(r.RetryCount + 1), | 119 | AttemptCount: aws.Int(r.RetryCount + 1), |
125 | Region: r.Config.Region, | 120 | Region: r.Config.Region, |
126 | Latency: aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)), | 121 | Latency: aws.Int(int(time.Since(r.Time) / time.Millisecond)), |
127 | XAmzRequestID: aws.String(r.RequestID), | 122 | XAmzRequestID: aws.String(r.RequestID), |
128 | MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())), | 123 | MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())), |
129 | } | 124 | } |
@@ -190,8 +185,9 @@ func (rep *Reporter) start() { | |||
190 | } | 185 | } |
191 | } | 186 | } |
192 | 187 | ||
193 | // Pause will pause the metric channel preventing any new metrics from | 188 | // Pause will pause the metric channel preventing any new metrics from being |
194 | // being added. | 189 | // added. It is safe to call concurrently with other calls to Pause, but if |
190 | // called concurently with Continue can lead to unexpected state. | ||
195 | func (rep *Reporter) Pause() { | 191 | func (rep *Reporter) Pause() { |
196 | lock.Lock() | 192 | lock.Lock() |
197 | defer lock.Unlock() | 193 | defer lock.Unlock() |
@@ -203,8 +199,9 @@ func (rep *Reporter) Pause() { | |||
203 | rep.close() | 199 | rep.close() |
204 | } | 200 | } |
205 | 201 | ||
206 | // Continue will reopen the metric channel and allow for monitoring | 202 | // Continue will reopen the metric channel and allow for monitoring to be |
207 | // to be resumed. | 203 | // resumed. It is safe to call concurrently with other calls to Continue, but |
204 | // if called concurently with Pause can lead to unexpected state. | ||
208 | func (rep *Reporter) Continue() { | 205 | func (rep *Reporter) Continue() { |
209 | lock.Lock() | 206 | lock.Lock() |
210 | defer lock.Unlock() | 207 | defer lock.Unlock() |
@@ -219,10 +216,18 @@ func (rep *Reporter) Continue() { | |||
219 | rep.metricsCh.Continue() | 216 | rep.metricsCh.Continue() |
220 | } | 217 | } |
221 | 218 | ||
219 | // Client side metric handler names | ||
220 | const ( | ||
221 | APICallMetricHandlerName = "awscsm.SendAPICallMetric" | ||
222 | APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" | ||
223 | ) | ||
224 | |||
222 | // InjectHandlers will will enable client side metrics and inject the proper | 225 | // InjectHandlers will will enable client side metrics and inject the proper |
223 | // handlers to handle how metrics are sent. | 226 | // handlers to handle how metrics are sent. |
224 | // | 227 | // |
225 | // Example: | 228 | // InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers |
229 | // multiple times may lead to unexpected behavior, (e.g. duplicate metrics). | ||
230 | // | ||
226 | // // Start must be called in order to inject the correct handlers | 231 | // // Start must be called in order to inject the correct handlers |
227 | // r, err := csm.Start("clientID", "127.0.0.1:8094") | 232 | // r, err := csm.Start("clientID", "127.0.0.1:8094") |
228 | // if err != nil { | 233 | // if err != nil { |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go index d57a1af..2c8d5f5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go | |||
@@ -82,7 +82,7 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument | |||
82 | doc := EC2InstanceIdentityDocument{} | 82 | doc := EC2InstanceIdentityDocument{} |
83 | if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil { | 83 | if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil { |
84 | return EC2InstanceIdentityDocument{}, | 84 | return EC2InstanceIdentityDocument{}, |
85 | awserr.New("SerializationError", | 85 | awserr.New(request.ErrCodeSerialization, |
86 | "failed to decode EC2 instance identity document", err) | 86 | "failed to decode EC2 instance identity document", err) |
87 | } | 87 | } |
88 | 88 | ||
@@ -101,7 +101,7 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) { | |||
101 | info := EC2IAMInfo{} | 101 | info := EC2IAMInfo{} |
102 | if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil { | 102 | if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil { |
103 | return EC2IAMInfo{}, | 103 | return EC2IAMInfo{}, |
104 | awserr.New("SerializationError", | 104 | awserr.New(request.ErrCodeSerialization, |
105 | "failed to decode EC2 IAM info", err) | 105 | "failed to decode EC2 IAM info", err) |
106 | } | 106 | } |
107 | 107 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index f4438ea..f0c1d31 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go | |||
@@ -123,7 +123,7 @@ func unmarshalHandler(r *request.Request) { | |||
123 | defer r.HTTPResponse.Body.Close() | 123 | defer r.HTTPResponse.Body.Close() |
124 | b := &bytes.Buffer{} | 124 | b := &bytes.Buffer{} |
125 | if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { | 125 | if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { |
126 | r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata respose", err) | 126 | r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata respose", err) |
127 | return | 127 | return |
128 | } | 128 | } |
129 | 129 | ||
@@ -136,7 +136,7 @@ func unmarshalError(r *request.Request) { | |||
136 | defer r.HTTPResponse.Body.Close() | 136 | defer r.HTTPResponse.Body.Close() |
137 | b := &bytes.Buffer{} | 137 | b := &bytes.Buffer{} |
138 | if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { | 138 | if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { |
139 | r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata error respose", err) | 139 | r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error respose", err) |
140 | return | 140 | return |
141 | } | 141 | } |
142 | 142 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 50e170e..2e7bd7a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go | |||
@@ -27,6 +27,7 @@ const ( | |||
27 | EuWest1RegionID = "eu-west-1" // EU (Ireland). | 27 | EuWest1RegionID = "eu-west-1" // EU (Ireland). |
28 | EuWest2RegionID = "eu-west-2" // EU (London). | 28 | EuWest2RegionID = "eu-west-2" // EU (London). |
29 | EuWest3RegionID = "eu-west-3" // EU (Paris). | 29 | EuWest3RegionID = "eu-west-3" // EU (Paris). |
30 | MeSouth1RegionID = "me-south-1" // Middle East (Bahrain). | ||
30 | SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). | 31 | SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). |
31 | UsEast1RegionID = "us-east-1" // US East (N. Virginia). | 32 | UsEast1RegionID = "us-east-1" // US East (N. Virginia). |
32 | UsEast2RegionID = "us-east-2" // US East (Ohio). | 33 | UsEast2RegionID = "us-east-2" // US East (Ohio). |
@@ -128,6 +129,9 @@ var awsPartition = partition{ | |||
128 | "eu-west-3": region{ | 129 | "eu-west-3": region{ |
129 | Description: "EU (Paris)", | 130 | Description: "EU (Paris)", |
130 | }, | 131 | }, |
132 | "me-south-1": region{ | ||
133 | Description: "Middle East (Bahrain)", | ||
134 | }, | ||
131 | "sa-east-1": region{ | 135 | "sa-east-1": region{ |
132 | Description: "South America (Sao Paulo)", | 136 | Description: "South America (Sao Paulo)", |
133 | }, | 137 | }, |
@@ -166,6 +170,7 @@ var awsPartition = partition{ | |||
166 | "eu-west-1": endpoint{}, | 170 | "eu-west-1": endpoint{}, |
167 | "eu-west-2": endpoint{}, | 171 | "eu-west-2": endpoint{}, |
168 | "eu-west-3": endpoint{}, | 172 | "eu-west-3": endpoint{}, |
173 | "me-south-1": endpoint{}, | ||
169 | "sa-east-1": endpoint{}, | 174 | "sa-east-1": endpoint{}, |
170 | "us-east-1": endpoint{}, | 175 | "us-east-1": endpoint{}, |
171 | "us-east-2": endpoint{}, | 176 | "us-east-2": endpoint{}, |
@@ -178,6 +183,7 @@ var awsPartition = partition{ | |||
178 | Protocols: []string{"https"}, | 183 | Protocols: []string{"https"}, |
179 | }, | 184 | }, |
180 | Endpoints: endpoints{ | 185 | Endpoints: endpoints{ |
186 | "ap-east-1": endpoint{}, | ||
181 | "ap-northeast-1": endpoint{}, | 187 | "ap-northeast-1": endpoint{}, |
182 | "ap-northeast-2": endpoint{}, | 188 | "ap-northeast-2": endpoint{}, |
183 | "ap-south-1": endpoint{}, | 189 | "ap-south-1": endpoint{}, |
@@ -270,6 +276,12 @@ var awsPartition = partition{ | |||
270 | Region: "eu-west-3", | 276 | Region: "eu-west-3", |
271 | }, | 277 | }, |
272 | }, | 278 | }, |
279 | "me-south-1": endpoint{ | ||
280 | Hostname: "api.ecr.me-south-1.amazonaws.com", | ||
281 | CredentialScope: credentialScope{ | ||
282 | Region: "me-south-1", | ||
283 | }, | ||
284 | }, | ||
273 | "sa-east-1": endpoint{ | 285 | "sa-east-1": endpoint{ |
274 | Hostname: "api.ecr.sa-east-1.amazonaws.com", | 286 | Hostname: "api.ecr.sa-east-1.amazonaws.com", |
275 | CredentialScope: credentialScope{ | 287 | CredentialScope: credentialScope{ |
@@ -381,6 +393,7 @@ var awsPartition = partition{ | |||
381 | "eu-west-1": endpoint{}, | 393 | "eu-west-1": endpoint{}, |
382 | "eu-west-2": endpoint{}, | 394 | "eu-west-2": endpoint{}, |
383 | "eu-west-3": endpoint{}, | 395 | "eu-west-3": endpoint{}, |
396 | "me-south-1": endpoint{}, | ||
384 | "sa-east-1": endpoint{}, | 397 | "sa-east-1": endpoint{}, |
385 | "us-east-1": endpoint{}, | 398 | "us-east-1": endpoint{}, |
386 | "us-east-2": endpoint{}, | 399 | "us-east-2": endpoint{}, |
@@ -409,6 +422,7 @@ var awsPartition = partition{ | |||
409 | "eu-west-1": endpoint{}, | 422 | "eu-west-1": endpoint{}, |
410 | "eu-west-2": endpoint{}, | 423 | "eu-west-2": endpoint{}, |
411 | "eu-west-3": endpoint{}, | 424 | "eu-west-3": endpoint{}, |
425 | "me-south-1": endpoint{}, | ||
412 | "sa-east-1": endpoint{}, | 426 | "sa-east-1": endpoint{}, |
413 | "us-east-1": endpoint{}, | 427 | "us-east-1": endpoint{}, |
414 | "us-east-2": endpoint{}, | 428 | "us-east-2": endpoint{}, |
@@ -416,6 +430,24 @@ var awsPartition = partition{ | |||
416 | "us-west-2": endpoint{}, | 430 | "us-west-2": endpoint{}, |
417 | }, | 431 | }, |
418 | }, | 432 | }, |
433 | "appmesh": service{ | ||
434 | |||
435 | Endpoints: endpoints{ | ||
436 | "ap-northeast-1": endpoint{}, | ||
437 | "ap-northeast-2": endpoint{}, | ||
438 | "ap-south-1": endpoint{}, | ||
439 | "ap-southeast-1": endpoint{}, | ||
440 | "ap-southeast-2": endpoint{}, | ||
441 | "ca-central-1": endpoint{}, | ||
442 | "eu-central-1": endpoint{}, | ||
443 | "eu-west-1": endpoint{}, | ||
444 | "eu-west-2": endpoint{}, | ||
445 | "us-east-1": endpoint{}, | ||
446 | "us-east-2": endpoint{}, | ||
447 | "us-west-1": endpoint{}, | ||
448 | "us-west-2": endpoint{}, | ||
449 | }, | ||
450 | }, | ||
419 | "appstream2": service{ | 451 | "appstream2": service{ |
420 | Defaults: endpoint{ | 452 | Defaults: endpoint{ |
421 | Protocols: []string{"https"}, | 453 | Protocols: []string{"https"}, |
@@ -460,6 +492,7 @@ var awsPartition = partition{ | |||
460 | "ap-southeast-2": endpoint{}, | 492 | "ap-southeast-2": endpoint{}, |
461 | "ca-central-1": endpoint{}, | 493 | "ca-central-1": endpoint{}, |
462 | "eu-central-1": endpoint{}, | 494 | "eu-central-1": endpoint{}, |
495 | "eu-north-1": endpoint{}, | ||
463 | "eu-west-1": endpoint{}, | 496 | "eu-west-1": endpoint{}, |
464 | "eu-west-2": endpoint{}, | 497 | "eu-west-2": endpoint{}, |
465 | "us-east-1": endpoint{}, | 498 | "us-east-1": endpoint{}, |
@@ -484,6 +517,7 @@ var awsPartition = partition{ | |||
484 | "eu-west-1": endpoint{}, | 517 | "eu-west-1": endpoint{}, |
485 | "eu-west-2": endpoint{}, | 518 | "eu-west-2": endpoint{}, |
486 | "eu-west-3": endpoint{}, | 519 | "eu-west-3": endpoint{}, |
520 | "me-south-1": endpoint{}, | ||
487 | "sa-east-1": endpoint{}, | 521 | "sa-east-1": endpoint{}, |
488 | "us-east-1": endpoint{}, | 522 | "us-east-1": endpoint{}, |
489 | "us-east-2": endpoint{}, | 523 | "us-east-2": endpoint{}, |
@@ -515,9 +549,27 @@ var awsPartition = partition{ | |||
515 | "us-west-2": endpoint{}, | 549 | "us-west-2": endpoint{}, |
516 | }, | 550 | }, |
517 | }, | 551 | }, |
552 | "backup": service{ | ||
553 | |||
554 | Endpoints: endpoints{ | ||
555 | "ap-northeast-1": endpoint{}, | ||
556 | "ap-northeast-2": endpoint{}, | ||
557 | "ap-southeast-1": endpoint{}, | ||
558 | "ap-southeast-2": endpoint{}, | ||
559 | "ca-central-1": endpoint{}, | ||
560 | "eu-central-1": endpoint{}, | ||
561 | "eu-west-1": endpoint{}, | ||
562 | "eu-west-2": endpoint{}, | ||
563 | "us-east-1": endpoint{}, | ||
564 | "us-east-2": endpoint{}, | ||
565 | "us-west-1": endpoint{}, | ||
566 | "us-west-2": endpoint{}, | ||
567 | }, | ||
568 | }, | ||
518 | "batch": service{ | 569 | "batch": service{ |
519 | 570 | ||
520 | Endpoints: endpoints{ | 571 | Endpoints: endpoints{ |
572 | "ap-east-1": endpoint{}, | ||
521 | "ap-northeast-1": endpoint{}, | 573 | "ap-northeast-1": endpoint{}, |
522 | "ap-northeast-2": endpoint{}, | 574 | "ap-northeast-2": endpoint{}, |
523 | "ap-south-1": endpoint{}, | 575 | "ap-south-1": endpoint{}, |
@@ -584,6 +636,7 @@ var awsPartition = partition{ | |||
584 | Endpoints: endpoints{ | 636 | Endpoints: endpoints{ |
585 | "ap-northeast-1": endpoint{}, | 637 | "ap-northeast-1": endpoint{}, |
586 | "ap-southeast-1": endpoint{}, | 638 | "ap-southeast-1": endpoint{}, |
639 | "eu-central-1": endpoint{}, | ||
587 | "eu-west-1": endpoint{}, | 640 | "eu-west-1": endpoint{}, |
588 | "us-east-1": endpoint{}, | 641 | "us-east-1": endpoint{}, |
589 | "us-east-2": endpoint{}, | 642 | "us-east-2": endpoint{}, |
@@ -619,6 +672,7 @@ var awsPartition = partition{ | |||
619 | "eu-west-1": endpoint{}, | 672 | "eu-west-1": endpoint{}, |
620 | "eu-west-2": endpoint{}, | 673 | "eu-west-2": endpoint{}, |
621 | "eu-west-3": endpoint{}, | 674 | "eu-west-3": endpoint{}, |
675 | "me-south-1": endpoint{}, | ||
622 | "sa-east-1": endpoint{}, | 676 | "sa-east-1": endpoint{}, |
623 | "us-east-1": endpoint{}, | 677 | "us-east-1": endpoint{}, |
624 | "us-east-2": endpoint{}, | 678 | "us-east-2": endpoint{}, |
@@ -662,6 +716,7 @@ var awsPartition = partition{ | |||
662 | }, | 716 | }, |
663 | }, | 717 | }, |
664 | Endpoints: endpoints{ | 718 | Endpoints: endpoints{ |
719 | "ap-east-1": endpoint{}, | ||
665 | "ap-northeast-1": endpoint{}, | 720 | "ap-northeast-1": endpoint{}, |
666 | "ap-northeast-2": endpoint{}, | 721 | "ap-northeast-2": endpoint{}, |
667 | "ap-south-1": endpoint{}, | 722 | "ap-south-1": endpoint{}, |
@@ -709,6 +764,7 @@ var awsPartition = partition{ | |||
709 | "eu-west-1": endpoint{}, | 764 | "eu-west-1": endpoint{}, |
710 | "eu-west-2": endpoint{}, | 765 | "eu-west-2": endpoint{}, |
711 | "eu-west-3": endpoint{}, | 766 | "eu-west-3": endpoint{}, |
767 | "me-south-1": endpoint{}, | ||
712 | "sa-east-1": endpoint{}, | 768 | "sa-east-1": endpoint{}, |
713 | "us-east-1": endpoint{}, | 769 | "us-east-1": endpoint{}, |
714 | "us-east-2": endpoint{}, | 770 | "us-east-2": endpoint{}, |
@@ -726,6 +782,7 @@ var awsPartition = partition{ | |||
726 | "ap-southeast-2": endpoint{}, | 782 | "ap-southeast-2": endpoint{}, |
727 | "ca-central-1": endpoint{}, | 783 | "ca-central-1": endpoint{}, |
728 | "eu-central-1": endpoint{}, | 784 | "eu-central-1": endpoint{}, |
785 | "eu-north-1": endpoint{}, | ||
729 | "eu-west-1": endpoint{}, | 786 | "eu-west-1": endpoint{}, |
730 | "eu-west-2": endpoint{}, | 787 | "eu-west-2": endpoint{}, |
731 | "eu-west-3": endpoint{}, | 788 | "eu-west-3": endpoint{}, |
@@ -789,6 +846,7 @@ var awsPartition = partition{ | |||
789 | "codedeploy": service{ | 846 | "codedeploy": service{ |
790 | 847 | ||
791 | Endpoints: endpoints{ | 848 | Endpoints: endpoints{ |
849 | "ap-east-1": endpoint{}, | ||
792 | "ap-northeast-1": endpoint{}, | 850 | "ap-northeast-1": endpoint{}, |
793 | "ap-northeast-2": endpoint{}, | 851 | "ap-northeast-2": endpoint{}, |
794 | "ap-south-1": endpoint{}, | 852 | "ap-south-1": endpoint{}, |
@@ -800,6 +858,7 @@ var awsPartition = partition{ | |||
800 | "eu-west-1": endpoint{}, | 858 | "eu-west-1": endpoint{}, |
801 | "eu-west-2": endpoint{}, | 859 | "eu-west-2": endpoint{}, |
802 | "eu-west-3": endpoint{}, | 860 | "eu-west-3": endpoint{}, |
861 | "me-south-1": endpoint{}, | ||
803 | "sa-east-1": endpoint{}, | 862 | "sa-east-1": endpoint{}, |
804 | "us-east-1": endpoint{}, | 863 | "us-east-1": endpoint{}, |
805 | "us-east-1-fips": endpoint{ | 864 | "us-east-1-fips": endpoint{ |
@@ -937,10 +996,13 @@ var awsPartition = partition{ | |||
937 | "comprehendmedical": service{ | 996 | "comprehendmedical": service{ |
938 | 997 | ||
939 | Endpoints: endpoints{ | 998 | Endpoints: endpoints{ |
940 | "eu-west-1": endpoint{}, | 999 | "ap-southeast-2": endpoint{}, |
941 | "us-east-1": endpoint{}, | 1000 | "ca-central-1": endpoint{}, |
942 | "us-east-2": endpoint{}, | 1001 | "eu-west-1": endpoint{}, |
943 | "us-west-2": endpoint{}, | 1002 | "eu-west-2": endpoint{}, |
1003 | "us-east-1": endpoint{}, | ||
1004 | "us-east-2": endpoint{}, | ||
1005 | "us-west-2": endpoint{}, | ||
944 | }, | 1006 | }, |
945 | }, | 1007 | }, |
946 | "config": service{ | 1008 | "config": service{ |
@@ -958,6 +1020,7 @@ var awsPartition = partition{ | |||
958 | "eu-west-1": endpoint{}, | 1020 | "eu-west-1": endpoint{}, |
959 | "eu-west-2": endpoint{}, | 1021 | "eu-west-2": endpoint{}, |
960 | "eu-west-3": endpoint{}, | 1022 | "eu-west-3": endpoint{}, |
1023 | "me-south-1": endpoint{}, | ||
961 | "sa-east-1": endpoint{}, | 1024 | "sa-east-1": endpoint{}, |
962 | "us-east-1": endpoint{}, | 1025 | "us-east-1": endpoint{}, |
963 | "us-east-2": endpoint{}, | 1026 | "us-east-2": endpoint{}, |
@@ -971,6 +1034,19 @@ var awsPartition = partition{ | |||
971 | "us-east-1": endpoint{}, | 1034 | "us-east-1": endpoint{}, |
972 | }, | 1035 | }, |
973 | }, | 1036 | }, |
1037 | "data.mediastore": service{ | ||
1038 | |||
1039 | Endpoints: endpoints{ | ||
1040 | "ap-northeast-1": endpoint{}, | ||
1041 | "ap-northeast-2": endpoint{}, | ||
1042 | "ap-southeast-2": endpoint{}, | ||
1043 | "eu-central-1": endpoint{}, | ||
1044 | "eu-north-1": endpoint{}, | ||
1045 | "eu-west-1": endpoint{}, | ||
1046 | "us-east-1": endpoint{}, | ||
1047 | "us-west-2": endpoint{}, | ||
1048 | }, | ||
1049 | }, | ||
974 | "datapipeline": service{ | 1050 | "datapipeline": service{ |
975 | 1051 | ||
976 | Endpoints: endpoints{ | 1052 | Endpoints: endpoints{ |
@@ -1032,6 +1108,7 @@ var awsPartition = partition{ | |||
1032 | "eu-west-1": endpoint{}, | 1108 | "eu-west-1": endpoint{}, |
1033 | "eu-west-2": endpoint{}, | 1109 | "eu-west-2": endpoint{}, |
1034 | "eu-west-3": endpoint{}, | 1110 | "eu-west-3": endpoint{}, |
1111 | "me-south-1": endpoint{}, | ||
1035 | "sa-east-1": endpoint{}, | 1112 | "sa-east-1": endpoint{}, |
1036 | "us-east-1": endpoint{}, | 1113 | "us-east-1": endpoint{}, |
1037 | "us-east-2": endpoint{}, | 1114 | "us-east-2": endpoint{}, |
@@ -1060,6 +1137,7 @@ var awsPartition = partition{ | |||
1060 | "eu-west-1": endpoint{}, | 1137 | "eu-west-1": endpoint{}, |
1061 | "eu-west-2": endpoint{}, | 1138 | "eu-west-2": endpoint{}, |
1062 | "eu-west-3": endpoint{}, | 1139 | "eu-west-3": endpoint{}, |
1140 | "me-south-1": endpoint{}, | ||
1063 | "sa-east-1": endpoint{}, | 1141 | "sa-east-1": endpoint{}, |
1064 | "us-east-1": endpoint{}, | 1142 | "us-east-1": endpoint{}, |
1065 | "us-east-2": endpoint{}, | 1143 | "us-east-2": endpoint{}, |
@@ -1070,6 +1148,24 @@ var awsPartition = partition{ | |||
1070 | "docdb": service{ | 1148 | "docdb": service{ |
1071 | 1149 | ||
1072 | Endpoints: endpoints{ | 1150 | Endpoints: endpoints{ |
1151 | "ap-northeast-1": endpoint{ | ||
1152 | Hostname: "rds.ap-northeast-1.amazonaws.com", | ||
1153 | CredentialScope: credentialScope{ | ||
1154 | Region: "ap-northeast-1", | ||
1155 | }, | ||
1156 | }, | ||
1157 | "ap-northeast-2": endpoint{ | ||
1158 | Hostname: "rds.ap-northeast-2.amazonaws.com", | ||
1159 | CredentialScope: credentialScope{ | ||
1160 | Region: "ap-northeast-2", | ||
1161 | }, | ||
1162 | }, | ||
1163 | "ap-southeast-2": endpoint{ | ||
1164 | Hostname: "rds.ap-southeast-2.amazonaws.com", | ||
1165 | CredentialScope: credentialScope{ | ||
1166 | Region: "ap-southeast-2", | ||
1167 | }, | ||
1168 | }, | ||
1073 | "eu-central-1": endpoint{ | 1169 | "eu-central-1": endpoint{ |
1074 | Hostname: "rds.eu-central-1.amazonaws.com", | 1170 | Hostname: "rds.eu-central-1.amazonaws.com", |
1075 | CredentialScope: credentialScope{ | 1171 | CredentialScope: credentialScope{ |
@@ -1082,6 +1178,12 @@ var awsPartition = partition{ | |||
1082 | Region: "eu-west-1", | 1178 | Region: "eu-west-1", |
1083 | }, | 1179 | }, |
1084 | }, | 1180 | }, |
1181 | "eu-west-2": endpoint{ | ||
1182 | Hostname: "rds.eu-west-2.amazonaws.com", | ||
1183 | CredentialScope: credentialScope{ | ||
1184 | Region: "eu-west-2", | ||
1185 | }, | ||
1186 | }, | ||
1085 | "us-east-1": endpoint{ | 1187 | "us-east-1": endpoint{ |
1086 | Hostname: "rds.us-east-1.amazonaws.com", | 1188 | Hostname: "rds.us-east-1.amazonaws.com", |
1087 | CredentialScope: credentialScope{ | 1189 | CredentialScope: credentialScope{ |
@@ -1112,6 +1214,7 @@ var awsPartition = partition{ | |||
1112 | "ap-southeast-2": endpoint{}, | 1214 | "ap-southeast-2": endpoint{}, |
1113 | "ca-central-1": endpoint{}, | 1215 | "ca-central-1": endpoint{}, |
1114 | "eu-central-1": endpoint{}, | 1216 | "eu-central-1": endpoint{}, |
1217 | "eu-north-1": endpoint{}, | ||
1115 | "eu-west-1": endpoint{}, | 1218 | "eu-west-1": endpoint{}, |
1116 | "eu-west-2": endpoint{}, | 1219 | "eu-west-2": endpoint{}, |
1117 | "sa-east-1": endpoint{}, | 1220 | "sa-east-1": endpoint{}, |
@@ -1133,11 +1236,17 @@ var awsPartition = partition{ | |||
1133 | "ap-southeast-1": endpoint{}, | 1236 | "ap-southeast-1": endpoint{}, |
1134 | "ap-southeast-2": endpoint{}, | 1237 | "ap-southeast-2": endpoint{}, |
1135 | "ca-central-1": endpoint{}, | 1238 | "ca-central-1": endpoint{}, |
1136 | "eu-central-1": endpoint{}, | 1239 | "ca-central-1-fips": endpoint{ |
1137 | "eu-north-1": endpoint{}, | 1240 | Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", |
1138 | "eu-west-1": endpoint{}, | 1241 | CredentialScope: credentialScope{ |
1139 | "eu-west-2": endpoint{}, | 1242 | Region: "ca-central-1", |
1140 | "eu-west-3": endpoint{}, | 1243 | }, |
1244 | }, | ||
1245 | "eu-central-1": endpoint{}, | ||
1246 | "eu-north-1": endpoint{}, | ||
1247 | "eu-west-1": endpoint{}, | ||
1248 | "eu-west-2": endpoint{}, | ||
1249 | "eu-west-3": endpoint{}, | ||
1141 | "local": endpoint{ | 1250 | "local": endpoint{ |
1142 | Hostname: "localhost:8000", | 1251 | Hostname: "localhost:8000", |
1143 | Protocols: []string{"http"}, | 1252 | Protocols: []string{"http"}, |
@@ -1145,11 +1254,36 @@ var awsPartition = partition{ | |||
1145 | Region: "us-east-1", | 1254 | Region: "us-east-1", |
1146 | }, | 1255 | }, |
1147 | }, | 1256 | }, |
1148 | "sa-east-1": endpoint{}, | 1257 | "me-south-1": endpoint{}, |
1149 | "us-east-1": endpoint{}, | 1258 | "sa-east-1": endpoint{}, |
1259 | "us-east-1": endpoint{}, | ||
1260 | "us-east-1-fips": endpoint{ | ||
1261 | Hostname: "dynamodb-fips.us-east-1.amazonaws.com", | ||
1262 | CredentialScope: credentialScope{ | ||
1263 | Region: "us-east-1", | ||
1264 | }, | ||
1265 | }, | ||
1150 | "us-east-2": endpoint{}, | 1266 | "us-east-2": endpoint{}, |
1267 | "us-east-2-fips": endpoint{ | ||
1268 | Hostname: "dynamodb-fips.us-east-2.amazonaws.com", | ||
1269 | CredentialScope: credentialScope{ | ||
1270 | Region: "us-east-2", | ||
1271 | }, | ||
1272 | }, | ||
1151 | "us-west-1": endpoint{}, | 1273 | "us-west-1": endpoint{}, |
1274 | "us-west-1-fips": endpoint{ | ||
1275 | Hostname: "dynamodb-fips.us-west-1.amazonaws.com", | ||
1276 | CredentialScope: credentialScope{ | ||
1277 | Region: "us-west-1", | ||
1278 | }, | ||
1279 | }, | ||
1152 | "us-west-2": endpoint{}, | 1280 | "us-west-2": endpoint{}, |
1281 | "us-west-2-fips": endpoint{ | ||
1282 | Hostname: "dynamodb-fips.us-west-2.amazonaws.com", | ||
1283 | CredentialScope: credentialScope{ | ||
1284 | Region: "us-west-2", | ||
1285 | }, | ||
1286 | }, | ||
1153 | }, | 1287 | }, |
1154 | }, | 1288 | }, |
1155 | "ec2": service{ | 1289 | "ec2": service{ |
@@ -1169,6 +1303,7 @@ var awsPartition = partition{ | |||
1169 | "eu-west-1": endpoint{}, | 1303 | "eu-west-1": endpoint{}, |
1170 | "eu-west-2": endpoint{}, | 1304 | "eu-west-2": endpoint{}, |
1171 | "eu-west-3": endpoint{}, | 1305 | "eu-west-3": endpoint{}, |
1306 | "me-south-1": endpoint{}, | ||
1172 | "sa-east-1": endpoint{}, | 1307 | "sa-east-1": endpoint{}, |
1173 | "us-east-1": endpoint{}, | 1308 | "us-east-1": endpoint{}, |
1174 | "us-east-2": endpoint{}, | 1309 | "us-east-2": endpoint{}, |
@@ -1202,6 +1337,7 @@ var awsPartition = partition{ | |||
1202 | "eu-west-1": endpoint{}, | 1337 | "eu-west-1": endpoint{}, |
1203 | "eu-west-2": endpoint{}, | 1338 | "eu-west-2": endpoint{}, |
1204 | "eu-west-3": endpoint{}, | 1339 | "eu-west-3": endpoint{}, |
1340 | "me-south-1": endpoint{}, | ||
1205 | "sa-east-1": endpoint{}, | 1341 | "sa-east-1": endpoint{}, |
1206 | "us-east-1": endpoint{}, | 1342 | "us-east-1": endpoint{}, |
1207 | "us-east-2": endpoint{}, | 1343 | "us-east-2": endpoint{}, |
@@ -1230,16 +1366,18 @@ var awsPartition = partition{ | |||
1230 | Region: "us-west-1", | 1366 | Region: "us-west-1", |
1231 | }, | 1367 | }, |
1232 | }, | 1368 | }, |
1233 | "sa-east-1": endpoint{}, | 1369 | "me-south-1": endpoint{}, |
1234 | "us-east-1": endpoint{}, | 1370 | "sa-east-1": endpoint{}, |
1235 | "us-east-2": endpoint{}, | 1371 | "us-east-1": endpoint{}, |
1236 | "us-west-1": endpoint{}, | 1372 | "us-east-2": endpoint{}, |
1237 | "us-west-2": endpoint{}, | 1373 | "us-west-1": endpoint{}, |
1374 | "us-west-2": endpoint{}, | ||
1238 | }, | 1375 | }, |
1239 | }, | 1376 | }, |
1240 | "elasticbeanstalk": service{ | 1377 | "elasticbeanstalk": service{ |
1241 | 1378 | ||
1242 | Endpoints: endpoints{ | 1379 | Endpoints: endpoints{ |
1380 | "ap-east-1": endpoint{}, | ||
1243 | "ap-northeast-1": endpoint{}, | 1381 | "ap-northeast-1": endpoint{}, |
1244 | "ap-northeast-2": endpoint{}, | 1382 | "ap-northeast-2": endpoint{}, |
1245 | "ap-south-1": endpoint{}, | 1383 | "ap-south-1": endpoint{}, |
@@ -1251,6 +1389,7 @@ var awsPartition = partition{ | |||
1251 | "eu-west-1": endpoint{}, | 1389 | "eu-west-1": endpoint{}, |
1252 | "eu-west-2": endpoint{}, | 1390 | "eu-west-2": endpoint{}, |
1253 | "eu-west-3": endpoint{}, | 1391 | "eu-west-3": endpoint{}, |
1392 | "me-south-1": endpoint{}, | ||
1254 | "sa-east-1": endpoint{}, | 1393 | "sa-east-1": endpoint{}, |
1255 | "us-east-1": endpoint{}, | 1394 | "us-east-1": endpoint{}, |
1256 | "us-east-2": endpoint{}, | 1395 | "us-east-2": endpoint{}, |
@@ -1263,11 +1402,14 @@ var awsPartition = partition{ | |||
1263 | Endpoints: endpoints{ | 1402 | Endpoints: endpoints{ |
1264 | "ap-northeast-1": endpoint{}, | 1403 | "ap-northeast-1": endpoint{}, |
1265 | "ap-northeast-2": endpoint{}, | 1404 | "ap-northeast-2": endpoint{}, |
1405 | "ap-south-1": endpoint{}, | ||
1266 | "ap-southeast-1": endpoint{}, | 1406 | "ap-southeast-1": endpoint{}, |
1267 | "ap-southeast-2": endpoint{}, | 1407 | "ap-southeast-2": endpoint{}, |
1408 | "ca-central-1": endpoint{}, | ||
1268 | "eu-central-1": endpoint{}, | 1409 | "eu-central-1": endpoint{}, |
1269 | "eu-west-1": endpoint{}, | 1410 | "eu-west-1": endpoint{}, |
1270 | "eu-west-2": endpoint{}, | 1411 | "eu-west-2": endpoint{}, |
1412 | "eu-west-3": endpoint{}, | ||
1271 | "us-east-1": endpoint{}, | 1413 | "us-east-1": endpoint{}, |
1272 | "us-east-2": endpoint{}, | 1414 | "us-east-2": endpoint{}, |
1273 | "us-west-1": endpoint{}, | 1415 | "us-west-1": endpoint{}, |
@@ -1291,6 +1433,7 @@ var awsPartition = partition{ | |||
1291 | "eu-west-1": endpoint{}, | 1433 | "eu-west-1": endpoint{}, |
1292 | "eu-west-2": endpoint{}, | 1434 | "eu-west-2": endpoint{}, |
1293 | "eu-west-3": endpoint{}, | 1435 | "eu-west-3": endpoint{}, |
1436 | "me-south-1": endpoint{}, | ||
1294 | "sa-east-1": endpoint{}, | 1437 | "sa-east-1": endpoint{}, |
1295 | "us-east-1": endpoint{}, | 1438 | "us-east-1": endpoint{}, |
1296 | "us-east-2": endpoint{}, | 1439 | "us-east-2": endpoint{}, |
@@ -1318,6 +1461,7 @@ var awsPartition = partition{ | |||
1318 | "eu-west-1": endpoint{}, | 1461 | "eu-west-1": endpoint{}, |
1319 | "eu-west-2": endpoint{}, | 1462 | "eu-west-2": endpoint{}, |
1320 | "eu-west-3": endpoint{}, | 1463 | "eu-west-3": endpoint{}, |
1464 | "me-south-1": endpoint{}, | ||
1321 | "sa-east-1": endpoint{}, | 1465 | "sa-east-1": endpoint{}, |
1322 | "us-east-1": endpoint{ | 1466 | "us-east-1": endpoint{ |
1323 | SSLCommonName: "{service}.{region}.{dnsSuffix}", | 1467 | SSLCommonName: "{service}.{region}.{dnsSuffix}", |
@@ -1343,10 +1487,12 @@ var awsPartition = partition{ | |||
1343 | "email": service{ | 1487 | "email": service{ |
1344 | 1488 | ||
1345 | Endpoints: endpoints{ | 1489 | Endpoints: endpoints{ |
1346 | "eu-central-1": endpoint{}, | 1490 | "ap-south-1": endpoint{}, |
1347 | "eu-west-1": endpoint{}, | 1491 | "ap-southeast-2": endpoint{}, |
1348 | "us-east-1": endpoint{}, | 1492 | "eu-central-1": endpoint{}, |
1349 | "us-west-2": endpoint{}, | 1493 | "eu-west-1": endpoint{}, |
1494 | "us-east-1": endpoint{}, | ||
1495 | "us-west-2": endpoint{}, | ||
1350 | }, | 1496 | }, |
1351 | }, | 1497 | }, |
1352 | "entitlement.marketplace": service{ | 1498 | "entitlement.marketplace": service{ |
@@ -1402,6 +1548,7 @@ var awsPartition = partition{ | |||
1402 | "eu-west-1": endpoint{}, | 1548 | "eu-west-1": endpoint{}, |
1403 | "eu-west-2": endpoint{}, | 1549 | "eu-west-2": endpoint{}, |
1404 | "eu-west-3": endpoint{}, | 1550 | "eu-west-3": endpoint{}, |
1551 | "me-south-1": endpoint{}, | ||
1405 | "sa-east-1": endpoint{}, | 1552 | "sa-east-1": endpoint{}, |
1406 | "us-east-1": endpoint{}, | 1553 | "us-east-1": endpoint{}, |
1407 | "us-east-2": endpoint{}, | 1554 | "us-east-2": endpoint{}, |
@@ -1419,6 +1566,7 @@ var awsPartition = partition{ | |||
1419 | "ap-southeast-2": endpoint{}, | 1566 | "ap-southeast-2": endpoint{}, |
1420 | "ca-central-1": endpoint{}, | 1567 | "ca-central-1": endpoint{}, |
1421 | "eu-central-1": endpoint{}, | 1568 | "eu-central-1": endpoint{}, |
1569 | "eu-north-1": endpoint{}, | ||
1422 | "eu-west-1": endpoint{}, | 1570 | "eu-west-1": endpoint{}, |
1423 | "eu-west-2": endpoint{}, | 1571 | "eu-west-2": endpoint{}, |
1424 | "eu-west-3": endpoint{}, | 1572 | "eu-west-3": endpoint{}, |
@@ -1435,11 +1583,15 @@ var awsPartition = partition{ | |||
1435 | }, | 1583 | }, |
1436 | Endpoints: endpoints{ | 1584 | Endpoints: endpoints{ |
1437 | "ap-northeast-1": endpoint{}, | 1585 | "ap-northeast-1": endpoint{}, |
1586 | "ap-northeast-2": endpoint{}, | ||
1587 | "ap-southeast-1": endpoint{}, | ||
1438 | "ap-southeast-2": endpoint{}, | 1588 | "ap-southeast-2": endpoint{}, |
1439 | "eu-central-1": endpoint{}, | 1589 | "eu-central-1": endpoint{}, |
1440 | "eu-west-1": endpoint{}, | 1590 | "eu-west-1": endpoint{}, |
1591 | "eu-west-2": endpoint{}, | ||
1441 | "us-east-1": endpoint{}, | 1592 | "us-east-1": endpoint{}, |
1442 | "us-east-2": endpoint{}, | 1593 | "us-east-2": endpoint{}, |
1594 | "us-west-1": endpoint{}, | ||
1443 | "us-west-2": endpoint{}, | 1595 | "us-west-2": endpoint{}, |
1444 | }, | 1596 | }, |
1445 | }, | 1597 | }, |
@@ -1447,10 +1599,14 @@ var awsPartition = partition{ | |||
1447 | 1599 | ||
1448 | Endpoints: endpoints{ | 1600 | Endpoints: endpoints{ |
1449 | "ap-northeast-1": endpoint{}, | 1601 | "ap-northeast-1": endpoint{}, |
1602 | "ap-southeast-1": endpoint{}, | ||
1450 | "ap-southeast-2": endpoint{}, | 1603 | "ap-southeast-2": endpoint{}, |
1604 | "eu-central-1": endpoint{}, | ||
1451 | "eu-west-1": endpoint{}, | 1605 | "eu-west-1": endpoint{}, |
1606 | "eu-west-2": endpoint{}, | ||
1452 | "us-east-1": endpoint{}, | 1607 | "us-east-1": endpoint{}, |
1453 | "us-east-2": endpoint{}, | 1608 | "us-east-2": endpoint{}, |
1609 | "us-west-1": endpoint{}, | ||
1454 | "us-west-2": endpoint{}, | 1610 | "us-west-2": endpoint{}, |
1455 | }, | 1611 | }, |
1456 | }, | 1612 | }, |
@@ -1490,6 +1646,7 @@ var awsPartition = partition{ | |||
1490 | "eu-west-1": endpoint{}, | 1646 | "eu-west-1": endpoint{}, |
1491 | "eu-west-2": endpoint{}, | 1647 | "eu-west-2": endpoint{}, |
1492 | "eu-west-3": endpoint{}, | 1648 | "eu-west-3": endpoint{}, |
1649 | "me-south-1": endpoint{}, | ||
1493 | "sa-east-1": endpoint{}, | 1650 | "sa-east-1": endpoint{}, |
1494 | "us-east-1": endpoint{}, | 1651 | "us-east-1": endpoint{}, |
1495 | "us-east-2": endpoint{}, | 1652 | "us-east-2": endpoint{}, |
@@ -1500,6 +1657,7 @@ var awsPartition = partition{ | |||
1500 | "glue": service{ | 1657 | "glue": service{ |
1501 | 1658 | ||
1502 | Endpoints: endpoints{ | 1659 | Endpoints: endpoints{ |
1660 | "ap-east-1": endpoint{}, | ||
1503 | "ap-northeast-1": endpoint{}, | 1661 | "ap-northeast-1": endpoint{}, |
1504 | "ap-northeast-2": endpoint{}, | 1662 | "ap-northeast-2": endpoint{}, |
1505 | "ap-south-1": endpoint{}, | 1663 | "ap-south-1": endpoint{}, |
@@ -1507,9 +1665,11 @@ var awsPartition = partition{ | |||
1507 | "ap-southeast-2": endpoint{}, | 1665 | "ap-southeast-2": endpoint{}, |
1508 | "ca-central-1": endpoint{}, | 1666 | "ca-central-1": endpoint{}, |
1509 | "eu-central-1": endpoint{}, | 1667 | "eu-central-1": endpoint{}, |
1668 | "eu-north-1": endpoint{}, | ||
1510 | "eu-west-1": endpoint{}, | 1669 | "eu-west-1": endpoint{}, |
1511 | "eu-west-2": endpoint{}, | 1670 | "eu-west-2": endpoint{}, |
1512 | "eu-west-3": endpoint{}, | 1671 | "eu-west-3": endpoint{}, |
1672 | "sa-east-1": endpoint{}, | ||
1513 | "us-east-1": endpoint{}, | 1673 | "us-east-1": endpoint{}, |
1514 | "us-east-2": endpoint{}, | 1674 | "us-east-2": endpoint{}, |
1515 | "us-west-1": endpoint{}, | 1675 | "us-west-1": endpoint{}, |
@@ -1523,19 +1683,32 @@ var awsPartition = partition{ | |||
1523 | }, | 1683 | }, |
1524 | Endpoints: endpoints{ | 1684 | Endpoints: endpoints{ |
1525 | "ap-northeast-1": endpoint{}, | 1685 | "ap-northeast-1": endpoint{}, |
1686 | "ap-northeast-2": endpoint{}, | ||
1687 | "ap-south-1": endpoint{}, | ||
1688 | "ap-southeast-1": endpoint{}, | ||
1526 | "ap-southeast-2": endpoint{}, | 1689 | "ap-southeast-2": endpoint{}, |
1527 | "eu-central-1": endpoint{}, | 1690 | "eu-central-1": endpoint{}, |
1528 | "eu-west-1": endpoint{}, | 1691 | "eu-west-1": endpoint{}, |
1692 | "eu-west-2": endpoint{}, | ||
1529 | "us-east-1": endpoint{}, | 1693 | "us-east-1": endpoint{}, |
1694 | "us-east-2": endpoint{}, | ||
1530 | "us-west-2": endpoint{}, | 1695 | "us-west-2": endpoint{}, |
1531 | }, | 1696 | }, |
1532 | }, | 1697 | }, |
1698 | "groundstation": service{ | ||
1699 | |||
1700 | Endpoints: endpoints{ | ||
1701 | "us-east-2": endpoint{}, | ||
1702 | "us-west-2": endpoint{}, | ||
1703 | }, | ||
1704 | }, | ||
1533 | "guardduty": service{ | 1705 | "guardduty": service{ |
1534 | IsRegionalized: boxedTrue, | 1706 | IsRegionalized: boxedTrue, |
1535 | Defaults: endpoint{ | 1707 | Defaults: endpoint{ |
1536 | Protocols: []string{"https"}, | 1708 | Protocols: []string{"https"}, |
1537 | }, | 1709 | }, |
1538 | Endpoints: endpoints{ | 1710 | Endpoints: endpoints{ |
1711 | "ap-east-1": endpoint{}, | ||
1539 | "ap-northeast-1": endpoint{}, | 1712 | "ap-northeast-1": endpoint{}, |
1540 | "ap-northeast-2": endpoint{}, | 1713 | "ap-northeast-2": endpoint{}, |
1541 | "ap-south-1": endpoint{}, | 1714 | "ap-south-1": endpoint{}, |
@@ -1543,6 +1716,7 @@ var awsPartition = partition{ | |||
1543 | "ap-southeast-2": endpoint{}, | 1716 | "ap-southeast-2": endpoint{}, |
1544 | "ca-central-1": endpoint{}, | 1717 | "ca-central-1": endpoint{}, |
1545 | "eu-central-1": endpoint{}, | 1718 | "eu-central-1": endpoint{}, |
1719 | "eu-north-1": endpoint{}, | ||
1546 | "eu-west-1": endpoint{}, | 1720 | "eu-west-1": endpoint{}, |
1547 | "eu-west-2": endpoint{}, | 1721 | "eu-west-2": endpoint{}, |
1548 | "eu-west-3": endpoint{}, | 1722 | "eu-west-3": endpoint{}, |
@@ -1595,7 +1769,9 @@ var awsPartition = partition{ | |||
1595 | "ap-south-1": endpoint{}, | 1769 | "ap-south-1": endpoint{}, |
1596 | "ap-southeast-2": endpoint{}, | 1770 | "ap-southeast-2": endpoint{}, |
1597 | "eu-central-1": endpoint{}, | 1771 | "eu-central-1": endpoint{}, |
1772 | "eu-north-1": endpoint{}, | ||
1598 | "eu-west-1": endpoint{}, | 1773 | "eu-west-1": endpoint{}, |
1774 | "eu-west-2": endpoint{}, | ||
1599 | "us-east-1": endpoint{}, | 1775 | "us-east-1": endpoint{}, |
1600 | "us-east-2": endpoint{}, | 1776 | "us-east-2": endpoint{}, |
1601 | "us-west-1": endpoint{}, | 1777 | "us-west-1": endpoint{}, |
@@ -1614,11 +1790,16 @@ var awsPartition = partition{ | |||
1614 | "ap-south-1": endpoint{}, | 1790 | "ap-south-1": endpoint{}, |
1615 | "ap-southeast-1": endpoint{}, | 1791 | "ap-southeast-1": endpoint{}, |
1616 | "ap-southeast-2": endpoint{}, | 1792 | "ap-southeast-2": endpoint{}, |
1793 | "ca-central-1": endpoint{}, | ||
1617 | "eu-central-1": endpoint{}, | 1794 | "eu-central-1": endpoint{}, |
1795 | "eu-north-1": endpoint{}, | ||
1618 | "eu-west-1": endpoint{}, | 1796 | "eu-west-1": endpoint{}, |
1619 | "eu-west-2": endpoint{}, | 1797 | "eu-west-2": endpoint{}, |
1798 | "eu-west-3": endpoint{}, | ||
1799 | "sa-east-1": endpoint{}, | ||
1620 | "us-east-1": endpoint{}, | 1800 | "us-east-1": endpoint{}, |
1621 | "us-east-2": endpoint{}, | 1801 | "us-east-2": endpoint{}, |
1802 | "us-west-1": endpoint{}, | ||
1622 | "us-west-2": endpoint{}, | 1803 | "us-west-2": endpoint{}, |
1623 | }, | 1804 | }, |
1624 | }, | 1805 | }, |
@@ -1633,6 +1814,95 @@ var awsPartition = partition{ | |||
1633 | "us-west-2": endpoint{}, | 1814 | "us-west-2": endpoint{}, |
1634 | }, | 1815 | }, |
1635 | }, | 1816 | }, |
1817 | "iotevents": service{ | ||
1818 | |||
1819 | Endpoints: endpoints{ | ||
1820 | "ap-northeast-1": endpoint{}, | ||
1821 | "ap-southeast-2": endpoint{}, | ||
1822 | "eu-central-1": endpoint{}, | ||
1823 | "eu-west-1": endpoint{}, | ||
1824 | "us-east-1": endpoint{}, | ||
1825 | "us-east-2": endpoint{}, | ||
1826 | "us-west-2": endpoint{}, | ||
1827 | }, | ||
1828 | }, | ||
1829 | "ioteventsdata": service{ | ||
1830 | |||
1831 | Endpoints: endpoints{ | ||
1832 | "ap-northeast-1": endpoint{ | ||
1833 | Hostname: "data.iotevents.ap-northeast-1.amazonaws.com", | ||
1834 | CredentialScope: credentialScope{ | ||
1835 | Region: "ap-northeast-1", | ||
1836 | }, | ||
1837 | }, | ||
1838 | "ap-southeast-2": endpoint{ | ||
1839 | Hostname: "data.iotevents.ap-southeast-2.amazonaws.com", | ||
1840 | CredentialScope: credentialScope{ | ||
1841 | Region: "ap-southeast-2", | ||
1842 | }, | ||
1843 | }, | ||
1844 | "eu-central-1": endpoint{ | ||
1845 | Hostname: "data.iotevents.eu-central-1.amazonaws.com", | ||
1846 | CredentialScope: credentialScope{ | ||
1847 | Region: "eu-central-1", | ||
1848 | }, | ||
1849 | }, | ||
1850 | "eu-west-1": endpoint{ | ||
1851 | Hostname: "data.iotevents.eu-west-1.amazonaws.com", | ||
1852 | CredentialScope: credentialScope{ | ||
1853 | Region: "eu-west-1", | ||
1854 | }, | ||
1855 | }, | ||
1856 | "us-east-1": endpoint{ | ||
1857 | Hostname: "data.iotevents.us-east-1.amazonaws.com", | ||
1858 | CredentialScope: credentialScope{ | ||
1859 | Region: "us-east-1", | ||
1860 | }, | ||
1861 | }, | ||
1862 | "us-east-2": endpoint{ | ||
1863 | Hostname: "data.iotevents.us-east-2.amazonaws.com", | ||
1864 | CredentialScope: credentialScope{ | ||
1865 | Region: "us-east-2", | ||
1866 | }, | ||
1867 | }, | ||
1868 | "us-west-2": endpoint{ | ||
1869 | Hostname: "data.iotevents.us-west-2.amazonaws.com", | ||
1870 | CredentialScope: credentialScope{ | ||
1871 | Region: "us-west-2", | ||
1872 | }, | ||
1873 | }, | ||
1874 | }, | ||
1875 | }, | ||
1876 | "iotthingsgraph": service{ | ||
1877 | Defaults: endpoint{ | ||
1878 | CredentialScope: credentialScope{ | ||
1879 | Service: "iotthingsgraph", | ||
1880 | }, | ||
1881 | }, | ||
1882 | Endpoints: endpoints{ | ||
1883 | "ap-northeast-1": endpoint{}, | ||
1884 | "ap-southeast-2": endpoint{}, | ||
1885 | "eu-west-1": endpoint{}, | ||
1886 | "us-east-1": endpoint{}, | ||
1887 | "us-west-2": endpoint{}, | ||
1888 | }, | ||
1889 | }, | ||
1890 | "kafka": service{ | ||
1891 | |||
1892 | Endpoints: endpoints{ | ||
1893 | "ap-northeast-1": endpoint{}, | ||
1894 | "ap-southeast-1": endpoint{}, | ||
1895 | "ap-southeast-2": endpoint{}, | ||
1896 | "eu-central-1": endpoint{}, | ||
1897 | "eu-north-1": endpoint{}, | ||
1898 | "eu-west-1": endpoint{}, | ||
1899 | "eu-west-2": endpoint{}, | ||
1900 | "eu-west-3": endpoint{}, | ||
1901 | "us-east-1": endpoint{}, | ||
1902 | "us-east-2": endpoint{}, | ||
1903 | "us-west-2": endpoint{}, | ||
1904 | }, | ||
1905 | }, | ||
1636 | "kinesis": service{ | 1906 | "kinesis": service{ |
1637 | 1907 | ||
1638 | Endpoints: endpoints{ | 1908 | Endpoints: endpoints{ |
@@ -1648,6 +1918,7 @@ var awsPartition = partition{ | |||
1648 | "eu-west-1": endpoint{}, | 1918 | "eu-west-1": endpoint{}, |
1649 | "eu-west-2": endpoint{}, | 1919 | "eu-west-2": endpoint{}, |
1650 | "eu-west-3": endpoint{}, | 1920 | "eu-west-3": endpoint{}, |
1921 | "me-south-1": endpoint{}, | ||
1651 | "sa-east-1": endpoint{}, | 1922 | "sa-east-1": endpoint{}, |
1652 | "us-east-1": endpoint{}, | 1923 | "us-east-1": endpoint{}, |
1653 | "us-east-2": endpoint{}, | 1924 | "us-east-2": endpoint{}, |
@@ -1658,11 +1929,16 @@ var awsPartition = partition{ | |||
1658 | "kinesisanalytics": service{ | 1929 | "kinesisanalytics": service{ |
1659 | 1930 | ||
1660 | Endpoints: endpoints{ | 1931 | Endpoints: endpoints{ |
1661 | "eu-central-1": endpoint{}, | 1932 | "ap-northeast-1": endpoint{}, |
1662 | "eu-west-1": endpoint{}, | 1933 | "ap-northeast-2": endpoint{}, |
1663 | "us-east-1": endpoint{}, | 1934 | "ap-southeast-1": endpoint{}, |
1664 | "us-east-2": endpoint{}, | 1935 | "ap-southeast-2": endpoint{}, |
1665 | "us-west-2": endpoint{}, | 1936 | "eu-central-1": endpoint{}, |
1937 | "eu-west-1": endpoint{}, | ||
1938 | "eu-west-2": endpoint{}, | ||
1939 | "us-east-1": endpoint{}, | ||
1940 | "us-east-2": endpoint{}, | ||
1941 | "us-west-2": endpoint{}, | ||
1666 | }, | 1942 | }, |
1667 | }, | 1943 | }, |
1668 | "kinesisvideo": service{ | 1944 | "kinesisvideo": service{ |
@@ -1679,12 +1955,6 @@ var awsPartition = partition{ | |||
1679 | "kms": service{ | 1955 | "kms": service{ |
1680 | 1956 | ||
1681 | Endpoints: endpoints{ | 1957 | Endpoints: endpoints{ |
1682 | "ProdFips": endpoint{ | ||
1683 | Hostname: "kms-fips.ca-central-1.amazonaws.com", | ||
1684 | CredentialScope: credentialScope{ | ||
1685 | Region: "ca-central-1", | ||
1686 | }, | ||
1687 | }, | ||
1688 | "ap-east-1": endpoint{}, | 1958 | "ap-east-1": endpoint{}, |
1689 | "ap-northeast-1": endpoint{}, | 1959 | "ap-northeast-1": endpoint{}, |
1690 | "ap-northeast-2": endpoint{}, | 1960 | "ap-northeast-2": endpoint{}, |
@@ -1697,6 +1967,7 @@ var awsPartition = partition{ | |||
1697 | "eu-west-1": endpoint{}, | 1967 | "eu-west-1": endpoint{}, |
1698 | "eu-west-2": endpoint{}, | 1968 | "eu-west-2": endpoint{}, |
1699 | "eu-west-3": endpoint{}, | 1969 | "eu-west-3": endpoint{}, |
1970 | "me-south-1": endpoint{}, | ||
1700 | "sa-east-1": endpoint{}, | 1971 | "sa-east-1": endpoint{}, |
1701 | "us-east-1": endpoint{}, | 1972 | "us-east-1": endpoint{}, |
1702 | "us-east-2": endpoint{}, | 1973 | "us-east-2": endpoint{}, |
@@ -1719,6 +1990,7 @@ var awsPartition = partition{ | |||
1719 | "eu-west-1": endpoint{}, | 1990 | "eu-west-1": endpoint{}, |
1720 | "eu-west-2": endpoint{}, | 1991 | "eu-west-2": endpoint{}, |
1721 | "eu-west-3": endpoint{}, | 1992 | "eu-west-3": endpoint{}, |
1993 | "me-south-1": endpoint{}, | ||
1722 | "sa-east-1": endpoint{}, | 1994 | "sa-east-1": endpoint{}, |
1723 | "us-east-1": endpoint{}, | 1995 | "us-east-1": endpoint{}, |
1724 | "us-east-2": endpoint{}, | 1996 | "us-east-2": endpoint{}, |
@@ -1729,16 +2001,22 @@ var awsPartition = partition{ | |||
1729 | "license-manager": service{ | 2001 | "license-manager": service{ |
1730 | 2002 | ||
1731 | Endpoints: endpoints{ | 2003 | Endpoints: endpoints{ |
2004 | "ap-east-1": endpoint{}, | ||
1732 | "ap-northeast-1": endpoint{}, | 2005 | "ap-northeast-1": endpoint{}, |
1733 | "ap-northeast-2": endpoint{}, | 2006 | "ap-northeast-2": endpoint{}, |
1734 | "ap-south-1": endpoint{}, | 2007 | "ap-south-1": endpoint{}, |
1735 | "ap-southeast-1": endpoint{}, | 2008 | "ap-southeast-1": endpoint{}, |
1736 | "ap-southeast-2": endpoint{}, | 2009 | "ap-southeast-2": endpoint{}, |
2010 | "ca-central-1": endpoint{}, | ||
1737 | "eu-central-1": endpoint{}, | 2011 | "eu-central-1": endpoint{}, |
2012 | "eu-north-1": endpoint{}, | ||
1738 | "eu-west-1": endpoint{}, | 2013 | "eu-west-1": endpoint{}, |
1739 | "eu-west-2": endpoint{}, | 2014 | "eu-west-2": endpoint{}, |
2015 | "eu-west-3": endpoint{}, | ||
2016 | "sa-east-1": endpoint{}, | ||
1740 | "us-east-1": endpoint{}, | 2017 | "us-east-1": endpoint{}, |
1741 | "us-east-2": endpoint{}, | 2018 | "us-east-2": endpoint{}, |
2019 | "us-west-1": endpoint{}, | ||
1742 | "us-west-2": endpoint{}, | 2020 | "us-west-2": endpoint{}, |
1743 | }, | 2021 | }, |
1744 | }, | 2022 | }, |
@@ -1775,6 +2053,7 @@ var awsPartition = partition{ | |||
1775 | "eu-west-1": endpoint{}, | 2053 | "eu-west-1": endpoint{}, |
1776 | "eu-west-2": endpoint{}, | 2054 | "eu-west-2": endpoint{}, |
1777 | "eu-west-3": endpoint{}, | 2055 | "eu-west-3": endpoint{}, |
2056 | "me-south-1": endpoint{}, | ||
1778 | "sa-east-1": endpoint{}, | 2057 | "sa-east-1": endpoint{}, |
1779 | "us-east-1": endpoint{}, | 2058 | "us-east-1": endpoint{}, |
1780 | "us-east-2": endpoint{}, | 2059 | "us-east-2": endpoint{}, |
@@ -1843,6 +2122,7 @@ var awsPartition = partition{ | |||
1843 | "ap-southeast-1": endpoint{}, | 2122 | "ap-southeast-1": endpoint{}, |
1844 | "ap-southeast-2": endpoint{}, | 2123 | "ap-southeast-2": endpoint{}, |
1845 | "eu-central-1": endpoint{}, | 2124 | "eu-central-1": endpoint{}, |
2125 | "eu-north-1": endpoint{}, | ||
1846 | "eu-west-1": endpoint{}, | 2126 | "eu-west-1": endpoint{}, |
1847 | "sa-east-1": endpoint{}, | 2127 | "sa-east-1": endpoint{}, |
1848 | "us-east-1": endpoint{}, | 2128 | "us-east-1": endpoint{}, |
@@ -1873,6 +2153,7 @@ var awsPartition = partition{ | |||
1873 | "ap-northeast-2": endpoint{}, | 2153 | "ap-northeast-2": endpoint{}, |
1874 | "ap-southeast-2": endpoint{}, | 2154 | "ap-southeast-2": endpoint{}, |
1875 | "eu-central-1": endpoint{}, | 2155 | "eu-central-1": endpoint{}, |
2156 | "eu-north-1": endpoint{}, | ||
1876 | "eu-west-1": endpoint{}, | 2157 | "eu-west-1": endpoint{}, |
1877 | "us-east-1": endpoint{}, | 2158 | "us-east-1": endpoint{}, |
1878 | "us-west-2": endpoint{}, | 2159 | "us-west-2": endpoint{}, |
@@ -1945,6 +2226,7 @@ var awsPartition = partition{ | |||
1945 | "eu-west-1": endpoint{}, | 2226 | "eu-west-1": endpoint{}, |
1946 | "eu-west-2": endpoint{}, | 2227 | "eu-west-2": endpoint{}, |
1947 | "eu-west-3": endpoint{}, | 2228 | "eu-west-3": endpoint{}, |
2229 | "me-south-1": endpoint{}, | ||
1948 | "sa-east-1": endpoint{}, | 2230 | "sa-east-1": endpoint{}, |
1949 | "us-east-1": endpoint{}, | 2231 | "us-east-1": endpoint{}, |
1950 | "us-east-2": endpoint{}, | 2232 | "us-east-2": endpoint{}, |
@@ -1957,11 +2239,14 @@ var awsPartition = partition{ | |||
1957 | Endpoints: endpoints{ | 2239 | Endpoints: endpoints{ |
1958 | "ap-northeast-1": endpoint{}, | 2240 | "ap-northeast-1": endpoint{}, |
1959 | "ap-northeast-2": endpoint{}, | 2241 | "ap-northeast-2": endpoint{}, |
2242 | "ap-south-1": endpoint{}, | ||
1960 | "ap-southeast-1": endpoint{}, | 2243 | "ap-southeast-1": endpoint{}, |
1961 | "ap-southeast-2": endpoint{}, | 2244 | "ap-southeast-2": endpoint{}, |
2245 | "ca-central-1": endpoint{}, | ||
1962 | "eu-central-1": endpoint{}, | 2246 | "eu-central-1": endpoint{}, |
1963 | "eu-west-1": endpoint{}, | 2247 | "eu-west-1": endpoint{}, |
1964 | "eu-west-2": endpoint{}, | 2248 | "eu-west-2": endpoint{}, |
2249 | "eu-west-3": endpoint{}, | ||
1965 | "us-east-1": endpoint{}, | 2250 | "us-east-1": endpoint{}, |
1966 | "us-east-2": endpoint{}, | 2251 | "us-east-2": endpoint{}, |
1967 | "us-west-1": endpoint{}, | 2252 | "us-west-1": endpoint{}, |
@@ -1987,6 +2272,12 @@ var awsPartition = partition{ | |||
1987 | Region: "ap-northeast-1", | 2272 | Region: "ap-northeast-1", |
1988 | }, | 2273 | }, |
1989 | }, | 2274 | }, |
2275 | "ap-northeast-2": endpoint{ | ||
2276 | Hostname: "rds.ap-northeast-2.amazonaws.com", | ||
2277 | CredentialScope: credentialScope{ | ||
2278 | Region: "ap-northeast-2", | ||
2279 | }, | ||
2280 | }, | ||
1990 | "ap-south-1": endpoint{ | 2281 | "ap-south-1": endpoint{ |
1991 | Hostname: "rds.ap-south-1.amazonaws.com", | 2282 | Hostname: "rds.ap-south-1.amazonaws.com", |
1992 | CredentialScope: credentialScope{ | 2283 | CredentialScope: credentialScope{ |
@@ -2011,6 +2302,12 @@ var awsPartition = partition{ | |||
2011 | Region: "eu-central-1", | 2302 | Region: "eu-central-1", |
2012 | }, | 2303 | }, |
2013 | }, | 2304 | }, |
2305 | "eu-north-1": endpoint{ | ||
2306 | Hostname: "rds.eu-north-1.amazonaws.com", | ||
2307 | CredentialScope: credentialScope{ | ||
2308 | Region: "eu-north-1", | ||
2309 | }, | ||
2310 | }, | ||
2014 | "eu-west-1": endpoint{ | 2311 | "eu-west-1": endpoint{ |
2015 | Hostname: "rds.eu-west-1.amazonaws.com", | 2312 | Hostname: "rds.eu-west-1.amazonaws.com", |
2016 | CredentialScope: credentialScope{ | 2313 | CredentialScope: credentialScope{ |
@@ -2126,6 +2423,38 @@ var awsPartition = partition{ | |||
2126 | "us-west-2": endpoint{}, | 2423 | "us-west-2": endpoint{}, |
2127 | }, | 2424 | }, |
2128 | }, | 2425 | }, |
2426 | "projects.iot1click": service{ | ||
2427 | |||
2428 | Endpoints: endpoints{ | ||
2429 | "ap-northeast-1": endpoint{}, | ||
2430 | "eu-central-1": endpoint{}, | ||
2431 | "eu-west-1": endpoint{}, | ||
2432 | "eu-west-2": endpoint{}, | ||
2433 | "us-east-1": endpoint{}, | ||
2434 | "us-east-2": endpoint{}, | ||
2435 | "us-west-2": endpoint{}, | ||
2436 | }, | ||
2437 | }, | ||
2438 | "ram": service{ | ||
2439 | |||
2440 | Endpoints: endpoints{ | ||
2441 | "ap-northeast-1": endpoint{}, | ||
2442 | "ap-northeast-2": endpoint{}, | ||
2443 | "ap-south-1": endpoint{}, | ||
2444 | "ap-southeast-1": endpoint{}, | ||
2445 | "ap-southeast-2": endpoint{}, | ||
2446 | "ca-central-1": endpoint{}, | ||
2447 | "eu-central-1": endpoint{}, | ||
2448 | "eu-north-1": endpoint{}, | ||
2449 | "eu-west-1": endpoint{}, | ||
2450 | "eu-west-2": endpoint{}, | ||
2451 | "eu-west-3": endpoint{}, | ||
2452 | "us-east-1": endpoint{}, | ||
2453 | "us-east-2": endpoint{}, | ||
2454 | "us-west-1": endpoint{}, | ||
2455 | "us-west-2": endpoint{}, | ||
2456 | }, | ||
2457 | }, | ||
2129 | "rds": service{ | 2458 | "rds": service{ |
2130 | 2459 | ||
2131 | Endpoints: endpoints{ | 2460 | Endpoints: endpoints{ |
@@ -2165,6 +2494,7 @@ var awsPartition = partition{ | |||
2165 | "eu-west-1": endpoint{}, | 2494 | "eu-west-1": endpoint{}, |
2166 | "eu-west-2": endpoint{}, | 2495 | "eu-west-2": endpoint{}, |
2167 | "eu-west-3": endpoint{}, | 2496 | "eu-west-3": endpoint{}, |
2497 | "me-south-1": endpoint{}, | ||
2168 | "sa-east-1": endpoint{}, | 2498 | "sa-east-1": endpoint{}, |
2169 | "us-east-1": endpoint{}, | 2499 | "us-east-1": endpoint{}, |
2170 | "us-east-2": endpoint{}, | 2500 | "us-east-2": endpoint{}, |
@@ -2178,10 +2508,14 @@ var awsPartition = partition{ | |||
2178 | "ap-northeast-1": endpoint{}, | 2508 | "ap-northeast-1": endpoint{}, |
2179 | "ap-northeast-2": endpoint{}, | 2509 | "ap-northeast-2": endpoint{}, |
2180 | "ap-south-1": endpoint{}, | 2510 | "ap-south-1": endpoint{}, |
2511 | "ap-southeast-1": endpoint{}, | ||
2181 | "ap-southeast-2": endpoint{}, | 2512 | "ap-southeast-2": endpoint{}, |
2513 | "eu-central-1": endpoint{}, | ||
2182 | "eu-west-1": endpoint{}, | 2514 | "eu-west-1": endpoint{}, |
2515 | "eu-west-2": endpoint{}, | ||
2183 | "us-east-1": endpoint{}, | 2516 | "us-east-1": endpoint{}, |
2184 | "us-east-2": endpoint{}, | 2517 | "us-east-2": endpoint{}, |
2518 | "us-west-1": endpoint{}, | ||
2185 | "us-west-2": endpoint{}, | 2519 | "us-west-2": endpoint{}, |
2186 | }, | 2520 | }, |
2187 | }, | 2521 | }, |
@@ -2200,6 +2534,7 @@ var awsPartition = partition{ | |||
2200 | "eu-west-1": endpoint{}, | 2534 | "eu-west-1": endpoint{}, |
2201 | "eu-west-2": endpoint{}, | 2535 | "eu-west-2": endpoint{}, |
2202 | "eu-west-3": endpoint{}, | 2536 | "eu-west-3": endpoint{}, |
2537 | "me-south-1": endpoint{}, | ||
2203 | "sa-east-1": endpoint{}, | 2538 | "sa-east-1": endpoint{}, |
2204 | "us-east-1": endpoint{}, | 2539 | "us-east-1": endpoint{}, |
2205 | "us-east-2": endpoint{}, | 2540 | "us-east-2": endpoint{}, |
@@ -2211,8 +2546,11 @@ var awsPartition = partition{ | |||
2211 | 2546 | ||
2212 | Endpoints: endpoints{ | 2547 | Endpoints: endpoints{ |
2213 | "ap-northeast-1": endpoint{}, | 2548 | "ap-northeast-1": endpoint{}, |
2549 | "ap-southeast-1": endpoint{}, | ||
2550 | "eu-central-1": endpoint{}, | ||
2214 | "eu-west-1": endpoint{}, | 2551 | "eu-west-1": endpoint{}, |
2215 | "us-east-1": endpoint{}, | 2552 | "us-east-1": endpoint{}, |
2553 | "us-east-2": endpoint{}, | ||
2216 | "us-west-2": endpoint{}, | 2554 | "us-west-2": endpoint{}, |
2217 | }, | 2555 | }, |
2218 | }, | 2556 | }, |
@@ -2281,9 +2619,33 @@ var awsPartition = partition{ | |||
2281 | "eu-west-1": endpoint{}, | 2619 | "eu-west-1": endpoint{}, |
2282 | "eu-west-2": endpoint{}, | 2620 | "eu-west-2": endpoint{}, |
2283 | "us-east-1": endpoint{}, | 2621 | "us-east-1": endpoint{}, |
2284 | "us-east-2": endpoint{}, | 2622 | "us-east-1-fips": endpoint{ |
2285 | "us-west-1": endpoint{}, | 2623 | Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com", |
2286 | "us-west-2": endpoint{}, | 2624 | CredentialScope: credentialScope{ |
2625 | Region: "us-east-1", | ||
2626 | }, | ||
2627 | }, | ||
2628 | "us-east-2": endpoint{}, | ||
2629 | "us-east-2-fips": endpoint{ | ||
2630 | Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com", | ||
2631 | CredentialScope: credentialScope{ | ||
2632 | Region: "us-east-2", | ||
2633 | }, | ||
2634 | }, | ||
2635 | "us-west-1": endpoint{}, | ||
2636 | "us-west-1-fips": endpoint{ | ||
2637 | Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com", | ||
2638 | CredentialScope: credentialScope{ | ||
2639 | Region: "us-west-1", | ||
2640 | }, | ||
2641 | }, | ||
2642 | "us-west-2": endpoint{}, | ||
2643 | "us-west-2-fips": endpoint{ | ||
2644 | Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com", | ||
2645 | CredentialScope: credentialScope{ | ||
2646 | Region: "us-west-2", | ||
2647 | }, | ||
2648 | }, | ||
2287 | }, | 2649 | }, |
2288 | }, | 2650 | }, |
2289 | "s3": service{ | 2651 | "s3": service{ |
@@ -2319,8 +2681,9 @@ var awsPartition = partition{ | |||
2319 | Hostname: "s3.eu-west-1.amazonaws.com", | 2681 | Hostname: "s3.eu-west-1.amazonaws.com", |
2320 | SignatureVersions: []string{"s3", "s3v4"}, | 2682 | SignatureVersions: []string{"s3", "s3v4"}, |
2321 | }, | 2683 | }, |
2322 | "eu-west-2": endpoint{}, | 2684 | "eu-west-2": endpoint{}, |
2323 | "eu-west-3": endpoint{}, | 2685 | "eu-west-3": endpoint{}, |
2686 | "me-south-1": endpoint{}, | ||
2324 | "s3-external-1": endpoint{ | 2687 | "s3-external-1": endpoint{ |
2325 | Hostname: "s3-external-1.amazonaws.com", | 2688 | Hostname: "s3-external-1.amazonaws.com", |
2326 | SignatureVersions: []string{"s3", "s3v4"}, | 2689 | SignatureVersions: []string{"s3", "s3v4"}, |
@@ -2571,6 +2934,7 @@ var awsPartition = partition{ | |||
2571 | "ap-southeast-2": endpoint{}, | 2934 | "ap-southeast-2": endpoint{}, |
2572 | "ca-central-1": endpoint{}, | 2935 | "ca-central-1": endpoint{}, |
2573 | "eu-central-1": endpoint{}, | 2936 | "eu-central-1": endpoint{}, |
2937 | "eu-north-1": endpoint{}, | ||
2574 | "eu-west-1": endpoint{}, | 2938 | "eu-west-1": endpoint{}, |
2575 | "eu-west-2": endpoint{}, | 2939 | "eu-west-2": endpoint{}, |
2576 | "eu-west-3": endpoint{}, | 2940 | "eu-west-3": endpoint{}, |
@@ -2714,6 +3078,7 @@ var awsPartition = partition{ | |||
2714 | "sms": service{ | 3078 | "sms": service{ |
2715 | 3079 | ||
2716 | Endpoints: endpoints{ | 3080 | Endpoints: endpoints{ |
3081 | "ap-east-1": endpoint{}, | ||
2717 | "ap-northeast-1": endpoint{}, | 3082 | "ap-northeast-1": endpoint{}, |
2718 | "ap-northeast-2": endpoint{}, | 3083 | "ap-northeast-2": endpoint{}, |
2719 | "ap-south-1": endpoint{}, | 3084 | "ap-south-1": endpoint{}, |
@@ -2736,6 +3101,7 @@ var awsPartition = partition{ | |||
2736 | 3101 | ||
2737 | Endpoints: endpoints{ | 3102 | Endpoints: endpoints{ |
2738 | "ap-northeast-1": endpoint{}, | 3103 | "ap-northeast-1": endpoint{}, |
3104 | "ap-northeast-2": endpoint{}, | ||
2739 | "ap-south-1": endpoint{}, | 3105 | "ap-south-1": endpoint{}, |
2740 | "ap-southeast-1": endpoint{}, | 3106 | "ap-southeast-1": endpoint{}, |
2741 | "ap-southeast-2": endpoint{}, | 3107 | "ap-southeast-2": endpoint{}, |
@@ -2768,6 +3134,7 @@ var awsPartition = partition{ | |||
2768 | "eu-west-1": endpoint{}, | 3134 | "eu-west-1": endpoint{}, |
2769 | "eu-west-2": endpoint{}, | 3135 | "eu-west-2": endpoint{}, |
2770 | "eu-west-3": endpoint{}, | 3136 | "eu-west-3": endpoint{}, |
3137 | "me-south-1": endpoint{}, | ||
2771 | "sa-east-1": endpoint{}, | 3138 | "sa-east-1": endpoint{}, |
2772 | "us-east-1": endpoint{}, | 3139 | "us-east-1": endpoint{}, |
2773 | "us-east-2": endpoint{}, | 3140 | "us-east-2": endpoint{}, |
@@ -2817,7 +3184,8 @@ var awsPartition = partition{ | |||
2817 | Region: "us-west-2", | 3184 | Region: "us-west-2", |
2818 | }, | 3185 | }, |
2819 | }, | 3186 | }, |
2820 | "sa-east-1": endpoint{}, | 3187 | "me-south-1": endpoint{}, |
3188 | "sa-east-1": endpoint{}, | ||
2821 | "us-east-1": endpoint{ | 3189 | "us-east-1": endpoint{ |
2822 | SSLCommonName: "queue.{dnsSuffix}", | 3190 | SSLCommonName: "queue.{dnsSuffix}", |
2823 | }, | 3191 | }, |
@@ -2841,6 +3209,7 @@ var awsPartition = partition{ | |||
2841 | "eu-west-1": endpoint{}, | 3209 | "eu-west-1": endpoint{}, |
2842 | "eu-west-2": endpoint{}, | 3210 | "eu-west-2": endpoint{}, |
2843 | "eu-west-3": endpoint{}, | 3211 | "eu-west-3": endpoint{}, |
3212 | "me-south-1": endpoint{}, | ||
2844 | "sa-east-1": endpoint{}, | 3213 | "sa-east-1": endpoint{}, |
2845 | "us-east-1": endpoint{}, | 3214 | "us-east-1": endpoint{}, |
2846 | "us-east-2": endpoint{}, | 3215 | "us-east-2": endpoint{}, |
@@ -2863,6 +3232,7 @@ var awsPartition = partition{ | |||
2863 | "eu-west-1": endpoint{}, | 3232 | "eu-west-1": endpoint{}, |
2864 | "eu-west-2": endpoint{}, | 3233 | "eu-west-2": endpoint{}, |
2865 | "eu-west-3": endpoint{}, | 3234 | "eu-west-3": endpoint{}, |
3235 | "me-south-1": endpoint{}, | ||
2866 | "sa-east-1": endpoint{}, | 3236 | "sa-east-1": endpoint{}, |
2867 | "us-east-1": endpoint{}, | 3237 | "us-east-1": endpoint{}, |
2868 | "us-east-2": endpoint{}, | 3238 | "us-east-2": endpoint{}, |
@@ -2884,6 +3254,7 @@ var awsPartition = partition{ | |||
2884 | "eu-west-1": endpoint{}, | 3254 | "eu-west-1": endpoint{}, |
2885 | "eu-west-2": endpoint{}, | 3255 | "eu-west-2": endpoint{}, |
2886 | "eu-west-3": endpoint{}, | 3256 | "eu-west-3": endpoint{}, |
3257 | "me-south-1": endpoint{}, | ||
2887 | "sa-east-1": endpoint{}, | 3258 | "sa-east-1": endpoint{}, |
2888 | "us-east-1": endpoint{}, | 3259 | "us-east-1": endpoint{}, |
2889 | "us-east-2": endpoint{}, | 3260 | "us-east-2": endpoint{}, |
@@ -2905,11 +3276,17 @@ var awsPartition = partition{ | |||
2905 | "ap-southeast-1": endpoint{}, | 3276 | "ap-southeast-1": endpoint{}, |
2906 | "ap-southeast-2": endpoint{}, | 3277 | "ap-southeast-2": endpoint{}, |
2907 | "ca-central-1": endpoint{}, | 3278 | "ca-central-1": endpoint{}, |
2908 | "eu-central-1": endpoint{}, | 3279 | "ca-central-1-fips": endpoint{ |
2909 | "eu-north-1": endpoint{}, | 3280 | Hostname: "dynamodb-fips.ca-central-1.amazonaws.com", |
2910 | "eu-west-1": endpoint{}, | 3281 | CredentialScope: credentialScope{ |
2911 | "eu-west-2": endpoint{}, | 3282 | Region: "ca-central-1", |
2912 | "eu-west-3": endpoint{}, | 3283 | }, |
3284 | }, | ||
3285 | "eu-central-1": endpoint{}, | ||
3286 | "eu-north-1": endpoint{}, | ||
3287 | "eu-west-1": endpoint{}, | ||
3288 | "eu-west-2": endpoint{}, | ||
3289 | "eu-west-3": endpoint{}, | ||
2913 | "local": endpoint{ | 3290 | "local": endpoint{ |
2914 | Hostname: "localhost:8000", | 3291 | Hostname: "localhost:8000", |
2915 | Protocols: []string{"http"}, | 3292 | Protocols: []string{"http"}, |
@@ -2917,11 +3294,36 @@ var awsPartition = partition{ | |||
2917 | Region: "us-east-1", | 3294 | Region: "us-east-1", |
2918 | }, | 3295 | }, |
2919 | }, | 3296 | }, |
2920 | "sa-east-1": endpoint{}, | 3297 | "me-south-1": endpoint{}, |
2921 | "us-east-1": endpoint{}, | 3298 | "sa-east-1": endpoint{}, |
3299 | "us-east-1": endpoint{}, | ||
3300 | "us-east-1-fips": endpoint{ | ||
3301 | Hostname: "dynamodb-fips.us-east-1.amazonaws.com", | ||
3302 | CredentialScope: credentialScope{ | ||
3303 | Region: "us-east-1", | ||
3304 | }, | ||
3305 | }, | ||
2922 | "us-east-2": endpoint{}, | 3306 | "us-east-2": endpoint{}, |
3307 | "us-east-2-fips": endpoint{ | ||
3308 | Hostname: "dynamodb-fips.us-east-2.amazonaws.com", | ||
3309 | CredentialScope: credentialScope{ | ||
3310 | Region: "us-east-2", | ||
3311 | }, | ||
3312 | }, | ||
2923 | "us-west-1": endpoint{}, | 3313 | "us-west-1": endpoint{}, |
3314 | "us-west-1-fips": endpoint{ | ||
3315 | Hostname: "dynamodb-fips.us-west-1.amazonaws.com", | ||
3316 | CredentialScope: credentialScope{ | ||
3317 | Region: "us-west-1", | ||
3318 | }, | ||
3319 | }, | ||
2924 | "us-west-2": endpoint{}, | 3320 | "us-west-2": endpoint{}, |
3321 | "us-west-2-fips": endpoint{ | ||
3322 | Hostname: "dynamodb-fips.us-west-2.amazonaws.com", | ||
3323 | CredentialScope: credentialScope{ | ||
3324 | Region: "us-west-2", | ||
3325 | }, | ||
3326 | }, | ||
2925 | }, | 3327 | }, |
2926 | }, | 3328 | }, |
2927 | "sts": service{ | 3329 | "sts": service{ |
@@ -2956,8 +3358,14 @@ var awsPartition = partition{ | |||
2956 | "eu-west-1": endpoint{}, | 3358 | "eu-west-1": endpoint{}, |
2957 | "eu-west-2": endpoint{}, | 3359 | "eu-west-2": endpoint{}, |
2958 | "eu-west-3": endpoint{}, | 3360 | "eu-west-3": endpoint{}, |
2959 | "sa-east-1": endpoint{}, | 3361 | "me-south-1": endpoint{ |
2960 | "us-east-1": endpoint{}, | 3362 | Hostname: "sts.me-south-1.amazonaws.com", |
3363 | CredentialScope: credentialScope{ | ||
3364 | Region: "me-south-1", | ||
3365 | }, | ||
3366 | }, | ||
3367 | "sa-east-1": endpoint{}, | ||
3368 | "us-east-1": endpoint{}, | ||
2961 | "us-east-1-fips": endpoint{ | 3369 | "us-east-1-fips": endpoint{ |
2962 | Hostname: "sts-fips.us-east-1.amazonaws.com", | 3370 | Hostname: "sts-fips.us-east-1.amazonaws.com", |
2963 | CredentialScope: credentialScope{ | 3371 | CredentialScope: credentialScope{ |
@@ -2988,9 +3396,15 @@ var awsPartition = partition{ | |||
2988 | }, | 3396 | }, |
2989 | }, | 3397 | }, |
2990 | "support": service{ | 3398 | "support": service{ |
3399 | PartitionEndpoint: "aws-global", | ||
2991 | 3400 | ||
2992 | Endpoints: endpoints{ | 3401 | Endpoints: endpoints{ |
2993 | "us-east-1": endpoint{}, | 3402 | "aws-global": endpoint{ |
3403 | Hostname: "support.us-east-1.amazonaws.com", | ||
3404 | CredentialScope: credentialScope{ | ||
3405 | Region: "us-east-1", | ||
3406 | }, | ||
3407 | }, | ||
2994 | }, | 3408 | }, |
2995 | }, | 3409 | }, |
2996 | "swf": service{ | 3410 | "swf": service{ |
@@ -3008,6 +3422,7 @@ var awsPartition = partition{ | |||
3008 | "eu-west-1": endpoint{}, | 3422 | "eu-west-1": endpoint{}, |
3009 | "eu-west-2": endpoint{}, | 3423 | "eu-west-2": endpoint{}, |
3010 | "eu-west-3": endpoint{}, | 3424 | "eu-west-3": endpoint{}, |
3425 | "me-south-1": endpoint{}, | ||
3011 | "sa-east-1": endpoint{}, | 3426 | "sa-east-1": endpoint{}, |
3012 | "us-east-1": endpoint{}, | 3427 | "us-east-1": endpoint{}, |
3013 | "us-east-2": endpoint{}, | 3428 | "us-east-2": endpoint{}, |
@@ -3030,6 +3445,7 @@ var awsPartition = partition{ | |||
3030 | "eu-west-1": endpoint{}, | 3445 | "eu-west-1": endpoint{}, |
3031 | "eu-west-2": endpoint{}, | 3446 | "eu-west-2": endpoint{}, |
3032 | "eu-west-3": endpoint{}, | 3447 | "eu-west-3": endpoint{}, |
3448 | "me-south-1": endpoint{}, | ||
3033 | "sa-east-1": endpoint{}, | 3449 | "sa-east-1": endpoint{}, |
3034 | "us-east-1": endpoint{}, | 3450 | "us-east-1": endpoint{}, |
3035 | "us-east-2": endpoint{}, | 3451 | "us-east-2": endpoint{}, |
@@ -3061,7 +3477,11 @@ var awsPartition = partition{ | |||
3061 | Protocols: []string{"https"}, | 3477 | Protocols: []string{"https"}, |
3062 | }, | 3478 | }, |
3063 | Endpoints: endpoints{ | 3479 | Endpoints: endpoints{ |
3480 | "ap-northeast-1": endpoint{}, | ||
3064 | "ap-northeast-2": endpoint{}, | 3481 | "ap-northeast-2": endpoint{}, |
3482 | "ap-south-1": endpoint{}, | ||
3483 | "ap-southeast-1": endpoint{}, | ||
3484 | "ca-central-1": endpoint{}, | ||
3065 | "eu-central-1": endpoint{}, | 3485 | "eu-central-1": endpoint{}, |
3066 | "eu-west-1": endpoint{}, | 3486 | "eu-west-1": endpoint{}, |
3067 | "us-east-1": endpoint{}, | 3487 | "us-east-1": endpoint{}, |
@@ -3105,12 +3525,16 @@ var awsPartition = partition{ | |||
3105 | Endpoints: endpoints{ | 3525 | Endpoints: endpoints{ |
3106 | "ap-northeast-1": endpoint{}, | 3526 | "ap-northeast-1": endpoint{}, |
3107 | "ap-northeast-2": endpoint{}, | 3527 | "ap-northeast-2": endpoint{}, |
3528 | "ap-south-1": endpoint{}, | ||
3108 | "ap-southeast-1": endpoint{}, | 3529 | "ap-southeast-1": endpoint{}, |
3109 | "ap-southeast-2": endpoint{}, | 3530 | "ap-southeast-2": endpoint{}, |
3531 | "ca-central-1": endpoint{}, | ||
3110 | "eu-central-1": endpoint{}, | 3532 | "eu-central-1": endpoint{}, |
3111 | "eu-north-1": endpoint{}, | 3533 | "eu-north-1": endpoint{}, |
3112 | "eu-west-1": endpoint{}, | 3534 | "eu-west-1": endpoint{}, |
3113 | "eu-west-2": endpoint{}, | 3535 | "eu-west-2": endpoint{}, |
3536 | "eu-west-3": endpoint{}, | ||
3537 | "sa-east-1": endpoint{}, | ||
3114 | "us-east-1": endpoint{}, | 3538 | "us-east-1": endpoint{}, |
3115 | "us-east-2": endpoint{}, | 3539 | "us-east-2": endpoint{}, |
3116 | "us-west-1": endpoint{}, | 3540 | "us-west-1": endpoint{}, |
@@ -3157,6 +3581,7 @@ var awsPartition = partition{ | |||
3157 | "xray": service{ | 3581 | "xray": service{ |
3158 | 3582 | ||
3159 | Endpoints: endpoints{ | 3583 | Endpoints: endpoints{ |
3584 | "ap-east-1": endpoint{}, | ||
3160 | "ap-northeast-1": endpoint{}, | 3585 | "ap-northeast-1": endpoint{}, |
3161 | "ap-northeast-2": endpoint{}, | 3586 | "ap-northeast-2": endpoint{}, |
3162 | "ap-south-1": endpoint{}, | 3587 | "ap-south-1": endpoint{}, |
@@ -3433,6 +3858,15 @@ var awscnPartition = partition{ | |||
3433 | "cn-northwest-1": endpoint{}, | 3858 | "cn-northwest-1": endpoint{}, |
3434 | }, | 3859 | }, |
3435 | }, | 3860 | }, |
3861 | "greengrass": service{ | ||
3862 | IsRegionalized: boxedTrue, | ||
3863 | Defaults: endpoint{ | ||
3864 | Protocols: []string{"https"}, | ||
3865 | }, | ||
3866 | Endpoints: endpoints{ | ||
3867 | "cn-north-1": endpoint{}, | ||
3868 | }, | ||
3869 | }, | ||
3436 | "iam": service{ | 3870 | "iam": service{ |
3437 | PartitionEndpoint: "aws-cn-global", | 3871 | PartitionEndpoint: "aws-cn-global", |
3438 | IsRegionalized: boxedFalse, | 3872 | IsRegionalized: boxedFalse, |
@@ -3463,6 +3897,13 @@ var awscnPartition = partition{ | |||
3463 | "cn-northwest-1": endpoint{}, | 3897 | "cn-northwest-1": endpoint{}, |
3464 | }, | 3898 | }, |
3465 | }, | 3899 | }, |
3900 | "kms": service{ | ||
3901 | |||
3902 | Endpoints: endpoints{ | ||
3903 | "cn-north-1": endpoint{}, | ||
3904 | "cn-northwest-1": endpoint{}, | ||
3905 | }, | ||
3906 | }, | ||
3466 | "lambda": service{ | 3907 | "lambda": service{ |
3467 | 3908 | ||
3468 | Endpoints: endpoints{ | 3909 | Endpoints: endpoints{ |
@@ -3470,6 +3911,13 @@ var awscnPartition = partition{ | |||
3470 | "cn-northwest-1": endpoint{}, | 3911 | "cn-northwest-1": endpoint{}, |
3471 | }, | 3912 | }, |
3472 | }, | 3913 | }, |
3914 | "license-manager": service{ | ||
3915 | |||
3916 | Endpoints: endpoints{ | ||
3917 | "cn-north-1": endpoint{}, | ||
3918 | "cn-northwest-1": endpoint{}, | ||
3919 | }, | ||
3920 | }, | ||
3473 | "logs": service{ | 3921 | "logs": service{ |
3474 | 3922 | ||
3475 | Endpoints: endpoints{ | 3923 | Endpoints: endpoints{ |
@@ -3480,7 +3928,12 @@ var awscnPartition = partition{ | |||
3480 | "mediaconvert": service{ | 3928 | "mediaconvert": service{ |
3481 | 3929 | ||
3482 | Endpoints: endpoints{ | 3930 | Endpoints: endpoints{ |
3483 | "cn-northwest-1": endpoint{}, | 3931 | "cn-northwest-1": endpoint{ |
3932 | Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn", | ||
3933 | CredentialScope: credentialScope{ | ||
3934 | Region: "cn-northwest-1", | ||
3935 | }, | ||
3936 | }, | ||
3484 | }, | 3937 | }, |
3485 | }, | 3938 | }, |
3486 | "monitoring": service{ | 3939 | "monitoring": service{ |
@@ -3615,6 +4068,18 @@ var awscnPartition = partition{ | |||
3615 | "cn-northwest-1": endpoint{}, | 4068 | "cn-northwest-1": endpoint{}, |
3616 | }, | 4069 | }, |
3617 | }, | 4070 | }, |
4071 | "support": service{ | ||
4072 | PartitionEndpoint: "aws-cn-global", | ||
4073 | |||
4074 | Endpoints: endpoints{ | ||
4075 | "aws-cn-global": endpoint{ | ||
4076 | Hostname: "support.cn-north-1.amazonaws.com", | ||
4077 | CredentialScope: credentialScope{ | ||
4078 | Region: "cn-north-1", | ||
4079 | }, | ||
4080 | }, | ||
4081 | }, | ||
4082 | }, | ||
3618 | "swf": service{ | 4083 | "swf": service{ |
3619 | 4084 | ||
3620 | Endpoints: endpoints{ | 4085 | Endpoints: endpoints{ |
@@ -3668,6 +4133,15 @@ var awsusgovPartition = partition{ | |||
3668 | "us-gov-west-1": endpoint{}, | 4133 | "us-gov-west-1": endpoint{}, |
3669 | }, | 4134 | }, |
3670 | }, | 4135 | }, |
4136 | "acm-pca": service{ | ||
4137 | Defaults: endpoint{ | ||
4138 | Protocols: []string{"https"}, | ||
4139 | }, | ||
4140 | Endpoints: endpoints{ | ||
4141 | "us-gov-east-1": endpoint{}, | ||
4142 | "us-gov-west-1": endpoint{}, | ||
4143 | }, | ||
4144 | }, | ||
3671 | "api.ecr": service{ | 4145 | "api.ecr": service{ |
3672 | 4146 | ||
3673 | Endpoints: endpoints{ | 4147 | Endpoints: endpoints{ |
@@ -3713,6 +4187,7 @@ var awsusgovPartition = partition{ | |||
3713 | "athena": service{ | 4187 | "athena": service{ |
3714 | 4188 | ||
3715 | Endpoints: endpoints{ | 4189 | Endpoints: endpoints{ |
4190 | "us-gov-east-1": endpoint{}, | ||
3716 | "us-gov-west-1": endpoint{}, | 4191 | "us-gov-west-1": endpoint{}, |
3717 | }, | 4192 | }, |
3718 | }, | 4193 | }, |
@@ -3762,9 +4237,17 @@ var awsusgovPartition = partition{ | |||
3762 | "us-gov-west-1": endpoint{}, | 4237 | "us-gov-west-1": endpoint{}, |
3763 | }, | 4238 | }, |
3764 | }, | 4239 | }, |
4240 | "codebuild": service{ | ||
4241 | |||
4242 | Endpoints: endpoints{ | ||
4243 | "us-gov-east-1": endpoint{}, | ||
4244 | "us-gov-west-1": endpoint{}, | ||
4245 | }, | ||
4246 | }, | ||
3765 | "codecommit": service{ | 4247 | "codecommit": service{ |
3766 | 4248 | ||
3767 | Endpoints: endpoints{ | 4249 | Endpoints: endpoints{ |
4250 | "us-gov-east-1": endpoint{}, | ||
3768 | "us-gov-west-1": endpoint{}, | 4251 | "us-gov-west-1": endpoint{}, |
3769 | }, | 4252 | }, |
3770 | }, | 4253 | }, |
@@ -3802,6 +4285,12 @@ var awsusgovPartition = partition{ | |||
3802 | "us-gov-west-1": endpoint{}, | 4285 | "us-gov-west-1": endpoint{}, |
3803 | }, | 4286 | }, |
3804 | }, | 4287 | }, |
4288 | "datasync": service{ | ||
4289 | |||
4290 | Endpoints: endpoints{ | ||
4291 | "us-gov-west-1": endpoint{}, | ||
4292 | }, | ||
4293 | }, | ||
3805 | "directconnect": service{ | 4294 | "directconnect": service{ |
3806 | 4295 | ||
3807 | Endpoints: endpoints{ | 4296 | Endpoints: endpoints{ |
@@ -3819,6 +4308,7 @@ var awsusgovPartition = partition{ | |||
3819 | "ds": service{ | 4308 | "ds": service{ |
3820 | 4309 | ||
3821 | Endpoints: endpoints{ | 4310 | Endpoints: endpoints{ |
4311 | "us-gov-east-1": endpoint{}, | ||
3822 | "us-gov-west-1": endpoint{}, | 4312 | "us-gov-west-1": endpoint{}, |
3823 | }, | 4313 | }, |
3824 | }, | 4314 | }, |
@@ -3826,6 +4316,12 @@ var awsusgovPartition = partition{ | |||
3826 | 4316 | ||
3827 | Endpoints: endpoints{ | 4317 | Endpoints: endpoints{ |
3828 | "us-gov-east-1": endpoint{}, | 4318 | "us-gov-east-1": endpoint{}, |
4319 | "us-gov-east-1-fips": endpoint{ | ||
4320 | Hostname: "dynamodb.us-gov-east-1.amazonaws.com", | ||
4321 | CredentialScope: credentialScope{ | ||
4322 | Region: "us-gov-east-1", | ||
4323 | }, | ||
4324 | }, | ||
3829 | "us-gov-west-1": endpoint{}, | 4325 | "us-gov-west-1": endpoint{}, |
3830 | "us-gov-west-1-fips": endpoint{ | 4326 | "us-gov-west-1-fips": endpoint{ |
3831 | Hostname: "dynamodb.us-gov-west-1.amazonaws.com", | 4327 | Hostname: "dynamodb.us-gov-west-1.amazonaws.com", |
@@ -3927,6 +4423,7 @@ var awsusgovPartition = partition{ | |||
3927 | "firehose": service{ | 4423 | "firehose": service{ |
3928 | 4424 | ||
3929 | Endpoints: endpoints{ | 4425 | Endpoints: endpoints{ |
4426 | "us-gov-east-1": endpoint{}, | ||
3930 | "us-gov-west-1": endpoint{}, | 4427 | "us-gov-west-1": endpoint{}, |
3931 | }, | 4428 | }, |
3932 | }, | 4429 | }, |
@@ -3942,6 +4439,16 @@ var awsusgovPartition = partition{ | |||
3942 | "glue": service{ | 4439 | "glue": service{ |
3943 | 4440 | ||
3944 | Endpoints: endpoints{ | 4441 | Endpoints: endpoints{ |
4442 | "us-gov-east-1": endpoint{}, | ||
4443 | "us-gov-west-1": endpoint{}, | ||
4444 | }, | ||
4445 | }, | ||
4446 | "greengrass": service{ | ||
4447 | IsRegionalized: boxedTrue, | ||
4448 | Defaults: endpoint{ | ||
4449 | Protocols: []string{"https"}, | ||
4450 | }, | ||
4451 | Endpoints: endpoints{ | ||
3945 | "us-gov-west-1": endpoint{}, | 4452 | "us-gov-west-1": endpoint{}, |
3946 | }, | 4453 | }, |
3947 | }, | 4454 | }, |
@@ -4048,12 +4555,31 @@ var awsusgovPartition = partition{ | |||
4048 | "us-gov-west-1": endpoint{}, | 4555 | "us-gov-west-1": endpoint{}, |
4049 | }, | 4556 | }, |
4050 | }, | 4557 | }, |
4558 | "organizations": service{ | ||
4559 | PartitionEndpoint: "aws-us-gov-global", | ||
4560 | IsRegionalized: boxedFalse, | ||
4561 | |||
4562 | Endpoints: endpoints{ | ||
4563 | "aws-us-gov-global": endpoint{ | ||
4564 | Hostname: "organizations.us-gov-west-1.amazonaws.com", | ||
4565 | CredentialScope: credentialScope{ | ||
4566 | Region: "us-gov-west-1", | ||
4567 | }, | ||
4568 | }, | ||
4569 | }, | ||
4570 | }, | ||
4051 | "polly": service{ | 4571 | "polly": service{ |
4052 | 4572 | ||
4053 | Endpoints: endpoints{ | 4573 | Endpoints: endpoints{ |
4054 | "us-gov-west-1": endpoint{}, | 4574 | "us-gov-west-1": endpoint{}, |
4055 | }, | 4575 | }, |
4056 | }, | 4576 | }, |
4577 | "ram": service{ | ||
4578 | |||
4579 | Endpoints: endpoints{ | ||
4580 | "us-gov-west-1": endpoint{}, | ||
4581 | }, | ||
4582 | }, | ||
4057 | "rds": service{ | 4583 | "rds": service{ |
4058 | 4584 | ||
4059 | Endpoints: endpoints{ | 4585 | Endpoints: endpoints{ |
@@ -4137,6 +4663,28 @@ var awsusgovPartition = partition{ | |||
4137 | }, | 4663 | }, |
4138 | }, | 4664 | }, |
4139 | }, | 4665 | }, |
4666 | "secretsmanager": service{ | ||
4667 | |||
4668 | Endpoints: endpoints{ | ||
4669 | "us-gov-west-1": endpoint{}, | ||
4670 | "us-gov-west-1-fips": endpoint{ | ||
4671 | Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", | ||
4672 | CredentialScope: credentialScope{ | ||
4673 | Region: "us-gov-west-1", | ||
4674 | }, | ||
4675 | }, | ||
4676 | }, | ||
4677 | }, | ||
4678 | "serverlessrepo": service{ | ||
4679 | Defaults: endpoint{ | ||
4680 | Protocols: []string{"https"}, | ||
4681 | }, | ||
4682 | Endpoints: endpoints{ | ||
4683 | "us-gov-west-1": endpoint{ | ||
4684 | Protocols: []string{"https"}, | ||
4685 | }, | ||
4686 | }, | ||
4687 | }, | ||
4140 | "sms": service{ | 4688 | "sms": service{ |
4141 | 4689 | ||
4142 | Endpoints: endpoints{ | 4690 | Endpoints: endpoints{ |
@@ -4198,6 +4746,12 @@ var awsusgovPartition = partition{ | |||
4198 | }, | 4746 | }, |
4199 | Endpoints: endpoints{ | 4747 | Endpoints: endpoints{ |
4200 | "us-gov-east-1": endpoint{}, | 4748 | "us-gov-east-1": endpoint{}, |
4749 | "us-gov-east-1-fips": endpoint{ | ||
4750 | Hostname: "dynamodb.us-gov-east-1.amazonaws.com", | ||
4751 | CredentialScope: credentialScope{ | ||
4752 | Region: "us-gov-east-1", | ||
4753 | }, | ||
4754 | }, | ||
4201 | "us-gov-west-1": endpoint{}, | 4755 | "us-gov-west-1": endpoint{}, |
4202 | "us-gov-west-1-fips": endpoint{ | 4756 | "us-gov-west-1-fips": endpoint{ |
4203 | Hostname: "dynamodb.us-gov-west-1.amazonaws.com", | 4757 | Hostname: "dynamodb.us-gov-west-1.amazonaws.com", |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go index 000dd79..ca8fc82 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go | |||
@@ -2,7 +2,7 @@ package endpoints | |||
2 | 2 | ||
3 | // Service identifiers | 3 | // Service identifiers |
4 | // | 4 | // |
5 | // Deprecated: Use client package's EndpointID value instead of these | 5 | // Deprecated: Use client package's EndpointsID value instead of these |
6 | // ServiceIDs. These IDs are not maintained, and are out of date. | 6 | // ServiceIDs. These IDs are not maintained, and are out of date. |
7 | const ( | 7 | const ( |
8 | A4bServiceID = "a4b" // A4b. | 8 | A4bServiceID = "a4b" // A4b. |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go index 271da43..d9b37f4 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go | |||
@@ -1,18 +1,17 @@ | |||
1 | // +build !appengine,!plan9 | ||
2 | |||
3 | package request | 1 | package request |
4 | 2 | ||
5 | import ( | 3 | import ( |
6 | "net" | 4 | "strings" |
7 | "os" | ||
8 | "syscall" | ||
9 | ) | 5 | ) |
10 | 6 | ||
11 | func isErrConnectionReset(err error) bool { | 7 | func isErrConnectionReset(err error) bool { |
12 | if opErr, ok := err.(*net.OpError); ok { | 8 | if strings.Contains(err.Error(), "read: connection reset") { |
13 | if sysErr, ok := opErr.Err.(*os.SyscallError); ok { | 9 | return false |
14 | return sysErr.Err == syscall.ECONNRESET | 10 | } |
15 | } | 11 | |
12 | if strings.Contains(err.Error(), "connection reset") || | ||
13 | strings.Contains(err.Error(), "broken pipe") { | ||
14 | return true | ||
16 | } | 15 | } |
17 | 16 | ||
18 | return false | 17 | return false |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go deleted file mode 100644 index daf9eca..0000000 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | // +build appengine plan9 | ||
2 | |||
3 | package request | ||
4 | |||
5 | import ( | ||
6 | "strings" | ||
7 | ) | ||
8 | |||
9 | func isErrConnectionReset(err error) bool { | ||
10 | return strings.Contains(err.Error(), "connection reset") | ||
11 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go index 8ef8548..627ec72 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go | |||
@@ -59,6 +59,51 @@ func (h *Handlers) Clear() { | |||
59 | h.Complete.Clear() | 59 | h.Complete.Clear() |
60 | } | 60 | } |
61 | 61 | ||
62 | // IsEmpty returns if there are no handlers in any of the handlerlists. | ||
63 | func (h *Handlers) IsEmpty() bool { | ||
64 | if h.Validate.Len() != 0 { | ||
65 | return false | ||
66 | } | ||
67 | if h.Build.Len() != 0 { | ||
68 | return false | ||
69 | } | ||
70 | if h.Send.Len() != 0 { | ||
71 | return false | ||
72 | } | ||
73 | if h.Sign.Len() != 0 { | ||
74 | return false | ||
75 | } | ||
76 | if h.Unmarshal.Len() != 0 { | ||
77 | return false | ||
78 | } | ||
79 | if h.UnmarshalStream.Len() != 0 { | ||
80 | return false | ||
81 | } | ||
82 | if h.UnmarshalMeta.Len() != 0 { | ||
83 | return false | ||
84 | } | ||
85 | if h.UnmarshalError.Len() != 0 { | ||
86 | return false | ||
87 | } | ||
88 | if h.ValidateResponse.Len() != 0 { | ||
89 | return false | ||
90 | } | ||
91 | if h.Retry.Len() != 0 { | ||
92 | return false | ||
93 | } | ||
94 | if h.AfterRetry.Len() != 0 { | ||
95 | return false | ||
96 | } | ||
97 | if h.CompleteAttempt.Len() != 0 { | ||
98 | return false | ||
99 | } | ||
100 | if h.Complete.Len() != 0 { | ||
101 | return false | ||
102 | } | ||
103 | |||
104 | return true | ||
105 | } | ||
106 | |||
62 | // A HandlerListRunItem represents an entry in the HandlerList which | 107 | // A HandlerListRunItem represents an entry in the HandlerList which |
63 | // is being run. | 108 | // is being run. |
64 | type HandlerListRunItem struct { | 109 | type HandlerListRunItem struct { |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go index b0c2ef4..9370fa5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go | |||
@@ -15,12 +15,15 @@ type offsetReader struct { | |||
15 | closed bool | 15 | closed bool |
16 | } | 16 | } |
17 | 17 | ||
18 | func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader { | 18 | func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) { |
19 | reader := &offsetReader{} | 19 | reader := &offsetReader{} |
20 | buf.Seek(offset, sdkio.SeekStart) | 20 | _, err := buf.Seek(offset, sdkio.SeekStart) |
21 | if err != nil { | ||
22 | return nil, err | ||
23 | } | ||
21 | 24 | ||
22 | reader.buf = buf | 25 | reader.buf = buf |
23 | return reader | 26 | return reader, nil |
24 | } | 27 | } |
25 | 28 | ||
26 | // Close will close the instance of the offset reader's access to | 29 | // Close will close the instance of the offset reader's access to |
@@ -54,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) { | |||
54 | 57 | ||
55 | // CloseAndCopy will return a new offsetReader with a copy of the old buffer | 58 | // CloseAndCopy will return a new offsetReader with a copy of the old buffer |
56 | // and close the old buffer. | 59 | // and close the old buffer. |
57 | func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader { | 60 | func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) { |
58 | o.Close() | 61 | if err := o.Close(); err != nil { |
62 | return nil, err | ||
63 | } | ||
59 | return newOffsetReader(o.buf, offset) | 64 | return newOffsetReader(o.buf, offset) |
60 | } | 65 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index 8f2eb3e..e7c9b2b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go | |||
@@ -4,6 +4,7 @@ import ( | |||
4 | "bytes" | 4 | "bytes" |
5 | "fmt" | 5 | "fmt" |
6 | "io" | 6 | "io" |
7 | "net" | ||
7 | "net/http" | 8 | "net/http" |
8 | "net/url" | 9 | "net/url" |
9 | "reflect" | 10 | "reflect" |
@@ -231,6 +232,10 @@ func (r *Request) WillRetry() bool { | |||
231 | return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries() | 232 | return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries() |
232 | } | 233 | } |
233 | 234 | ||
235 | func fmtAttemptCount(retryCount, maxRetries int) string { | ||
236 | return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries) | ||
237 | } | ||
238 | |||
234 | // ParamsFilled returns if the request's parameters have been populated | 239 | // ParamsFilled returns if the request's parameters have been populated |
235 | // and the parameters are valid. False is returned if no parameters are | 240 | // and the parameters are valid. False is returned if no parameters are |
236 | // provided or invalid. | 241 | // provided or invalid. |
@@ -259,7 +264,18 @@ func (r *Request) SetStringBody(s string) { | |||
259 | // SetReaderBody will set the request's body reader. | 264 | // SetReaderBody will set the request's body reader. |
260 | func (r *Request) SetReaderBody(reader io.ReadSeeker) { | 265 | func (r *Request) SetReaderBody(reader io.ReadSeeker) { |
261 | r.Body = reader | 266 | r.Body = reader |
262 | r.BodyStart, _ = reader.Seek(0, sdkio.SeekCurrent) // Get the Bodies current offset. | 267 | |
268 | if aws.IsReaderSeekable(reader) { | ||
269 | var err error | ||
270 | // Get the Bodies current offset so retries will start from the same | ||
271 | // initial position. | ||
272 | r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent) | ||
273 | if err != nil { | ||
274 | r.Error = awserr.New(ErrCodeSerialization, | ||
275 | "failed to determine start of request body", err) | ||
276 | return | ||
277 | } | ||
278 | } | ||
263 | r.ResetBody() | 279 | r.ResetBody() |
264 | } | 280 | } |
265 | 281 | ||
@@ -330,16 +346,15 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err | |||
330 | return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil | 346 | return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil |
331 | } | 347 | } |
332 | 348 | ||
333 | func debugLogReqError(r *Request, stage string, retrying bool, err error) { | 349 | const ( |
350 | notRetrying = "not retrying" | ||
351 | ) | ||
352 | |||
353 | func debugLogReqError(r *Request, stage, retryStr string, err error) { | ||
334 | if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) { | 354 | if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) { |
335 | return | 355 | return |
336 | } | 356 | } |
337 | 357 | ||
338 | retryStr := "not retrying" | ||
339 | if retrying { | ||
340 | retryStr = "will retry" | ||
341 | } | ||
342 | |||
343 | r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v", | 358 | r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v", |
344 | stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err)) | 359 | stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err)) |
345 | } | 360 | } |
@@ -358,12 +373,12 @@ func (r *Request) Build() error { | |||
358 | if !r.built { | 373 | if !r.built { |
359 | r.Handlers.Validate.Run(r) | 374 | r.Handlers.Validate.Run(r) |
360 | if r.Error != nil { | 375 | if r.Error != nil { |
361 | debugLogReqError(r, "Validate Request", false, r.Error) | 376 | debugLogReqError(r, "Validate Request", notRetrying, r.Error) |
362 | return r.Error | 377 | return r.Error |
363 | } | 378 | } |
364 | r.Handlers.Build.Run(r) | 379 | r.Handlers.Build.Run(r) |
365 | if r.Error != nil { | 380 | if r.Error != nil { |
366 | debugLogReqError(r, "Build Request", false, r.Error) | 381 | debugLogReqError(r, "Build Request", notRetrying, r.Error) |
367 | return r.Error | 382 | return r.Error |
368 | } | 383 | } |
369 | r.built = true | 384 | r.built = true |
@@ -379,7 +394,7 @@ func (r *Request) Build() error { | |||
379 | func (r *Request) Sign() error { | 394 | func (r *Request) Sign() error { |
380 | r.Build() | 395 | r.Build() |
381 | if r.Error != nil { | 396 | if r.Error != nil { |
382 | debugLogReqError(r, "Build Request", false, r.Error) | 397 | debugLogReqError(r, "Build Request", notRetrying, r.Error) |
383 | return r.Error | 398 | return r.Error |
384 | } | 399 | } |
385 | 400 | ||
@@ -387,12 +402,16 @@ func (r *Request) Sign() error { | |||
387 | return r.Error | 402 | return r.Error |
388 | } | 403 | } |
389 | 404 | ||
390 | func (r *Request) getNextRequestBody() (io.ReadCloser, error) { | 405 | func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) { |
391 | if r.safeBody != nil { | 406 | if r.safeBody != nil { |
392 | r.safeBody.Close() | 407 | r.safeBody.Close() |
393 | } | 408 | } |
394 | 409 | ||
395 | r.safeBody = newOffsetReader(r.Body, r.BodyStart) | 410 | r.safeBody, err = newOffsetReader(r.Body, r.BodyStart) |
411 | if err != nil { | ||
412 | return nil, awserr.New(ErrCodeSerialization, | ||
413 | "failed to get next request body reader", err) | ||
414 | } | ||
396 | 415 | ||
397 | // Go 1.8 tightened and clarified the rules code needs to use when building | 416 | // Go 1.8 tightened and clarified the rules code needs to use when building |
398 | // requests with the http package. Go 1.8 removed the automatic detection | 417 | // requests with the http package. Go 1.8 removed the automatic detection |
@@ -409,10 +428,10 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) { | |||
409 | // Related golang/go#18257 | 428 | // Related golang/go#18257 |
410 | l, err := aws.SeekerLen(r.Body) | 429 | l, err := aws.SeekerLen(r.Body) |
411 | if err != nil { | 430 | if err != nil { |
412 | return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err) | 431 | return nil, awserr.New(ErrCodeSerialization, |
432 | "failed to compute request body size", err) | ||
413 | } | 433 | } |
414 | 434 | ||
415 | var body io.ReadCloser | ||
416 | if l == 0 { | 435 | if l == 0 { |
417 | body = NoBody | 436 | body = NoBody |
418 | } else if l > 0 { | 437 | } else if l > 0 { |
@@ -473,13 +492,13 @@ func (r *Request) Send() error { | |||
473 | r.AttemptTime = time.Now() | 492 | r.AttemptTime = time.Now() |
474 | 493 | ||
475 | if err := r.Sign(); err != nil { | 494 | if err := r.Sign(); err != nil { |
476 | debugLogReqError(r, "Sign Request", false, err) | 495 | debugLogReqError(r, "Sign Request", notRetrying, err) |
477 | return err | 496 | return err |
478 | } | 497 | } |
479 | 498 | ||
480 | if err := r.sendRequest(); err == nil { | 499 | if err := r.sendRequest(); err == nil { |
481 | return nil | 500 | return nil |
482 | } else if !shouldRetryCancel(r.Error) { | 501 | } else if !shouldRetryError(r.Error) { |
483 | return err | 502 | return err |
484 | } else { | 503 | } else { |
485 | r.Handlers.Retry.Run(r) | 504 | r.Handlers.Retry.Run(r) |
@@ -489,13 +508,16 @@ func (r *Request) Send() error { | |||
489 | return r.Error | 508 | return r.Error |
490 | } | 509 | } |
491 | 510 | ||
492 | r.prepareRetry() | 511 | if err := r.prepareRetry(); err != nil { |
512 | r.Error = err | ||
513 | return err | ||
514 | } | ||
493 | continue | 515 | continue |
494 | } | 516 | } |
495 | } | 517 | } |
496 | } | 518 | } |
497 | 519 | ||
498 | func (r *Request) prepareRetry() { | 520 | func (r *Request) prepareRetry() error { |
499 | if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) { | 521 | if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) { |
500 | r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d", | 522 | r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d", |
501 | r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount)) | 523 | r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount)) |
@@ -506,12 +528,19 @@ func (r *Request) prepareRetry() { | |||
506 | // the request's body even though the Client's Do returned. | 528 | // the request's body even though the Client's Do returned. |
507 | r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil) | 529 | r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil) |
508 | r.ResetBody() | 530 | r.ResetBody() |
531 | if err := r.Error; err != nil { | ||
532 | return awserr.New(ErrCodeSerialization, | ||
533 | "failed to prepare body for retry", err) | ||
534 | |||
535 | } | ||
509 | 536 | ||
510 | // Closing response body to ensure that no response body is leaked | 537 | // Closing response body to ensure that no response body is leaked |
511 | // between retry attempts. | 538 | // between retry attempts. |
512 | if r.HTTPResponse != nil && r.HTTPResponse.Body != nil { | 539 | if r.HTTPResponse != nil && r.HTTPResponse.Body != nil { |
513 | r.HTTPResponse.Body.Close() | 540 | r.HTTPResponse.Body.Close() |
514 | } | 541 | } |
542 | |||
543 | return nil | ||
515 | } | 544 | } |
516 | 545 | ||
517 | func (r *Request) sendRequest() (sendErr error) { | 546 | func (r *Request) sendRequest() (sendErr error) { |
@@ -520,7 +549,9 @@ func (r *Request) sendRequest() (sendErr error) { | |||
520 | r.Retryable = nil | 549 | r.Retryable = nil |
521 | r.Handlers.Send.Run(r) | 550 | r.Handlers.Send.Run(r) |
522 | if r.Error != nil { | 551 | if r.Error != nil { |
523 | debugLogReqError(r, "Send Request", r.WillRetry(), r.Error) | 552 | debugLogReqError(r, "Send Request", |
553 | fmtAttemptCount(r.RetryCount, r.MaxRetries()), | ||
554 | r.Error) | ||
524 | return r.Error | 555 | return r.Error |
525 | } | 556 | } |
526 | 557 | ||
@@ -528,13 +559,17 @@ func (r *Request) sendRequest() (sendErr error) { | |||
528 | r.Handlers.ValidateResponse.Run(r) | 559 | r.Handlers.ValidateResponse.Run(r) |
529 | if r.Error != nil { | 560 | if r.Error != nil { |
530 | r.Handlers.UnmarshalError.Run(r) | 561 | r.Handlers.UnmarshalError.Run(r) |
531 | debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error) | 562 | debugLogReqError(r, "Validate Response", |
563 | fmtAttemptCount(r.RetryCount, r.MaxRetries()), | ||
564 | r.Error) | ||
532 | return r.Error | 565 | return r.Error |
533 | } | 566 | } |
534 | 567 | ||
535 | r.Handlers.Unmarshal.Run(r) | 568 | r.Handlers.Unmarshal.Run(r) |
536 | if r.Error != nil { | 569 | if r.Error != nil { |
537 | debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error) | 570 | debugLogReqError(r, "Unmarshal Response", |
571 | fmtAttemptCount(r.RetryCount, r.MaxRetries()), | ||
572 | r.Error) | ||
538 | return r.Error | 573 | return r.Error |
539 | } | 574 | } |
540 | 575 | ||
@@ -565,13 +600,13 @@ type temporary interface { | |||
565 | Temporary() bool | 600 | Temporary() bool |
566 | } | 601 | } |
567 | 602 | ||
568 | func shouldRetryCancel(err error) bool { | 603 | func shouldRetryError(origErr error) bool { |
569 | switch err := err.(type) { | 604 | switch err := origErr.(type) { |
570 | case awserr.Error: | 605 | case awserr.Error: |
571 | if err.Code() == CanceledErrorCode { | 606 | if err.Code() == CanceledErrorCode { |
572 | return false | 607 | return false |
573 | } | 608 | } |
574 | return shouldRetryCancel(err.OrigErr()) | 609 | return shouldRetryError(err.OrigErr()) |
575 | case *url.Error: | 610 | case *url.Error: |
576 | if strings.Contains(err.Error(), "connection refused") { | 611 | if strings.Contains(err.Error(), "connection refused") { |
577 | // Refused connections should be retried as the service may not yet | 612 | // Refused connections should be retried as the service may not yet |
@@ -581,14 +616,17 @@ func shouldRetryCancel(err error) bool { | |||
581 | } | 616 | } |
582 | // *url.Error only implements Temporary after golang 1.6 but since | 617 | // *url.Error only implements Temporary after golang 1.6 but since |
583 | // url.Error only wraps the error: | 618 | // url.Error only wraps the error: |
584 | return shouldRetryCancel(err.Err) | 619 | return shouldRetryError(err.Err) |
585 | case temporary: | 620 | case temporary: |
621 | if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" { | ||
622 | return true | ||
623 | } | ||
586 | // If the error is temporary, we want to allow continuation of the | 624 | // If the error is temporary, we want to allow continuation of the |
587 | // retry process | 625 | // retry process |
588 | return err.Temporary() | 626 | return err.Temporary() || isErrConnectionReset(origErr) |
589 | case nil: | 627 | case nil: |
590 | // `awserr.Error.OrigErr()` can be nil, meaning there was an error but | 628 | // `awserr.Error.OrigErr()` can be nil, meaning there was an error but |
591 | // because we don't know the cause, it is marked as retriable. See | 629 | // because we don't know the cause, it is marked as retryable. See |
592 | // TestRequest4xxUnretryable for an example. | 630 | // TestRequest4xxUnretryable for an example. |
593 | return true | 631 | return true |
594 | default: | 632 | default: |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go index 7c6a800..de1292f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go | |||
@@ -4,6 +4,8 @@ package request | |||
4 | 4 | ||
5 | import ( | 5 | import ( |
6 | "net/http" | 6 | "net/http" |
7 | |||
8 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
7 | ) | 9 | ) |
8 | 10 | ||
9 | // NoBody is a http.NoBody reader instructing Go HTTP client to not include | 11 | // NoBody is a http.NoBody reader instructing Go HTTP client to not include |
@@ -24,7 +26,8 @@ var NoBody = http.NoBody | |||
24 | func (r *Request) ResetBody() { | 26 | func (r *Request) ResetBody() { |
25 | body, err := r.getNextRequestBody() | 27 | body, err := r.getNextRequestBody() |
26 | if err != nil { | 28 | if err != nil { |
27 | r.Error = err | 29 | r.Error = awserr.New(ErrCodeSerialization, |
30 | "failed to reset request body", err) | ||
28 | return | 31 | return |
29 | } | 32 | } |
30 | 33 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go index a633ed5..f093fc5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go | |||
@@ -146,7 +146,7 @@ func (r *Request) nextPageTokens() []interface{} { | |||
146 | return nil | 146 | return nil |
147 | } | 147 | } |
148 | case bool: | 148 | case bool: |
149 | if v == false { | 149 | if !v { |
150 | return nil | 150 | return nil |
151 | } | 151 | } |
152 | } | 152 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go new file mode 100644 index 0000000..ce41518 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go | |||
@@ -0,0 +1,258 @@ | |||
1 | package session | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "os" | ||
6 | |||
7 | "github.com/aws/aws-sdk-go/aws" | ||
8 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
9 | "github.com/aws/aws-sdk-go/aws/credentials" | ||
10 | "github.com/aws/aws-sdk-go/aws/credentials/processcreds" | ||
11 | "github.com/aws/aws-sdk-go/aws/credentials/stscreds" | ||
12 | "github.com/aws/aws-sdk-go/aws/defaults" | ||
13 | "github.com/aws/aws-sdk-go/aws/request" | ||
14 | "github.com/aws/aws-sdk-go/internal/shareddefaults" | ||
15 | ) | ||
16 | |||
17 | func resolveCredentials(cfg *aws.Config, | ||
18 | envCfg envConfig, sharedCfg sharedConfig, | ||
19 | handlers request.Handlers, | ||
20 | sessOpts Options, | ||
21 | ) (*credentials.Credentials, error) { | ||
22 | |||
23 | switch { | ||
24 | case len(envCfg.Profile) != 0: | ||
25 | // User explicitly provided an Profile, so load from shared config | ||
26 | // first. | ||
27 | return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) | ||
28 | |||
29 | case envCfg.Creds.HasKeys(): | ||
30 | // Environment credentials | ||
31 | return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil | ||
32 | |||
33 | case len(envCfg.WebIdentityTokenFilePath) != 0: | ||
34 | // Web identity token from environment, RoleARN required to also be | ||
35 | // set. | ||
36 | return assumeWebIdentity(cfg, handlers, | ||
37 | envCfg.WebIdentityTokenFilePath, | ||
38 | envCfg.RoleARN, | ||
39 | envCfg.RoleSessionName, | ||
40 | ) | ||
41 | |||
42 | default: | ||
43 | // Fallback to the "default" credential resolution chain. | ||
44 | return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) | ||
45 | } | ||
46 | } | ||
47 | |||
48 | // WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but | ||
49 | // 'AWS_IAM_ROLE_ARN' was not set. | ||
50 | var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil) | ||
51 | |||
52 | // WebIdentityEmptyTokenFilePathErr will occur if 'AWS_IAM_ROLE_ARN' was set but | ||
53 | // 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set. | ||
54 | var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil) | ||
55 | |||
56 | func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers, | ||
57 | filepath string, | ||
58 | roleARN, sessionName string, | ||
59 | ) (*credentials.Credentials, error) { | ||
60 | |||
61 | if len(filepath) == 0 { | ||
62 | return nil, WebIdentityEmptyTokenFilePathErr | ||
63 | } | ||
64 | |||
65 | if len(roleARN) == 0 { | ||
66 | return nil, WebIdentityEmptyRoleARNErr | ||
67 | } | ||
68 | |||
69 | creds := stscreds.NewWebIdentityCredentials( | ||
70 | &Session{ | ||
71 | Config: cfg, | ||
72 | Handlers: handlers.Copy(), | ||
73 | }, | ||
74 | roleARN, | ||
75 | sessionName, | ||
76 | filepath, | ||
77 | ) | ||
78 | |||
79 | return creds, nil | ||
80 | } | ||
81 | |||
82 | func resolveCredsFromProfile(cfg *aws.Config, | ||
83 | envCfg envConfig, sharedCfg sharedConfig, | ||
84 | handlers request.Handlers, | ||
85 | sessOpts Options, | ||
86 | ) (creds *credentials.Credentials, err error) { | ||
87 | |||
88 | switch { | ||
89 | case sharedCfg.SourceProfile != nil: | ||
90 | // Assume IAM role with credentials source from a different profile. | ||
91 | creds, err = resolveCredsFromProfile(cfg, envCfg, | ||
92 | *sharedCfg.SourceProfile, handlers, sessOpts, | ||
93 | ) | ||
94 | |||
95 | case sharedCfg.Creds.HasKeys(): | ||
96 | // Static Credentials from Shared Config/Credentials file. | ||
97 | creds = credentials.NewStaticCredentialsFromCreds( | ||
98 | sharedCfg.Creds, | ||
99 | ) | ||
100 | |||
101 | case len(sharedCfg.CredentialProcess) != 0: | ||
102 | // Get credentials from CredentialProcess | ||
103 | creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) | ||
104 | |||
105 | case len(sharedCfg.CredentialSource) != 0: | ||
106 | creds, err = resolveCredsFromSource(cfg, envCfg, | ||
107 | sharedCfg, handlers, sessOpts, | ||
108 | ) | ||
109 | |||
110 | case len(sharedCfg.WebIdentityTokenFile) != 0: | ||
111 | // Credentials from Assume Web Identity token require an IAM Role, and | ||
112 | // that roll will be assumed. May be wrapped with another assume role | ||
113 | // via SourceProfile. | ||
114 | return assumeWebIdentity(cfg, handlers, | ||
115 | sharedCfg.WebIdentityTokenFile, | ||
116 | sharedCfg.RoleARN, | ||
117 | sharedCfg.RoleSessionName, | ||
118 | ) | ||
119 | |||
120 | default: | ||
121 | // Fallback to default credentials provider, include mock errors for | ||
122 | // the credential chain so user can identify why credentials failed to | ||
123 | // be retrieved. | ||
124 | creds = credentials.NewCredentials(&credentials.ChainProvider{ | ||
125 | VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), | ||
126 | Providers: []credentials.Provider{ | ||
127 | &credProviderError{ | ||
128 | Err: awserr.New("EnvAccessKeyNotFound", | ||
129 | "failed to find credentials in the environment.", nil), | ||
130 | }, | ||
131 | &credProviderError{ | ||
132 | Err: awserr.New("SharedCredsLoad", | ||
133 | fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil), | ||
134 | }, | ||
135 | defaults.RemoteCredProvider(*cfg, handlers), | ||
136 | }, | ||
137 | }) | ||
138 | } | ||
139 | if err != nil { | ||
140 | return nil, err | ||
141 | } | ||
142 | |||
143 | if len(sharedCfg.RoleARN) > 0 { | ||
144 | cfgCp := *cfg | ||
145 | cfgCp.Credentials = creds | ||
146 | return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) | ||
147 | } | ||
148 | |||
149 | return creds, nil | ||
150 | } | ||
151 | |||
152 | // valid credential source values | ||
153 | const ( | ||
154 | credSourceEc2Metadata = "Ec2InstanceMetadata" | ||
155 | credSourceEnvironment = "Environment" | ||
156 | credSourceECSContainer = "EcsContainer" | ||
157 | ) | ||
158 | |||
159 | func resolveCredsFromSource(cfg *aws.Config, | ||
160 | envCfg envConfig, sharedCfg sharedConfig, | ||
161 | handlers request.Handlers, | ||
162 | sessOpts Options, | ||
163 | ) (creds *credentials.Credentials, err error) { | ||
164 | |||
165 | switch sharedCfg.CredentialSource { | ||
166 | case credSourceEc2Metadata: | ||
167 | p := defaults.RemoteCredProvider(*cfg, handlers) | ||
168 | creds = credentials.NewCredentials(p) | ||
169 | |||
170 | case credSourceEnvironment: | ||
171 | creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds) | ||
172 | |||
173 | case credSourceECSContainer: | ||
174 | if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 { | ||
175 | return nil, ErrSharedConfigECSContainerEnvVarEmpty | ||
176 | } | ||
177 | |||
178 | p := defaults.RemoteCredProvider(*cfg, handlers) | ||
179 | creds = credentials.NewCredentials(p) | ||
180 | |||
181 | default: | ||
182 | return nil, ErrSharedConfigInvalidCredSource | ||
183 | } | ||
184 | |||
185 | return creds, nil | ||
186 | } | ||
187 | |||
188 | func credsFromAssumeRole(cfg aws.Config, | ||
189 | handlers request.Handlers, | ||
190 | sharedCfg sharedConfig, | ||
191 | sessOpts Options, | ||
192 | ) (*credentials.Credentials, error) { | ||
193 | |||
194 | if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil { | ||
195 | // AssumeRole Token provider is required if doing Assume Role | ||
196 | // with MFA. | ||
197 | return nil, AssumeRoleTokenProviderNotSetError{} | ||
198 | } | ||
199 | |||
200 | return stscreds.NewCredentials( | ||
201 | &Session{ | ||
202 | Config: &cfg, | ||
203 | Handlers: handlers.Copy(), | ||
204 | }, | ||
205 | sharedCfg.RoleARN, | ||
206 | func(opt *stscreds.AssumeRoleProvider) { | ||
207 | opt.RoleSessionName = sharedCfg.RoleSessionName | ||
208 | opt.Duration = sessOpts.AssumeRoleDuration | ||
209 | |||
210 | // Assume role with external ID | ||
211 | if len(sharedCfg.ExternalID) > 0 { | ||
212 | opt.ExternalID = aws.String(sharedCfg.ExternalID) | ||
213 | } | ||
214 | |||
215 | // Assume role with MFA | ||
216 | if len(sharedCfg.MFASerial) > 0 { | ||
217 | opt.SerialNumber = aws.String(sharedCfg.MFASerial) | ||
218 | opt.TokenProvider = sessOpts.AssumeRoleTokenProvider | ||
219 | } | ||
220 | }, | ||
221 | ), nil | ||
222 | } | ||
223 | |||
224 | // AssumeRoleTokenProviderNotSetError is an error returned when creating a | ||
225 | // session when the MFAToken option is not set when shared config is configured | ||
226 | // load assume a role with an MFA token. | ||
227 | type AssumeRoleTokenProviderNotSetError struct{} | ||
228 | |||
229 | // Code is the short id of the error. | ||
230 | func (e AssumeRoleTokenProviderNotSetError) Code() string { | ||
231 | return "AssumeRoleTokenProviderNotSetError" | ||
232 | } | ||
233 | |||
234 | // Message is the description of the error | ||
235 | func (e AssumeRoleTokenProviderNotSetError) Message() string { | ||
236 | return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.") | ||
237 | } | ||
238 | |||
239 | // OrigErr is the underlying error that caused the failure. | ||
240 | func (e AssumeRoleTokenProviderNotSetError) OrigErr() error { | ||
241 | return nil | ||
242 | } | ||
243 | |||
244 | // Error satisfies the error interface. | ||
245 | func (e AssumeRoleTokenProviderNotSetError) Error() string { | ||
246 | return awserr.SprintError(e.Code(), e.Message(), "", nil) | ||
247 | } | ||
248 | |||
249 | type credProviderError struct { | ||
250 | Err error | ||
251 | } | ||
252 | |||
253 | func (c credProviderError) Retrieve() (credentials.Value, error) { | ||
254 | return credentials.Value{}, c.Err | ||
255 | } | ||
256 | func (c credProviderError) IsExpired() bool { | ||
257 | return true | ||
258 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index e3959b9..3a998d5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go | |||
@@ -102,18 +102,38 @@ type envConfig struct { | |||
102 | CSMEnabled bool | 102 | CSMEnabled bool |
103 | CSMPort string | 103 | CSMPort string |
104 | CSMClientID string | 104 | CSMClientID string |
105 | CSMHost string | ||
105 | 106 | ||
106 | enableEndpointDiscovery string | ||
107 | // Enables endpoint discovery via environment variables. | 107 | // Enables endpoint discovery via environment variables. |
108 | // | 108 | // |
109 | // AWS_ENABLE_ENDPOINT_DISCOVERY=true | 109 | // AWS_ENABLE_ENDPOINT_DISCOVERY=true |
110 | EnableEndpointDiscovery *bool | 110 | EnableEndpointDiscovery *bool |
111 | enableEndpointDiscovery string | ||
112 | |||
113 | // Specifies the WebIdentity token the SDK should use to assume a role | ||
114 | // with. | ||
115 | // | ||
116 | // AWS_WEB_IDENTITY_TOKEN_FILE=file_path | ||
117 | WebIdentityTokenFilePath string | ||
118 | |||
119 | // Specifies the IAM role arn to use when assuming an role. | ||
120 | // | ||
121 | // AWS_ROLE_ARN=role_arn | ||
122 | RoleARN string | ||
123 | |||
124 | // Specifies the IAM role session name to use when assuming a role. | ||
125 | // | ||
126 | // AWS_ROLE_SESSION_NAME=session_name | ||
127 | RoleSessionName string | ||
111 | } | 128 | } |
112 | 129 | ||
113 | var ( | 130 | var ( |
114 | csmEnabledEnvKey = []string{ | 131 | csmEnabledEnvKey = []string{ |
115 | "AWS_CSM_ENABLED", | 132 | "AWS_CSM_ENABLED", |
116 | } | 133 | } |
134 | csmHostEnvKey = []string{ | ||
135 | "AWS_CSM_HOST", | ||
136 | } | ||
117 | csmPortEnvKey = []string{ | 137 | csmPortEnvKey = []string{ |
118 | "AWS_CSM_PORT", | 138 | "AWS_CSM_PORT", |
119 | } | 139 | } |
@@ -150,6 +170,15 @@ var ( | |||
150 | sharedConfigFileEnvKey = []string{ | 170 | sharedConfigFileEnvKey = []string{ |
151 | "AWS_CONFIG_FILE", | 171 | "AWS_CONFIG_FILE", |
152 | } | 172 | } |
173 | webIdentityTokenFilePathEnvKey = []string{ | ||
174 | "AWS_WEB_IDENTITY_TOKEN_FILE", | ||
175 | } | ||
176 | roleARNEnvKey = []string{ | ||
177 | "AWS_ROLE_ARN", | ||
178 | } | ||
179 | roleSessionNameEnvKey = []string{ | ||
180 | "AWS_ROLE_SESSION_NAME", | ||
181 | } | ||
153 | ) | 182 | ) |
154 | 183 | ||
155 | // loadEnvConfig retrieves the SDK's environment configuration. | 184 | // loadEnvConfig retrieves the SDK's environment configuration. |
@@ -178,23 +207,31 @@ func envConfigLoad(enableSharedConfig bool) envConfig { | |||
178 | 207 | ||
179 | cfg.EnableSharedConfig = enableSharedConfig | 208 | cfg.EnableSharedConfig = enableSharedConfig |
180 | 209 | ||
181 | setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey) | 210 | // Static environment credentials |
182 | setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey) | 211 | var creds credentials.Value |
183 | setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey) | 212 | setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey) |
213 | setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey) | ||
214 | setFromEnvVal(&creds.SessionToken, credSessionEnvKey) | ||
215 | if creds.HasKeys() { | ||
216 | // Require logical grouping of credentials | ||
217 | creds.ProviderName = EnvProviderName | ||
218 | cfg.Creds = creds | ||
219 | } | ||
220 | |||
221 | // Role Metadata | ||
222 | setFromEnvVal(&cfg.RoleARN, roleARNEnvKey) | ||
223 | setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey) | ||
224 | |||
225 | // Web identity environment variables | ||
226 | setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey) | ||
184 | 227 | ||
185 | // CSM environment variables | 228 | // CSM environment variables |
186 | setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) | 229 | setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) |
230 | setFromEnvVal(&cfg.CSMHost, csmHostEnvKey) | ||
187 | setFromEnvVal(&cfg.CSMPort, csmPortEnvKey) | 231 | setFromEnvVal(&cfg.CSMPort, csmPortEnvKey) |
188 | setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) | 232 | setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) |
189 | cfg.CSMEnabled = len(cfg.csmEnabled) > 0 | 233 | cfg.CSMEnabled = len(cfg.csmEnabled) > 0 |
190 | 234 | ||
191 | // Require logical grouping of credentials | ||
192 | if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 { | ||
193 | cfg.Creds = credentials.Value{} | ||
194 | } else { | ||
195 | cfg.Creds.ProviderName = EnvProviderName | ||
196 | } | ||
197 | |||
198 | regionKeys := regionEnvKeys | 235 | regionKeys := regionEnvKeys |
199 | profileKeys := profileEnvKeys | 236 | profileKeys := profileEnvKeys |
200 | if !cfg.EnableSharedConfig { | 237 | if !cfg.EnableSharedConfig { |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index be4b5f0..3a28da5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go | |||
@@ -8,19 +8,17 @@ import ( | |||
8 | "io/ioutil" | 8 | "io/ioutil" |
9 | "net/http" | 9 | "net/http" |
10 | "os" | 10 | "os" |
11 | "time" | ||
11 | 12 | ||
12 | "github.com/aws/aws-sdk-go/aws" | 13 | "github.com/aws/aws-sdk-go/aws" |
13 | "github.com/aws/aws-sdk-go/aws/awserr" | 14 | "github.com/aws/aws-sdk-go/aws/awserr" |
14 | "github.com/aws/aws-sdk-go/aws/client" | 15 | "github.com/aws/aws-sdk-go/aws/client" |
15 | "github.com/aws/aws-sdk-go/aws/corehandlers" | 16 | "github.com/aws/aws-sdk-go/aws/corehandlers" |
16 | "github.com/aws/aws-sdk-go/aws/credentials" | 17 | "github.com/aws/aws-sdk-go/aws/credentials" |
17 | "github.com/aws/aws-sdk-go/aws/credentials/processcreds" | ||
18 | "github.com/aws/aws-sdk-go/aws/credentials/stscreds" | ||
19 | "github.com/aws/aws-sdk-go/aws/csm" | 18 | "github.com/aws/aws-sdk-go/aws/csm" |
20 | "github.com/aws/aws-sdk-go/aws/defaults" | 19 | "github.com/aws/aws-sdk-go/aws/defaults" |
21 | "github.com/aws/aws-sdk-go/aws/endpoints" | 20 | "github.com/aws/aws-sdk-go/aws/endpoints" |
22 | "github.com/aws/aws-sdk-go/aws/request" | 21 | "github.com/aws/aws-sdk-go/aws/request" |
23 | "github.com/aws/aws-sdk-go/internal/shareddefaults" | ||
24 | ) | 22 | ) |
25 | 23 | ||
26 | const ( | 24 | const ( |
@@ -107,7 +105,15 @@ func New(cfgs ...*aws.Config) *Session { | |||
107 | 105 | ||
108 | s := deprecatedNewSession(cfgs...) | 106 | s := deprecatedNewSession(cfgs...) |
109 | if envCfg.CSMEnabled { | 107 | if envCfg.CSMEnabled { |
110 | enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) | 108 | err := enableCSM(&s.Handlers, envCfg.CSMClientID, |
109 | envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger) | ||
110 | if err != nil { | ||
111 | err = fmt.Errorf("failed to enable CSM, %v", err) | ||
112 | s.Config.Logger.Log("ERROR:", err.Error()) | ||
113 | s.Handlers.Validate.PushBack(func(r *request.Request) { | ||
114 | r.Error = err | ||
115 | }) | ||
116 | } | ||
111 | } | 117 | } |
112 | 118 | ||
113 | return s | 119 | return s |
@@ -210,6 +216,12 @@ type Options struct { | |||
210 | // the config enables assume role wit MFA via the mfa_serial field. | 216 | // the config enables assume role wit MFA via the mfa_serial field. |
211 | AssumeRoleTokenProvider func() (string, error) | 217 | AssumeRoleTokenProvider func() (string, error) |
212 | 218 | ||
219 | // When the SDK's shared config is configured to assume a role this option | ||
220 | // may be provided to set the expiry duration of the STS credentials. | ||
221 | // Defaults to 15 minutes if not set as documented in the | ||
222 | // stscreds.AssumeRoleProvider. | ||
223 | AssumeRoleDuration time.Duration | ||
224 | |||
213 | // Reader for a custom Credentials Authority (CA) bundle in PEM format that | 225 | // Reader for a custom Credentials Authority (CA) bundle in PEM format that |
214 | // the SDK will use instead of the default system's root CA bundle. Use this | 226 | // the SDK will use instead of the default system's root CA bundle. Use this |
215 | // only if you want to replace the CA bundle the SDK uses for TLS requests. | 227 | // only if you want to replace the CA bundle the SDK uses for TLS requests. |
@@ -224,6 +236,12 @@ type Options struct { | |||
224 | // to also enable this feature. CustomCABundle session option field has priority | 236 | // to also enable this feature. CustomCABundle session option field has priority |
225 | // over the AWS_CA_BUNDLE environment variable, and will be used if both are set. | 237 | // over the AWS_CA_BUNDLE environment variable, and will be used if both are set. |
226 | CustomCABundle io.Reader | 238 | CustomCABundle io.Reader |
239 | |||
240 | // The handlers that the session and all API clients will be created with. | ||
241 | // This must be a complete set of handlers. Use the defaults.Handlers() | ||
242 | // function to initialize this value before changing the handlers to be | ||
243 | // used by the SDK. | ||
244 | Handlers request.Handlers | ||
227 | } | 245 | } |
228 | 246 | ||
229 | // NewSessionWithOptions returns a new Session created from SDK defaults, config files, | 247 | // NewSessionWithOptions returns a new Session created from SDK defaults, config files, |
@@ -329,27 +347,36 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session { | |||
329 | return s | 347 | return s |
330 | } | 348 | } |
331 | 349 | ||
332 | func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) { | 350 | func enableCSM(handlers *request.Handlers, |
333 | logger.Log("Enabling CSM") | 351 | clientID, host, port string, |
334 | if len(port) == 0 { | 352 | logger aws.Logger, |
335 | port = csm.DefaultPort | 353 | ) error { |
354 | if logger != nil { | ||
355 | logger.Log("Enabling CSM") | ||
336 | } | 356 | } |
337 | 357 | ||
338 | r, err := csm.Start(clientID, "127.0.0.1:"+port) | 358 | r, err := csm.Start(clientID, csm.AddressWithDefaults(host, port)) |
339 | if err != nil { | 359 | if err != nil { |
340 | return | 360 | return err |
341 | } | 361 | } |
342 | r.InjectHandlers(handlers) | 362 | r.InjectHandlers(handlers) |
363 | |||
364 | return nil | ||
343 | } | 365 | } |
344 | 366 | ||
345 | func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) { | 367 | func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) { |
346 | cfg := defaults.Config() | 368 | cfg := defaults.Config() |
347 | handlers := defaults.Handlers() | 369 | |
370 | handlers := opts.Handlers | ||
371 | if handlers.IsEmpty() { | ||
372 | handlers = defaults.Handlers() | ||
373 | } | ||
348 | 374 | ||
349 | // Get a merged version of the user provided config to determine if | 375 | // Get a merged version of the user provided config to determine if |
350 | // credentials were. | 376 | // credentials were. |
351 | userCfg := &aws.Config{} | 377 | userCfg := &aws.Config{} |
352 | userCfg.MergeIn(cfgs...) | 378 | userCfg.MergeIn(cfgs...) |
379 | cfg.MergeIn(userCfg) | ||
353 | 380 | ||
354 | // Ordered config files will be loaded in with later files overwriting | 381 | // Ordered config files will be loaded in with later files overwriting |
355 | // previous config file values. | 382 | // previous config file values. |
@@ -366,9 +393,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, | |||
366 | } | 393 | } |
367 | 394 | ||
368 | // Load additional config from file(s) | 395 | // Load additional config from file(s) |
369 | sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles) | 396 | sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig) |
370 | if err != nil { | 397 | if err != nil { |
371 | return nil, err | 398 | if _, ok := err.(SharedConfigProfileNotExistsError); !ok { |
399 | return nil, err | ||
400 | } | ||
372 | } | 401 | } |
373 | 402 | ||
374 | if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil { | 403 | if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil { |
@@ -382,7 +411,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, | |||
382 | 411 | ||
383 | initHandlers(s) | 412 | initHandlers(s) |
384 | if envCfg.CSMEnabled { | 413 | if envCfg.CSMEnabled { |
385 | enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) | 414 | err := enableCSM(&s.Handlers, envCfg.CSMClientID, |
415 | envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger) | ||
416 | if err != nil { | ||
417 | return nil, err | ||
418 | } | ||
386 | } | 419 | } |
387 | 420 | ||
388 | // Setup HTTP client with custom cert bundle if enabled | 421 | // Setup HTTP client with custom cert bundle if enabled |
@@ -443,9 +476,11 @@ func loadCertPool(r io.Reader) (*x509.CertPool, error) { | |||
443 | return p, nil | 476 | return p, nil |
444 | } | 477 | } |
445 | 478 | ||
446 | func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error { | 479 | func mergeConfigSrcs(cfg, userCfg *aws.Config, |
447 | // Merge in user provided configuration | 480 | envCfg envConfig, sharedCfg sharedConfig, |
448 | cfg.MergeIn(userCfg) | 481 | handlers request.Handlers, |
482 | sessOpts Options, | ||
483 | ) error { | ||
449 | 484 | ||
450 | // Region if not already set by user | 485 | // Region if not already set by user |
451 | if len(aws.StringValue(cfg.Region)) == 0 { | 486 | if len(aws.StringValue(cfg.Region)) == 0 { |
@@ -464,164 +499,19 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share | |||
464 | } | 499 | } |
465 | } | 500 | } |
466 | 501 | ||
467 | // Configure credentials if not already set | 502 | // Configure credentials if not already set by the user when creating the |
503 | // Session. | ||
468 | if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { | 504 | if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { |
469 | 505 | creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts) | |
470 | // inspect the profile to see if a credential source has been specified. | 506 | if err != nil { |
471 | if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 { | 507 | return err |
472 | |||
473 | // if both credential_source and source_profile have been set, return an error | ||
474 | // as this is undefined behavior. | ||
475 | if len(sharedCfg.AssumeRole.SourceProfile) > 0 { | ||
476 | return ErrSharedConfigSourceCollision | ||
477 | } | ||
478 | |||
479 | // valid credential source values | ||
480 | const ( | ||
481 | credSourceEc2Metadata = "Ec2InstanceMetadata" | ||
482 | credSourceEnvironment = "Environment" | ||
483 | credSourceECSContainer = "EcsContainer" | ||
484 | ) | ||
485 | |||
486 | switch sharedCfg.AssumeRole.CredentialSource { | ||
487 | case credSourceEc2Metadata: | ||
488 | cfgCp := *cfg | ||
489 | p := defaults.RemoteCredProvider(cfgCp, handlers) | ||
490 | cfgCp.Credentials = credentials.NewCredentials(p) | ||
491 | |||
492 | if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil { | ||
493 | // AssumeRole Token provider is required if doing Assume Role | ||
494 | // with MFA. | ||
495 | return AssumeRoleTokenProviderNotSetError{} | ||
496 | } | ||
497 | |||
498 | cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts) | ||
499 | case credSourceEnvironment: | ||
500 | cfg.Credentials = credentials.NewStaticCredentialsFromCreds( | ||
501 | envCfg.Creds, | ||
502 | ) | ||
503 | case credSourceECSContainer: | ||
504 | if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 { | ||
505 | return ErrSharedConfigECSContainerEnvVarEmpty | ||
506 | } | ||
507 | |||
508 | cfgCp := *cfg | ||
509 | p := defaults.RemoteCredProvider(cfgCp, handlers) | ||
510 | creds := credentials.NewCredentials(p) | ||
511 | |||
512 | cfg.Credentials = creds | ||
513 | default: | ||
514 | return ErrSharedConfigInvalidCredSource | ||
515 | } | ||
516 | |||
517 | return nil | ||
518 | } | ||
519 | |||
520 | if len(envCfg.Creds.AccessKeyID) > 0 { | ||
521 | cfg.Credentials = credentials.NewStaticCredentialsFromCreds( | ||
522 | envCfg.Creds, | ||
523 | ) | ||
524 | } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { | ||
525 | cfgCp := *cfg | ||
526 | cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds( | ||
527 | sharedCfg.AssumeRoleSource.Creds, | ||
528 | ) | ||
529 | |||
530 | if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil { | ||
531 | // AssumeRole Token provider is required if doing Assume Role | ||
532 | // with MFA. | ||
533 | return AssumeRoleTokenProviderNotSetError{} | ||
534 | } | ||
535 | |||
536 | cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts) | ||
537 | } else if len(sharedCfg.Creds.AccessKeyID) > 0 { | ||
538 | cfg.Credentials = credentials.NewStaticCredentialsFromCreds( | ||
539 | sharedCfg.Creds, | ||
540 | ) | ||
541 | } else if len(sharedCfg.CredentialProcess) > 0 { | ||
542 | cfg.Credentials = processcreds.NewCredentials( | ||
543 | sharedCfg.CredentialProcess, | ||
544 | ) | ||
545 | } else { | ||
546 | // Fallback to default credentials provider, include mock errors | ||
547 | // for the credential chain so user can identify why credentials | ||
548 | // failed to be retrieved. | ||
549 | cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{ | ||
550 | VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), | ||
551 | Providers: []credentials.Provider{ | ||
552 | &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)}, | ||
553 | &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)}, | ||
554 | defaults.RemoteCredProvider(*cfg, handlers), | ||
555 | }, | ||
556 | }) | ||
557 | } | 508 | } |
509 | cfg.Credentials = creds | ||
558 | } | 510 | } |
559 | 511 | ||
560 | return nil | 512 | return nil |
561 | } | 513 | } |
562 | 514 | ||
563 | func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials { | ||
564 | return stscreds.NewCredentials( | ||
565 | &Session{ | ||
566 | Config: &cfg, | ||
567 | Handlers: handlers.Copy(), | ||
568 | }, | ||
569 | sharedCfg.AssumeRole.RoleARN, | ||
570 | func(opt *stscreds.AssumeRoleProvider) { | ||
571 | opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName | ||
572 | |||
573 | // Assume role with external ID | ||
574 | if len(sharedCfg.AssumeRole.ExternalID) > 0 { | ||
575 | opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) | ||
576 | } | ||
577 | |||
578 | // Assume role with MFA | ||
579 | if len(sharedCfg.AssumeRole.MFASerial) > 0 { | ||
580 | opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial) | ||
581 | opt.TokenProvider = sessOpts.AssumeRoleTokenProvider | ||
582 | } | ||
583 | }, | ||
584 | ) | ||
585 | } | ||
586 | |||
587 | // AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the | ||
588 | // MFAToken option is not set when shared config is configured load assume a | ||
589 | // role with an MFA token. | ||
590 | type AssumeRoleTokenProviderNotSetError struct{} | ||
591 | |||
592 | // Code is the short id of the error. | ||
593 | func (e AssumeRoleTokenProviderNotSetError) Code() string { | ||
594 | return "AssumeRoleTokenProviderNotSetError" | ||
595 | } | ||
596 | |||
597 | // Message is the description of the error | ||
598 | func (e AssumeRoleTokenProviderNotSetError) Message() string { | ||
599 | return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.") | ||
600 | } | ||
601 | |||
602 | // OrigErr is the underlying error that caused the failure. | ||
603 | func (e AssumeRoleTokenProviderNotSetError) OrigErr() error { | ||
604 | return nil | ||
605 | } | ||
606 | |||
607 | // Error satisfies the error interface. | ||
608 | func (e AssumeRoleTokenProviderNotSetError) Error() string { | ||
609 | return awserr.SprintError(e.Code(), e.Message(), "", nil) | ||
610 | } | ||
611 | |||
612 | type credProviderError struct { | ||
613 | Err error | ||
614 | } | ||
615 | |||
616 | var emptyCreds = credentials.Value{} | ||
617 | |||
618 | func (c credProviderError) Retrieve() (credentials.Value, error) { | ||
619 | return credentials.Value{}, c.Err | ||
620 | } | ||
621 | func (c credProviderError) IsExpired() bool { | ||
622 | return true | ||
623 | } | ||
624 | |||
625 | func initHandlers(s *Session) { | 515 | func initHandlers(s *Session) { |
626 | // Add the Validate parameter handler if it is not disabled. | 516 | // Add the Validate parameter handler if it is not disabled. |
627 | s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler) | 517 | s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler) |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 7cb4402..5170b49 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go | |||
@@ -5,7 +5,6 @@ import ( | |||
5 | 5 | ||
6 | "github.com/aws/aws-sdk-go/aws/awserr" | 6 | "github.com/aws/aws-sdk-go/aws/awserr" |
7 | "github.com/aws/aws-sdk-go/aws/credentials" | 7 | "github.com/aws/aws-sdk-go/aws/credentials" |
8 | |||
9 | "github.com/aws/aws-sdk-go/internal/ini" | 8 | "github.com/aws/aws-sdk-go/internal/ini" |
10 | ) | 9 | ) |
11 | 10 | ||
@@ -28,8 +27,12 @@ const ( | |||
28 | 27 | ||
29 | // endpoint discovery group | 28 | // endpoint discovery group |
30 | enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional | 29 | enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional |
30 | |||
31 | // External Credential Process | 31 | // External Credential Process |
32 | credentialProcessKey = `credential_process` | 32 | credentialProcessKey = `credential_process` // optional |
33 | |||
34 | // Web Identity Token File | ||
35 | webIdentityTokenFileKey = `web_identity_token_file` // optional | ||
33 | 36 | ||
34 | // DefaultSharedConfigProfile is the default profile to be used when | 37 | // DefaultSharedConfigProfile is the default profile to be used when |
35 | // loading configuration from the config files if another profile name | 38 | // loading configuration from the config files if another profile name |
@@ -37,36 +40,33 @@ const ( | |||
37 | DefaultSharedConfigProfile = `default` | 40 | DefaultSharedConfigProfile = `default` |
38 | ) | 41 | ) |
39 | 42 | ||
40 | type assumeRoleConfig struct { | ||
41 | RoleARN string | ||
42 | SourceProfile string | ||
43 | CredentialSource string | ||
44 | ExternalID string | ||
45 | MFASerial string | ||
46 | RoleSessionName string | ||
47 | } | ||
48 | |||
49 | // sharedConfig represents the configuration fields of the SDK config files. | 43 | // sharedConfig represents the configuration fields of the SDK config files. |
50 | type sharedConfig struct { | 44 | type sharedConfig struct { |
51 | // Credentials values from the config file. Both aws_access_key_id | 45 | // Credentials values from the config file. Both aws_access_key_id and |
52 | // and aws_secret_access_key must be provided together in the same file | 46 | // aws_secret_access_key must be provided together in the same file to be |
53 | // to be considered valid. The values will be ignored if not a complete group. | 47 | // considered valid. The values will be ignored if not a complete group. |
54 | // aws_session_token is an optional field that can be provided if both of the | 48 | // aws_session_token is an optional field that can be provided if both of |
55 | // other two fields are also provided. | 49 | // the other two fields are also provided. |
56 | // | 50 | // |
57 | // aws_access_key_id | 51 | // aws_access_key_id |
58 | // aws_secret_access_key | 52 | // aws_secret_access_key |
59 | // aws_session_token | 53 | // aws_session_token |
60 | Creds credentials.Value | 54 | Creds credentials.Value |
61 | 55 | ||
62 | AssumeRole assumeRoleConfig | 56 | CredentialSource string |
63 | AssumeRoleSource *sharedConfig | 57 | CredentialProcess string |
58 | WebIdentityTokenFile string | ||
59 | |||
60 | RoleARN string | ||
61 | RoleSessionName string | ||
62 | ExternalID string | ||
63 | MFASerial string | ||
64 | 64 | ||
65 | // An external process to request credentials | 65 | SourceProfileName string |
66 | CredentialProcess string | 66 | SourceProfile *sharedConfig |
67 | 67 | ||
68 | // Region is the region the SDK should use for looking up AWS service endpoints | 68 | // Region is the region the SDK should use for looking up AWS service |
69 | // and signing requests. | 69 | // endpoints and signing requests. |
70 | // | 70 | // |
71 | // region | 71 | // region |
72 | Region string | 72 | Region string |
@@ -83,17 +83,18 @@ type sharedConfigFile struct { | |||
83 | IniData ini.Sections | 83 | IniData ini.Sections |
84 | } | 84 | } |
85 | 85 | ||
86 | // loadSharedConfig retrieves the configuration from the list of files | 86 | // loadSharedConfig retrieves the configuration from the list of files using |
87 | // using the profile provided. The order the files are listed will determine | 87 | // the profile provided. The order the files are listed will determine |
88 | // precedence. Values in subsequent files will overwrite values defined in | 88 | // precedence. Values in subsequent files will overwrite values defined in |
89 | // earlier files. | 89 | // earlier files. |
90 | // | 90 | // |
91 | // For example, given two files A and B. Both define credentials. If the order | 91 | // For example, given two files A and B. Both define credentials. If the order |
92 | // of the files are A then B, B's credential values will be used instead of A's. | 92 | // of the files are A then B, B's credential values will be used instead of |
93 | // A's. | ||
93 | // | 94 | // |
94 | // See sharedConfig.setFromFile for information how the config files | 95 | // See sharedConfig.setFromFile for information how the config files |
95 | // will be loaded. | 96 | // will be loaded. |
96 | func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) { | 97 | func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) { |
97 | if len(profile) == 0 { | 98 | if len(profile) == 0 { |
98 | profile = DefaultSharedConfigProfile | 99 | profile = DefaultSharedConfigProfile |
99 | } | 100 | } |
@@ -104,16 +105,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) | |||
104 | } | 105 | } |
105 | 106 | ||
106 | cfg := sharedConfig{} | 107 | cfg := sharedConfig{} |
107 | if err = cfg.setFromIniFiles(profile, files); err != nil { | 108 | profiles := map[string]struct{}{} |
109 | if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil { | ||
108 | return sharedConfig{}, err | 110 | return sharedConfig{}, err |
109 | } | 111 | } |
110 | 112 | ||
111 | if len(cfg.AssumeRole.SourceProfile) > 0 { | ||
112 | if err := cfg.setAssumeRoleSource(profile, files); err != nil { | ||
113 | return sharedConfig{}, err | ||
114 | } | ||
115 | } | ||
116 | |||
117 | return cfg, nil | 113 | return cfg, nil |
118 | } | 114 | } |
119 | 115 | ||
@@ -137,60 +133,88 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) { | |||
137 | return files, nil | 133 | return files, nil |
138 | } | 134 | } |
139 | 135 | ||
140 | func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error { | 136 | func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error { |
141 | var assumeRoleSrc sharedConfig | 137 | // Trim files from the list that don't exist. |
142 | 138 | var skippedFiles int | |
143 | if len(cfg.AssumeRole.CredentialSource) > 0 { | 139 | var profileNotFoundErr error |
144 | // setAssumeRoleSource is only called when source_profile is found. | 140 | for _, f := range files { |
145 | // If both source_profile and credential_source are set, then | 141 | if err := cfg.setFromIniFile(profile, f, exOpts); err != nil { |
146 | // ErrSharedConfigSourceCollision will be returned | 142 | if _, ok := err.(SharedConfigProfileNotExistsError); ok { |
147 | return ErrSharedConfigSourceCollision | 143 | // Ignore profiles not defined in individual files. |
144 | profileNotFoundErr = err | ||
145 | skippedFiles++ | ||
146 | continue | ||
147 | } | ||
148 | return err | ||
149 | } | ||
150 | } | ||
151 | if skippedFiles == len(files) { | ||
152 | // If all files were skipped because the profile is not found, return | ||
153 | // the original profile not found error. | ||
154 | return profileNotFoundErr | ||
148 | } | 155 | } |
149 | 156 | ||
150 | // Multiple level assume role chains are not support | 157 | if _, ok := profiles[profile]; ok { |
151 | if cfg.AssumeRole.SourceProfile == origProfile { | 158 | // if this is the second instance of the profile the Assume Role |
152 | assumeRoleSrc = *cfg | 159 | // options must be cleared because they are only valid for the |
153 | assumeRoleSrc.AssumeRole = assumeRoleConfig{} | 160 | // first reference of a profile. The self linked instance of the |
161 | // profile only have credential provider options. | ||
162 | cfg.clearAssumeRoleOptions() | ||
154 | } else { | 163 | } else { |
155 | err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files) | 164 | // First time a profile has been seen, It must either be a assume role |
156 | if err != nil { | 165 | // or credentials. Assert if the credential type requires a role ARN, |
166 | // the ARN is also set. | ||
167 | if err := cfg.validateCredentialsRequireARN(profile); err != nil { | ||
157 | return err | 168 | return err |
158 | } | 169 | } |
159 | } | 170 | } |
171 | profiles[profile] = struct{}{} | ||
160 | 172 | ||
161 | if len(assumeRoleSrc.Creds.AccessKeyID) == 0 { | 173 | if err := cfg.validateCredentialType(); err != nil { |
162 | return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN} | 174 | return err |
163 | } | 175 | } |
164 | 176 | ||
165 | cfg.AssumeRoleSource = &assumeRoleSrc | 177 | // Link source profiles for assume roles |
166 | 178 | if len(cfg.SourceProfileName) != 0 { | |
167 | return nil | 179 | // Linked profile via source_profile ignore credential provider |
168 | } | 180 | // options, the source profile must provide the credentials. |
181 | cfg.clearCredentialOptions() | ||
169 | 182 | ||
170 | func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error { | 183 | srcCfg := &sharedConfig{} |
171 | // Trim files from the list that don't exist. | 184 | err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts) |
172 | for _, f := range files { | 185 | if err != nil { |
173 | if err := cfg.setFromIniFile(profile, f); err != nil { | 186 | // SourceProfile that doesn't exist is an error in configuration. |
174 | if _, ok := err.(SharedConfigProfileNotExistsError); ok { | 187 | if _, ok := err.(SharedConfigProfileNotExistsError); ok { |
175 | // Ignore proviles missings | 188 | err = SharedConfigAssumeRoleError{ |
176 | continue | 189 | RoleARN: cfg.RoleARN, |
190 | SourceProfile: cfg.SourceProfileName, | ||
191 | } | ||
177 | } | 192 | } |
178 | return err | 193 | return err |
179 | } | 194 | } |
195 | |||
196 | if !srcCfg.hasCredentials() { | ||
197 | return SharedConfigAssumeRoleError{ | ||
198 | RoleARN: cfg.RoleARN, | ||
199 | SourceProfile: cfg.SourceProfileName, | ||
200 | } | ||
201 | } | ||
202 | |||
203 | cfg.SourceProfile = srcCfg | ||
180 | } | 204 | } |
181 | 205 | ||
182 | return nil | 206 | return nil |
183 | } | 207 | } |
184 | 208 | ||
185 | // setFromFile loads the configuration from the file using | 209 | // setFromFile loads the configuration from the file using the profile |
186 | // the profile provided. A sharedConfig pointer type value is used so that | 210 | // provided. A sharedConfig pointer type value is used so that multiple config |
187 | // multiple config file loadings can be chained. | 211 | // file loadings can be chained. |
188 | // | 212 | // |
189 | // Only loads complete logically grouped values, and will not set fields in cfg | 213 | // Only loads complete logically grouped values, and will not set fields in cfg |
190 | // for incomplete grouped values in the config. Such as credentials. For example | 214 | // for incomplete grouped values in the config. Such as credentials. For |
191 | // if a config file only includes aws_access_key_id but no aws_secret_access_key | 215 | // example if a config file only includes aws_access_key_id but no |
192 | // the aws_access_key_id will be ignored. | 216 | // aws_secret_access_key the aws_access_key_id will be ignored. |
193 | func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error { | 217 | func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error { |
194 | section, ok := file.IniData.GetSection(profile) | 218 | section, ok := file.IniData.GetSection(profile) |
195 | if !ok { | 219 | if !ok { |
196 | // Fallback to to alternate profile name: profile <name> | 220 | // Fallback to to alternate profile name: profile <name> |
@@ -200,42 +224,30 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e | |||
200 | } | 224 | } |
201 | } | 225 | } |
202 | 226 | ||
203 | // Shared Credentials | 227 | if exOpts { |
204 | akid := section.String(accessKeyIDKey) | 228 | // Assume Role Parameters |
205 | secret := section.String(secretAccessKey) | 229 | updateString(&cfg.RoleARN, section, roleArnKey) |
206 | if len(akid) > 0 && len(secret) > 0 { | 230 | updateString(&cfg.ExternalID, section, externalIDKey) |
207 | cfg.Creds = credentials.Value{ | 231 | updateString(&cfg.MFASerial, section, mfaSerialKey) |
208 | AccessKeyID: akid, | 232 | updateString(&cfg.RoleSessionName, section, roleSessionNameKey) |
209 | SecretAccessKey: secret, | 233 | updateString(&cfg.SourceProfileName, section, sourceProfileKey) |
210 | SessionToken: section.String(sessionTokenKey), | 234 | updateString(&cfg.CredentialSource, section, credentialSourceKey) |
211 | ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename), | ||
212 | } | ||
213 | } | ||
214 | 235 | ||
215 | // Assume Role | 236 | updateString(&cfg.Region, section, regionKey) |
216 | roleArn := section.String(roleArnKey) | ||
217 | srcProfile := section.String(sourceProfileKey) | ||
218 | credentialSource := section.String(credentialSourceKey) | ||
219 | hasSource := len(srcProfile) > 0 || len(credentialSource) > 0 | ||
220 | if len(roleArn) > 0 && hasSource { | ||
221 | cfg.AssumeRole = assumeRoleConfig{ | ||
222 | RoleARN: roleArn, | ||
223 | SourceProfile: srcProfile, | ||
224 | CredentialSource: credentialSource, | ||
225 | ExternalID: section.String(externalIDKey), | ||
226 | MFASerial: section.String(mfaSerialKey), | ||
227 | RoleSessionName: section.String(roleSessionNameKey), | ||
228 | } | ||
229 | } | 237 | } |
230 | 238 | ||
231 | // `credential_process` | 239 | updateString(&cfg.CredentialProcess, section, credentialProcessKey) |
232 | if credProc := section.String(credentialProcessKey); len(credProc) > 0 { | 240 | updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey) |
233 | cfg.CredentialProcess = credProc | ||
234 | } | ||
235 | 241 | ||
236 | // Region | 242 | // Shared Credentials |
237 | if v := section.String(regionKey); len(v) > 0 { | 243 | creds := credentials.Value{ |
238 | cfg.Region = v | 244 | AccessKeyID: section.String(accessKeyIDKey), |
245 | SecretAccessKey: section.String(secretAccessKey), | ||
246 | SessionToken: section.String(sessionTokenKey), | ||
247 | ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename), | ||
248 | } | ||
249 | if creds.HasKeys() { | ||
250 | cfg.Creds = creds | ||
239 | } | 251 | } |
240 | 252 | ||
241 | // Endpoint discovery | 253 | // Endpoint discovery |
@@ -247,6 +259,95 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e | |||
247 | return nil | 259 | return nil |
248 | } | 260 | } |
249 | 261 | ||
262 | func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error { | ||
263 | var credSource string | ||
264 | |||
265 | switch { | ||
266 | case len(cfg.SourceProfileName) != 0: | ||
267 | credSource = sourceProfileKey | ||
268 | case len(cfg.CredentialSource) != 0: | ||
269 | credSource = credentialSourceKey | ||
270 | case len(cfg.WebIdentityTokenFile) != 0: | ||
271 | credSource = webIdentityTokenFileKey | ||
272 | } | ||
273 | |||
274 | if len(credSource) != 0 && len(cfg.RoleARN) == 0 { | ||
275 | return CredentialRequiresARNError{ | ||
276 | Type: credSource, | ||
277 | Profile: profile, | ||
278 | } | ||
279 | } | ||
280 | |||
281 | return nil | ||
282 | } | ||
283 | |||
284 | func (cfg *sharedConfig) validateCredentialType() error { | ||
285 | // Only one or no credential type can be defined. | ||
286 | if !oneOrNone( | ||
287 | len(cfg.SourceProfileName) != 0, | ||
288 | len(cfg.CredentialSource) != 0, | ||
289 | len(cfg.CredentialProcess) != 0, | ||
290 | len(cfg.WebIdentityTokenFile) != 0, | ||
291 | ) { | ||
292 | return ErrSharedConfigSourceCollision | ||
293 | } | ||
294 | |||
295 | return nil | ||
296 | } | ||
297 | |||
298 | func (cfg *sharedConfig) hasCredentials() bool { | ||
299 | switch { | ||
300 | case len(cfg.SourceProfileName) != 0: | ||
301 | case len(cfg.CredentialSource) != 0: | ||
302 | case len(cfg.CredentialProcess) != 0: | ||
303 | case len(cfg.WebIdentityTokenFile) != 0: | ||
304 | case cfg.Creds.HasKeys(): | ||
305 | default: | ||
306 | return false | ||
307 | } | ||
308 | |||
309 | return true | ||
310 | } | ||
311 | |||
312 | func (cfg *sharedConfig) clearCredentialOptions() { | ||
313 | cfg.CredentialSource = "" | ||
314 | cfg.CredentialProcess = "" | ||
315 | cfg.WebIdentityTokenFile = "" | ||
316 | cfg.Creds = credentials.Value{} | ||
317 | } | ||
318 | |||
319 | func (cfg *sharedConfig) clearAssumeRoleOptions() { | ||
320 | cfg.RoleARN = "" | ||
321 | cfg.ExternalID = "" | ||
322 | cfg.MFASerial = "" | ||
323 | cfg.RoleSessionName = "" | ||
324 | cfg.SourceProfileName = "" | ||
325 | } | ||
326 | |||
327 | func oneOrNone(bs ...bool) bool { | ||
328 | var count int | ||
329 | |||
330 | for _, b := range bs { | ||
331 | if b { | ||
332 | count++ | ||
333 | if count > 1 { | ||
334 | return false | ||
335 | } | ||
336 | } | ||
337 | } | ||
338 | |||
339 | return true | ||
340 | } | ||
341 | |||
342 | // updateString will only update the dst with the value in the section key, key | ||
343 | // is present in the section. | ||
344 | func updateString(dst *string, section ini.Section, key string) { | ||
345 | if !section.Has(key) { | ||
346 | return | ||
347 | } | ||
348 | *dst = section.String(key) | ||
349 | } | ||
350 | |||
250 | // SharedConfigLoadError is an error for the shared config file failed to load. | 351 | // SharedConfigLoadError is an error for the shared config file failed to load. |
251 | type SharedConfigLoadError struct { | 352 | type SharedConfigLoadError struct { |
252 | Filename string | 353 | Filename string |
@@ -304,7 +405,8 @@ func (e SharedConfigProfileNotExistsError) Error() string { | |||
304 | // profile contains assume role information, but that information is invalid | 405 | // profile contains assume role information, but that information is invalid |
305 | // or not complete. | 406 | // or not complete. |
306 | type SharedConfigAssumeRoleError struct { | 407 | type SharedConfigAssumeRoleError struct { |
307 | RoleARN string | 408 | RoleARN string |
409 | SourceProfile string | ||
308 | } | 410 | } |
309 | 411 | ||
310 | // Code is the short id of the error. | 412 | // Code is the short id of the error. |
@@ -314,8 +416,10 @@ func (e SharedConfigAssumeRoleError) Code() string { | |||
314 | 416 | ||
315 | // Message is the description of the error | 417 | // Message is the description of the error |
316 | func (e SharedConfigAssumeRoleError) Message() string { | 418 | func (e SharedConfigAssumeRoleError) Message() string { |
317 | return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials", | 419 | return fmt.Sprintf( |
318 | e.RoleARN) | 420 | "failed to load assume role for %s, source profile %s has no shared credentials", |
421 | e.RoleARN, e.SourceProfile, | ||
422 | ) | ||
319 | } | 423 | } |
320 | 424 | ||
321 | // OrigErr is the underlying error that caused the failure. | 425 | // OrigErr is the underlying error that caused the failure. |
@@ -327,3 +431,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error { | |||
327 | func (e SharedConfigAssumeRoleError) Error() string { | 431 | func (e SharedConfigAssumeRoleError) Error() string { |
328 | return awserr.SprintError(e.Code(), e.Message(), "", nil) | 432 | return awserr.SprintError(e.Code(), e.Message(), "", nil) |
329 | } | 433 | } |
434 | |||
435 | // CredentialRequiresARNError provides the error for shared config credentials | ||
436 | // that are incorrectly configured in the shared config or credentials file. | ||
437 | type CredentialRequiresARNError struct { | ||
438 | // type of credentials that were configured. | ||
439 | Type string | ||
440 | |||
441 | // Profile name the credentials were in. | ||
442 | Profile string | ||
443 | } | ||
444 | |||
445 | // Code is the short id of the error. | ||
446 | func (e CredentialRequiresARNError) Code() string { | ||
447 | return "CredentialRequiresARNError" | ||
448 | } | ||
449 | |||
450 | // Message is the description of the error | ||
451 | func (e CredentialRequiresARNError) Message() string { | ||
452 | return fmt.Sprintf( | ||
453 | "credential type %s requires role_arn, profile %s", | ||
454 | e.Type, e.Profile, | ||
455 | ) | ||
456 | } | ||
457 | |||
458 | // OrigErr is the underlying error that caused the failure. | ||
459 | func (e CredentialRequiresARNError) OrigErr() error { | ||
460 | return nil | ||
461 | } | ||
462 | |||
463 | // Error satisfies the error interface. | ||
464 | func (e CredentialRequiresARNError) Error() string { | ||
465 | return awserr.SprintError(e.Code(), e.Message(), "", nil) | ||
466 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 523db79..8104793 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go | |||
@@ -687,7 +687,11 @@ func (ctx *signingCtx) buildBodyDigest() error { | |||
687 | if !aws.IsReaderSeekable(ctx.Body) { | 687 | if !aws.IsReaderSeekable(ctx.Body) { |
688 | return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body) | 688 | return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body) |
689 | } | 689 | } |
690 | hash = hex.EncodeToString(makeSha256Reader(ctx.Body)) | 690 | hashBytes, err := makeSha256Reader(ctx.Body) |
691 | if err != nil { | ||
692 | return err | ||
693 | } | ||
694 | hash = hex.EncodeToString(hashBytes) | ||
691 | } | 695 | } |
692 | 696 | ||
693 | if includeSHA256Header { | 697 | if includeSHA256Header { |
@@ -734,10 +738,16 @@ func makeSha256(data []byte) []byte { | |||
734 | return hash.Sum(nil) | 738 | return hash.Sum(nil) |
735 | } | 739 | } |
736 | 740 | ||
737 | func makeSha256Reader(reader io.ReadSeeker) []byte { | 741 | func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) { |
738 | hash := sha256.New() | 742 | hash := sha256.New() |
739 | start, _ := reader.Seek(0, sdkio.SeekCurrent) | 743 | start, err := reader.Seek(0, sdkio.SeekCurrent) |
740 | defer reader.Seek(start, sdkio.SeekStart) | 744 | if err != nil { |
745 | return nil, err | ||
746 | } | ||
747 | defer func() { | ||
748 | // ensure error is return if unable to seek back to start of payload. | ||
749 | _, err = reader.Seek(start, sdkio.SeekStart) | ||
750 | }() | ||
741 | 751 | ||
742 | // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies | 752 | // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies |
743 | // smaller than 32KB. Fall back to io.Copy if we fail to determine the size. | 753 | // smaller than 32KB. Fall back to io.Copy if we fail to determine the size. |
@@ -748,7 +758,7 @@ func makeSha256Reader(reader io.ReadSeeker) []byte { | |||
748 | io.CopyN(hash, reader, size) | 758 | io.CopyN(hash, reader, size) |
749 | } | 759 | } |
750 | 760 | ||
751 | return hash.Sum(nil) | 761 | return hash.Sum(nil), nil |
752 | } | 762 | } |
753 | 763 | ||
754 | const doubleSpace = " " | 764 | const doubleSpace = " " |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go index 8b6f234..4550915 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go | |||
@@ -7,13 +7,18 @@ import ( | |||
7 | "github.com/aws/aws-sdk-go/internal/sdkio" | 7 | "github.com/aws/aws-sdk-go/internal/sdkio" |
8 | ) | 8 | ) |
9 | 9 | ||
10 | // ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should | 10 | // ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the |
11 | // only be used with an io.Reader that is also an io.Seeker. Doing so may | 11 | // SDK to accept an io.Reader that is not also an io.Seeker for unsigned |
12 | // cause request signature errors, or request body's not sent for GET, HEAD | 12 | // streaming payload API operations. |
13 | // and DELETE HTTP methods. | ||
14 | // | 13 | // |
15 | // Deprecated: Should only be used with io.ReadSeeker. If using for | 14 | // A ReadSeekCloser wrapping an nonseekable io.Reader used in an API |
16 | // S3 PutObject to stream content use s3manager.Uploader instead. | 15 | // operation's input will prevent that operation being retried in the case of |
16 | // network errors, and cause operation requests to fail if the operation | ||
17 | // requires payload signing. | ||
18 | // | ||
19 | // Note: If using With S3 PutObject to stream an object upload The SDK's S3 | ||
20 | // Upload manager (s3manager.Uploader) provides support for streaming with the | ||
21 | // ability to retry network errors. | ||
17 | func ReadSeekCloser(r io.Reader) ReaderSeekerCloser { | 22 | func ReadSeekCloser(r io.Reader) ReaderSeekerCloser { |
18 | return ReaderSeekerCloser{r} | 23 | return ReaderSeekerCloser{r} |
19 | } | 24 | } |
@@ -43,7 +48,8 @@ func IsReaderSeekable(r io.Reader) bool { | |||
43 | // Read reads from the reader up to size of p. The number of bytes read, and | 48 | // Read reads from the reader up to size of p. The number of bytes read, and |
44 | // error if it occurred will be returned. | 49 | // error if it occurred will be returned. |
45 | // | 50 | // |
46 | // If the reader is not an io.Reader zero bytes read, and nil error will be returned. | 51 | // If the reader is not an io.Reader zero bytes read, and nil error will be |
52 | // returned. | ||
47 | // | 53 | // |
48 | // Performs the same functionality as io.Reader Read | 54 | // Performs the same functionality as io.Reader Read |
49 | func (r ReaderSeekerCloser) Read(p []byte) (int, error) { | 55 | func (r ReaderSeekerCloser) Read(p []byte) (int, error) { |
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 15ad9cf..23aae7d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go | |||
@@ -5,4 +5,4 @@ package aws | |||
5 | const SDKName = "aws-sdk-go" | 5 | const SDKName = "aws-sdk-go" |
6 | 6 | ||
7 | // SDKVersion is the version of this SDK | 7 | // SDKVersion is the version of this SDK |
8 | const SDKVersion = "1.19.18" | 8 | const SDKVersion = "1.21.7" |
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go index f997033..e56dcee 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go | |||
@@ -304,7 +304,9 @@ loop: | |||
304 | stmt := newCommentStatement(tok) | 304 | stmt := newCommentStatement(tok) |
305 | stack.Push(stmt) | 305 | stack.Push(stmt) |
306 | default: | 306 | default: |
307 | return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok)) | 307 | return nil, NewParseError( |
308 | fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", | ||
309 | k, tok.Type())) | ||
308 | } | 310 | } |
309 | 311 | ||
310 | if len(tokens) > 0 { | 312 | if len(tokens) > 0 { |
@@ -314,7 +316,7 @@ loop: | |||
314 | 316 | ||
315 | // this occurs when a statement has not been completed | 317 | // this occurs when a statement has not been completed |
316 | if stack.top > 1 { | 318 | if stack.top > 1 { |
317 | return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container)) | 319 | return nil, NewParseError(fmt.Sprintf("incomplete ini expression")) |
318 | } | 320 | } |
319 | 321 | ||
320 | // returns a sublist which excludes the start symbol | 322 | // returns a sublist which excludes the start symbol |
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go new file mode 100644 index 0000000..864fb67 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go | |||
@@ -0,0 +1,296 @@ | |||
1 | // Package jsonutil provides JSON serialization of AWS requests and responses. | ||
2 | package jsonutil | ||
3 | |||
4 | import ( | ||
5 | "bytes" | ||
6 | "encoding/base64" | ||
7 | "encoding/json" | ||
8 | "fmt" | ||
9 | "math" | ||
10 | "reflect" | ||
11 | "sort" | ||
12 | "strconv" | ||
13 | "time" | ||
14 | |||
15 | "github.com/aws/aws-sdk-go/aws" | ||
16 | "github.com/aws/aws-sdk-go/private/protocol" | ||
17 | ) | ||
18 | |||
19 | var timeType = reflect.ValueOf(time.Time{}).Type() | ||
20 | var byteSliceType = reflect.ValueOf([]byte{}).Type() | ||
21 | |||
22 | // BuildJSON builds a JSON string for a given object v. | ||
23 | func BuildJSON(v interface{}) ([]byte, error) { | ||
24 | var buf bytes.Buffer | ||
25 | |||
26 | err := buildAny(reflect.ValueOf(v), &buf, "") | ||
27 | return buf.Bytes(), err | ||
28 | } | ||
29 | |||
30 | func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error { | ||
31 | origVal := value | ||
32 | value = reflect.Indirect(value) | ||
33 | if !value.IsValid() { | ||
34 | return nil | ||
35 | } | ||
36 | |||
37 | vtype := value.Type() | ||
38 | |||
39 | t := tag.Get("type") | ||
40 | if t == "" { | ||
41 | switch vtype.Kind() { | ||
42 | case reflect.Struct: | ||
43 | // also it can't be a time object | ||
44 | if value.Type() != timeType { | ||
45 | t = "structure" | ||
46 | } | ||
47 | case reflect.Slice: | ||
48 | // also it can't be a byte slice | ||
49 | if _, ok := value.Interface().([]byte); !ok { | ||
50 | t = "list" | ||
51 | } | ||
52 | case reflect.Map: | ||
53 | // cannot be a JSONValue map | ||
54 | if _, ok := value.Interface().(aws.JSONValue); !ok { | ||
55 | t = "map" | ||
56 | } | ||
57 | } | ||
58 | } | ||
59 | |||
60 | switch t { | ||
61 | case "structure": | ||
62 | if field, ok := vtype.FieldByName("_"); ok { | ||
63 | tag = field.Tag | ||
64 | } | ||
65 | return buildStruct(value, buf, tag) | ||
66 | case "list": | ||
67 | return buildList(value, buf, tag) | ||
68 | case "map": | ||
69 | return buildMap(value, buf, tag) | ||
70 | default: | ||
71 | return buildScalar(origVal, buf, tag) | ||
72 | } | ||
73 | } | ||
74 | |||
75 | func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error { | ||
76 | if !value.IsValid() { | ||
77 | return nil | ||
78 | } | ||
79 | |||
80 | // unwrap payloads | ||
81 | if payload := tag.Get("payload"); payload != "" { | ||
82 | field, _ := value.Type().FieldByName(payload) | ||
83 | tag = field.Tag | ||
84 | value = elemOf(value.FieldByName(payload)) | ||
85 | |||
86 | if !value.IsValid() { | ||
87 | return nil | ||
88 | } | ||
89 | } | ||
90 | |||
91 | buf.WriteByte('{') | ||
92 | |||
93 | t := value.Type() | ||
94 | first := true | ||
95 | for i := 0; i < t.NumField(); i++ { | ||
96 | member := value.Field(i) | ||
97 | |||
98 | // This allocates the most memory. | ||
99 | // Additionally, we cannot skip nil fields due to | ||
100 | // idempotency auto filling. | ||
101 | field := t.Field(i) | ||
102 | |||
103 | if field.PkgPath != "" { | ||
104 | continue // ignore unexported fields | ||
105 | } | ||
106 | if field.Tag.Get("json") == "-" { | ||
107 | continue | ||
108 | } | ||
109 | if field.Tag.Get("location") != "" { | ||
110 | continue // ignore non-body elements | ||
111 | } | ||
112 | if field.Tag.Get("ignore") != "" { | ||
113 | continue | ||
114 | } | ||
115 | |||
116 | if protocol.CanSetIdempotencyToken(member, field) { | ||
117 | token := protocol.GetIdempotencyToken() | ||
118 | member = reflect.ValueOf(&token) | ||
119 | } | ||
120 | |||
121 | if (member.Kind() == reflect.Ptr || member.Kind() == reflect.Slice || member.Kind() == reflect.Map) && member.IsNil() { | ||
122 | continue // ignore unset fields | ||
123 | } | ||
124 | |||
125 | if first { | ||
126 | first = false | ||
127 | } else { | ||
128 | buf.WriteByte(',') | ||
129 | } | ||
130 | |||
131 | // figure out what this field is called | ||
132 | name := field.Name | ||
133 | if locName := field.Tag.Get("locationName"); locName != "" { | ||
134 | name = locName | ||
135 | } | ||
136 | |||
137 | writeString(name, buf) | ||
138 | buf.WriteString(`:`) | ||
139 | |||
140 | err := buildAny(member, buf, field.Tag) | ||
141 | if err != nil { | ||
142 | return err | ||
143 | } | ||
144 | |||
145 | } | ||
146 | |||
147 | buf.WriteString("}") | ||
148 | |||
149 | return nil | ||
150 | } | ||
151 | |||
152 | func buildList(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error { | ||
153 | buf.WriteString("[") | ||
154 | |||
155 | for i := 0; i < value.Len(); i++ { | ||
156 | buildAny(value.Index(i), buf, "") | ||
157 | |||
158 | if i < value.Len()-1 { | ||
159 | buf.WriteString(",") | ||
160 | } | ||
161 | } | ||
162 | |||
163 | buf.WriteString("]") | ||
164 | |||
165 | return nil | ||
166 | } | ||
167 | |||
168 | type sortedValues []reflect.Value | ||
169 | |||
170 | func (sv sortedValues) Len() int { return len(sv) } | ||
171 | func (sv sortedValues) Swap(i, j int) { sv[i], sv[j] = sv[j], sv[i] } | ||
172 | func (sv sortedValues) Less(i, j int) bool { return sv[i].String() < sv[j].String() } | ||
173 | |||
174 | func buildMap(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error { | ||
175 | buf.WriteString("{") | ||
176 | |||
177 | sv := sortedValues(value.MapKeys()) | ||
178 | sort.Sort(sv) | ||
179 | |||
180 | for i, k := range sv { | ||
181 | if i > 0 { | ||
182 | buf.WriteByte(',') | ||
183 | } | ||
184 | |||
185 | writeString(k.String(), buf) | ||
186 | buf.WriteString(`:`) | ||
187 | |||
188 | buildAny(value.MapIndex(k), buf, "") | ||
189 | } | ||
190 | |||
191 | buf.WriteString("}") | ||
192 | |||
193 | return nil | ||
194 | } | ||
195 | |||
196 | func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error { | ||
197 | // prevents allocation on the heap. | ||
198 | scratch := [64]byte{} | ||
199 | switch value := reflect.Indirect(v); value.Kind() { | ||
200 | case reflect.String: | ||
201 | writeString(value.String(), buf) | ||
202 | case reflect.Bool: | ||
203 | if value.Bool() { | ||
204 | buf.WriteString("true") | ||
205 | } else { | ||
206 | buf.WriteString("false") | ||
207 | } | ||
208 | case reflect.Int64: | ||
209 | buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10)) | ||
210 | case reflect.Float64: | ||
211 | f := value.Float() | ||
212 | if math.IsInf(f, 0) || math.IsNaN(f) { | ||
213 | return &json.UnsupportedValueError{Value: v, Str: strconv.FormatFloat(f, 'f', -1, 64)} | ||
214 | } | ||
215 | buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64)) | ||
216 | default: | ||
217 | switch converted := value.Interface().(type) { | ||
218 | case time.Time: | ||
219 | format := tag.Get("timestampFormat") | ||
220 | if len(format) == 0 { | ||
221 | format = protocol.UnixTimeFormatName | ||
222 | } | ||
223 | |||
224 | ts := protocol.FormatTime(format, converted) | ||
225 | if format != protocol.UnixTimeFormatName { | ||
226 | ts = `"` + ts + `"` | ||
227 | } | ||
228 | |||
229 | buf.WriteString(ts) | ||
230 | case []byte: | ||
231 | if !value.IsNil() { | ||
232 | buf.WriteByte('"') | ||
233 | if len(converted) < 1024 { | ||
234 | // for small buffers, using Encode directly is much faster. | ||
235 | dst := make([]byte, base64.StdEncoding.EncodedLen(len(converted))) | ||
236 | base64.StdEncoding.Encode(dst, converted) | ||
237 | buf.Write(dst) | ||
238 | } else { | ||
239 | // for large buffers, avoid unnecessary extra temporary | ||
240 | // buffer space. | ||
241 | enc := base64.NewEncoder(base64.StdEncoding, buf) | ||
242 | enc.Write(converted) | ||
243 | enc.Close() | ||
244 | } | ||
245 | buf.WriteByte('"') | ||
246 | } | ||
247 | case aws.JSONValue: | ||
248 | str, err := protocol.EncodeJSONValue(converted, protocol.QuotedEscape) | ||
249 | if err != nil { | ||
250 | return fmt.Errorf("unable to encode JSONValue, %v", err) | ||
251 | } | ||
252 | buf.WriteString(str) | ||
253 | default: | ||
254 | return fmt.Errorf("unsupported JSON value %v (%s)", value.Interface(), value.Type()) | ||
255 | } | ||
256 | } | ||
257 | return nil | ||
258 | } | ||
259 | |||
260 | var hex = "0123456789abcdef" | ||
261 | |||
262 | func writeString(s string, buf *bytes.Buffer) { | ||
263 | buf.WriteByte('"') | ||
264 | for i := 0; i < len(s); i++ { | ||
265 | if s[i] == '"' { | ||
266 | buf.WriteString(`\"`) | ||
267 | } else if s[i] == '\\' { | ||
268 | buf.WriteString(`\\`) | ||
269 | } else if s[i] == '\b' { | ||
270 | buf.WriteString(`\b`) | ||
271 | } else if s[i] == '\f' { | ||
272 | buf.WriteString(`\f`) | ||
273 | } else if s[i] == '\r' { | ||
274 | buf.WriteString(`\r`) | ||
275 | } else if s[i] == '\t' { | ||
276 | buf.WriteString(`\t`) | ||
277 | } else if s[i] == '\n' { | ||
278 | buf.WriteString(`\n`) | ||
279 | } else if s[i] < 32 { | ||
280 | buf.WriteString("\\u00") | ||
281 | buf.WriteByte(hex[s[i]>>4]) | ||
282 | buf.WriteByte(hex[s[i]&0xF]) | ||
283 | } else { | ||
284 | buf.WriteByte(s[i]) | ||
285 | } | ||
286 | } | ||
287 | buf.WriteByte('"') | ||
288 | } | ||
289 | |||
290 | // Returns the reflection element of a value, if it is a pointer. | ||
291 | func elemOf(value reflect.Value) reflect.Value { | ||
292 | for value.Kind() == reflect.Ptr { | ||
293 | value = value.Elem() | ||
294 | } | ||
295 | return value | ||
296 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go new file mode 100644 index 0000000..ea0da79 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go | |||
@@ -0,0 +1,250 @@ | |||
1 | package jsonutil | ||
2 | |||
3 | import ( | ||
4 | "bytes" | ||
5 | "encoding/base64" | ||
6 | "encoding/json" | ||
7 | "fmt" | ||
8 | "io" | ||
9 | "reflect" | ||
10 | "time" | ||
11 | |||
12 | "github.com/aws/aws-sdk-go/aws" | ||
13 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
14 | "github.com/aws/aws-sdk-go/private/protocol" | ||
15 | ) | ||
16 | |||
17 | // UnmarshalJSONError unmarshal's the reader's JSON document into the passed in | ||
18 | // type. The value to unmarshal the json document into must be a pointer to the | ||
19 | // type. | ||
20 | func UnmarshalJSONError(v interface{}, stream io.Reader) error { | ||
21 | var errBuf bytes.Buffer | ||
22 | body := io.TeeReader(stream, &errBuf) | ||
23 | |||
24 | err := json.NewDecoder(body).Decode(v) | ||
25 | if err != nil { | ||
26 | msg := "failed decoding error message" | ||
27 | if err == io.EOF { | ||
28 | msg = "error message missing" | ||
29 | err = nil | ||
30 | } | ||
31 | return awserr.NewUnmarshalError(err, msg, errBuf.Bytes()) | ||
32 | } | ||
33 | |||
34 | return nil | ||
35 | } | ||
36 | |||
37 | // UnmarshalJSON reads a stream and unmarshals the results in object v. | ||
38 | func UnmarshalJSON(v interface{}, stream io.Reader) error { | ||
39 | var out interface{} | ||
40 | |||
41 | err := json.NewDecoder(stream).Decode(&out) | ||
42 | if err == io.EOF { | ||
43 | return nil | ||
44 | } else if err != nil { | ||
45 | return err | ||
46 | } | ||
47 | |||
48 | return unmarshalAny(reflect.ValueOf(v), out, "") | ||
49 | } | ||
50 | |||
51 | func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error { | ||
52 | vtype := value.Type() | ||
53 | if vtype.Kind() == reflect.Ptr { | ||
54 | vtype = vtype.Elem() // check kind of actual element type | ||
55 | } | ||
56 | |||
57 | t := tag.Get("type") | ||
58 | if t == "" { | ||
59 | switch vtype.Kind() { | ||
60 | case reflect.Struct: | ||
61 | // also it can't be a time object | ||
62 | if _, ok := value.Interface().(*time.Time); !ok { | ||
63 | t = "structure" | ||
64 | } | ||
65 | case reflect.Slice: | ||
66 | // also it can't be a byte slice | ||
67 | if _, ok := value.Interface().([]byte); !ok { | ||
68 | t = "list" | ||
69 | } | ||
70 | case reflect.Map: | ||
71 | // cannot be a JSONValue map | ||
72 | if _, ok := value.Interface().(aws.JSONValue); !ok { | ||
73 | t = "map" | ||
74 | } | ||
75 | } | ||
76 | } | ||
77 | |||
78 | switch t { | ||
79 | case "structure": | ||
80 | if field, ok := vtype.FieldByName("_"); ok { | ||
81 | tag = field.Tag | ||
82 | } | ||
83 | return unmarshalStruct(value, data, tag) | ||
84 | case "list": | ||
85 | return unmarshalList(value, data, tag) | ||
86 | case "map": | ||
87 | return unmarshalMap(value, data, tag) | ||
88 | default: | ||
89 | return unmarshalScalar(value, data, tag) | ||
90 | } | ||
91 | } | ||
92 | |||
93 | func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error { | ||
94 | if data == nil { | ||
95 | return nil | ||
96 | } | ||
97 | mapData, ok := data.(map[string]interface{}) | ||
98 | if !ok { | ||
99 | return fmt.Errorf("JSON value is not a structure (%#v)", data) | ||
100 | } | ||
101 | |||
102 | t := value.Type() | ||
103 | if value.Kind() == reflect.Ptr { | ||
104 | if value.IsNil() { // create the structure if it's nil | ||
105 | s := reflect.New(value.Type().Elem()) | ||
106 | value.Set(s) | ||
107 | value = s | ||
108 | } | ||
109 | |||
110 | value = value.Elem() | ||
111 | t = t.Elem() | ||
112 | } | ||
113 | |||
114 | // unwrap any payloads | ||
115 | if payload := tag.Get("payload"); payload != "" { | ||
116 | field, _ := t.FieldByName(payload) | ||
117 | return unmarshalAny(value.FieldByName(payload), data, field.Tag) | ||
118 | } | ||
119 | |||
120 | for i := 0; i < t.NumField(); i++ { | ||
121 | field := t.Field(i) | ||
122 | if field.PkgPath != "" { | ||
123 | continue // ignore unexported fields | ||
124 | } | ||
125 | |||
126 | // figure out what this field is called | ||
127 | name := field.Name | ||
128 | if locName := field.Tag.Get("locationName"); locName != "" { | ||
129 | name = locName | ||
130 | } | ||
131 | |||
132 | member := value.FieldByIndex(field.Index) | ||
133 | err := unmarshalAny(member, mapData[name], field.Tag) | ||
134 | if err != nil { | ||
135 | return err | ||
136 | } | ||
137 | } | ||
138 | return nil | ||
139 | } | ||
140 | |||
141 | func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error { | ||
142 | if data == nil { | ||
143 | return nil | ||
144 | } | ||
145 | listData, ok := data.([]interface{}) | ||
146 | if !ok { | ||
147 | return fmt.Errorf("JSON value is not a list (%#v)", data) | ||
148 | } | ||
149 | |||
150 | if value.IsNil() { | ||
151 | l := len(listData) | ||
152 | value.Set(reflect.MakeSlice(value.Type(), l, l)) | ||
153 | } | ||
154 | |||
155 | for i, c := range listData { | ||
156 | err := unmarshalAny(value.Index(i), c, "") | ||
157 | if err != nil { | ||
158 | return err | ||
159 | } | ||
160 | } | ||
161 | |||
162 | return nil | ||
163 | } | ||
164 | |||
165 | func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error { | ||
166 | if data == nil { | ||
167 | return nil | ||
168 | } | ||
169 | mapData, ok := data.(map[string]interface{}) | ||
170 | if !ok { | ||
171 | return fmt.Errorf("JSON value is not a map (%#v)", data) | ||
172 | } | ||
173 | |||
174 | if value.IsNil() { | ||
175 | value.Set(reflect.MakeMap(value.Type())) | ||
176 | } | ||
177 | |||
178 | for k, v := range mapData { | ||
179 | kvalue := reflect.ValueOf(k) | ||
180 | vvalue := reflect.New(value.Type().Elem()).Elem() | ||
181 | |||
182 | unmarshalAny(vvalue, v, "") | ||
183 | value.SetMapIndex(kvalue, vvalue) | ||
184 | } | ||
185 | |||
186 | return nil | ||
187 | } | ||
188 | |||
189 | func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error { | ||
190 | |||
191 | switch d := data.(type) { | ||
192 | case nil: | ||
193 | return nil // nothing to do here | ||
194 | case string: | ||
195 | switch value.Interface().(type) { | ||
196 | case *string: | ||
197 | value.Set(reflect.ValueOf(&d)) | ||
198 | case []byte: | ||
199 | b, err := base64.StdEncoding.DecodeString(d) | ||
200 | if err != nil { | ||
201 | return err | ||
202 | } | ||
203 | value.Set(reflect.ValueOf(b)) | ||
204 | case *time.Time: | ||
205 | format := tag.Get("timestampFormat") | ||
206 | if len(format) == 0 { | ||
207 | format = protocol.ISO8601TimeFormatName | ||
208 | } | ||
209 | |||
210 | t, err := protocol.ParseTime(format, d) | ||
211 | if err != nil { | ||
212 | return err | ||
213 | } | ||
214 | value.Set(reflect.ValueOf(&t)) | ||
215 | case aws.JSONValue: | ||
216 | // No need to use escaping as the value is a non-quoted string. | ||
217 | v, err := protocol.DecodeJSONValue(d, protocol.NoEscape) | ||
218 | if err != nil { | ||
219 | return err | ||
220 | } | ||
221 | value.Set(reflect.ValueOf(v)) | ||
222 | default: | ||
223 | return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type()) | ||
224 | } | ||
225 | case float64: | ||
226 | switch value.Interface().(type) { | ||
227 | case *int64: | ||
228 | di := int64(d) | ||
229 | value.Set(reflect.ValueOf(&di)) | ||
230 | case *float64: | ||
231 | value.Set(reflect.ValueOf(&d)) | ||
232 | case *time.Time: | ||
233 | // Time unmarshaled from a float64 can only be epoch seconds | ||
234 | t := time.Unix(int64(d), 0).UTC() | ||
235 | value.Set(reflect.ValueOf(&t)) | ||
236 | default: | ||
237 | return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type()) | ||
238 | } | ||
239 | case bool: | ||
240 | switch value.Interface().(type) { | ||
241 | case *bool: | ||
242 | value.Set(reflect.ValueOf(&d)) | ||
243 | default: | ||
244 | return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type()) | ||
245 | } | ||
246 | default: | ||
247 | return fmt.Errorf("unsupported JSON value (%v)", data) | ||
248 | } | ||
249 | return nil | ||
250 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go index 60e5b09..0cb99eb 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go | |||
@@ -21,7 +21,7 @@ func Build(r *request.Request) { | |||
21 | "Version": {r.ClientInfo.APIVersion}, | 21 | "Version": {r.ClientInfo.APIVersion}, |
22 | } | 22 | } |
23 | if err := queryutil.Parse(body, r.Params, false); err != nil { | 23 | if err := queryutil.Parse(body, r.Params, false); err != nil { |
24 | r.Error = awserr.New("SerializationError", "failed encoding Query request", err) | 24 | r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err) |
25 | return | 25 | return |
26 | } | 26 | } |
27 | 27 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go index 3495c73..f69c1ef 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go | |||
@@ -24,7 +24,7 @@ func Unmarshal(r *request.Request) { | |||
24 | err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result") | 24 | err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result") |
25 | if err != nil { | 25 | if err != nil { |
26 | r.Error = awserr.NewRequestFailure( | 26 | r.Error = awserr.NewRequestFailure( |
27 | awserr.New("SerializationError", "failed decoding Query response", err), | 27 | awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err), |
28 | r.HTTPResponse.StatusCode, | 28 | r.HTTPResponse.StatusCode, |
29 | r.RequestID, | 29 | r.RequestID, |
30 | ) | 30 | ) |
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go index 46d354e..831b011 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go | |||
@@ -2,73 +2,68 @@ package query | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "encoding/xml" | 4 | "encoding/xml" |
5 | "io/ioutil" | 5 | "fmt" |
6 | 6 | ||
7 | "github.com/aws/aws-sdk-go/aws/awserr" | 7 | "github.com/aws/aws-sdk-go/aws/awserr" |
8 | "github.com/aws/aws-sdk-go/aws/request" | 8 | "github.com/aws/aws-sdk-go/aws/request" |
9 | "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil" | ||
9 | ) | 10 | ) |
10 | 11 | ||
12 | // UnmarshalErrorHandler is a name request handler to unmarshal request errors | ||
13 | var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError} | ||
14 | |||
11 | type xmlErrorResponse struct { | 15 | type xmlErrorResponse struct { |
12 | XMLName xml.Name `xml:"ErrorResponse"` | 16 | Code string `xml:"Error>Code"` |
13 | Code string `xml:"Error>Code"` | 17 | Message string `xml:"Error>Message"` |
14 | Message string `xml:"Error>Message"` | 18 | RequestID string `xml:"RequestId"` |
15 | RequestID string `xml:"RequestId"` | ||
16 | } | 19 | } |
17 | 20 | ||
18 | type xmlServiceUnavailableResponse struct { | 21 | type xmlResponseError struct { |
19 | XMLName xml.Name `xml:"ServiceUnavailableException"` | 22 | xmlErrorResponse |
20 | } | 23 | } |
21 | 24 | ||
22 | // UnmarshalErrorHandler is a name request handler to unmarshal request errors | 25 | func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error { |
23 | var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError} | 26 | const svcUnavailableTagName = "ServiceUnavailableException" |
27 | const errorResponseTagName = "ErrorResponse" | ||
28 | |||
29 | switch start.Name.Local { | ||
30 | case svcUnavailableTagName: | ||
31 | e.Code = svcUnavailableTagName | ||
32 | e.Message = "service is unavailable" | ||
33 | return d.Skip() | ||
34 | |||
35 | case errorResponseTagName: | ||
36 | return d.DecodeElement(&e.xmlErrorResponse, &start) | ||
37 | |||
38 | default: | ||
39 | return fmt.Errorf("unknown error response tag, %v", start) | ||
40 | } | ||
41 | } | ||
24 | 42 | ||
25 | // UnmarshalError unmarshals an error response for an AWS Query service. | 43 | // UnmarshalError unmarshals an error response for an AWS Query service. |
26 | func UnmarshalError(r *request.Request) { | 44 | func UnmarshalError(r *request.Request) { |
27 | defer r.HTTPResponse.Body.Close() | 45 | defer r.HTTPResponse.Body.Close() |
28 | 46 | ||
29 | bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body) | 47 | var respErr xmlResponseError |
48 | err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body) | ||
30 | if err != nil { | 49 | if err != nil { |
31 | r.Error = awserr.NewRequestFailure( | 50 | r.Error = awserr.NewRequestFailure( |
32 | awserr.New("SerializationError", "failed to read from query HTTP response body", err), | 51 | awserr.New(request.ErrCodeSerialization, |
52 | "failed to unmarshal error message", err), | ||
33 | r.HTTPResponse.StatusCode, | 53 | r.HTTPResponse.StatusCode, |
34 | r.RequestID, | 54 | r.RequestID, |
35 | ) | 55 | ) |
36 | return | 56 | return |
37 | } | 57 | } |
38 | 58 | ||
39 | // First check for specific error | 59 | reqID := respErr.RequestID |
40 | resp := xmlErrorResponse{} | 60 | if len(reqID) == 0 { |
41 | decodeErr := xml.Unmarshal(bodyBytes, &resp) | 61 | reqID = r.RequestID |
42 | if decodeErr == nil { | ||
43 | reqID := resp.RequestID | ||
44 | if reqID == "" { | ||
45 | reqID = r.RequestID | ||
46 | } | ||
47 | r.Error = awserr.NewRequestFailure( | ||
48 | awserr.New(resp.Code, resp.Message, nil), | ||
49 | r.HTTPResponse.StatusCode, | ||
50 | reqID, | ||
51 | ) | ||
52 | return | ||
53 | } | ||
54 | |||
55 | // Check for unhandled error | ||
56 | servUnavailResp := xmlServiceUnavailableResponse{} | ||
57 | unavailErr := xml.Unmarshal(bodyBytes, &servUnavailResp) | ||
58 | if unavailErr == nil { | ||
59 | r.Error = awserr.NewRequestFailure( | ||
60 | awserr.New("ServiceUnavailableException", "service is unavailable", nil), | ||
61 | r.HTTPResponse.StatusCode, | ||
62 | r.RequestID, | ||
63 | ) | ||
64 | return | ||
65 | } | 62 | } |
66 | 63 | ||
67 | // Failed to retrieve any error message from the response body | ||
68 | r.Error = awserr.NewRequestFailure( | 64 | r.Error = awserr.NewRequestFailure( |
69 | awserr.New("SerializationError", | 65 | awserr.New(respErr.Code, respErr.Message, nil), |
70 | "failed to decode query XML error response", decodeErr), | ||
71 | r.HTTPResponse.StatusCode, | 66 | r.HTTPResponse.StatusCode, |
72 | r.RequestID, | 67 | reqID, |
73 | ) | 68 | ) |
74 | } | 69 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go index b80f84f..1301b14 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go | |||
@@ -25,6 +25,8 @@ var noEscape [256]bool | |||
25 | 25 | ||
26 | var errValueNotSet = fmt.Errorf("value not set") | 26 | var errValueNotSet = fmt.Errorf("value not set") |
27 | 27 | ||
28 | var byteSliceType = reflect.TypeOf([]byte{}) | ||
29 | |||
28 | func init() { | 30 | func init() { |
29 | for i := 0; i < len(noEscape); i++ { | 31 | for i := 0; i < len(noEscape); i++ { |
30 | // AWS expects every character except these to be escaped | 32 | // AWS expects every character except these to be escaped |
@@ -94,6 +96,14 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo | |||
94 | continue | 96 | continue |
95 | } | 97 | } |
96 | 98 | ||
99 | // Support the ability to customize values to be marshaled as a | ||
100 | // blob even though they were modeled as a string. Required for S3 | ||
101 | // API operations like SSECustomerKey is modeled as stirng but | ||
102 | // required to be base64 encoded in request. | ||
103 | if field.Tag.Get("marshal-as") == "blob" { | ||
104 | m = m.Convert(byteSliceType) | ||
105 | } | ||
106 | |||
97 | var err error | 107 | var err error |
98 | switch field.Tag.Get("location") { | 108 | switch field.Tag.Get("location") { |
99 | case "headers": // header maps | 109 | case "headers": // header maps |
@@ -137,7 +147,7 @@ func buildBody(r *request.Request, v reflect.Value) { | |||
137 | case string: | 147 | case string: |
138 | r.SetStringBody(reader) | 148 | r.SetStringBody(reader) |
139 | default: | 149 | default: |
140 | r.Error = awserr.New("SerializationError", | 150 | r.Error = awserr.New(request.ErrCodeSerialization, |
141 | "failed to encode REST request", | 151 | "failed to encode REST request", |
142 | fmt.Errorf("unknown payload type %s", payload.Type())) | 152 | fmt.Errorf("unknown payload type %s", payload.Type())) |
143 | } | 153 | } |
@@ -152,7 +162,7 @@ func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect. | |||
152 | if err == errValueNotSet { | 162 | if err == errValueNotSet { |
153 | return nil | 163 | return nil |
154 | } else if err != nil { | 164 | } else if err != nil { |
155 | return awserr.New("SerializationError", "failed to encode REST request", err) | 165 | return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) |
156 | } | 166 | } |
157 | 167 | ||
158 | name = strings.TrimSpace(name) | 168 | name = strings.TrimSpace(name) |
@@ -170,7 +180,7 @@ func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag) | |||
170 | if err == errValueNotSet { | 180 | if err == errValueNotSet { |
171 | continue | 181 | continue |
172 | } else if err != nil { | 182 | } else if err != nil { |
173 | return awserr.New("SerializationError", "failed to encode REST request", err) | 183 | return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) |
174 | 184 | ||
175 | } | 185 | } |
176 | keyStr := strings.TrimSpace(key.String()) | 186 | keyStr := strings.TrimSpace(key.String()) |
@@ -186,7 +196,7 @@ func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) e | |||
186 | if err == errValueNotSet { | 196 | if err == errValueNotSet { |
187 | return nil | 197 | return nil |
188 | } else if err != nil { | 198 | } else if err != nil { |
189 | return awserr.New("SerializationError", "failed to encode REST request", err) | 199 | return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) |
190 | } | 200 | } |
191 | 201 | ||
192 | u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1) | 202 | u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1) |
@@ -219,7 +229,7 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec | |||
219 | if err == errValueNotSet { | 229 | if err == errValueNotSet { |
220 | return nil | 230 | return nil |
221 | } else if err != nil { | 231 | } else if err != nil { |
222 | return awserr.New("SerializationError", "failed to encode REST request", err) | 232 | return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err) |
223 | } | 233 | } |
224 | query.Set(name, str) | 234 | query.Set(name, str) |
225 | } | 235 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go index 33fd53b..de02136 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go | |||
@@ -57,7 +57,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { | |||
57 | defer r.HTTPResponse.Body.Close() | 57 | defer r.HTTPResponse.Body.Close() |
58 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) | 58 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) |
59 | if err != nil { | 59 | if err != nil { |
60 | r.Error = awserr.New("SerializationError", "failed to decode REST response", err) | 60 | r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) |
61 | } else { | 61 | } else { |
62 | payload.Set(reflect.ValueOf(b)) | 62 | payload.Set(reflect.ValueOf(b)) |
63 | } | 63 | } |
@@ -65,7 +65,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { | |||
65 | defer r.HTTPResponse.Body.Close() | 65 | defer r.HTTPResponse.Body.Close() |
66 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) | 66 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) |
67 | if err != nil { | 67 | if err != nil { |
68 | r.Error = awserr.New("SerializationError", "failed to decode REST response", err) | 68 | r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) |
69 | } else { | 69 | } else { |
70 | str := string(b) | 70 | str := string(b) |
71 | payload.Set(reflect.ValueOf(&str)) | 71 | payload.Set(reflect.ValueOf(&str)) |
@@ -77,7 +77,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { | |||
77 | case "io.ReadSeeker": | 77 | case "io.ReadSeeker": |
78 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) | 78 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) |
79 | if err != nil { | 79 | if err != nil { |
80 | r.Error = awserr.New("SerializationError", | 80 | r.Error = awserr.New(request.ErrCodeSerialization, |
81 | "failed to read response body", err) | 81 | "failed to read response body", err) |
82 | return | 82 | return |
83 | } | 83 | } |
@@ -85,7 +85,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) { | |||
85 | default: | 85 | default: |
86 | io.Copy(ioutil.Discard, r.HTTPResponse.Body) | 86 | io.Copy(ioutil.Discard, r.HTTPResponse.Body) |
87 | defer r.HTTPResponse.Body.Close() | 87 | defer r.HTTPResponse.Body.Close() |
88 | r.Error = awserr.New("SerializationError", | 88 | r.Error = awserr.New(request.ErrCodeSerialization, |
89 | "failed to decode REST response", | 89 | "failed to decode REST response", |
90 | fmt.Errorf("unknown payload type %s", payload.Type())) | 90 | fmt.Errorf("unknown payload type %s", payload.Type())) |
91 | } | 91 | } |
@@ -115,14 +115,14 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) { | |||
115 | case "header": | 115 | case "header": |
116 | err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag) | 116 | err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag) |
117 | if err != nil { | 117 | if err != nil { |
118 | r.Error = awserr.New("SerializationError", "failed to decode REST response", err) | 118 | r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) |
119 | break | 119 | break |
120 | } | 120 | } |
121 | case "headers": | 121 | case "headers": |
122 | prefix := field.Tag.Get("locationName") | 122 | prefix := field.Tag.Get("locationName") |
123 | err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix) | 123 | err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix) |
124 | if err != nil { | 124 | if err != nil { |
125 | r.Error = awserr.New("SerializationError", "failed to decode REST response", err) | 125 | r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err) |
126 | break | 126 | break |
127 | } | 127 | } |
128 | } | 128 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go index b0f4e24..cf56964 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go | |||
@@ -37,7 +37,8 @@ func Build(r *request.Request) { | |||
37 | err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf)) | 37 | err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf)) |
38 | if err != nil { | 38 | if err != nil { |
39 | r.Error = awserr.NewRequestFailure( | 39 | r.Error = awserr.NewRequestFailure( |
40 | awserr.New("SerializationError", "failed to encode rest XML request", err), | 40 | awserr.New(request.ErrCodeSerialization, |
41 | "failed to encode rest XML request", err), | ||
41 | r.HTTPResponse.StatusCode, | 42 | r.HTTPResponse.StatusCode, |
42 | r.RequestID, | 43 | r.RequestID, |
43 | ) | 44 | ) |
@@ -55,7 +56,8 @@ func Unmarshal(r *request.Request) { | |||
55 | err := xmlutil.UnmarshalXML(r.Data, decoder, "") | 56 | err := xmlutil.UnmarshalXML(r.Data, decoder, "") |
56 | if err != nil { | 57 | if err != nil { |
57 | r.Error = awserr.NewRequestFailure( | 58 | r.Error = awserr.NewRequestFailure( |
58 | awserr.New("SerializationError", "failed to decode REST XML response", err), | 59 | awserr.New(request.ErrCodeSerialization, |
60 | "failed to decode REST XML response", err), | ||
59 | r.HTTPResponse.StatusCode, | 61 | r.HTTPResponse.StatusCode, |
60 | r.RequestID, | 62 | r.RequestID, |
61 | ) | 63 | ) |
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go index ff1ef68..7108d38 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go | |||
@@ -1,6 +1,7 @@ | |||
1 | package xmlutil | 1 | package xmlutil |
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "bytes" | ||
4 | "encoding/base64" | 5 | "encoding/base64" |
5 | "encoding/xml" | 6 | "encoding/xml" |
6 | "fmt" | 7 | "fmt" |
@@ -10,9 +11,27 @@ import ( | |||
10 | "strings" | 11 | "strings" |
11 | "time" | 12 | "time" |
12 | 13 | ||
14 | "github.com/aws/aws-sdk-go/aws/awserr" | ||
13 | "github.com/aws/aws-sdk-go/private/protocol" | 15 | "github.com/aws/aws-sdk-go/private/protocol" |
14 | ) | 16 | ) |
15 | 17 | ||
18 | // UnmarshalXMLError unmarshals the XML error from the stream into the value | ||
19 | // type specified. The value must be a pointer. If the message fails to | ||
20 | // unmarshal, the message content will be included in the returned error as a | ||
21 | // awserr.UnmarshalError. | ||
22 | func UnmarshalXMLError(v interface{}, stream io.Reader) error { | ||
23 | var errBuf bytes.Buffer | ||
24 | body := io.TeeReader(stream, &errBuf) | ||
25 | |||
26 | err := xml.NewDecoder(body).Decode(v) | ||
27 | if err != nil && err != io.EOF { | ||
28 | return awserr.NewUnmarshalError(err, | ||
29 | "failed to unmarshal error message", errBuf.Bytes()) | ||
30 | } | ||
31 | |||
32 | return nil | ||
33 | } | ||
34 | |||
16 | // UnmarshalXML deserializes an xml.Decoder into the container v. V | 35 | // UnmarshalXML deserializes an xml.Decoder into the container v. V |
17 | // needs to match the shape of the XML expected to be decoded. | 36 | // needs to match the shape of the XML expected to be decoded. |
18 | // If the shape doesn't match unmarshaling will fail. | 37 | // If the shape doesn't match unmarshaling will fail. |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 83a42d2..139c27d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go | |||
@@ -545,6 +545,10 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt | |||
545 | // Deletes an analytics configuration for the bucket (specified by the analytics | 545 | // Deletes an analytics configuration for the bucket (specified by the analytics |
546 | // configuration ID). | 546 | // configuration ID). |
547 | // | 547 | // |
548 | // To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration | ||
549 | // action. The bucket owner has this permission by default. The bucket owner | ||
550 | // can grant this permission to others. | ||
551 | // | ||
548 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 552 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
549 | // with awserr.Error's Code and Message methods to get detailed information about | 553 | // with awserr.Error's Code and Message methods to get detailed information about |
550 | // the error. | 554 | // the error. |
@@ -1071,7 +1075,7 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) | |||
1071 | // DeleteBucketReplication API operation for Amazon Simple Storage Service. | 1075 | // DeleteBucketReplication API operation for Amazon Simple Storage Service. |
1072 | // | 1076 | // |
1073 | // Deletes the replication configuration from the bucket. For information about | 1077 | // Deletes the replication configuration from the bucket. For information about |
1074 | // replication configuration, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) | 1078 | // replication configuration, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) |
1075 | // in the Amazon S3 Developer Guide. | 1079 | // in the Amazon S3 Developer Guide. |
1076 | // | 1080 | // |
1077 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 1081 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
@@ -3335,8 +3339,8 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration | |||
3335 | 3339 | ||
3336 | // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. | 3340 | // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. |
3337 | // | 3341 | // |
3338 | // Gets the Object Lock configuration for a bucket. The rule specified in the | 3342 | // Gets the object lock configuration for a bucket. The rule specified in the |
3339 | // Object Lock configuration will be applied by default to every new object | 3343 | // object lock configuration will be applied by default to every new object |
3340 | // placed in the specified bucket. | 3344 | // placed in the specified bucket. |
3341 | // | 3345 | // |
3342 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 3346 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
@@ -4210,7 +4214,7 @@ func (c *S3) ListMultipartUploadsWithContext(ctx aws.Context, input *ListMultipa | |||
4210 | // // Example iterating over at most 3 pages of a ListMultipartUploads operation. | 4214 | // // Example iterating over at most 3 pages of a ListMultipartUploads operation. |
4211 | // pageNum := 0 | 4215 | // pageNum := 0 |
4212 | // err := client.ListMultipartUploadsPages(params, | 4216 | // err := client.ListMultipartUploadsPages(params, |
4213 | // func(page *ListMultipartUploadsOutput, lastPage bool) bool { | 4217 | // func(page *s3.ListMultipartUploadsOutput, lastPage bool) bool { |
4214 | // pageNum++ | 4218 | // pageNum++ |
4215 | // fmt.Println(page) | 4219 | // fmt.Println(page) |
4216 | // return pageNum <= 3 | 4220 | // return pageNum <= 3 |
@@ -4340,7 +4344,7 @@ func (c *S3) ListObjectVersionsWithContext(ctx aws.Context, input *ListObjectVer | |||
4340 | // // Example iterating over at most 3 pages of a ListObjectVersions operation. | 4344 | // // Example iterating over at most 3 pages of a ListObjectVersions operation. |
4341 | // pageNum := 0 | 4345 | // pageNum := 0 |
4342 | // err := client.ListObjectVersionsPages(params, | 4346 | // err := client.ListObjectVersionsPages(params, |
4343 | // func(page *ListObjectVersionsOutput, lastPage bool) bool { | 4347 | // func(page *s3.ListObjectVersionsOutput, lastPage bool) bool { |
4344 | // pageNum++ | 4348 | // pageNum++ |
4345 | // fmt.Println(page) | 4349 | // fmt.Println(page) |
4346 | // return pageNum <= 3 | 4350 | // return pageNum <= 3 |
@@ -4477,7 +4481,7 @@ func (c *S3) ListObjectsWithContext(ctx aws.Context, input *ListObjectsInput, op | |||
4477 | // // Example iterating over at most 3 pages of a ListObjects operation. | 4481 | // // Example iterating over at most 3 pages of a ListObjects operation. |
4478 | // pageNum := 0 | 4482 | // pageNum := 0 |
4479 | // err := client.ListObjectsPages(params, | 4483 | // err := client.ListObjectsPages(params, |
4480 | // func(page *ListObjectsOutput, lastPage bool) bool { | 4484 | // func(page *s3.ListObjectsOutput, lastPage bool) bool { |
4481 | // pageNum++ | 4485 | // pageNum++ |
4482 | // fmt.Println(page) | 4486 | // fmt.Println(page) |
4483 | // return pageNum <= 3 | 4487 | // return pageNum <= 3 |
@@ -4615,7 +4619,7 @@ func (c *S3) ListObjectsV2WithContext(ctx aws.Context, input *ListObjectsV2Input | |||
4615 | // // Example iterating over at most 3 pages of a ListObjectsV2 operation. | 4619 | // // Example iterating over at most 3 pages of a ListObjectsV2 operation. |
4616 | // pageNum := 0 | 4620 | // pageNum := 0 |
4617 | // err := client.ListObjectsV2Pages(params, | 4621 | // err := client.ListObjectsV2Pages(params, |
4618 | // func(page *ListObjectsV2Output, lastPage bool) bool { | 4622 | // func(page *s3.ListObjectsV2Output, lastPage bool) bool { |
4619 | // pageNum++ | 4623 | // pageNum++ |
4620 | // fmt.Println(page) | 4624 | // fmt.Println(page) |
4621 | // return pageNum <= 3 | 4625 | // return pageNum <= 3 |
@@ -4745,7 +4749,7 @@ func (c *S3) ListPartsWithContext(ctx aws.Context, input *ListPartsInput, opts . | |||
4745 | // // Example iterating over at most 3 pages of a ListParts operation. | 4749 | // // Example iterating over at most 3 pages of a ListParts operation. |
4746 | // pageNum := 0 | 4750 | // pageNum := 0 |
4747 | // err := client.ListPartsPages(params, | 4751 | // err := client.ListPartsPages(params, |
4748 | // func(page *ListPartsOutput, lastPage bool) bool { | 4752 | // func(page *s3.ListPartsOutput, lastPage bool) bool { |
4749 | // pageNum++ | 4753 | // pageNum++ |
4750 | // fmt.Println(page) | 4754 | // fmt.Println(page) |
4751 | // return pageNum <= 3 | 4755 | // return pageNum <= 3 |
@@ -5754,8 +5758,7 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R | |||
5754 | 5758 | ||
5755 | // PutBucketPolicy API operation for Amazon Simple Storage Service. | 5759 | // PutBucketPolicy API operation for Amazon Simple Storage Service. |
5756 | // | 5760 | // |
5757 | // Replaces a policy on a bucket. If the bucket already has a policy, the one | 5761 | // Applies an Amazon S3 bucket policy to an Amazon S3 bucket. |
5758 | // in this request completely replaces it. | ||
5759 | // | 5762 | // |
5760 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 5763 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
5761 | // with awserr.Error's Code and Message methods to get detailed information about | 5764 | // with awserr.Error's Code and Message methods to get detailed information about |
@@ -5831,7 +5834,7 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req | |||
5831 | // PutBucketReplication API operation for Amazon Simple Storage Service. | 5834 | // PutBucketReplication API operation for Amazon Simple Storage Service. |
5832 | // | 5835 | // |
5833 | // Creates a replication configuration or replaces an existing one. For more | 5836 | // Creates a replication configuration or replaces an existing one. For more |
5834 | // information, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) | 5837 | // information, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) |
5835 | // in the Amazon S3 Developer Guide. | 5838 | // in the Amazon S3 Developer Guide. |
5836 | // | 5839 | // |
5837 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 5840 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
@@ -6439,8 +6442,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration | |||
6439 | 6442 | ||
6440 | // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. | 6443 | // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. |
6441 | // | 6444 | // |
6442 | // Places an Object Lock configuration on the specified bucket. The rule specified | 6445 | // Places an object lock configuration on the specified bucket. The rule specified |
6443 | // in the Object Lock configuration will be applied by default to every new | 6446 | // in the object lock configuration will be applied by default to every new |
6444 | // object placed in the specified bucket. | 6447 | // object placed in the specified bucket. |
6445 | // | 6448 | // |
6446 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 6449 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
@@ -7010,13 +7013,16 @@ func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInp | |||
7010 | return out, req.Send() | 7013 | return out, req.Send() |
7011 | } | 7014 | } |
7012 | 7015 | ||
7013 | // Specifies the days since the initiation of an Incomplete Multipart Upload | 7016 | // Specifies the days since the initiation of an incomplete multipart upload |
7014 | // that Lifecycle will wait before permanently removing all parts of the upload. | 7017 | // that Amazon S3 will wait before permanently removing all parts of the upload. |
7018 | // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket | ||
7019 | // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) | ||
7020 | // in the Amazon Simple Storage Service Developer Guide. | ||
7015 | type AbortIncompleteMultipartUpload struct { | 7021 | type AbortIncompleteMultipartUpload struct { |
7016 | _ struct{} `type:"structure"` | 7022 | _ struct{} `type:"structure"` |
7017 | 7023 | ||
7018 | // Indicates the number of days that must pass since initiation for Lifecycle | 7024 | // Specifies the number of days after which Amazon S3 aborts an incomplete multipart |
7019 | // to abort an Incomplete Multipart Upload. | 7025 | // upload. |
7020 | DaysAfterInitiation *int64 `type:"integer"` | 7026 | DaysAfterInitiation *int64 `type:"integer"` |
7021 | } | 7027 | } |
7022 | 7028 | ||
@@ -7039,9 +7045,13 @@ func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortI | |||
7039 | type AbortMultipartUploadInput struct { | 7045 | type AbortMultipartUploadInput struct { |
7040 | _ struct{} `type:"structure"` | 7046 | _ struct{} `type:"structure"` |
7041 | 7047 | ||
7048 | // Name of the bucket to which the multipart upload was initiated. | ||
7049 | // | ||
7042 | // Bucket is a required field | 7050 | // Bucket is a required field |
7043 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 7051 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
7044 | 7052 | ||
7053 | // Key of the object for which the multipart upload was initiated. | ||
7054 | // | ||
7045 | // Key is a required field | 7055 | // Key is a required field |
7046 | Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` | 7056 | Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` |
7047 | 7057 | ||
@@ -7051,6 +7061,8 @@ type AbortMultipartUploadInput struct { | |||
7051 | // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html | 7061 | // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html |
7052 | RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` | 7062 | RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` |
7053 | 7063 | ||
7064 | // Upload ID that identifies the multipart upload. | ||
7065 | // | ||
7054 | // UploadId is a required field | 7066 | // UploadId is a required field |
7055 | UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` | 7067 | UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` |
7056 | } | 7068 | } |
@@ -7145,10 +7157,13 @@ func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipart | |||
7145 | return s | 7157 | return s |
7146 | } | 7158 | } |
7147 | 7159 | ||
7160 | // Configures the transfer acceleration state for an Amazon S3 bucket. For more | ||
7161 | // information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) | ||
7162 | // in the Amazon Simple Storage Service Developer Guide. | ||
7148 | type AccelerateConfiguration struct { | 7163 | type AccelerateConfiguration struct { |
7149 | _ struct{} `type:"structure"` | 7164 | _ struct{} `type:"structure"` |
7150 | 7165 | ||
7151 | // The accelerate configuration of the bucket. | 7166 | // Specifies the transfer acceleration status of the bucket. |
7152 | Status *string `type:"string" enum:"BucketAccelerateStatus"` | 7167 | Status *string `type:"string" enum:"BucketAccelerateStatus"` |
7153 | } | 7168 | } |
7154 | 7169 | ||
@@ -7168,12 +7183,14 @@ func (s *AccelerateConfiguration) SetStatus(v string) *AccelerateConfiguration { | |||
7168 | return s | 7183 | return s |
7169 | } | 7184 | } |
7170 | 7185 | ||
7186 | // Contains the elements that set the ACL permissions for an object per grantee. | ||
7171 | type AccessControlPolicy struct { | 7187 | type AccessControlPolicy struct { |
7172 | _ struct{} `type:"structure"` | 7188 | _ struct{} `type:"structure"` |
7173 | 7189 | ||
7174 | // A list of grants. | 7190 | // A list of grants. |
7175 | Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"` | 7191 | Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"` |
7176 | 7192 | ||
7193 | // Container for the bucket owner's display name and ID. | ||
7177 | Owner *Owner `type:"structure"` | 7194 | Owner *Owner `type:"structure"` |
7178 | } | 7195 | } |
7179 | 7196 | ||
@@ -7223,7 +7240,9 @@ func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy { | |||
7223 | type AccessControlTranslation struct { | 7240 | type AccessControlTranslation struct { |
7224 | _ struct{} `type:"structure"` | 7241 | _ struct{} `type:"structure"` |
7225 | 7242 | ||
7226 | // The override value for the owner of the replica object. | 7243 | // Specifies the replica ownership. For default and valid values, see PUT bucket |
7244 | // replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) | ||
7245 | // in the Amazon Simple Storage Service API Reference. | ||
7227 | // | 7246 | // |
7228 | // Owner is a required field | 7247 | // Owner is a required field |
7229 | Owner *string `type:"string" required:"true" enum:"OwnerOverride"` | 7248 | Owner *string `type:"string" required:"true" enum:"OwnerOverride"` |
@@ -7258,10 +7277,14 @@ func (s *AccessControlTranslation) SetOwner(v string) *AccessControlTranslation | |||
7258 | return s | 7277 | return s |
7259 | } | 7278 | } |
7260 | 7279 | ||
7280 | // A conjunction (logical AND) of predicates, which is used in evaluating a | ||
7281 | // metrics filter. The operator must have at least two predicates in any combination, | ||
7282 | // and an object must match all of the predicates for the filter to apply. | ||
7261 | type AnalyticsAndOperator struct { | 7283 | type AnalyticsAndOperator struct { |
7262 | _ struct{} `type:"structure"` | 7284 | _ struct{} `type:"structure"` |
7263 | 7285 | ||
7264 | // The prefix to use when evaluating an AND predicate. | 7286 | // The prefix to use when evaluating an AND predicate: The prefix that an object |
7287 | // must have to be included in the metrics results. | ||
7265 | Prefix *string `type:"string"` | 7288 | Prefix *string `type:"string"` |
7266 | 7289 | ||
7267 | // The list of tags to use when evaluating an AND predicate. | 7290 | // The list of tags to use when evaluating an AND predicate. |
@@ -7310,6 +7333,11 @@ func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator { | |||
7310 | return s | 7333 | return s |
7311 | } | 7334 | } |
7312 | 7335 | ||
7336 | // Specifies the configuration and any analyses for the analytics filter of | ||
7337 | // an Amazon S3 bucket. | ||
7338 | // | ||
7339 | // For more information, see GET Bucket analytics (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETAnalyticsConfig.html) | ||
7340 | // in the Amazon Simple Storage Service API Reference. | ||
7313 | type AnalyticsConfiguration struct { | 7341 | type AnalyticsConfiguration struct { |
7314 | _ struct{} `type:"structure"` | 7342 | _ struct{} `type:"structure"` |
7315 | 7343 | ||
@@ -7318,13 +7346,13 @@ type AnalyticsConfiguration struct { | |||
7318 | // If no filter is provided, all objects will be considered in any analysis. | 7346 | // If no filter is provided, all objects will be considered in any analysis. |
7319 | Filter *AnalyticsFilter `type:"structure"` | 7347 | Filter *AnalyticsFilter `type:"structure"` |
7320 | 7348 | ||
7321 | // The identifier used to represent an analytics configuration. | 7349 | // The ID that identifies the analytics configuration. |
7322 | // | 7350 | // |
7323 | // Id is a required field | 7351 | // Id is a required field |
7324 | Id *string `type:"string" required:"true"` | 7352 | Id *string `type:"string" required:"true"` |
7325 | 7353 | ||
7326 | // If present, it indicates that data related to access patterns will be collected | 7354 | // Contains data related to access patterns to be collected and made available |
7327 | // and made available to analyze the tradeoffs between different storage classes. | 7355 | // to analyze the tradeoffs between different storage classes. |
7328 | // | 7356 | // |
7329 | // StorageClassAnalysis is a required field | 7357 | // StorageClassAnalysis is a required field |
7330 | StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"` | 7358 | StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"` |
@@ -7384,6 +7412,7 @@ func (s *AnalyticsConfiguration) SetStorageClassAnalysis(v *StorageClassAnalysis | |||
7384 | return s | 7412 | return s |
7385 | } | 7413 | } |
7386 | 7414 | ||
7415 | // Where to publish the analytics results. | ||
7387 | type AnalyticsExportDestination struct { | 7416 | type AnalyticsExportDestination struct { |
7388 | _ struct{} `type:"structure"` | 7417 | _ struct{} `type:"structure"` |
7389 | 7418 | ||
@@ -7492,7 +7521,7 @@ func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter { | |||
7492 | type AnalyticsS3BucketDestination struct { | 7521 | type AnalyticsS3BucketDestination struct { |
7493 | _ struct{} `type:"structure"` | 7522 | _ struct{} `type:"structure"` |
7494 | 7523 | ||
7495 | // The Amazon resource name (ARN) of the bucket to which data is exported. | 7524 | // The Amazon Resource Name (ARN) of the bucket to which data is exported. |
7496 | // | 7525 | // |
7497 | // Bucket is a required field | 7526 | // Bucket is a required field |
7498 | Bucket *string `type:"string" required:"true"` | 7527 | Bucket *string `type:"string" required:"true"` |
@@ -7501,13 +7530,12 @@ type AnalyticsS3BucketDestination struct { | |||
7501 | // the owner will not be validated prior to exporting data. | 7530 | // the owner will not be validated prior to exporting data. |
7502 | BucketAccountId *string `type:"string"` | 7531 | BucketAccountId *string `type:"string"` |
7503 | 7532 | ||
7504 | // The file format used when exporting data to Amazon S3. | 7533 | // Specifies the file format used when exporting data to Amazon S3. |
7505 | // | 7534 | // |
7506 | // Format is a required field | 7535 | // Format is a required field |
7507 | Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"` | 7536 | Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"` |
7508 | 7537 | ||
7509 | // The prefix to use when exporting data. The exported data begins with this | 7538 | // The prefix to use when exporting data. The prefix is prepended to all results. |
7510 | // prefix. | ||
7511 | Prefix *string `type:"string"` | 7539 | Prefix *string `type:"string"` |
7512 | } | 7540 | } |
7513 | 7541 | ||
@@ -7600,9 +7628,14 @@ func (s *Bucket) SetName(v string) *Bucket { | |||
7600 | return s | 7628 | return s |
7601 | } | 7629 | } |
7602 | 7630 | ||
7631 | // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. | ||
7632 | // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) | ||
7633 | // in the Amazon Simple Storage Service Developer Guide. | ||
7603 | type BucketLifecycleConfiguration struct { | 7634 | type BucketLifecycleConfiguration struct { |
7604 | _ struct{} `type:"structure"` | 7635 | _ struct{} `type:"structure"` |
7605 | 7636 | ||
7637 | // A lifecycle rule for individual objects in an Amazon S3 bucket. | ||
7638 | // | ||
7606 | // Rules is a required field | 7639 | // Rules is a required field |
7607 | Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` | 7640 | Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` |
7608 | } | 7641 | } |
@@ -7649,9 +7682,10 @@ func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifec | |||
7649 | type BucketLoggingStatus struct { | 7682 | type BucketLoggingStatus struct { |
7650 | _ struct{} `type:"structure"` | 7683 | _ struct{} `type:"structure"` |
7651 | 7684 | ||
7652 | // Container for logging information. Presence of this element indicates that | 7685 | // Describes where logs are stored and the prefix that Amazon S3 assigns to |
7653 | // logging is enabled. Parameters TargetBucket and TargetPrefix are required | 7686 | // all log object keys for a bucket. For more information, see PUT Bucket logging |
7654 | // in this case. | 7687 | // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) |
7688 | // in the Amazon Simple Storage Service API Reference. | ||
7655 | LoggingEnabled *LoggingEnabled `type:"structure"` | 7689 | LoggingEnabled *LoggingEnabled `type:"structure"` |
7656 | } | 7690 | } |
7657 | 7691 | ||
@@ -7686,9 +7720,15 @@ func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggin | |||
7686 | return s | 7720 | return s |
7687 | } | 7721 | } |
7688 | 7722 | ||
7723 | // Describes the cross-origin access configuration for objects in an Amazon | ||
7724 | // S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing | ||
7725 | // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon | ||
7726 | // Simple Storage Service Developer Guide. | ||
7689 | type CORSConfiguration struct { | 7727 | type CORSConfiguration struct { |
7690 | _ struct{} `type:"structure"` | 7728 | _ struct{} `type:"structure"` |
7691 | 7729 | ||
7730 | // A set of allowed origins and methods. | ||
7731 | // | ||
7692 | // CORSRules is a required field | 7732 | // CORSRules is a required field |
7693 | CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"` | 7733 | CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"` |
7694 | } | 7734 | } |
@@ -7732,14 +7772,18 @@ func (s *CORSConfiguration) SetCORSRules(v []*CORSRule) *CORSConfiguration { | |||
7732 | return s | 7772 | return s |
7733 | } | 7773 | } |
7734 | 7774 | ||
7775 | // Specifies a cross-origin access rule for an Amazon S3 bucket. | ||
7735 | type CORSRule struct { | 7776 | type CORSRule struct { |
7736 | _ struct{} `type:"structure"` | 7777 | _ struct{} `type:"structure"` |
7737 | 7778 | ||
7738 | // Specifies which headers are allowed in a pre-flight OPTIONS request. | 7779 | // Headers that are specified in the Access-Control-Request-Headers header. |
7780 | // These headers are allowed in a preflight OPTIONS request. In response to | ||
7781 | // any preflight OPTIONS request, Amazon S3 returns any requested headers that | ||
7782 | // are allowed. | ||
7739 | AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"` | 7783 | AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"` |
7740 | 7784 | ||
7741 | // Identifies HTTP methods that the domain/origin specified in the rule is allowed | 7785 | // An HTTP method that you allow the origin to execute. Valid values are GET, |
7742 | // to execute. | 7786 | // PUT, HEAD, POST, and DELETE. |
7743 | // | 7787 | // |
7744 | // AllowedMethods is a required field | 7788 | // AllowedMethods is a required field |
7745 | AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"` | 7789 | AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"` |
@@ -8290,6 +8334,7 @@ func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart { | |||
8290 | return s | 8334 | return s |
8291 | } | 8335 | } |
8292 | 8336 | ||
8337 | // Specifies a condition that must be met for a redirect to apply. | ||
8293 | type Condition struct { | 8338 | type Condition struct { |
8294 | _ struct{} `type:"structure"` | 8339 | _ struct{} `type:"structure"` |
8295 | 8340 | ||
@@ -8409,7 +8454,7 @@ type CopyObjectInput struct { | |||
8409 | // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt | 8454 | // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt |
8410 | // the source object. The encryption key provided in this header must be one | 8455 | // the source object. The encryption key provided in this header must be one |
8411 | // that was used when the source object was created. | 8456 | // that was used when the source object was created. |
8412 | CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 8457 | CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
8413 | 8458 | ||
8414 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 8459 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
8415 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 8460 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
@@ -8444,10 +8489,10 @@ type CopyObjectInput struct { | |||
8444 | // Specifies whether you want to apply a Legal Hold to the copied object. | 8489 | // Specifies whether you want to apply a Legal Hold to the copied object. |
8445 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` | 8490 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` |
8446 | 8491 | ||
8447 | // The Object Lock mode that you want to apply to the copied object. | 8492 | // The object lock mode that you want to apply to the copied object. |
8448 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` | 8493 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` |
8449 | 8494 | ||
8450 | // The date and time when you want the copied object's Object Lock to expire. | 8495 | // The date and time when you want the copied object's object lock to expire. |
8451 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` | 8496 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` |
8452 | 8497 | ||
8453 | // Confirms that the requester knows that she or he will be charged for the | 8498 | // Confirms that the requester knows that she or he will be charged for the |
@@ -8464,13 +8509,18 @@ type CopyObjectInput struct { | |||
8464 | // does not store the encryption key. The key must be appropriate for use with | 8509 | // does not store the encryption key. The key must be appropriate for use with |
8465 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 8510 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
8466 | // header. | 8511 | // header. |
8467 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 8512 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
8468 | 8513 | ||
8469 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 8514 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
8470 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 8515 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
8471 | // key was transmitted without error. | 8516 | // key was transmitted without error. |
8472 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 8517 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
8473 | 8518 | ||
8519 | // Specifies the AWS KMS Encryption Context to use for object encryption. The | ||
8520 | // value of this header is a base64-encoded UTF-8 string holding JSON with the | ||
8521 | // encryption context key-value pairs. | ||
8522 | SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` | ||
8523 | |||
8474 | // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT | 8524 | // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT |
8475 | // requests for an object protected by AWS KMS will fail if not made via SSL | 8525 | // requests for an object protected by AWS KMS will fail if not made via SSL |
8476 | // or using SigV4. Documentation on configuring any of the officially supported | 8526 | // or using SigV4. Documentation on configuring any of the officially supported |
@@ -8735,6 +8785,12 @@ func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput { | |||
8735 | return s | 8785 | return s |
8736 | } | 8786 | } |
8737 | 8787 | ||
8788 | // SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. | ||
8789 | func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput { | ||
8790 | s.SSEKMSEncryptionContext = &v | ||
8791 | return s | ||
8792 | } | ||
8793 | |||
8738 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. | 8794 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. |
8739 | func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput { | 8795 | func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput { |
8740 | s.SSEKMSKeyId = &v | 8796 | s.SSEKMSKeyId = &v |
@@ -8795,6 +8851,11 @@ type CopyObjectOutput struct { | |||
8795 | // verification of the customer-provided encryption key. | 8851 | // verification of the customer-provided encryption key. |
8796 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 8852 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
8797 | 8853 | ||
8854 | // If present, specifies the AWS KMS Encryption Context to use for object encryption. | ||
8855 | // The value of this header is a base64-encoded UTF-8 string holding JSON with | ||
8856 | // the encryption context key-value pairs. | ||
8857 | SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` | ||
8858 | |||
8798 | // If present, specifies the ID of the AWS Key Management Service (KMS) master | 8859 | // If present, specifies the ID of the AWS Key Management Service (KMS) master |
8799 | // encryption key that was used for the object. | 8860 | // encryption key that was used for the object. |
8800 | SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` | 8861 | SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` |
@@ -8853,6 +8914,12 @@ func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput { | |||
8853 | return s | 8914 | return s |
8854 | } | 8915 | } |
8855 | 8916 | ||
8917 | // SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. | ||
8918 | func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput { | ||
8919 | s.SSEKMSEncryptionContext = &v | ||
8920 | return s | ||
8921 | } | ||
8922 | |||
8856 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. | 8923 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. |
8857 | func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput { | 8924 | func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput { |
8858 | s.SSEKMSKeyId = &v | 8925 | s.SSEKMSKeyId = &v |
@@ -8984,7 +9051,8 @@ type CreateBucketInput struct { | |||
8984 | // Allows grantee to write the ACL for the applicable bucket. | 9051 | // Allows grantee to write the ACL for the applicable bucket. |
8985 | GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` | 9052 | GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` |
8986 | 9053 | ||
8987 | // Specifies whether you want S3 Object Lock to be enabled for the new bucket. | 9054 | // Specifies whether you want Amazon S3 object lock to be enabled for the new |
9055 | // bucket. | ||
8988 | ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` | 9056 | ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` |
8989 | } | 9057 | } |
8990 | 9058 | ||
@@ -9147,10 +9215,10 @@ type CreateMultipartUploadInput struct { | |||
9147 | // Specifies whether you want to apply a Legal Hold to the uploaded object. | 9215 | // Specifies whether you want to apply a Legal Hold to the uploaded object. |
9148 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` | 9216 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` |
9149 | 9217 | ||
9150 | // Specifies the Object Lock mode that you want to apply to the uploaded object. | 9218 | // Specifies the object lock mode that you want to apply to the uploaded object. |
9151 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` | 9219 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` |
9152 | 9220 | ||
9153 | // Specifies the date and time when you want the Object Lock to expire. | 9221 | // Specifies the date and time when you want the object lock to expire. |
9154 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` | 9222 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` |
9155 | 9223 | ||
9156 | // Confirms that the requester knows that she or he will be charged for the | 9224 | // Confirms that the requester knows that she or he will be charged for the |
@@ -9167,13 +9235,18 @@ type CreateMultipartUploadInput struct { | |||
9167 | // does not store the encryption key. The key must be appropriate for use with | 9235 | // does not store the encryption key. The key must be appropriate for use with |
9168 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 9236 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
9169 | // header. | 9237 | // header. |
9170 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 9238 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
9171 | 9239 | ||
9172 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 9240 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
9173 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 9241 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
9174 | // key was transmitted without error. | 9242 | // key was transmitted without error. |
9175 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 9243 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
9176 | 9244 | ||
9245 | // Specifies the AWS KMS Encryption Context to use for object encryption. The | ||
9246 | // value of this header is a base64-encoded UTF-8 string holding JSON with the | ||
9247 | // encryption context key-value pairs. | ||
9248 | SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` | ||
9249 | |||
9177 | // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT | 9250 | // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT |
9178 | // requests for an object protected by AWS KMS will fail if not made via SSL | 9251 | // requests for an object protected by AWS KMS will fail if not made via SSL |
9179 | // or using SigV4. Documentation on configuring any of the officially supported | 9252 | // or using SigV4. Documentation on configuring any of the officially supported |
@@ -9368,6 +9441,12 @@ func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMulti | |||
9368 | return s | 9441 | return s |
9369 | } | 9442 | } |
9370 | 9443 | ||
9444 | // SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. | ||
9445 | func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput { | ||
9446 | s.SSEKMSEncryptionContext = &v | ||
9447 | return s | ||
9448 | } | ||
9449 | |||
9371 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. | 9450 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. |
9372 | func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput { | 9451 | func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput { |
9373 | s.SSEKMSKeyId = &v | 9452 | s.SSEKMSKeyId = &v |
@@ -9428,6 +9507,11 @@ type CreateMultipartUploadOutput struct { | |||
9428 | // verification of the customer-provided encryption key. | 9507 | // verification of the customer-provided encryption key. |
9429 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 9508 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
9430 | 9509 | ||
9510 | // If present, specifies the AWS KMS Encryption Context to use for object encryption. | ||
9511 | // The value of this header is a base64-encoded UTF-8 string holding JSON with | ||
9512 | // the encryption context key-value pairs. | ||
9513 | SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` | ||
9514 | |||
9431 | // If present, specifies the ID of the AWS Key Management Service (KMS) master | 9515 | // If present, specifies the ID of the AWS Key Management Service (KMS) master |
9432 | // encryption key that was used for the object. | 9516 | // encryption key that was used for the object. |
9433 | SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` | 9517 | SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` |
@@ -9499,6 +9583,12 @@ func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMult | |||
9499 | return s | 9583 | return s |
9500 | } | 9584 | } |
9501 | 9585 | ||
9586 | // SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. | ||
9587 | func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput { | ||
9588 | s.SSEKMSEncryptionContext = &v | ||
9589 | return s | ||
9590 | } | ||
9591 | |||
9502 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. | 9592 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. |
9503 | func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput { | 9593 | func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput { |
9504 | s.SSEKMSKeyId = &v | 9594 | s.SSEKMSKeyId = &v |
@@ -9517,7 +9607,7 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo | |||
9517 | return s | 9607 | return s |
9518 | } | 9608 | } |
9519 | 9609 | ||
9520 | // The container element for specifying the default Object Lock retention settings | 9610 | // The container element for specifying the default object lock retention settings |
9521 | // for new objects placed in the specified bucket. | 9611 | // for new objects placed in the specified bucket. |
9522 | type DefaultRetention struct { | 9612 | type DefaultRetention struct { |
9523 | _ struct{} `type:"structure"` | 9613 | _ struct{} `type:"structure"` |
@@ -9525,7 +9615,7 @@ type DefaultRetention struct { | |||
9525 | // The number of days that you want to specify for the default retention period. | 9615 | // The number of days that you want to specify for the default retention period. |
9526 | Days *int64 `type:"integer"` | 9616 | Days *int64 `type:"integer"` |
9527 | 9617 | ||
9528 | // The default Object Lock retention mode you want to apply to new objects placed | 9618 | // The default object lock retention mode you want to apply to new objects placed |
9529 | // in the specified bucket. | 9619 | // in the specified bucket. |
9530 | Mode *string `type:"string" enum:"ObjectLockRetentionMode"` | 9620 | Mode *string `type:"string" enum:"ObjectLockRetentionMode"` |
9531 | 9621 | ||
@@ -9625,7 +9715,7 @@ type DeleteBucketAnalyticsConfigurationInput struct { | |||
9625 | // Bucket is a required field | 9715 | // Bucket is a required field |
9626 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 9716 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
9627 | 9717 | ||
9628 | // The identifier used to represent an analytics configuration. | 9718 | // The ID that identifies the analytics configuration. |
9629 | // | 9719 | // |
9630 | // Id is a required field | 9720 | // Id is a required field |
9631 | Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` | 9721 | Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` |
@@ -10425,7 +10515,7 @@ type DeleteObjectInput struct { | |||
10425 | // Bucket is a required field | 10515 | // Bucket is a required field |
10426 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 10516 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
10427 | 10517 | ||
10428 | // Indicates whether S3 Object Lock should bypass Governance-mode restrictions | 10518 | // Indicates whether Amazon S3 object lock should bypass governance-mode restrictions |
10429 | // to process this operation. | 10519 | // to process this operation. |
10430 | BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` | 10520 | BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` |
10431 | 10521 | ||
@@ -10665,7 +10755,7 @@ type DeleteObjectsInput struct { | |||
10665 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 10755 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
10666 | 10756 | ||
10667 | // Specifies whether you want to delete this object even if it has a Governance-type | 10757 | // Specifies whether you want to delete this object even if it has a Governance-type |
10668 | // Object Lock in place. You must have sufficient permissions to perform this | 10758 | // object lock in place. You must have sufficient permissions to perform this |
10669 | // operation. | 10759 | // operation. |
10670 | BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` | 10760 | BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` |
10671 | 10761 | ||
@@ -10902,33 +10992,33 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject { | |||
10902 | return s | 10992 | return s |
10903 | } | 10993 | } |
10904 | 10994 | ||
10905 | // A container for information about the replication destination. | 10995 | // Specifies information about where to publish analysis or configuration results |
10996 | // for an Amazon S3 bucket. | ||
10906 | type Destination struct { | 10997 | type Destination struct { |
10907 | _ struct{} `type:"structure"` | 10998 | _ struct{} `type:"structure"` |
10908 | 10999 | ||
10909 | // A container for information about access control for replicas. | 11000 | // Specify this only in a cross-account scenario (where source and destination |
10910 | // | 11001 | // bucket owners are not the same), and you want to change replica ownership |
10911 | // Use this element only in a cross-account scenario where source and destination | 11002 | // to the AWS account that owns the destination bucket. If this is not specified |
10912 | // bucket owners are not the same to change replica ownership to the AWS account | 11003 | // in the replication configuration, the replicas are owned by same AWS account |
10913 | // that owns the destination bucket. If you don't add this element to the replication | 11004 | // that owns the source object. |
10914 | // configuration, the replicas are owned by same AWS account that owns the source | ||
10915 | // object. | ||
10916 | AccessControlTranslation *AccessControlTranslation `type:"structure"` | 11005 | AccessControlTranslation *AccessControlTranslation `type:"structure"` |
10917 | 11006 | ||
10918 | // The account ID of the destination bucket. Currently, Amazon S3 verifies this | 11007 | // Destination bucket owner account ID. In a cross-account scenario, if you |
10919 | // value only if Access Control Translation is enabled. | 11008 | // direct Amazon S3 to change replica ownership to the AWS account that owns |
10920 | // | 11009 | // the destination bucket by specifying the AccessControlTranslation property, |
10921 | // In a cross-account scenario, if you change replica ownership to the AWS account | 11010 | // this is the account ID of the destination bucket owner. For more information, |
10922 | // that owns the destination bucket by adding the AccessControlTranslation element, | 11011 | // see Cross-Region Replication Additional Configuration: Change Replica Owner |
10923 | // this is the account ID of the owner of the destination bucket. | 11012 | // (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-change-owner.html) in |
11013 | // the Amazon Simple Storage Service Developer Guide. | ||
10924 | Account *string `type:"string"` | 11014 | Account *string `type:"string"` |
10925 | 11015 | ||
10926 | // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to | 11016 | // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to |
10927 | // store replicas of the object identified by the rule. | 11017 | // store replicas of the object identified by the rule. |
10928 | // | 11018 | // |
10929 | // If there are multiple rules in your replication configuration, all rules | 11019 | // A replication configuration can replicate objects to only one destination |
10930 | // must specify the same bucket as the destination. A replication configuration | 11020 | // bucket. If there are multiple rules in your replication configuration, all |
10931 | // can replicate objects to only one destination bucket. | 11021 | // rules must specify the same destination bucket. |
10932 | // | 11022 | // |
10933 | // Bucket is a required field | 11023 | // Bucket is a required field |
10934 | Bucket *string `type:"string" required:"true"` | 11024 | Bucket *string `type:"string" required:"true"` |
@@ -10937,8 +11027,13 @@ type Destination struct { | |||
10937 | // is specified, you must specify this element. | 11027 | // is specified, you must specify this element. |
10938 | EncryptionConfiguration *EncryptionConfiguration `type:"structure"` | 11028 | EncryptionConfiguration *EncryptionConfiguration `type:"structure"` |
10939 | 11029 | ||
10940 | // The class of storage used to store the object. By default Amazon S3 uses | 11030 | // The storage class to use when replicating objects, such as standard or reduced |
10941 | // storage class of the source object when creating a replica. | 11031 | // redundancy. By default, Amazon S3 uses the storage class of the source object |
11032 | // to create the object replica. | ||
11033 | // | ||
11034 | // For valid values, see the StorageClass element of the PUT Bucket replication | ||
11035 | // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) | ||
11036 | // action in the Amazon Simple Storage Service API Reference. | ||
10942 | StorageClass *string `type:"string" enum:"StorageClass"` | 11037 | StorageClass *string `type:"string" enum:"StorageClass"` |
10943 | } | 11038 | } |
10944 | 11039 | ||
@@ -11068,13 +11163,13 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption { | |||
11068 | return s | 11163 | return s |
11069 | } | 11164 | } |
11070 | 11165 | ||
11071 | // A container for information about the encryption-based configuration for | 11166 | // Specifies encryption-related information for an Amazon S3 bucket that is |
11072 | // replicas. | 11167 | // a destination for replicated objects. |
11073 | type EncryptionConfiguration struct { | 11168 | type EncryptionConfiguration struct { |
11074 | _ struct{} `type:"structure"` | 11169 | _ struct{} `type:"structure"` |
11075 | 11170 | ||
11076 | // The ID of the AWS KMS key for the AWS Region where the destination bucket | 11171 | // Specifies the AWS KMS Key ID (Key ARN or Alias ARN) for the destination bucket. |
11077 | // resides. Amazon S3 uses this key to encrypt the replica object. | 11172 | // Amazon S3 uses this key to encrypt replica objects. |
11078 | ReplicaKmsKeyID *string `type:"string"` | 11173 | ReplicaKmsKeyID *string `type:"string"` |
11079 | } | 11174 | } |
11080 | 11175 | ||
@@ -11207,18 +11302,19 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument { | |||
11207 | return s | 11302 | return s |
11208 | } | 11303 | } |
11209 | 11304 | ||
11210 | // A container for a key value pair that defines the criteria for the filter | 11305 | // Specifies the Amazon S3 object key name to filter on and whether to filter |
11211 | // rule. | 11306 | // on the suffix or prefix of the key name. |
11212 | type FilterRule struct { | 11307 | type FilterRule struct { |
11213 | _ struct{} `type:"structure"` | 11308 | _ struct{} `type:"structure"` |
11214 | 11309 | ||
11215 | // The object key name prefix or suffix identifying one or more objects to which | 11310 | // The object key name prefix or suffix identifying one or more objects to which |
11216 | // the filtering rule applies. The maximum prefix length is 1,024 characters. | 11311 | // the filtering rule applies. The maximum length is 1,024 characters. Overlapping |
11217 | // Overlapping prefixes and suffixes are not supported. For more information, | 11312 | // prefixes and suffixes are not supported. For more information, see Configuring |
11218 | // see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | 11313 | // Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) |
11219 | // in the Amazon Simple Storage Service Developer Guide. | 11314 | // in the Amazon Simple Storage Service Developer Guide. |
11220 | Name *string `type:"string" enum:"FilterRuleName"` | 11315 | Name *string `type:"string" enum:"FilterRuleName"` |
11221 | 11316 | ||
11317 | // The value that the filter searches for in object key names. | ||
11222 | Value *string `type:"string"` | 11318 | Value *string `type:"string"` |
11223 | } | 11319 | } |
11224 | 11320 | ||
@@ -11400,7 +11496,7 @@ type GetBucketAnalyticsConfigurationInput struct { | |||
11400 | // Bucket is a required field | 11496 | // Bucket is a required field |
11401 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 11497 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
11402 | 11498 | ||
11403 | // The identifier used to represent an analytics configuration. | 11499 | // The ID that identifies the analytics configuration. |
11404 | // | 11500 | // |
11405 | // Id is a required field | 11501 | // Id is a required field |
11406 | Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` | 11502 | Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` |
@@ -11597,8 +11693,7 @@ func (s *GetBucketEncryptionInput) getBucket() (v string) { | |||
11597 | type GetBucketEncryptionOutput struct { | 11693 | type GetBucketEncryptionOutput struct { |
11598 | _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` | 11694 | _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` |
11599 | 11695 | ||
11600 | // Container for server-side encryption configuration rules. Currently S3 supports | 11696 | // Specifies the default server-side-encryption configuration. |
11601 | // one rule only. | ||
11602 | ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"` | 11697 | ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"` |
11603 | } | 11698 | } |
11604 | 11699 | ||
@@ -11956,9 +12051,10 @@ func (s *GetBucketLoggingInput) getBucket() (v string) { | |||
11956 | type GetBucketLoggingOutput struct { | 12051 | type GetBucketLoggingOutput struct { |
11957 | _ struct{} `type:"structure"` | 12052 | _ struct{} `type:"structure"` |
11958 | 12053 | ||
11959 | // Container for logging information. Presence of this element indicates that | 12054 | // Describes where logs are stored and the prefix that Amazon S3 assigns to |
11960 | // logging is enabled. Parameters TargetBucket and TargetPrefix are required | 12055 | // all log object keys for a bucket. For more information, see PUT Bucket logging |
11961 | // in this case. | 12056 | // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) |
12057 | // in the Amazon Simple Storage Service API Reference. | ||
11962 | LoggingEnabled *LoggingEnabled `type:"structure"` | 12058 | LoggingEnabled *LoggingEnabled `type:"structure"` |
11963 | } | 12059 | } |
11964 | 12060 | ||
@@ -12592,6 +12688,8 @@ type GetBucketWebsiteOutput struct { | |||
12592 | 12688 | ||
12593 | IndexDocument *IndexDocument `type:"structure"` | 12689 | IndexDocument *IndexDocument `type:"structure"` |
12594 | 12690 | ||
12691 | // Specifies the redirect behavior of all requests to a website endpoint of | ||
12692 | // an Amazon S3 bucket. | ||
12595 | RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` | 12693 | RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` |
12596 | 12694 | ||
12597 | RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` | 12695 | RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` |
@@ -12820,7 +12918,7 @@ type GetObjectInput struct { | |||
12820 | // does not store the encryption key. The key must be appropriate for use with | 12918 | // does not store the encryption key. The key must be appropriate for use with |
12821 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 12919 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
12822 | // header. | 12920 | // header. |
12823 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 12921 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
12824 | 12922 | ||
12825 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 12923 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
12826 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 12924 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
@@ -13103,7 +13201,7 @@ func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObje | |||
13103 | type GetObjectLockConfigurationInput struct { | 13201 | type GetObjectLockConfigurationInput struct { |
13104 | _ struct{} `type:"structure"` | 13202 | _ struct{} `type:"structure"` |
13105 | 13203 | ||
13106 | // The bucket whose Object Lock configuration you want to retrieve. | 13204 | // The bucket whose object lock configuration you want to retrieve. |
13107 | // | 13205 | // |
13108 | // Bucket is a required field | 13206 | // Bucket is a required field |
13109 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 13207 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
@@ -13151,7 +13249,7 @@ func (s *GetObjectLockConfigurationInput) getBucket() (v string) { | |||
13151 | type GetObjectLockConfigurationOutput struct { | 13249 | type GetObjectLockConfigurationOutput struct { |
13152 | _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` | 13250 | _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` |
13153 | 13251 | ||
13154 | // The specified bucket's Object Lock configuration. | 13252 | // The specified bucket's object lock configuration. |
13155 | ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"` | 13253 | ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"` |
13156 | } | 13254 | } |
13157 | 13255 | ||
@@ -13235,10 +13333,10 @@ type GetObjectOutput struct { | |||
13235 | // returned if you have permission to view an object's legal hold status. | 13333 | // returned if you have permission to view an object's legal hold status. |
13236 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` | 13334 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` |
13237 | 13335 | ||
13238 | // The Object Lock mode currently in place for this object. | 13336 | // The object lock mode currently in place for this object. |
13239 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` | 13337 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` |
13240 | 13338 | ||
13241 | // The date and time when this object's Object Lock will expire. | 13339 | // The date and time when this object's object lock will expire. |
13242 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` | 13340 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` |
13243 | 13341 | ||
13244 | // The count of parts this object has. | 13342 | // The count of parts this object has. |
@@ -14136,7 +14234,7 @@ type HeadObjectInput struct { | |||
14136 | // does not store the encryption key. The key must be appropriate for use with | 14234 | // does not store the encryption key. The key must be appropriate for use with |
14137 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 14235 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
14138 | // header. | 14236 | // header. |
14139 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 14237 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
14140 | 14238 | ||
14141 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 14239 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
14142 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 14240 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
@@ -14328,10 +14426,10 @@ type HeadObjectOutput struct { | |||
14328 | // The Legal Hold status for the specified object. | 14426 | // The Legal Hold status for the specified object. |
14329 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` | 14427 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` |
14330 | 14428 | ||
14331 | // The Object Lock mode currently in place for this object. | 14429 | // The object lock mode currently in place for this object. |
14332 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` | 14430 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` |
14333 | 14431 | ||
14334 | // The date and time when this object's Object Lock will expire. | 14432 | // The date and time when this object's object lock expires. |
14335 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` | 14433 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` |
14336 | 14434 | ||
14337 | // The count of parts this object has. | 14435 | // The count of parts this object has. |
@@ -14680,6 +14778,9 @@ func (s *InputSerialization) SetParquet(v *ParquetInput) *InputSerialization { | |||
14680 | return s | 14778 | return s |
14681 | } | 14779 | } |
14682 | 14780 | ||
14781 | // Specifies the inventory configuration for an Amazon S3 bucket. For more information, | ||
14782 | // see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) | ||
14783 | // in the Amazon Simple Storage Service API Reference. | ||
14683 | type InventoryConfiguration struct { | 14784 | type InventoryConfiguration struct { |
14684 | _ struct{} `type:"structure"` | 14785 | _ struct{} `type:"structure"` |
14685 | 14786 | ||
@@ -14697,12 +14798,16 @@ type InventoryConfiguration struct { | |||
14697 | // Id is a required field | 14798 | // Id is a required field |
14698 | Id *string `type:"string" required:"true"` | 14799 | Id *string `type:"string" required:"true"` |
14699 | 14800 | ||
14700 | // Specifies which object version(s) to included in the inventory results. | 14801 | // Object versions to include in the inventory list. If set to All, the list |
14802 | // includes all the object versions, which adds the version-related fields VersionId, | ||
14803 | // IsLatest, and DeleteMarker to the list. If set to Current, the list does | ||
14804 | // not contain these version-related fields. | ||
14701 | // | 14805 | // |
14702 | // IncludedObjectVersions is a required field | 14806 | // IncludedObjectVersions is a required field |
14703 | IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"` | 14807 | IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"` |
14704 | 14808 | ||
14705 | // Specifies whether the inventory is enabled or disabled. | 14809 | // Specifies whether the inventory is enabled or disabled. If set to True, an |
14810 | // inventory list is generated. If set to False, no inventory list is generated. | ||
14706 | // | 14811 | // |
14707 | // IsEnabled is a required field | 14812 | // IsEnabled is a required field |
14708 | IsEnabled *bool `type:"boolean" required:"true"` | 14813 | IsEnabled *bool `type:"boolean" required:"true"` |
@@ -15145,11 +15250,15 @@ func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter { | |||
15145 | type LambdaFunctionConfiguration struct { | 15250 | type LambdaFunctionConfiguration struct { |
15146 | _ struct{} `type:"structure"` | 15251 | _ struct{} `type:"structure"` |
15147 | 15252 | ||
15253 | // The Amazon S3 bucket event for which to invoke the AWS Lambda function. For | ||
15254 | // more information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | ||
15255 | // in the Amazon Simple Storage Service Developer Guide. | ||
15256 | // | ||
15148 | // Events is a required field | 15257 | // Events is a required field |
15149 | Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` | 15258 | Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` |
15150 | 15259 | ||
15151 | // A container for object key name filtering rules. For information about key | 15260 | // Specifies object key name filtering rules. For information about key name |
15152 | // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | 15261 | // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) |
15153 | // in the Amazon Simple Storage Service Developer Guide. | 15262 | // in the Amazon Simple Storage Service Developer Guide. |
15154 | Filter *NotificationConfigurationFilter `type:"structure"` | 15263 | Filter *NotificationConfigurationFilter `type:"structure"` |
15155 | 15264 | ||
@@ -15157,8 +15266,8 @@ type LambdaFunctionConfiguration struct { | |||
15157 | // If you don't provide one, Amazon S3 will assign an ID. | 15266 | // If you don't provide one, Amazon S3 will assign an ID. |
15158 | Id *string `type:"string"` | 15267 | Id *string `type:"string"` |
15159 | 15268 | ||
15160 | // The Amazon Resource Name (ARN) of the Lambda cloud function that Amazon S3 | 15269 | // The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3 |
15161 | // can invoke when it detects events of the specified type. | 15270 | // invokes when the specified event type occurs. |
15162 | // | 15271 | // |
15163 | // LambdaFunctionArn is a required field | 15272 | // LambdaFunctionArn is a required field |
15164 | LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"` | 15273 | LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"` |
@@ -15309,8 +15418,11 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp | |||
15309 | type LifecycleRule struct { | 15418 | type LifecycleRule struct { |
15310 | _ struct{} `type:"structure"` | 15419 | _ struct{} `type:"structure"` |
15311 | 15420 | ||
15312 | // Specifies the days since the initiation of an Incomplete Multipart Upload | 15421 | // Specifies the days since the initiation of an incomplete multipart upload |
15313 | // that Lifecycle will wait before permanently removing all parts of the upload. | 15422 | // that Amazon S3 will wait before permanently removing all parts of the upload. |
15423 | // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket | ||
15424 | // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) | ||
15425 | // in the Amazon Simple Storage Service Developer Guide. | ||
15314 | AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` | 15426 | AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` |
15315 | 15427 | ||
15316 | Expiration *LifecycleExpiration `type:"structure"` | 15428 | Expiration *LifecycleExpiration `type:"structure"` |
@@ -17267,9 +17379,10 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { | |||
17267 | return s | 17379 | return s |
17268 | } | 17380 | } |
17269 | 17381 | ||
17270 | // Container for logging information. Presence of this element indicates that | 17382 | // Describes where logs are stored and the prefix that Amazon S3 assigns to |
17271 | // logging is enabled. Parameters TargetBucket and TargetPrefix are required | 17383 | // all log object keys for a bucket. For more information, see PUT Bucket logging |
17272 | // in this case. | 17384 | // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) |
17385 | // in the Amazon Simple Storage Service API Reference. | ||
17273 | type LoggingEnabled struct { | 17386 | type LoggingEnabled struct { |
17274 | _ struct{} `type:"structure"` | 17387 | _ struct{} `type:"structure"` |
17275 | 17388 | ||
@@ -17285,8 +17398,9 @@ type LoggingEnabled struct { | |||
17285 | 17398 | ||
17286 | TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` | 17399 | TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` |
17287 | 17400 | ||
17288 | // This element lets you specify a prefix for the keys that the log files will | 17401 | // A prefix for all log object keys. If you store log files from multiple Amazon |
17289 | // be stored under. | 17402 | // S3 buckets in a single bucket, you can use a prefix to distinguish which |
17403 | // log files came from which bucket. | ||
17290 | // | 17404 | // |
17291 | // TargetPrefix is a required field | 17405 | // TargetPrefix is a required field |
17292 | TargetPrefix *string `type:"string" required:"true"` | 17406 | TargetPrefix *string `type:"string" required:"true"` |
@@ -17429,6 +17543,13 @@ func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator { | |||
17429 | return s | 17543 | return s |
17430 | } | 17544 | } |
17431 | 17545 | ||
17546 | // Specifies a metrics configuration for the CloudWatch request metrics (specified | ||
17547 | // by the metrics configuration ID) from an Amazon S3 bucket. If you're updating | ||
17548 | // an existing metrics configuration, note that this is a full replacement of | ||
17549 | // the existing metrics configuration. If you don't include the elements you | ||
17550 | // want to keep, they are erased. For more information, see PUT Bucket metrics | ||
17551 | // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html) | ||
17552 | // in the Amazon Simple Storage Service API Reference. | ||
17432 | type MetricsConfiguration struct { | 17553 | type MetricsConfiguration struct { |
17433 | _ struct{} `type:"structure"` | 17554 | _ struct{} `type:"structure"` |
17434 | 17555 | ||
@@ -17624,7 +17745,7 @@ type NoncurrentVersionExpiration struct { | |||
17624 | // Specifies the number of days an object is noncurrent before Amazon S3 can | 17745 | // Specifies the number of days an object is noncurrent before Amazon S3 can |
17625 | // perform the associated action. For information about the noncurrent days | 17746 | // perform the associated action. For information about the noncurrent days |
17626 | // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent | 17747 | // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent |
17627 | // (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) | 17748 | // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) |
17628 | // in the Amazon Simple Storage Service Developer Guide. | 17749 | // in the Amazon Simple Storage Service Developer Guide. |
17629 | NoncurrentDays *int64 `type:"integer"` | 17750 | NoncurrentDays *int64 `type:"integer"` |
17630 | } | 17751 | } |
@@ -17646,11 +17767,11 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers | |||
17646 | } | 17767 | } |
17647 | 17768 | ||
17648 | // Container for the transition rule that describes when noncurrent objects | 17769 | // Container for the transition rule that describes when noncurrent objects |
17649 | // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or | 17770 | // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, |
17650 | // DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning | 17771 | // or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning |
17651 | // is suspended), you can set this action to request that Amazon S3 transition | 17772 | // is suspended), you can set this action to request that Amazon S3 transition |
17652 | // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, | 17773 | // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, |
17653 | // GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's | 17774 | // GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's |
17654 | // lifetime. | 17775 | // lifetime. |
17655 | type NoncurrentVersionTransition struct { | 17776 | type NoncurrentVersionTransition struct { |
17656 | _ struct{} `type:"structure"` | 17777 | _ struct{} `type:"structure"` |
@@ -17693,10 +17814,16 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi | |||
17693 | type NotificationConfiguration struct { | 17814 | type NotificationConfiguration struct { |
17694 | _ struct{} `type:"structure"` | 17815 | _ struct{} `type:"structure"` |
17695 | 17816 | ||
17817 | // Describes the AWS Lambda functions to invoke and the events for which to | ||
17818 | // invoke them. | ||
17696 | LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"` | 17819 | LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"` |
17697 | 17820 | ||
17821 | // The Amazon Simple Queue Service queues to publish messages to and the events | ||
17822 | // for which to publish messages. | ||
17698 | QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"` | 17823 | QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"` |
17699 | 17824 | ||
17825 | // The topic to which notifications are sent and the events for which notifications | ||
17826 | // are generated. | ||
17700 | TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"` | 17827 | TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"` |
17701 | } | 17828 | } |
17702 | 17829 | ||
@@ -17806,8 +17933,8 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf | |||
17806 | return s | 17933 | return s |
17807 | } | 17934 | } |
17808 | 17935 | ||
17809 | // A container for object key name filtering rules. For information about key | 17936 | // Specifies object key name filtering rules. For information about key name |
17810 | // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | 17937 | // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) |
17811 | // in the Amazon Simple Storage Service Developer Guide. | 17938 | // in the Amazon Simple Storage Service Developer Guide. |
17812 | type NotificationConfigurationFilter struct { | 17939 | type NotificationConfigurationFilter struct { |
17813 | _ struct{} `type:"structure"` | 17940 | _ struct{} `type:"structure"` |
@@ -17945,14 +18072,14 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier { | |||
17945 | return s | 18072 | return s |
17946 | } | 18073 | } |
17947 | 18074 | ||
17948 | // The container element for Object Lock configuration parameters. | 18075 | // The container element for object lock configuration parameters. |
17949 | type ObjectLockConfiguration struct { | 18076 | type ObjectLockConfiguration struct { |
17950 | _ struct{} `type:"structure"` | 18077 | _ struct{} `type:"structure"` |
17951 | 18078 | ||
17952 | // Indicates whether this bucket has an Object Lock configuration enabled. | 18079 | // Indicates whether this bucket has an object lock configuration enabled. |
17953 | ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"` | 18080 | ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"` |
17954 | 18081 | ||
17955 | // The Object Lock rule in place for the specified object. | 18082 | // The object lock rule in place for the specified object. |
17956 | Rule *ObjectLockRule `type:"structure"` | 18083 | Rule *ObjectLockRule `type:"structure"` |
17957 | } | 18084 | } |
17958 | 18085 | ||
@@ -18009,7 +18136,7 @@ type ObjectLockRetention struct { | |||
18009 | // Indicates the Retention mode for the specified object. | 18136 | // Indicates the Retention mode for the specified object. |
18010 | Mode *string `type:"string" enum:"ObjectLockRetentionMode"` | 18137 | Mode *string `type:"string" enum:"ObjectLockRetentionMode"` |
18011 | 18138 | ||
18012 | // The date on which this Object Lock Retention will expire. | 18139 | // The date on which this object lock retention expires. |
18013 | RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"` | 18140 | RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"` |
18014 | } | 18141 | } |
18015 | 18142 | ||
@@ -18035,7 +18162,7 @@ func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetenti | |||
18035 | return s | 18162 | return s |
18036 | } | 18163 | } |
18037 | 18164 | ||
18038 | // The container element for an Object Lock rule. | 18165 | // The container element for an object lock rule. |
18039 | type ObjectLockRule struct { | 18166 | type ObjectLockRule struct { |
18040 | _ struct{} `type:"structure"` | 18167 | _ struct{} `type:"structure"` |
18041 | 18168 | ||
@@ -18418,6 +18545,7 @@ func (s *ProgressEvent) UnmarshalEvent( | |||
18418 | return nil | 18545 | return nil |
18419 | } | 18546 | } |
18420 | 18547 | ||
18548 | // Specifies the Block Public Access configuration for an Amazon S3 bucket. | ||
18421 | type PublicAccessBlockConfiguration struct { | 18549 | type PublicAccessBlockConfiguration struct { |
18422 | _ struct{} `type:"structure"` | 18550 | _ struct{} `type:"structure"` |
18423 | 18551 | ||
@@ -18575,6 +18703,7 @@ type PutBucketAclInput struct { | |||
18575 | // The canned ACL to apply to the bucket. | 18703 | // The canned ACL to apply to the bucket. |
18576 | ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` | 18704 | ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` |
18577 | 18705 | ||
18706 | // Contains the elements that set the ACL permissions for an object per grantee. | ||
18578 | AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 18707 | AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
18579 | 18708 | ||
18580 | // Bucket is a required field | 18709 | // Bucket is a required field |
@@ -18710,7 +18839,7 @@ type PutBucketAnalyticsConfigurationInput struct { | |||
18710 | // Bucket is a required field | 18839 | // Bucket is a required field |
18711 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 18840 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
18712 | 18841 | ||
18713 | // The identifier used to represent an analytics configuration. | 18842 | // The ID that identifies the analytics configuration. |
18714 | // | 18843 | // |
18715 | // Id is a required field | 18844 | // Id is a required field |
18716 | Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` | 18845 | Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` |
@@ -18798,6 +18927,11 @@ type PutBucketCorsInput struct { | |||
18798 | // Bucket is a required field | 18927 | // Bucket is a required field |
18799 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 18928 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
18800 | 18929 | ||
18930 | // Describes the cross-origin access configuration for objects in an Amazon | ||
18931 | // S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing | ||
18932 | // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon | ||
18933 | // Simple Storage Service Developer Guide. | ||
18934 | // | ||
18801 | // CORSConfiguration is a required field | 18935 | // CORSConfiguration is a required field |
18802 | CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 18936 | CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
18803 | } | 18937 | } |
@@ -18872,14 +19006,16 @@ func (s PutBucketCorsOutput) GoString() string { | |||
18872 | type PutBucketEncryptionInput struct { | 19006 | type PutBucketEncryptionInput struct { |
18873 | _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` | 19007 | _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` |
18874 | 19008 | ||
18875 | // The name of the bucket for which the server-side encryption configuration | 19009 | // Specifies default encryption for a bucket using server-side encryption with |
18876 | // is set. | 19010 | // Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). For information |
19011 | // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket | ||
19012 | // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) | ||
19013 | // in the Amazon Simple Storage Service Developer Guide. | ||
18877 | // | 19014 | // |
18878 | // Bucket is a required field | 19015 | // Bucket is a required field |
18879 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 19016 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
18880 | 19017 | ||
18881 | // Container for server-side encryption configuration rules. Currently S3 supports | 19018 | // Specifies the default server-side-encryption configuration. |
18882 | // one rule only. | ||
18883 | // | 19019 | // |
18884 | // ServerSideEncryptionConfiguration is a required field | 19020 | // ServerSideEncryptionConfiguration is a required field |
18885 | ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 19021 | ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
@@ -19053,6 +19189,9 @@ type PutBucketLifecycleConfigurationInput struct { | |||
19053 | // Bucket is a required field | 19189 | // Bucket is a required field |
19054 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 19190 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
19055 | 19191 | ||
19192 | // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. | ||
19193 | // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) | ||
19194 | // in the Amazon Simple Storage Service Developer Guide. | ||
19056 | LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 19195 | LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
19057 | } | 19196 | } |
19058 | 19197 | ||
@@ -19612,6 +19751,9 @@ type PutBucketReplicationInput struct { | |||
19612 | // | 19751 | // |
19613 | // ReplicationConfiguration is a required field | 19752 | // ReplicationConfiguration is a required field |
19614 | ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 19753 | ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
19754 | |||
19755 | // A token that allows Amazon S3 object lock to be enabled for an existing bucket. | ||
19756 | Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` | ||
19615 | } | 19757 | } |
19616 | 19758 | ||
19617 | // String returns the string representation | 19759 | // String returns the string representation |
@@ -19667,6 +19809,12 @@ func (s *PutBucketReplicationInput) SetReplicationConfiguration(v *ReplicationCo | |||
19667 | return s | 19809 | return s |
19668 | } | 19810 | } |
19669 | 19811 | ||
19812 | // SetToken sets the Token field's value. | ||
19813 | func (s *PutBucketReplicationInput) SetToken(v string) *PutBucketReplicationInput { | ||
19814 | s.Token = &v | ||
19815 | return s | ||
19816 | } | ||
19817 | |||
19670 | type PutBucketReplicationOutput struct { | 19818 | type PutBucketReplicationOutput struct { |
19671 | _ struct{} `type:"structure"` | 19819 | _ struct{} `type:"structure"` |
19672 | } | 19820 | } |
@@ -19845,6 +19993,10 @@ type PutBucketVersioningInput struct { | |||
19845 | // and the value that is displayed on your authentication device. | 19993 | // and the value that is displayed on your authentication device. |
19846 | MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` | 19994 | MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` |
19847 | 19995 | ||
19996 | // Describes the versioning state of an Amazon S3 bucket. For more information, | ||
19997 | // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) | ||
19998 | // in the Amazon Simple Storage Service API Reference. | ||
19999 | // | ||
19848 | // VersioningConfiguration is a required field | 20000 | // VersioningConfiguration is a required field |
19849 | VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 20001 | VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
19850 | } | 20002 | } |
@@ -19923,6 +20075,8 @@ type PutBucketWebsiteInput struct { | |||
19923 | // Bucket is a required field | 20075 | // Bucket is a required field |
19924 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 20076 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
19925 | 20077 | ||
20078 | // Specifies website configuration parameters for an Amazon S3 bucket. | ||
20079 | // | ||
19926 | // WebsiteConfiguration is a required field | 20080 | // WebsiteConfiguration is a required field |
19927 | WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 20081 | WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
19928 | } | 20082 | } |
@@ -20000,6 +20154,7 @@ type PutObjectAclInput struct { | |||
20000 | // The canned ACL to apply to the object. | 20154 | // The canned ACL to apply to the object. |
20001 | ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` | 20155 | ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` |
20002 | 20156 | ||
20157 | // Contains the elements that set the ACL permissions for an object per grantee. | ||
20003 | AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 20158 | AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
20004 | 20159 | ||
20005 | // Bucket is a required field | 20160 | // Bucket is a required field |
@@ -20201,7 +20356,8 @@ type PutObjectInput struct { | |||
20201 | ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` | 20356 | ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` |
20202 | 20357 | ||
20203 | // The base64-encoded 128-bit MD5 digest of the part data. This parameter is | 20358 | // The base64-encoded 128-bit MD5 digest of the part data. This parameter is |
20204 | // auto-populated when using the command from the CLI | 20359 | // auto-populated when using the command from the CLI. This parameted is required |
20360 | // if object lock parameters are specified. | ||
20205 | ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` | 20361 | ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` |
20206 | 20362 | ||
20207 | // A standard MIME type describing the format of the object data. | 20363 | // A standard MIME type describing the format of the object data. |
@@ -20233,10 +20389,10 @@ type PutObjectInput struct { | |||
20233 | // The Legal Hold status that you want to apply to the specified object. | 20389 | // The Legal Hold status that you want to apply to the specified object. |
20234 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` | 20390 | ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` |
20235 | 20391 | ||
20236 | // The Object Lock mode that you want to apply to this object. | 20392 | // The object lock mode that you want to apply to this object. |
20237 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` | 20393 | ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` |
20238 | 20394 | ||
20239 | // The date and time when you want this object's Object Lock to expire. | 20395 | // The date and time when you want this object's object lock to expire. |
20240 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` | 20396 | ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` |
20241 | 20397 | ||
20242 | // Confirms that the requester knows that she or he will be charged for the | 20398 | // Confirms that the requester knows that she or he will be charged for the |
@@ -20253,13 +20409,18 @@ type PutObjectInput struct { | |||
20253 | // does not store the encryption key. The key must be appropriate for use with | 20409 | // does not store the encryption key. The key must be appropriate for use with |
20254 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 20410 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
20255 | // header. | 20411 | // header. |
20256 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 20412 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
20257 | 20413 | ||
20258 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 20414 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
20259 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 20415 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
20260 | // key was transmitted without error. | 20416 | // key was transmitted without error. |
20261 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 20417 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
20262 | 20418 | ||
20419 | // Specifies the AWS KMS Encryption Context to use for object encryption. The | ||
20420 | // value of this header is a base64-encoded UTF-8 string holding JSON with the | ||
20421 | // encryption context key-value pairs. | ||
20422 | SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` | ||
20423 | |||
20263 | // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT | 20424 | // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT |
20264 | // requests for an object protected by AWS KMS will fail if not made via SSL | 20425 | // requests for an object protected by AWS KMS will fail if not made via SSL |
20265 | // or using SigV4. Documentation on configuring any of the officially supported | 20426 | // or using SigV4. Documentation on configuring any of the officially supported |
@@ -20473,6 +20634,12 @@ func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput { | |||
20473 | return s | 20634 | return s |
20474 | } | 20635 | } |
20475 | 20636 | ||
20637 | // SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. | ||
20638 | func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput { | ||
20639 | s.SSEKMSEncryptionContext = &v | ||
20640 | return s | ||
20641 | } | ||
20642 | |||
20476 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. | 20643 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. |
20477 | func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput { | 20644 | func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput { |
20478 | s.SSEKMSKeyId = &v | 20645 | s.SSEKMSKeyId = &v |
@@ -20626,12 +20793,12 @@ func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHo | |||
20626 | type PutObjectLockConfigurationInput struct { | 20793 | type PutObjectLockConfigurationInput struct { |
20627 | _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` | 20794 | _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` |
20628 | 20795 | ||
20629 | // The bucket whose Object Lock configuration you want to create or replace. | 20796 | // The bucket whose object lock configuration you want to create or replace. |
20630 | // | 20797 | // |
20631 | // Bucket is a required field | 20798 | // Bucket is a required field |
20632 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` | 20799 | Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` |
20633 | 20800 | ||
20634 | // The Object Lock configuration that you want to apply to the specified bucket. | 20801 | // The object lock configuration that you want to apply to the specified bucket. |
20635 | ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` | 20802 | ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` |
20636 | 20803 | ||
20637 | // Confirms that the requester knows that she or he will be charged for the | 20804 | // Confirms that the requester knows that she or he will be charged for the |
@@ -20640,7 +20807,7 @@ type PutObjectLockConfigurationInput struct { | |||
20640 | // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html | 20807 | // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html |
20641 | RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` | 20808 | RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` |
20642 | 20809 | ||
20643 | // A token to allow Object Lock to be enabled for an existing bucket. | 20810 | // A token to allow Amazon S3 object lock to be enabled for an existing bucket. |
20644 | Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` | 20811 | Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` |
20645 | } | 20812 | } |
20646 | 20813 | ||
@@ -20749,6 +20916,11 @@ type PutObjectOutput struct { | |||
20749 | // verification of the customer-provided encryption key. | 20916 | // verification of the customer-provided encryption key. |
20750 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 20917 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
20751 | 20918 | ||
20919 | // If present, specifies the AWS KMS Encryption Context to use for object encryption. | ||
20920 | // The value of this header is a base64-encoded UTF-8 string holding JSON with | ||
20921 | // the encryption context key-value pairs. | ||
20922 | SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` | ||
20923 | |||
20752 | // If present, specifies the ID of the AWS Key Management Service (KMS) master | 20924 | // If present, specifies the ID of the AWS Key Management Service (KMS) master |
20753 | // encryption key that was used for the object. | 20925 | // encryption key that was used for the object. |
20754 | SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` | 20926 | SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` |
@@ -20801,6 +20973,12 @@ func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput { | |||
20801 | return s | 20973 | return s |
20802 | } | 20974 | } |
20803 | 20975 | ||
20976 | // SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value. | ||
20977 | func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput { | ||
20978 | s.SSEKMSEncryptionContext = &v | ||
20979 | return s | ||
20980 | } | ||
20981 | |||
20804 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. | 20982 | // SetSSEKMSKeyId sets the SSEKMSKeyId field's value. |
20805 | func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput { | 20983 | func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput { |
20806 | s.SSEKMSKeyId = &v | 20984 | s.SSEKMSKeyId = &v |
@@ -21139,17 +21317,16 @@ func (s PutPublicAccessBlockOutput) GoString() string { | |||
21139 | return s.String() | 21317 | return s.String() |
21140 | } | 21318 | } |
21141 | 21319 | ||
21142 | // A container for specifying the configuration for publication of messages | 21320 | // Specifies the configuration for publishing messages to an Amazon Simple Queue |
21143 | // to an Amazon Simple Queue Service (Amazon SQS) queue.when Amazon S3 detects | 21321 | // Service (Amazon SQS) queue when Amazon S3 detects specified events. |
21144 | // specified events. | ||
21145 | type QueueConfiguration struct { | 21322 | type QueueConfiguration struct { |
21146 | _ struct{} `type:"structure"` | 21323 | _ struct{} `type:"structure"` |
21147 | 21324 | ||
21148 | // Events is a required field | 21325 | // Events is a required field |
21149 | Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` | 21326 | Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` |
21150 | 21327 | ||
21151 | // A container for object key name filtering rules. For information about key | 21328 | // Specifies object key name filtering rules. For information about key name |
21152 | // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | 21329 | // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) |
21153 | // in the Amazon Simple Storage Service Developer Guide. | 21330 | // in the Amazon Simple Storage Service Developer Guide. |
21154 | Filter *NotificationConfigurationFilter `type:"structure"` | 21331 | Filter *NotificationConfigurationFilter `type:"structure"` |
21155 | 21332 | ||
@@ -21158,7 +21335,7 @@ type QueueConfiguration struct { | |||
21158 | Id *string `type:"string"` | 21335 | Id *string `type:"string"` |
21159 | 21336 | ||
21160 | // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 | 21337 | // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 |
21161 | // will publish a message when it detects events of the specified type. | 21338 | // publishes a message when it detects events of the specified type. |
21162 | // | 21339 | // |
21163 | // QueueArn is a required field | 21340 | // QueueArn is a required field |
21164 | QueueArn *string `locationName:"Queue" type:"string" required:"true"` | 21341 | QueueArn *string `locationName:"Queue" type:"string" required:"true"` |
@@ -21304,6 +21481,8 @@ func (s *RecordsEvent) UnmarshalEvent( | |||
21304 | return nil | 21481 | return nil |
21305 | } | 21482 | } |
21306 | 21483 | ||
21484 | // Specifies how requests are redirected. In the event of an error, you can | ||
21485 | // specify a different error code to return. | ||
21307 | type Redirect struct { | 21486 | type Redirect struct { |
21308 | _ struct{} `type:"structure"` | 21487 | _ struct{} `type:"structure"` |
21309 | 21488 | ||
@@ -21314,8 +21493,8 @@ type Redirect struct { | |||
21314 | // siblings is present. | 21493 | // siblings is present. |
21315 | HttpRedirectCode *string `type:"string"` | 21494 | HttpRedirectCode *string `type:"string"` |
21316 | 21495 | ||
21317 | // Protocol to use (http, https) when redirecting requests. The default is the | 21496 | // Protocol to use when redirecting requests. The default is the protocol that |
21318 | // protocol that is used in the original request. | 21497 | // is used in the original request. |
21319 | Protocol *string `type:"string" enum:"Protocol"` | 21498 | Protocol *string `type:"string" enum:"Protocol"` |
21320 | 21499 | ||
21321 | // The object key prefix to use in the redirect request. For example, to redirect | 21500 | // The object key prefix to use in the redirect request. For example, to redirect |
@@ -21327,7 +21506,7 @@ type Redirect struct { | |||
21327 | ReplaceKeyPrefixWith *string `type:"string"` | 21506 | ReplaceKeyPrefixWith *string `type:"string"` |
21328 | 21507 | ||
21329 | // The specific object key to use in the redirect request. For example, redirect | 21508 | // The specific object key to use in the redirect request. For example, redirect |
21330 | // request to error.html. Not required if one of the sibling is present. Can | 21509 | // request to error.html. Not required if one of the siblings is present. Can |
21331 | // be present only if ReplaceKeyPrefixWith is not provided. | 21510 | // be present only if ReplaceKeyPrefixWith is not provided. |
21332 | ReplaceKeyWith *string `type:"string"` | 21511 | ReplaceKeyWith *string `type:"string"` |
21333 | } | 21512 | } |
@@ -21372,16 +21551,18 @@ func (s *Redirect) SetReplaceKeyWith(v string) *Redirect { | |||
21372 | return s | 21551 | return s |
21373 | } | 21552 | } |
21374 | 21553 | ||
21554 | // Specifies the redirect behavior of all requests to a website endpoint of | ||
21555 | // an Amazon S3 bucket. | ||
21375 | type RedirectAllRequestsTo struct { | 21556 | type RedirectAllRequestsTo struct { |
21376 | _ struct{} `type:"structure"` | 21557 | _ struct{} `type:"structure"` |
21377 | 21558 | ||
21378 | // Name of the host where requests will be redirected. | 21559 | // Name of the host where requests are redirected. |
21379 | // | 21560 | // |
21380 | // HostName is a required field | 21561 | // HostName is a required field |
21381 | HostName *string `type:"string" required:"true"` | 21562 | HostName *string `type:"string" required:"true"` |
21382 | 21563 | ||
21383 | // Protocol to use (http, https) when redirecting requests. The default is the | 21564 | // Protocol to use when redirecting requests. The default is the protocol that |
21384 | // protocol that is used in the original request. | 21565 | // is used in the original request. |
21385 | Protocol *string `type:"string" enum:"Protocol"` | 21566 | Protocol *string `type:"string" enum:"Protocol"` |
21386 | } | 21567 | } |
21387 | 21568 | ||
@@ -21426,7 +21607,9 @@ type ReplicationConfiguration struct { | |||
21426 | _ struct{} `type:"structure"` | 21607 | _ struct{} `type:"structure"` |
21427 | 21608 | ||
21428 | // The Amazon Resource Name (ARN) of the AWS Identity and Access Management | 21609 | // The Amazon Resource Name (ARN) of the AWS Identity and Access Management |
21429 | // (IAM) role that Amazon S3 can assume when replicating the objects. | 21610 | // (IAM) role that Amazon S3 assumes when replicating objects. For more information, |
21611 | // see How to Set Up Cross-Region Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-how-setup.html) | ||
21612 | // in the Amazon Simple Storage Service Developer Guide. | ||
21430 | // | 21613 | // |
21431 | // Role is a required field | 21614 | // Role is a required field |
21432 | Role *string `type:"string" required:"true"` | 21615 | Role *string `type:"string" required:"true"` |
@@ -21486,7 +21669,7 @@ func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationCo | |||
21486 | return s | 21669 | return s |
21487 | } | 21670 | } |
21488 | 21671 | ||
21489 | // A container for information about a specific replication rule. | 21672 | // Specifies which Amazon S3 objects to replicate and where to store the replicas. |
21490 | type ReplicationRule struct { | 21673 | type ReplicationRule struct { |
21491 | _ struct{} `type:"structure"` | 21674 | _ struct{} `type:"structure"` |
21492 | 21675 | ||
@@ -21506,7 +21689,8 @@ type ReplicationRule struct { | |||
21506 | ID *string `type:"string"` | 21689 | ID *string `type:"string"` |
21507 | 21690 | ||
21508 | // An object keyname prefix that identifies the object or objects to which the | 21691 | // An object keyname prefix that identifies the object or objects to which the |
21509 | // rule applies. The maximum prefix length is 1,024 characters. | 21692 | // rule applies. The maximum prefix length is 1,024 characters. To include all |
21693 | // objects in a bucket, specify an empty string. | ||
21510 | // | 21694 | // |
21511 | // Deprecated: Prefix has been deprecated | 21695 | // Deprecated: Prefix has been deprecated |
21512 | Prefix *string `deprecated:"true" type:"string"` | 21696 | Prefix *string `deprecated:"true" type:"string"` |
@@ -21522,7 +21706,7 @@ type ReplicationRule struct { | |||
21522 | // * Same object qualify tag based filter criteria specified in multiple | 21706 | // * Same object qualify tag based filter criteria specified in multiple |
21523 | // rules | 21707 | // rules |
21524 | // | 21708 | // |
21525 | // For more information, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) | 21709 | // For more information, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) |
21526 | // in the Amazon S3 Developer Guide. | 21710 | // in the Amazon S3 Developer Guide. |
21527 | Priority *int64 `type:"integer"` | 21711 | Priority *int64 `type:"integer"` |
21528 | 21712 | ||
@@ -21531,12 +21715,9 @@ type ReplicationRule struct { | |||
21531 | // replication of these objects. Currently, Amazon S3 supports only the filter | 21715 | // replication of these objects. Currently, Amazon S3 supports only the filter |
21532 | // that you can specify for objects created with server-side encryption using | 21716 | // that you can specify for objects created with server-side encryption using |
21533 | // an AWS KMS-Managed Key (SSE-KMS). | 21717 | // an AWS KMS-Managed Key (SSE-KMS). |
21534 | // | ||
21535 | // If you want Amazon S3 to replicate objects created with server-side encryption | ||
21536 | // using AWS KMS-Managed Keys. | ||
21537 | SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"` | 21718 | SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"` |
21538 | 21719 | ||
21539 | // If status isn't enabled, the rule is ignored. | 21720 | // Specifies whether the rule is enabled. |
21540 | // | 21721 | // |
21541 | // Status is a required field | 21722 | // Status is a required field |
21542 | Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"` | 21723 | Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"` |
@@ -22051,6 +22232,7 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { | |||
22051 | return s | 22232 | return s |
22052 | } | 22233 | } |
22053 | 22234 | ||
22235 | // Specifies the redirect behavior and when a redirect is applied. | ||
22054 | type RoutingRule struct { | 22236 | type RoutingRule struct { |
22055 | _ struct{} `type:"structure"` | 22237 | _ struct{} `type:"structure"` |
22056 | 22238 | ||
@@ -22103,16 +22285,22 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule { | |||
22103 | return s | 22285 | return s |
22104 | } | 22286 | } |
22105 | 22287 | ||
22288 | // Specifies lifecycle rules for an Amazon S3 bucket. For more information, | ||
22289 | // see PUT Bucket lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html) | ||
22290 | // in the Amazon Simple Storage Service API Reference. | ||
22106 | type Rule struct { | 22291 | type Rule struct { |
22107 | _ struct{} `type:"structure"` | 22292 | _ struct{} `type:"structure"` |
22108 | 22293 | ||
22109 | // Specifies the days since the initiation of an Incomplete Multipart Upload | 22294 | // Specifies the days since the initiation of an incomplete multipart upload |
22110 | // that Lifecycle will wait before permanently removing all parts of the upload. | 22295 | // that Amazon S3 will wait before permanently removing all parts of the upload. |
22296 | // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket | ||
22297 | // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) | ||
22298 | // in the Amazon Simple Storage Service Developer Guide. | ||
22111 | AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` | 22299 | AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` |
22112 | 22300 | ||
22113 | Expiration *LifecycleExpiration `type:"structure"` | 22301 | Expiration *LifecycleExpiration `type:"structure"` |
22114 | 22302 | ||
22115 | // Unique identifier for the rule. The value cannot be longer than 255 characters. | 22303 | // Unique identifier for the rule. The value can't be longer than 255 characters. |
22116 | ID *string `type:"string"` | 22304 | ID *string `type:"string"` |
22117 | 22305 | ||
22118 | // Specifies when noncurrent object versions expire. Upon expiration, Amazon | 22306 | // Specifies when noncurrent object versions expire. Upon expiration, Amazon |
@@ -22123,25 +22311,27 @@ type Rule struct { | |||
22123 | NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"` | 22311 | NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"` |
22124 | 22312 | ||
22125 | // Container for the transition rule that describes when noncurrent objects | 22313 | // Container for the transition rule that describes when noncurrent objects |
22126 | // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or | 22314 | // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, |
22127 | // DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning | 22315 | // or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning |
22128 | // is suspended), you can set this action to request that Amazon S3 transition | 22316 | // is suspended), you can set this action to request that Amazon S3 transition |
22129 | // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, | 22317 | // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, |
22130 | // GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's | 22318 | // GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's |
22131 | // lifetime. | 22319 | // lifetime. |
22132 | NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"` | 22320 | NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"` |
22133 | 22321 | ||
22134 | // Prefix identifying one or more objects to which the rule applies. | 22322 | // Object key prefix that identifies one or more objects to which this rule |
22323 | // applies. | ||
22135 | // | 22324 | // |
22136 | // Prefix is a required field | 22325 | // Prefix is a required field |
22137 | Prefix *string `type:"string" required:"true"` | 22326 | Prefix *string `type:"string" required:"true"` |
22138 | 22327 | ||
22139 | // If 'Enabled', the rule is currently being applied. If 'Disabled', the rule | 22328 | // If Enabled, the rule is currently being applied. If Disabled, the rule is |
22140 | // is not currently being applied. | 22329 | // not currently being applied. |
22141 | // | 22330 | // |
22142 | // Status is a required field | 22331 | // Status is a required field |
22143 | Status *string `type:"string" required:"true" enum:"ExpirationStatus"` | 22332 | Status *string `type:"string" required:"true" enum:"ExpirationStatus"` |
22144 | 22333 | ||
22334 | // Specifies when an object transitions to a specified storage class. | ||
22145 | Transition *Transition `type:"structure"` | 22335 | Transition *Transition `type:"structure"` |
22146 | } | 22336 | } |
22147 | 22337 | ||
@@ -22537,15 +22727,15 @@ type SelectObjectContentInput struct { | |||
22537 | // Specifies if periodic request progress information should be enabled. | 22727 | // Specifies if periodic request progress information should be enabled. |
22538 | RequestProgress *RequestProgress `type:"structure"` | 22728 | RequestProgress *RequestProgress `type:"structure"` |
22539 | 22729 | ||
22540 | // The SSE Algorithm used to encrypt the object. For more information, see | 22730 | // The SSE Algorithm used to encrypt the object. For more information, see Server-Side |
22541 | // Server-Side Encryption (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). | 22731 | // Encryption (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). |
22542 | SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` | 22732 | SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` |
22543 | 22733 | ||
22544 | // The SSE Customer Key. For more information, see Server-Side Encryption (Using | 22734 | // The SSE Customer Key. For more information, see Server-Side Encryption (Using |
22545 | // Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). | 22735 | // Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). |
22546 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 22736 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
22547 | 22737 | ||
22548 | // The SSE Customer Key MD5. For more information, see Server-Side Encryption | 22738 | // The SSE Customer Key MD5. For more information, see Server-Side Encryption |
22549 | // (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). | 22739 | // (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). |
22550 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` | 22740 | SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` |
22551 | } | 22741 | } |
@@ -22792,13 +22982,15 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec | |||
22792 | } | 22982 | } |
22793 | 22983 | ||
22794 | // Describes the default server-side encryption to apply to new objects in the | 22984 | // Describes the default server-side encryption to apply to new objects in the |
22795 | // bucket. If Put Object request does not specify any server-side encryption, | 22985 | // bucket. If a PUT Object request doesn't specify any server-side encryption, |
22796 | // this default encryption will be applied. | 22986 | // this default encryption will be applied. For more information, see PUT Bucket |
22987 | // encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) | ||
22988 | // in the Amazon Simple Storage Service API Reference. | ||
22797 | type ServerSideEncryptionByDefault struct { | 22989 | type ServerSideEncryptionByDefault struct { |
22798 | _ struct{} `type:"structure"` | 22990 | _ struct{} `type:"structure"` |
22799 | 22991 | ||
22800 | // KMS master key ID to use for the default encryption. This parameter is allowed | 22992 | // KMS master key ID to use for the default encryption. This parameter is allowed |
22801 | // if SSEAlgorithm is aws:kms. | 22993 | // if and only if SSEAlgorithm is set to aws:kms. |
22802 | KMSMasterKeyID *string `type:"string" sensitive:"true"` | 22994 | KMSMasterKeyID *string `type:"string" sensitive:"true"` |
22803 | 22995 | ||
22804 | // Server-side encryption algorithm to use for the default encryption. | 22996 | // Server-side encryption algorithm to use for the default encryption. |
@@ -22842,8 +23034,7 @@ func (s *ServerSideEncryptionByDefault) SetSSEAlgorithm(v string) *ServerSideEnc | |||
22842 | return s | 23034 | return s |
22843 | } | 23035 | } |
22844 | 23036 | ||
22845 | // Container for server-side encryption configuration rules. Currently S3 supports | 23037 | // Specifies the default server-side-encryption configuration. |
22846 | // one rule only. | ||
22847 | type ServerSideEncryptionConfiguration struct { | 23038 | type ServerSideEncryptionConfiguration struct { |
22848 | _ struct{} `type:"structure"` | 23039 | _ struct{} `type:"structure"` |
22849 | 23040 | ||
@@ -22893,13 +23084,12 @@ func (s *ServerSideEncryptionConfiguration) SetRules(v []*ServerSideEncryptionRu | |||
22893 | return s | 23084 | return s |
22894 | } | 23085 | } |
22895 | 23086 | ||
22896 | // Container for information about a particular server-side encryption configuration | 23087 | // Specifies the default server-side encryption configuration. |
22897 | // rule. | ||
22898 | type ServerSideEncryptionRule struct { | 23088 | type ServerSideEncryptionRule struct { |
22899 | _ struct{} `type:"structure"` | 23089 | _ struct{} `type:"structure"` |
22900 | 23090 | ||
22901 | // Describes the default server-side encryption to apply to new objects in the | 23091 | // Specifies the default server-side encryption to apply to new objects in the |
22902 | // bucket. If Put Object request does not specify any server-side encryption, | 23092 | // bucket. If a PUT Object request doesn't specify any server-side encryption, |
22903 | // this default encryption will be applied. | 23093 | // this default encryption will be applied. |
22904 | ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"` | 23094 | ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"` |
22905 | } | 23095 | } |
@@ -22935,13 +23125,17 @@ func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *Serv | |||
22935 | return s | 23125 | return s |
22936 | } | 23126 | } |
22937 | 23127 | ||
22938 | // A container for filters that define which source objects should be replicated. | 23128 | // A container that describes additional filters for identifying the source |
23129 | // objects that you want to replicate. You can choose to enable or disable the | ||
23130 | // replication of these objects. Currently, Amazon S3 supports only the filter | ||
23131 | // that you can specify for objects created with server-side encryption using | ||
23132 | // an AWS KMS-Managed Key (SSE-KMS). | ||
22939 | type SourceSelectionCriteria struct { | 23133 | type SourceSelectionCriteria struct { |
22940 | _ struct{} `type:"structure"` | 23134 | _ struct{} `type:"structure"` |
22941 | 23135 | ||
22942 | // A container for filter information for the selection of S3 objects encrypted | 23136 | // A container for filter information for the selection of Amazon S3 objects |
22943 | // with AWS KMS. If you include SourceSelectionCriteria in the replication configuration, | 23137 | // encrypted with AWS KMS. If you include SourceSelectionCriteria in the replication |
22944 | // this element is required. | 23138 | // configuration, this element is required. |
22945 | SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"` | 23139 | SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"` |
22946 | } | 23140 | } |
22947 | 23141 | ||
@@ -22981,8 +23175,8 @@ func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedOb | |||
22981 | type SseKmsEncryptedObjects struct { | 23175 | type SseKmsEncryptedObjects struct { |
22982 | _ struct{} `type:"structure"` | 23176 | _ struct{} `type:"structure"` |
22983 | 23177 | ||
22984 | // If the status is not Enabled, replication for S3 objects encrypted with AWS | 23178 | // Specifies whether Amazon S3 replicates objects created with server-side encryption |
22985 | // KMS is disabled. | 23179 | // using an AWS KMS-managed key. |
22986 | // | 23180 | // |
22987 | // Status is a required field | 23181 | // Status is a required field |
22988 | Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"` | 23182 | Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"` |
@@ -23098,11 +23292,14 @@ func (s *StatsEvent) UnmarshalEvent( | |||
23098 | return nil | 23292 | return nil |
23099 | } | 23293 | } |
23100 | 23294 | ||
23295 | // Specifies data related to access patterns to be collected and made available | ||
23296 | // to analyze the tradeoffs between different storage classes for an Amazon | ||
23297 | // S3 bucket. | ||
23101 | type StorageClassAnalysis struct { | 23298 | type StorageClassAnalysis struct { |
23102 | _ struct{} `type:"structure"` | 23299 | _ struct{} `type:"structure"` |
23103 | 23300 | ||
23104 | // A container used to describe how data related to the storage class analysis | 23301 | // Specifies how data related to the storage class analysis for an Amazon S3 |
23105 | // should be exported. | 23302 | // bucket should be exported. |
23106 | DataExport *StorageClassAnalysisDataExport `type:"structure"` | 23303 | DataExport *StorageClassAnalysisDataExport `type:"structure"` |
23107 | } | 23304 | } |
23108 | 23305 | ||
@@ -23342,16 +23539,20 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { | |||
23342 | } | 23539 | } |
23343 | 23540 | ||
23344 | // A container for specifying the configuration for publication of messages | 23541 | // A container for specifying the configuration for publication of messages |
23345 | // to an Amazon Simple Notification Service (Amazon SNS) topic.when Amazon S3 | 23542 | // to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3 |
23346 | // detects specified events. | 23543 | // detects specified events. |
23347 | type TopicConfiguration struct { | 23544 | type TopicConfiguration struct { |
23348 | _ struct{} `type:"structure"` | 23545 | _ struct{} `type:"structure"` |
23349 | 23546 | ||
23547 | // The Amazon S3 bucket event about which to send notifications. For more information, | ||
23548 | // see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | ||
23549 | // in the Amazon Simple Storage Service Developer Guide. | ||
23550 | // | ||
23350 | // Events is a required field | 23551 | // Events is a required field |
23351 | Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` | 23552 | Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` |
23352 | 23553 | ||
23353 | // A container for object key name filtering rules. For information about key | 23554 | // Specifies object key name filtering rules. For information about key name |
23354 | // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) | 23555 | // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) |
23355 | // in the Amazon Simple Storage Service Developer Guide. | 23556 | // in the Amazon Simple Storage Service Developer Guide. |
23356 | Filter *NotificationConfigurationFilter `type:"structure"` | 23557 | Filter *NotificationConfigurationFilter `type:"structure"` |
23357 | 23558 | ||
@@ -23360,7 +23561,7 @@ type TopicConfiguration struct { | |||
23360 | Id *string `type:"string"` | 23561 | Id *string `type:"string"` |
23361 | 23562 | ||
23362 | // The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 | 23563 | // The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 |
23363 | // will publish a message when it detects events of the specified type. | 23564 | // publishes a message when it detects events of the specified type. |
23364 | // | 23565 | // |
23365 | // TopicArn is a required field | 23566 | // TopicArn is a required field |
23366 | TopicArn *string `locationName:"Topic" type:"string" required:"true"` | 23567 | TopicArn *string `locationName:"Topic" type:"string" required:"true"` |
@@ -23469,18 +23670,19 @@ func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDep | |||
23469 | return s | 23670 | return s |
23470 | } | 23671 | } |
23471 | 23672 | ||
23673 | // Specifies when an object transitions to a specified storage class. | ||
23472 | type Transition struct { | 23674 | type Transition struct { |
23473 | _ struct{} `type:"structure"` | 23675 | _ struct{} `type:"structure"` |
23474 | 23676 | ||
23475 | // Indicates at what date the object is to be moved or deleted. Should be in | 23677 | // Indicates when objects are transitioned to the specified storage class. The |
23476 | // GMT ISO 8601 Format. | 23678 | // date value must be in ISO 8601 format. The time is always midnight UTC. |
23477 | Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` | 23679 | Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` |
23478 | 23680 | ||
23479 | // Indicates the lifetime, in days, of the objects that are subject to the rule. | 23681 | // Indicates the number of days after creation when objects are transitioned |
23480 | // The value must be a non-zero positive integer. | 23682 | // to the specified storage class. The value must be a positive integer. |
23481 | Days *int64 `type:"integer"` | 23683 | Days *int64 `type:"integer"` |
23482 | 23684 | ||
23483 | // The class of storage used to store the object. | 23685 | // The storage class to which you want the object to transition. |
23484 | StorageClass *string `type:"string" enum:"TransitionStorageClass"` | 23686 | StorageClass *string `type:"string" enum:"TransitionStorageClass"` |
23485 | } | 23687 | } |
23486 | 23688 | ||
@@ -23550,7 +23752,7 @@ type UploadPartCopyInput struct { | |||
23550 | // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt | 23752 | // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt |
23551 | // the source object. The encryption key provided in this header must be one | 23753 | // the source object. The encryption key provided in this header must be one |
23552 | // that was used when the source object was created. | 23754 | // that was used when the source object was created. |
23553 | CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 23755 | CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
23554 | 23756 | ||
23555 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 23757 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
23556 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 23758 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
@@ -23581,7 +23783,7 @@ type UploadPartCopyInput struct { | |||
23581 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 23783 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
23582 | // header. This must be the same encryption key specified in the initiate multipart | 23784 | // header. This must be the same encryption key specified in the initiate multipart |
23583 | // upload request. | 23785 | // upload request. |
23584 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 23786 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
23585 | 23787 | ||
23586 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 23788 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
23587 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 23789 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
@@ -23857,7 +24059,9 @@ type UploadPartInput struct { | |||
23857 | // body cannot be determined automatically. | 24059 | // body cannot be determined automatically. |
23858 | ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` | 24060 | ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` |
23859 | 24061 | ||
23860 | // The base64-encoded 128-bit MD5 digest of the part data. | 24062 | // The base64-encoded 128-bit MD5 digest of the part data. This parameter is |
24063 | // auto-populated when using the command from the CLI. This parameted is required | ||
24064 | // if object lock parameters are specified. | ||
23861 | ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` | 24065 | ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` |
23862 | 24066 | ||
23863 | // Object key for which the multipart upload was initiated. | 24067 | // Object key for which the multipart upload was initiated. |
@@ -23886,7 +24090,7 @@ type UploadPartInput struct { | |||
23886 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm | 24090 | // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm |
23887 | // header. This must be the same encryption key specified in the initiate multipart | 24091 | // header. This must be the same encryption key specified in the initiate multipart |
23888 | // upload request. | 24092 | // upload request. |
23889 | SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` | 24093 | SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` |
23890 | 24094 | ||
23891 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. | 24095 | // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. |
23892 | // Amazon S3 uses this header for a message integrity check to ensure the encryption | 24096 | // Amazon S3 uses this header for a message integrity check to ensure the encryption |
@@ -24092,6 +24296,9 @@ func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput { | |||
24092 | return s | 24296 | return s |
24093 | } | 24297 | } |
24094 | 24298 | ||
24299 | // Describes the versioning state of an Amazon S3 bucket. For more information, | ||
24300 | // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html) | ||
24301 | // in the Amazon Simple Storage Service API Reference. | ||
24095 | type VersioningConfiguration struct { | 24302 | type VersioningConfiguration struct { |
24096 | _ struct{} `type:"structure"` | 24303 | _ struct{} `type:"structure"` |
24097 | 24304 | ||
@@ -24126,15 +24333,22 @@ func (s *VersioningConfiguration) SetStatus(v string) *VersioningConfiguration { | |||
24126 | return s | 24333 | return s |
24127 | } | 24334 | } |
24128 | 24335 | ||
24336 | // Specifies website configuration parameters for an Amazon S3 bucket. | ||
24129 | type WebsiteConfiguration struct { | 24337 | type WebsiteConfiguration struct { |
24130 | _ struct{} `type:"structure"` | 24338 | _ struct{} `type:"structure"` |
24131 | 24339 | ||
24340 | // The name of the error document for the website. | ||
24132 | ErrorDocument *ErrorDocument `type:"structure"` | 24341 | ErrorDocument *ErrorDocument `type:"structure"` |
24133 | 24342 | ||
24343 | // The name of the index document for the website. | ||
24134 | IndexDocument *IndexDocument `type:"structure"` | 24344 | IndexDocument *IndexDocument `type:"structure"` |
24135 | 24345 | ||
24346 | // The redirect behavior for every request to this bucket's website endpoint. | ||
24347 | // | ||
24348 | // If you specify this property, you can't specify any other property. | ||
24136 | RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` | 24349 | RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` |
24137 | 24350 | ||
24351 | // Rules that define when a redirect is applied and the redirect behavior. | ||
24138 | RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` | 24352 | RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` |
24139 | } | 24353 | } |
24140 | 24354 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go index bc68a46..9ba8a78 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go | |||
@@ -80,7 +80,8 @@ func buildGetBucketLocation(r *request.Request) { | |||
80 | out := r.Data.(*GetBucketLocationOutput) | 80 | out := r.Data.(*GetBucketLocationOutput) |
81 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) | 81 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) |
82 | if err != nil { | 82 | if err != nil { |
83 | r.Error = awserr.New("SerializationError", "failed reading response body", err) | 83 | r.Error = awserr.New(request.ErrCodeSerialization, |
84 | "failed reading response body", err) | ||
84 | return | 85 | return |
85 | } | 86 | } |
86 | 87 | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go index 95f2456..23d386b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go | |||
@@ -17,7 +17,8 @@ func defaultInitClientFn(c *client.Client) { | |||
17 | 17 | ||
18 | // Require SSL when using SSE keys | 18 | // Require SSL when using SSE keys |
19 | c.Handlers.Validate.PushBack(validateSSERequiresSSL) | 19 | c.Handlers.Validate.PushBack(validateSSERequiresSSL) |
20 | c.Handlers.Build.PushBack(computeSSEKeys) | 20 | c.Handlers.Build.PushBack(computeSSEKeyMD5) |
21 | c.Handlers.Build.PushBack(computeCopySourceSSEKeyMD5) | ||
21 | 22 | ||
22 | // S3 uses custom error unmarshaling logic | 23 | // S3 uses custom error unmarshaling logic |
23 | c.Handlers.UnmarshalError.Clear() | 24 | c.Handlers.UnmarshalError.Clear() |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go index 8010c4f..b71c835 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go | |||
@@ -3,6 +3,7 @@ package s3 | |||
3 | import ( | 3 | import ( |
4 | "crypto/md5" | 4 | "crypto/md5" |
5 | "encoding/base64" | 5 | "encoding/base64" |
6 | "net/http" | ||
6 | 7 | ||
7 | "github.com/aws/aws-sdk-go/aws/awserr" | 8 | "github.com/aws/aws-sdk-go/aws/awserr" |
8 | "github.com/aws/aws-sdk-go/aws/request" | 9 | "github.com/aws/aws-sdk-go/aws/request" |
@@ -30,25 +31,54 @@ func validateSSERequiresSSL(r *request.Request) { | |||
30 | } | 31 | } |
31 | } | 32 | } |
32 | 33 | ||
33 | func computeSSEKeys(r *request.Request) { | 34 | const ( |
34 | headers := []string{ | 35 | sseKeyHeader = "x-amz-server-side-encryption-customer-key" |
35 | "x-amz-server-side-encryption-customer-key", | 36 | sseKeyMD5Header = sseKeyHeader + "-md5" |
36 | "x-amz-copy-source-server-side-encryption-customer-key", | 37 | ) |
38 | |||
39 | func computeSSEKeyMD5(r *request.Request) { | ||
40 | var key string | ||
41 | if g, ok := r.Params.(sseCustomerKeyGetter); ok { | ||
42 | key = g.getSSECustomerKey() | ||
43 | } | ||
44 | |||
45 | computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest) | ||
46 | } | ||
47 | |||
48 | const ( | ||
49 | copySrcSSEKeyHeader = "x-amz-copy-source-server-side-encryption-customer-key" | ||
50 | copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5" | ||
51 | ) | ||
52 | |||
53 | func computeCopySourceSSEKeyMD5(r *request.Request) { | ||
54 | var key string | ||
55 | if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok { | ||
56 | key = g.getCopySourceSSECustomerKey() | ||
37 | } | 57 | } |
38 | 58 | ||
39 | for _, h := range headers { | 59 | computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest) |
40 | md5h := h + "-md5" | 60 | } |
41 | if key := r.HTTPRequest.Header.Get(h); key != "" { | 61 | |
42 | // Base64-encode the value | 62 | func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) { |
43 | b64v := base64.StdEncoding.EncodeToString([]byte(key)) | 63 | if len(key) == 0 { |
44 | r.HTTPRequest.Header.Set(h, b64v) | 64 | // Backwards compatiablity where user just set the header value instead |
45 | 65 | // of using the API parameter, or setting the header value for an | |
46 | // Add MD5 if it wasn't computed | 66 | // operation without the parameters modeled. |
47 | if r.HTTPRequest.Header.Get(md5h) == "" { | 67 | key = r.Header.Get(keyHeader) |
48 | sum := md5.Sum([]byte(key)) | 68 | if len(key) == 0 { |
49 | b64sum := base64.StdEncoding.EncodeToString(sum[:]) | 69 | return |
50 | r.HTTPRequest.Header.Set(md5h, b64sum) | ||
51 | } | ||
52 | } | 70 | } |
71 | |||
72 | // In backwards compatiable, the header's value is not base64 encoded, | ||
73 | // and needs to be encoded and updated by the SDK's customizations. | ||
74 | b64Key := base64.StdEncoding.EncodeToString([]byte(key)) | ||
75 | r.Header.Set(keyHeader, b64Key) | ||
76 | } | ||
77 | |||
78 | // Only update Key's MD5 if not already set. | ||
79 | if len(r.Header.Get(keyMD5Header)) == 0 { | ||
80 | sum := md5.Sum([]byte(key)) | ||
81 | keyMD5 := base64.StdEncoding.EncodeToString(sum[:]) | ||
82 | r.Header.Set(keyMD5Header, keyMD5) | ||
53 | } | 83 | } |
54 | } | 84 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go index fde3050..f6a69ae 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go | |||
@@ -14,7 +14,7 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) { | |||
14 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) | 14 | b, err := ioutil.ReadAll(r.HTTPResponse.Body) |
15 | if err != nil { | 15 | if err != nil { |
16 | r.Error = awserr.NewRequestFailure( | 16 | r.Error = awserr.NewRequestFailure( |
17 | awserr.New("SerializationError", "unable to read response body", err), | 17 | awserr.New(request.ErrCodeSerialization, "unable to read response body", err), |
18 | r.HTTPResponse.StatusCode, | 18 | r.HTTPResponse.StatusCode, |
19 | r.RequestID, | 19 | r.RequestID, |
20 | ) | 20 | ) |
@@ -31,7 +31,7 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) { | |||
31 | 31 | ||
32 | unmarshalError(r) | 32 | unmarshalError(r) |
33 | if err, ok := r.Error.(awserr.Error); ok && err != nil { | 33 | if err, ok := r.Error.(awserr.Error); ok && err != nil { |
34 | if err.Code() == "SerializationError" { | 34 | if err.Code() == request.ErrCodeSerialization { |
35 | r.Error = nil | 35 | r.Error = nil |
36 | return | 36 | return |
37 | } | 37 | } |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go index 1db7e13..5b63fac 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go | |||
@@ -11,6 +11,7 @@ import ( | |||
11 | "github.com/aws/aws-sdk-go/aws" | 11 | "github.com/aws/aws-sdk-go/aws" |
12 | "github.com/aws/aws-sdk-go/aws/awserr" | 12 | "github.com/aws/aws-sdk-go/aws/awserr" |
13 | "github.com/aws/aws-sdk-go/aws/request" | 13 | "github.com/aws/aws-sdk-go/aws/request" |
14 | "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil" | ||
14 | ) | 15 | ) |
15 | 16 | ||
16 | type xmlErrorResponse struct { | 17 | type xmlErrorResponse struct { |
@@ -42,29 +43,34 @@ func unmarshalError(r *request.Request) { | |||
42 | return | 43 | return |
43 | } | 44 | } |
44 | 45 | ||
45 | var errCode, errMsg string | ||
46 | |||
47 | // Attempt to parse error from body if it is known | 46 | // Attempt to parse error from body if it is known |
48 | resp := &xmlErrorResponse{} | 47 | var errResp xmlErrorResponse |
49 | err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp) | 48 | err := xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body) |
50 | if err != nil && err != io.EOF { | 49 | if err == io.EOF { |
51 | errCode = "SerializationError" | 50 | // Only capture the error if an unmarshal error occurs that is not EOF, |
52 | errMsg = "failed to decode S3 XML error response" | 51 | // because S3 might send an error without a error message which causes |
53 | } else { | 52 | // the XML unmarshal to fail with EOF. |
54 | errCode = resp.Code | ||
55 | errMsg = resp.Message | ||
56 | err = nil | 53 | err = nil |
57 | } | 54 | } |
55 | if err != nil { | ||
56 | r.Error = awserr.NewRequestFailure( | ||
57 | awserr.New(request.ErrCodeSerialization, | ||
58 | "failed to unmarshal error message", err), | ||
59 | r.HTTPResponse.StatusCode, | ||
60 | r.RequestID, | ||
61 | ) | ||
62 | return | ||
63 | } | ||
58 | 64 | ||
59 | // Fallback to status code converted to message if still no error code | 65 | // Fallback to status code converted to message if still no error code |
60 | if len(errCode) == 0 { | 66 | if len(errResp.Code) == 0 { |
61 | statusText := http.StatusText(r.HTTPResponse.StatusCode) | 67 | statusText := http.StatusText(r.HTTPResponse.StatusCode) |
62 | errCode = strings.Replace(statusText, " ", "", -1) | 68 | errResp.Code = strings.Replace(statusText, " ", "", -1) |
63 | errMsg = statusText | 69 | errResp.Message = statusText |
64 | } | 70 | } |
65 | 71 | ||
66 | r.Error = awserr.NewRequestFailure( | 72 | r.Error = awserr.NewRequestFailure( |
67 | awserr.New(errCode, errMsg, err), | 73 | awserr.New(errResp.Code, errResp.Message, err), |
68 | r.HTTPResponse.StatusCode, | 74 | r.HTTPResponse.StatusCode, |
69 | r.RequestID, | 75 | r.RequestID, |
70 | ) | 76 | ) |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 8113089..d22c38b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go | |||
@@ -3,6 +3,7 @@ | |||
3 | package sts | 3 | package sts |
4 | 4 | ||
5 | import ( | 5 | import ( |
6 | "fmt" | ||
6 | "time" | 7 | "time" |
7 | 8 | ||
8 | "github.com/aws/aws-sdk-go/aws" | 9 | "github.com/aws/aws-sdk-go/aws" |
@@ -55,38 +56,26 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o | |||
55 | 56 | ||
56 | // AssumeRole API operation for AWS Security Token Service. | 57 | // AssumeRole API operation for AWS Security Token Service. |
57 | // | 58 | // |
58 | // Returns a set of temporary security credentials (consisting of an access | 59 | // Returns a set of temporary security credentials that you can use to access |
59 | // key ID, a secret access key, and a security token) that you can use to access | 60 | // AWS resources that you might not normally have access to. These temporary |
60 | // AWS resources that you might not normally have access to. Typically, you | 61 | // credentials consist of an access key ID, a secret access key, and a security |
61 | // use AssumeRole for cross-account access or federation. For a comparison of | 62 | // token. Typically, you use AssumeRole within your account or for cross-account |
62 | // AssumeRole with the other APIs that produce temporary credentials, see Requesting | 63 | // access. For a comparison of AssumeRole with other API operations that produce |
63 | // Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) | 64 | // temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) |
64 | // and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | 65 | // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) |
65 | // in the IAM User Guide. | 66 | // in the IAM User Guide. |
66 | // | 67 | // |
67 | // Important: You cannot call AssumeRole by using AWS root account credentials; | 68 | // You cannot use AWS account root user credentials to call AssumeRole. You |
68 | // access is denied. You must use credentials for an IAM user or an IAM role | 69 | // must use credentials for an IAM user or an IAM role to call AssumeRole. |
69 | // to call AssumeRole. | ||
70 | // | 70 | // |
71 | // For cross-account access, imagine that you own multiple accounts and need | 71 | // For cross-account access, imagine that you own multiple accounts and need |
72 | // to access resources in each account. You could create long-term credentials | 72 | // to access resources in each account. You could create long-term credentials |
73 | // in each account to access those resources. However, managing all those credentials | 73 | // in each account to access those resources. However, managing all those credentials |
74 | // and remembering which one can access which account can be time consuming. | 74 | // and remembering which one can access which account can be time consuming. |
75 | // Instead, you can create one set of long-term credentials in one account and | 75 | // Instead, you can create one set of long-term credentials in one account. |
76 | // then use temporary security credentials to access all the other accounts | 76 | // Then use temporary security credentials to access all the other accounts |
77 | // by assuming roles in those accounts. For more information about roles, see | 77 | // by assuming roles in those accounts. For more information about roles, see |
78 | // IAM Roles (Delegation and Federation) (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) | 78 | // IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) |
79 | // in the IAM User Guide. | ||
80 | // | ||
81 | // For federation, you can, for example, grant single sign-on access to the | ||
82 | // AWS Management Console. If you already have an identity and authentication | ||
83 | // system in your corporate network, you don't have to recreate user identities | ||
84 | // in AWS in order to grant those user identities access to AWS. Instead, after | ||
85 | // a user has been authenticated, you call AssumeRole (and specify the role | ||
86 | // with the appropriate permissions) to get temporary security credentials for | ||
87 | // that user. With those temporary security credentials, you construct a sign-in | ||
88 | // URL that users can use to access the console. For more information, see Common | ||
89 | // Scenarios for Temporary Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction) | ||
90 | // in the IAM User Guide. | 79 | // in the IAM User Guide. |
91 | // | 80 | // |
92 | // By default, the temporary security credentials created by AssumeRole last | 81 | // By default, the temporary security credentials created by AssumeRole last |
@@ -95,69 +84,73 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o | |||
95 | // seconds (15 minutes) up to the maximum session duration setting for the role. | 84 | // seconds (15 minutes) up to the maximum session duration setting for the role. |
96 | // This setting can have a value from 1 hour to 12 hours. To learn how to view | 85 | // This setting can have a value from 1 hour to 12 hours. To learn how to view |
97 | // the maximum value for your role, see View the Maximum Session Duration Setting | 86 | // the maximum value for your role, see View the Maximum Session Duration Setting |
98 | // for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) | 87 | // for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) |
99 | // in the IAM User Guide. The maximum session duration limit applies when you | 88 | // in the IAM User Guide. The maximum session duration limit applies when you |
100 | // use the AssumeRole* API operations or the assume-role* CLI operations but | 89 | // use the AssumeRole* API operations or the assume-role* CLI commands. However |
101 | // does not apply when you use those operations to create a console URL. For | 90 | // the limit does not apply when you use those operations to create a console |
102 | // more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) | 91 | // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) |
103 | // in the IAM User Guide. | 92 | // in the IAM User Guide. |
104 | // | 93 | // |
105 | // The temporary security credentials created by AssumeRole can be used to make | 94 | // The temporary security credentials created by AssumeRole can be used to make |
106 | // API calls to any AWS service with the following exception: you cannot call | 95 | // API calls to any AWS service with the following exception: You cannot call |
107 | // the STS service's GetFederationToken or GetSessionToken APIs. | 96 | // the AWS STS GetFederationToken or GetSessionToken API operations. |
108 | // | 97 | // |
109 | // Optionally, you can pass an IAM access policy to this operation. If you choose | 98 | // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
110 | // not to pass a policy, the temporary security credentials that are returned | 99 | // to this operation. You can pass a single JSON policy document to use as an |
111 | // by the operation have the permissions that are defined in the access policy | 100 | // inline session policy. You can also specify up to 10 managed policies to |
112 | // of the role that is being assumed. If you pass a policy to this operation, | 101 | // use as managed session policies. The plain text that you use for both inline |
113 | // the temporary security credentials that are returned by the operation have | 102 | // and managed session policies shouldn't exceed 2048 characters. Passing policies |
114 | // the permissions that are allowed by both the access policy of the role that | 103 | // to this operation returns new temporary credentials. The resulting session's |
115 | // is being assumed, and the policy that you pass. This gives you a way to further | 104 | // permissions are the intersection of the role's identity-based policy and |
116 | // restrict the permissions for the resulting temporary security credentials. | 105 | // the session policies. You can use the role's temporary credentials in subsequent |
117 | // You cannot use the passed policy to grant permissions that are in excess | 106 | // AWS API calls to access resources in the account that owns the role. You |
118 | // of those allowed by the access policy of the role that is being assumed. | 107 | // cannot use session policies to grant more permissions than those allowed |
119 | // For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, | 108 | // by the identity-based policy of the role that is being assumed. For more |
120 | // and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) | 109 | // information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
121 | // in the IAM User Guide. | 110 | // in the IAM User Guide. |
122 | // | 111 | // |
123 | // To assume a role, your AWS account must be trusted by the role. The trust | 112 | // To assume a role from a different account, your AWS account must be trusted |
124 | // relationship is defined in the role's trust policy when the role is created. | 113 | // by the role. The trust relationship is defined in the role's trust policy |
125 | // That trust policy states which accounts are allowed to delegate access to | 114 | // when the role is created. That trust policy states which accounts are allowed |
126 | // this account's role. | 115 | // to delegate that access to users in the account. |
127 | // | 116 | // |
128 | // The user who wants to access the role must also have permissions delegated | 117 | // A user who wants to access a role in a different account must also have permissions |
129 | // from the role's administrator. If the user is in a different account than | 118 | // that are delegated from the user account administrator. The administrator |
130 | // the role, then the user's administrator must attach a policy that allows | 119 | // must attach a policy that allows the user to call AssumeRole for the ARN |
131 | // the user to call AssumeRole on the ARN of the role in the other account. | 120 | // of the role in the other account. If the user is in the same account as the |
132 | // If the user is in the same account as the role, then you can either attach | 121 | // role, then you can do either of the following: |
133 | // a policy to the user (identical to the previous different account user), | 122 | // |
134 | // or you can add the user as a principal directly in the role's trust policy. | 123 | // * Attach a policy to the user (identical to the previous user in a different |
135 | // In this case, the trust policy acts as the only resource-based policy in | 124 | // account). |
136 | // IAM, and users in the same account as the role do not need explicit permission | 125 | // |
137 | // to assume the role. For more information about trust policies and resource-based | 126 | // * Add the user as a principal directly in the role's trust policy. |
138 | // policies, see IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) | 127 | // |
128 | // In this case, the trust policy acts as an IAM resource-based policy. Users | ||
129 | // in the same account as the role do not need explicit permission to assume | ||
130 | // the role. For more information about trust policies and resource-based policies, | ||
131 | // see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) | ||
139 | // in the IAM User Guide. | 132 | // in the IAM User Guide. |
140 | // | 133 | // |
141 | // Using MFA with AssumeRole | 134 | // Using MFA with AssumeRole |
142 | // | 135 | // |
143 | // You can optionally include multi-factor authentication (MFA) information | 136 | // (Optional) You can include multi-factor authentication (MFA) information |
144 | // when you call AssumeRole. This is useful for cross-account scenarios in which | 137 | // when you call AssumeRole. This is useful for cross-account scenarios to ensure |
145 | // you want to make sure that the user who is assuming the role has been authenticated | 138 | // that the user that assumes the role has been authenticated with an AWS MFA |
146 | // using an AWS MFA device. In that scenario, the trust policy of the role being | 139 | // device. In that scenario, the trust policy of the role being assumed includes |
147 | // assumed includes a condition that tests for MFA authentication; if the caller | 140 | // a condition that tests for MFA authentication. If the caller does not include |
148 | // does not include valid MFA information, the request to assume the role is | 141 | // valid MFA information, the request to assume the role is denied. The condition |
149 | // denied. The condition in a trust policy that tests for MFA authentication | 142 | // in a trust policy that tests for MFA authentication might look like the following |
150 | // might look like the following example. | 143 | // example. |
151 | // | 144 | // |
152 | // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} | 145 | // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} |
153 | // | 146 | // |
154 | // For more information, see Configuring MFA-Protected API Access (http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) | 147 | // For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) |
155 | // in the IAM User Guide guide. | 148 | // in the IAM User Guide guide. |
156 | // | 149 | // |
157 | // To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode | 150 | // To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode |
158 | // parameters. The SerialNumber value identifies the user's hardware or virtual | 151 | // parameters. The SerialNumber value identifies the user's hardware or virtual |
159 | // MFA device. The TokenCode is the time-based one-time password (TOTP) that | 152 | // MFA device. The TokenCode is the time-based one-time password (TOTP) that |
160 | // the MFA devices produces. | 153 | // the MFA device produces. |
161 | // | 154 | // |
162 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 155 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
163 | // with awserr.Error's Code and Message methods to get detailed information about | 156 | // with awserr.Error's Code and Message methods to get detailed information about |
@@ -180,7 +173,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o | |||
180 | // STS is not activated in the requested region for the account that is being | 173 | // STS is not activated in the requested region for the account that is being |
181 | // asked to generate credentials. The account administrator must use the IAM | 174 | // asked to generate credentials. The account administrator must use the IAM |
182 | // console to activate STS in that region. For more information, see Activating | 175 | // console to activate STS in that region. For more information, see Activating |
183 | // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 176 | // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) |
184 | // in the IAM User Guide. | 177 | // in the IAM User Guide. |
185 | // | 178 | // |
186 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole | 179 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole |
@@ -254,9 +247,9 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re | |||
254 | // via a SAML authentication response. This operation provides a mechanism for | 247 | // via a SAML authentication response. This operation provides a mechanism for |
255 | // tying an enterprise identity store or directory to role-based AWS access | 248 | // tying an enterprise identity store or directory to role-based AWS access |
256 | // without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML | 249 | // without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML |
257 | // with the other APIs that produce temporary credentials, see Requesting Temporary | 250 | // with the other API operations that produce temporary credentials, see Requesting |
258 | // Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) | 251 | // Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) |
259 | // and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | 252 | // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) |
260 | // in the IAM User Guide. | 253 | // in the IAM User Guide. |
261 | // | 254 | // |
262 | // The temporary security credentials returned by this operation consist of | 255 | // The temporary security credentials returned by this operation consist of |
@@ -271,37 +264,36 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re | |||
271 | // a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session | 264 | // a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session |
272 | // duration setting for the role. This setting can have a value from 1 hour | 265 | // duration setting for the role. This setting can have a value from 1 hour |
273 | // to 12 hours. To learn how to view the maximum value for your role, see View | 266 | // to 12 hours. To learn how to view the maximum value for your role, see View |
274 | // the Maximum Session Duration Setting for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) | 267 | // the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) |
275 | // in the IAM User Guide. The maximum session duration limit applies when you | 268 | // in the IAM User Guide. The maximum session duration limit applies when you |
276 | // use the AssumeRole* API operations or the assume-role* CLI operations but | 269 | // use the AssumeRole* API operations or the assume-role* CLI commands. However |
277 | // does not apply when you use those operations to create a console URL. For | 270 | // the limit does not apply when you use those operations to create a console |
278 | // more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) | 271 | // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) |
279 | // in the IAM User Guide. | 272 | // in the IAM User Guide. |
280 | // | 273 | // |
281 | // The temporary security credentials created by AssumeRoleWithSAML can be used | 274 | // The temporary security credentials created by AssumeRoleWithSAML can be used |
282 | // to make API calls to any AWS service with the following exception: you cannot | 275 | // to make API calls to any AWS service with the following exception: you cannot |
283 | // call the STS service's GetFederationToken or GetSessionToken APIs. | 276 | // call the STS GetFederationToken or GetSessionToken API operations. |
284 | // | 277 | // |
285 | // Optionally, you can pass an IAM access policy to this operation. If you choose | 278 | // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
286 | // not to pass a policy, the temporary security credentials that are returned | 279 | // to this operation. You can pass a single JSON policy document to use as an |
287 | // by the operation have the permissions that are defined in the access policy | 280 | // inline session policy. You can also specify up to 10 managed policies to |
288 | // of the role that is being assumed. If you pass a policy to this operation, | 281 | // use as managed session policies. The plain text that you use for both inline |
289 | // the temporary security credentials that are returned by the operation have | 282 | // and managed session policies shouldn't exceed 2048 characters. Passing policies |
290 | // the permissions that are allowed by the intersection of both the access policy | 283 | // to this operation returns new temporary credentials. The resulting session's |
291 | // of the role that is being assumed, and the policy that you pass. This means | 284 | // permissions are the intersection of the role's identity-based policy and |
292 | // that both policies must grant the permission for the action to be allowed. | 285 | // the session policies. You can use the role's temporary credentials in subsequent |
293 | // This gives you a way to further restrict the permissions for the resulting | 286 | // AWS API calls to access resources in the account that owns the role. You |
294 | // temporary security credentials. You cannot use the passed policy to grant | 287 | // cannot use session policies to grant more permissions than those allowed |
295 | // permissions that are in excess of those allowed by the access policy of the | 288 | // by the identity-based policy of the role that is being assumed. For more |
296 | // role that is being assumed. For more information, see Permissions for AssumeRole, | 289 | // information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
297 | // AssumeRoleWithSAML, and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) | ||
298 | // in the IAM User Guide. | 290 | // in the IAM User Guide. |
299 | // | 291 | // |
300 | // Before your application can call AssumeRoleWithSAML, you must configure your | 292 | // Before your application can call AssumeRoleWithSAML, you must configure your |
301 | // SAML identity provider (IdP) to issue the claims required by AWS. Additionally, | 293 | // SAML identity provider (IdP) to issue the claims required by AWS. Additionally, |
302 | // you must use AWS Identity and Access Management (IAM) to create a SAML provider | 294 | // you must use AWS Identity and Access Management (IAM) to create a SAML provider |
303 | // entity in your AWS account that represents your identity provider, and create | 295 | // entity in your AWS account that represents your identity provider. You must |
304 | // an IAM role that specifies this SAML provider in its trust policy. | 296 | // also create an IAM role that specifies this SAML provider in its trust policy. |
305 | // | 297 | // |
306 | // Calling AssumeRoleWithSAML does not require the use of AWS security credentials. | 298 | // Calling AssumeRoleWithSAML does not require the use of AWS security credentials. |
307 | // The identity of the caller is validated by using keys in the metadata document | 299 | // The identity of the caller is validated by using keys in the metadata document |
@@ -315,16 +307,16 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re | |||
315 | // | 307 | // |
316 | // For more information, see the following resources: | 308 | // For more information, see the following resources: |
317 | // | 309 | // |
318 | // * About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) | 310 | // * About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) |
319 | // in the IAM User Guide. | 311 | // in the IAM User Guide. |
320 | // | 312 | // |
321 | // * Creating SAML Identity Providers (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) | 313 | // * Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) |
322 | // in the IAM User Guide. | 314 | // in the IAM User Guide. |
323 | // | 315 | // |
324 | // * Configuring a Relying Party and Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) | 316 | // * Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) |
325 | // in the IAM User Guide. | 317 | // in the IAM User Guide. |
326 | // | 318 | // |
327 | // * Creating a Role for SAML 2.0 Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) | 319 | // * Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) |
328 | // in the IAM User Guide. | 320 | // in the IAM User Guide. |
329 | // | 321 | // |
330 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 322 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
@@ -363,7 +355,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re | |||
363 | // STS is not activated in the requested region for the account that is being | 355 | // STS is not activated in the requested region for the account that is being |
364 | // asked to generate credentials. The account administrator must use the IAM | 356 | // asked to generate credentials. The account administrator must use the IAM |
365 | // console to activate STS in that region. For more information, see Activating | 357 | // console to activate STS in that region. For more information, see Activating |
366 | // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 358 | // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) |
367 | // in the IAM User Guide. | 359 | // in the IAM User Guide. |
368 | // | 360 | // |
369 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML | 361 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML |
@@ -434,35 +426,35 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI | |||
434 | // AssumeRoleWithWebIdentity API operation for AWS Security Token Service. | 426 | // AssumeRoleWithWebIdentity API operation for AWS Security Token Service. |
435 | // | 427 | // |
436 | // Returns a set of temporary security credentials for users who have been authenticated | 428 | // Returns a set of temporary security credentials for users who have been authenticated |
437 | // in a mobile or web application with a web identity provider, such as Amazon | 429 | // in a mobile or web application with a web identity provider. Example providers |
438 | // Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible | 430 | // include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID |
439 | // identity provider. | 431 | // Connect-compatible identity provider. |
440 | // | 432 | // |
441 | // For mobile applications, we recommend that you use Amazon Cognito. You can | 433 | // For mobile applications, we recommend that you use Amazon Cognito. You can |
442 | // use Amazon Cognito with the AWS SDK for iOS (http://aws.amazon.com/sdkforios/) | 434 | // use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) |
443 | // and the AWS SDK for Android (http://aws.amazon.com/sdkforandroid/) to uniquely | 435 | // and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) |
444 | // identify a user and supply the user with a consistent identity throughout | 436 | // to uniquely identify a user. You can also supply the user with a consistent |
445 | // the lifetime of an application. | 437 | // identity throughout the lifetime of an application. |
446 | // | 438 | // |
447 | // To learn more about Amazon Cognito, see Amazon Cognito Overview (http://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) | 439 | // To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) |
448 | // in the AWS SDK for Android Developer Guide guide and Amazon Cognito Overview | 440 | // in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) |
449 | // (http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) | ||
450 | // in the AWS SDK for iOS Developer Guide. | 441 | // in the AWS SDK for iOS Developer Guide. |
451 | // | 442 | // |
452 | // Calling AssumeRoleWithWebIdentity does not require the use of AWS security | 443 | // Calling AssumeRoleWithWebIdentity does not require the use of AWS security |
453 | // credentials. Therefore, you can distribute an application (for example, on | 444 | // credentials. Therefore, you can distribute an application (for example, on |
454 | // mobile devices) that requests temporary security credentials without including | 445 | // mobile devices) that requests temporary security credentials without including |
455 | // long-term AWS credentials in the application, and without deploying server-based | 446 | // long-term AWS credentials in the application. You also don't need to deploy |
456 | // proxy services that use long-term AWS credentials. Instead, the identity | 447 | // server-based proxy services that use long-term AWS credentials. Instead, |
457 | // of the caller is validated by using a token from the web identity provider. | 448 | // the identity of the caller is validated by using a token from the web identity |
458 | // For a comparison of AssumeRoleWithWebIdentity with the other APIs that produce | 449 | // provider. For a comparison of AssumeRoleWithWebIdentity with the other API |
459 | // temporary credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) | 450 | // operations that produce temporary credentials, see Requesting Temporary Security |
460 | // and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | 451 | // Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) |
452 | // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | ||
461 | // in the IAM User Guide. | 453 | // in the IAM User Guide. |
462 | // | 454 | // |
463 | // The temporary security credentials returned by this API consist of an access | 455 | // The temporary security credentials returned by this API consist of an access |
464 | // key ID, a secret access key, and a security token. Applications can use these | 456 | // key ID, a secret access key, and a security token. Applications can use these |
465 | // temporary security credentials to sign calls to AWS service APIs. | 457 | // temporary security credentials to sign calls to AWS service API operations. |
466 | // | 458 | // |
467 | // By default, the temporary security credentials created by AssumeRoleWithWebIdentity | 459 | // By default, the temporary security credentials created by AssumeRoleWithWebIdentity |
468 | // last for one hour. However, you can use the optional DurationSeconds parameter | 460 | // last for one hour. However, you can use the optional DurationSeconds parameter |
@@ -470,29 +462,29 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI | |||
470 | // seconds (15 minutes) up to the maximum session duration setting for the role. | 462 | // seconds (15 minutes) up to the maximum session duration setting for the role. |
471 | // This setting can have a value from 1 hour to 12 hours. To learn how to view | 463 | // This setting can have a value from 1 hour to 12 hours. To learn how to view |
472 | // the maximum value for your role, see View the Maximum Session Duration Setting | 464 | // the maximum value for your role, see View the Maximum Session Duration Setting |
473 | // for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) | 465 | // for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) |
474 | // in the IAM User Guide. The maximum session duration limit applies when you | 466 | // in the IAM User Guide. The maximum session duration limit applies when you |
475 | // use the AssumeRole* API operations or the assume-role* CLI operations but | 467 | // use the AssumeRole* API operations or the assume-role* CLI commands. However |
476 | // does not apply when you use those operations to create a console URL. For | 468 | // the limit does not apply when you use those operations to create a console |
477 | // more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) | 469 | // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) |
478 | // in the IAM User Guide. | 470 | // in the IAM User Guide. |
479 | // | 471 | // |
480 | // The temporary security credentials created by AssumeRoleWithWebIdentity can | 472 | // The temporary security credentials created by AssumeRoleWithWebIdentity can |
481 | // be used to make API calls to any AWS service with the following exception: | 473 | // be used to make API calls to any AWS service with the following exception: |
482 | // you cannot call the STS service's GetFederationToken or GetSessionToken APIs. | 474 | // you cannot call the STS GetFederationToken or GetSessionToken API operations. |
483 | // | 475 | // |
484 | // Optionally, you can pass an IAM access policy to this operation. If you choose | 476 | // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
485 | // not to pass a policy, the temporary security credentials that are returned | 477 | // to this operation. You can pass a single JSON policy document to use as an |
486 | // by the operation have the permissions that are defined in the access policy | 478 | // inline session policy. You can also specify up to 10 managed policies to |
487 | // of the role that is being assumed. If you pass a policy to this operation, | 479 | // use as managed session policies. The plain text that you use for both inline |
488 | // the temporary security credentials that are returned by the operation have | 480 | // and managed session policies shouldn't exceed 2048 characters. Passing policies |
489 | // the permissions that are allowed by both the access policy of the role that | 481 | // to this operation returns new temporary credentials. The resulting session's |
490 | // is being assumed, and the policy that you pass. This gives you a way to further | 482 | // permissions are the intersection of the role's identity-based policy and |
491 | // restrict the permissions for the resulting temporary security credentials. | 483 | // the session policies. You can use the role's temporary credentials in subsequent |
492 | // You cannot use the passed policy to grant permissions that are in excess | 484 | // AWS API calls to access resources in the account that owns the role. You |
493 | // of those allowed by the access policy of the role that is being assumed. | 485 | // cannot use session policies to grant more permissions than those allowed |
494 | // For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, | 486 | // by the identity-based policy of the role that is being assumed. For more |
495 | // and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) | 487 | // information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
496 | // in the IAM User Guide. | 488 | // in the IAM User Guide. |
497 | // | 489 | // |
498 | // Before your application can call AssumeRoleWithWebIdentity, you must have | 490 | // Before your application can call AssumeRoleWithWebIdentity, you must have |
@@ -511,21 +503,19 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI | |||
511 | // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity | 503 | // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity |
512 | // API, see the following resources: | 504 | // API, see the following resources: |
513 | // | 505 | // |
514 | // * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) | 506 | // * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) |
515 | // and Federation Through a Web-based Identity Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). | 507 | // and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). |
516 | // | 508 | // |
509 | // * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html). | ||
510 | // Walk through the process of authenticating through Login with Amazon, | ||
511 | // Facebook, or Google, getting temporary security credentials, and then | ||
512 | // using those credentials to make a request to AWS. | ||
517 | // | 513 | // |
518 | // * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html). | 514 | // * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and |
519 | // This interactive website lets you walk through the process of authenticating | 515 | // AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). |
520 | // via Login with Amazon, Facebook, or Google, getting temporary security | 516 | // These toolkits contain sample apps that show how to invoke the identity |
521 | // credentials, and then using those credentials to make a request to AWS. | 517 | // providers, and then how to use the information from these providers to |
522 | // | 518 | // get and use temporary security credentials. |
523 | // | ||
524 | // * AWS SDK for iOS (http://aws.amazon.com/sdkforios/) and AWS SDK for Android | ||
525 | // (http://aws.amazon.com/sdkforandroid/). These toolkits contain sample | ||
526 | // apps that show how to invoke the identity providers, and then how to use | ||
527 | // the information from these providers to get and use temporary security | ||
528 | // credentials. | ||
529 | // | 519 | // |
530 | // * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). | 520 | // * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). |
531 | // This article discusses web identity federation and shows an example of | 521 | // This article discusses web identity federation and shows an example of |
@@ -575,7 +565,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI | |||
575 | // STS is not activated in the requested region for the account that is being | 565 | // STS is not activated in the requested region for the account that is being |
576 | // asked to generate credentials. The account administrator must use the IAM | 566 | // asked to generate credentials. The account administrator must use the IAM |
577 | // console to activate STS in that region. For more information, see Activating | 567 | // console to activate STS in that region. For more information, see Activating |
578 | // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 568 | // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) |
579 | // in the IAM User Guide. | 569 | // in the IAM User Guide. |
580 | // | 570 | // |
581 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity | 571 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity |
@@ -647,17 +637,17 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag | |||
647 | // Decodes additional information about the authorization status of a request | 637 | // Decodes additional information about the authorization status of a request |
648 | // from an encoded message returned in response to an AWS request. | 638 | // from an encoded message returned in response to an AWS request. |
649 | // | 639 | // |
650 | // For example, if a user is not authorized to perform an action that he or | 640 | // For example, if a user is not authorized to perform an operation that he |
651 | // she has requested, the request returns a Client.UnauthorizedOperation response | 641 | // or she has requested, the request returns a Client.UnauthorizedOperation |
652 | // (an HTTP 403 response). Some AWS actions additionally return an encoded message | 642 | // response (an HTTP 403 response). Some AWS operations additionally return |
653 | // that can provide details about this authorization failure. | 643 | // an encoded message that can provide details about this authorization failure. |
654 | // | 644 | // |
655 | // Only certain AWS actions return an encoded authorization message. The documentation | 645 | // Only certain AWS operations return an encoded authorization message. The |
656 | // for an individual action indicates whether that action returns an encoded | 646 | // documentation for an individual operation indicates whether that operation |
657 | // message in addition to returning an HTTP code. | 647 | // returns an encoded message in addition to returning an HTTP code. |
658 | // | 648 | // |
659 | // The message is encoded because the details of the authorization status can | 649 | // The message is encoded because the details of the authorization status can |
660 | // constitute privileged information that the user who requested the action | 650 | // constitute privileged information that the user who requested the operation |
661 | // should not see. To decode an authorization status message, a user must be | 651 | // should not see. To decode an authorization status message, a user must be |
662 | // granted permissions via an IAM policy to request the DecodeAuthorizationMessage | 652 | // granted permissions via an IAM policy to request the DecodeAuthorizationMessage |
663 | // (sts:DecodeAuthorizationMessage) action. | 653 | // (sts:DecodeAuthorizationMessage) action. |
@@ -666,7 +656,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag | |||
666 | // | 656 | // |
667 | // * Whether the request was denied due to an explicit deny or due to the | 657 | // * Whether the request was denied due to an explicit deny or due to the |
668 | // absence of an explicit allow. For more information, see Determining Whether | 658 | // absence of an explicit allow. For more information, see Determining Whether |
669 | // a Request is Allowed or Denied (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) | 659 | // a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) |
670 | // in the IAM User Guide. | 660 | // in the IAM User Guide. |
671 | // | 661 | // |
672 | // * The principal who made the request. | 662 | // * The principal who made the request. |
@@ -712,6 +702,102 @@ func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *Deco | |||
712 | return out, req.Send() | 702 | return out, req.Send() |
713 | } | 703 | } |
714 | 704 | ||
705 | const opGetAccessKeyInfo = "GetAccessKeyInfo" | ||
706 | |||
707 | // GetAccessKeyInfoRequest generates a "aws/request.Request" representing the | ||
708 | // client's request for the GetAccessKeyInfo operation. The "output" return | ||
709 | // value will be populated with the request's response once the request completes | ||
710 | // successfully. | ||
711 | // | ||
712 | // Use "Send" method on the returned Request to send the API call to the service. | ||
713 | // the "output" return value is not valid until after Send returns without error. | ||
714 | // | ||
715 | // See GetAccessKeyInfo for more information on using the GetAccessKeyInfo | ||
716 | // API call, and error handling. | ||
717 | // | ||
718 | // This method is useful when you want to inject custom logic or configuration | ||
719 | // into the SDK's request lifecycle. Such as custom headers, or retry logic. | ||
720 | // | ||
721 | // | ||
722 | // // Example sending a request using the GetAccessKeyInfoRequest method. | ||
723 | // req, resp := client.GetAccessKeyInfoRequest(params) | ||
724 | // | ||
725 | // err := req.Send() | ||
726 | // if err == nil { // resp is now filled | ||
727 | // fmt.Println(resp) | ||
728 | // } | ||
729 | // | ||
730 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo | ||
731 | func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) { | ||
732 | op := &request.Operation{ | ||
733 | Name: opGetAccessKeyInfo, | ||
734 | HTTPMethod: "POST", | ||
735 | HTTPPath: "/", | ||
736 | } | ||
737 | |||
738 | if input == nil { | ||
739 | input = &GetAccessKeyInfoInput{} | ||
740 | } | ||
741 | |||
742 | output = &GetAccessKeyInfoOutput{} | ||
743 | req = c.newRequest(op, input, output) | ||
744 | return | ||
745 | } | ||
746 | |||
747 | // GetAccessKeyInfo API operation for AWS Security Token Service. | ||
748 | // | ||
749 | // Returns the account identifier for the specified access key ID. | ||
750 | // | ||
751 | // Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) | ||
752 | // and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). | ||
753 | // For more information about access keys, see Managing Access Keys for IAM | ||
754 | // Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) | ||
755 | // in the IAM User Guide. | ||
756 | // | ||
757 | // When you pass an access key ID to this operation, it returns the ID of the | ||
758 | // AWS account to which the keys belong. Access key IDs beginning with AKIA | ||
759 | // are long-term credentials for an IAM user or the AWS account root user. Access | ||
760 | // key IDs beginning with ASIA are temporary credentials that are created using | ||
761 | // STS operations. If the account in the response belongs to you, you can sign | ||
762 | // in as the root user and review your root user access keys. Then, you can | ||
763 | // pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report) | ||
764 | // to learn which IAM user owns the keys. To learn who requested the temporary | ||
765 | // credentials for an ASIA access key, view the STS events in your CloudTrail | ||
766 | // logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration). | ||
767 | // | ||
768 | // This operation does not indicate the state of the access key. The key might | ||
769 | // be active, inactive, or deleted. Active keys might not have permissions to | ||
770 | // perform an operation. Providing a deleted keys might return an error that | ||
771 | // the key doesn't exist. | ||
772 | // | ||
773 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | ||
774 | // with awserr.Error's Code and Message methods to get detailed information about | ||
775 | // the error. | ||
776 | // | ||
777 | // See the AWS API reference guide for AWS Security Token Service's | ||
778 | // API operation GetAccessKeyInfo for usage and error information. | ||
779 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo | ||
780 | func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) { | ||
781 | req, out := c.GetAccessKeyInfoRequest(input) | ||
782 | return out, req.Send() | ||
783 | } | ||
784 | |||
785 | // GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of | ||
786 | // the ability to pass a context and additional request options. | ||
787 | // | ||
788 | // See GetAccessKeyInfo for details on how to use this API operation. | ||
789 | // | ||
790 | // The context must be non-nil and will be used for request cancellation. If | ||
791 | // the context is nil a panic will occur. In the future the SDK may create | ||
792 | // sub-contexts for http.Requests. See https://golang.org/pkg/context/ | ||
793 | // for more information on using Contexts. | ||
794 | func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) { | ||
795 | req, out := c.GetAccessKeyInfoRequest(input) | ||
796 | req.SetContext(ctx) | ||
797 | req.ApplyOptions(opts...) | ||
798 | return out, req.Send() | ||
799 | } | ||
800 | |||
715 | const opGetCallerIdentity = "GetCallerIdentity" | 801 | const opGetCallerIdentity = "GetCallerIdentity" |
716 | 802 | ||
717 | // GetCallerIdentityRequest generates a "aws/request.Request" representing the | 803 | // GetCallerIdentityRequest generates a "aws/request.Request" representing the |
@@ -834,81 +920,65 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re | |||
834 | // Returns a set of temporary security credentials (consisting of an access | 920 | // Returns a set of temporary security credentials (consisting of an access |
835 | // key ID, a secret access key, and a security token) for a federated user. | 921 | // key ID, a secret access key, and a security token) for a federated user. |
836 | // A typical use is in a proxy application that gets temporary security credentials | 922 | // A typical use is in a proxy application that gets temporary security credentials |
837 | // on behalf of distributed applications inside a corporate network. Because | 923 | // on behalf of distributed applications inside a corporate network. You must |
838 | // you must call the GetFederationToken action using the long-term security | 924 | // call the GetFederationToken operation using the long-term security credentials |
839 | // credentials of an IAM user, this call is appropriate in contexts where those | 925 | // of an IAM user. As a result, this call is appropriate in contexts where those |
840 | // credentials can be safely stored, usually in a server-based application. | 926 | // credentials can be safely stored, usually in a server-based application. |
841 | // For a comparison of GetFederationToken with the other APIs that produce temporary | 927 | // For a comparison of GetFederationToken with the other API operations that |
842 | // credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) | 928 | // produce temporary credentials, see Requesting Temporary Security Credentials |
843 | // and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | 929 | // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) |
930 | // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | ||
844 | // in the IAM User Guide. | 931 | // in the IAM User Guide. |
845 | // | 932 | // |
846 | // If you are creating a mobile-based or browser-based app that can authenticate | 933 | // You can create a mobile-based or browser-based app that can authenticate |
847 | // users using a web identity provider like Login with Amazon, Facebook, Google, | 934 | // users using a web identity provider like Login with Amazon, Facebook, Google, |
848 | // or an OpenID Connect-compatible identity provider, we recommend that you | 935 | // or an OpenID Connect-compatible identity provider. In this case, we recommend |
849 | // use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. | 936 | // that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. |
850 | // For more information, see Federation Through a Web-based Identity Provider | 937 | // For more information, see Federation Through a Web-based Identity Provider |
851 | // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). | 938 | // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). |
852 | // | 939 | // |
853 | // The GetFederationToken action must be called by using the long-term AWS security | 940 | // You can also call GetFederationToken using the security credentials of an |
854 | // credentials of an IAM user. You can also call GetFederationToken using the | 941 | // AWS account root user, but we do not recommend it. Instead, we recommend |
855 | // security credentials of an AWS root account, but we do not recommended it. | 942 | // that you create an IAM user for the purpose of the proxy application. Then |
856 | // Instead, we recommend that you create an IAM user for the purpose of the | 943 | // attach a policy to the IAM user that limits federated users to only the actions |
857 | // proxy application and then attach a policy to the IAM user that limits federated | 944 | // and resources that they need to access. For more information, see IAM Best |
858 | // users to only the actions and resources that they need access to. For more | 945 | // Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) |
859 | // information, see IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) | ||
860 | // in the IAM User Guide. | 946 | // in the IAM User Guide. |
861 | // | 947 | // |
862 | // The temporary security credentials that are obtained by using the long-term | 948 | // The temporary credentials are valid for the specified duration, from 900 |
863 | // credentials of an IAM user are valid for the specified duration, from 900 | 949 | // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default |
864 | // seconds (15 minutes) up to a maximium of 129600 seconds (36 hours). The default | 950 | // is 43,200 seconds (12 hours). Temporary credentials that are obtained by |
865 | // is 43200 seconds (12 hours). Temporary credentials that are obtained by using | 951 | // using AWS account root user credentials have a maximum duration of 3,600 |
866 | // AWS root account credentials have a maximum duration of 3600 seconds (1 hour). | 952 | // seconds (1 hour). |
867 | // | 953 | // |
868 | // The temporary security credentials created by GetFederationToken can be used | 954 | // The temporary security credentials created by GetFederationToken can be used |
869 | // to make API calls to any AWS service with the following exceptions: | 955 | // to make API calls to any AWS service with the following exceptions: |
870 | // | 956 | // |
871 | // * You cannot use these credentials to call any IAM APIs. | 957 | // * You cannot use these credentials to call any IAM API operations. |
872 | // | 958 | // |
873 | // * You cannot call any STS APIs except GetCallerIdentity. | 959 | // * You cannot call any STS API operations except GetCallerIdentity. |
874 | // | 960 | // |
875 | // Permissions | 961 | // Permissions |
876 | // | 962 | // |
877 | // The permissions for the temporary security credentials returned by GetFederationToken | 963 | // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
878 | // are determined by a combination of the following: | 964 | // to this operation. You can pass a single JSON policy document to use as an |
879 | // | 965 | // inline session policy. You can also specify up to 10 managed policies to |
880 | // * The policy or policies that are attached to the IAM user whose credentials | 966 | // use as managed session policies. The plain text that you use for both inline |
881 | // are used to call GetFederationToken. | 967 | // and managed session policies shouldn't exceed 2048 characters. |
882 | // | 968 | // |
883 | // * The policy that is passed as a parameter in the call. | 969 | // Though the session policy parameters are optional, if you do not pass a policy, |
884 | // | 970 | // then the resulting federated user session has no permissions. The only exception |
885 | // The passed policy is attached to the temporary security credentials that | 971 | // is when the credentials are used to access a resource that has a resource-based |
886 | // result from the GetFederationToken API call--that is, to the federated user. | 972 | // policy that specifically references the federated user session in the Principal |
887 | // When the federated user makes an AWS request, AWS evaluates the policy attached | 973 | // element of the policy. When you pass session policies, the session permissions |
888 | // to the federated user in combination with the policy or policies attached | 974 | // are the intersection of the IAM user policies and the session policies that |
889 | // to the IAM user whose credentials were used to call GetFederationToken. AWS | 975 | // you pass. This gives you a way to further restrict the permissions for a |
890 | // allows the federated user's request only when both the federated user and | 976 | // federated user. You cannot use session policies to grant more permissions |
891 | // the IAM user are explicitly allowed to perform the requested action. The | 977 | // than those that are defined in the permissions policy of the IAM user. For |
892 | // passed policy cannot grant more permissions than those that are defined in | 978 | // more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
893 | // the IAM user policy. | 979 | // in the IAM User Guide. For information about using GetFederationToken to |
894 | // | 980 | // create temporary security credentials, see GetFederationToken—Federation |
895 | // A typical use case is that the permissions of the IAM user whose credentials | 981 | // Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). |
896 | // are used to call GetFederationToken are designed to allow access to all the | ||
897 | // actions and resources that any federated user will need. Then, for individual | ||
898 | // users, you pass a policy to the operation that scopes down the permissions | ||
899 | // to a level that's appropriate to that individual user, using a policy that | ||
900 | // allows only a subset of permissions that are granted to the IAM user. | ||
901 | // | ||
902 | // If you do not pass a policy, the resulting temporary security credentials | ||
903 | // have no effective permissions. The only exception is when the temporary security | ||
904 | // credentials are used to access a resource that has a resource-based policy | ||
905 | // that specifically allows the federated user to access the resource. | ||
906 | // | ||
907 | // For more information about how permissions work, see Permissions for GetFederationToken | ||
908 | // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html). | ||
909 | // For information about using GetFederationToken to create temporary security | ||
910 | // credentials, see GetFederationToken—Federation Through a Custom Identity | ||
911 | // Broker (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). | ||
912 | // | 982 | // |
913 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 983 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
914 | // with awserr.Error's Code and Message methods to get detailed information about | 984 | // with awserr.Error's Code and Message methods to get detailed information about |
@@ -931,7 +1001,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re | |||
931 | // STS is not activated in the requested region for the account that is being | 1001 | // STS is not activated in the requested region for the account that is being |
932 | // asked to generate credentials. The account administrator must use the IAM | 1002 | // asked to generate credentials. The account administrator must use the IAM |
933 | // console to activate STS in that region. For more information, see Activating | 1003 | // console to activate STS in that region. For more information, see Activating |
934 | // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 1004 | // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) |
935 | // in the IAM User Guide. | 1005 | // in the IAM User Guide. |
936 | // | 1006 | // |
937 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken | 1007 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken |
@@ -1003,48 +1073,47 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. | |||
1003 | // Returns a set of temporary credentials for an AWS account or IAM user. The | 1073 | // Returns a set of temporary credentials for an AWS account or IAM user. The |
1004 | // credentials consist of an access key ID, a secret access key, and a security | 1074 | // credentials consist of an access key ID, a secret access key, and a security |
1005 | // token. Typically, you use GetSessionToken if you want to use MFA to protect | 1075 | // token. Typically, you use GetSessionToken if you want to use MFA to protect |
1006 | // programmatic calls to specific AWS APIs like Amazon EC2 StopInstances. MFA-enabled | 1076 | // programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. |
1007 | // IAM users would need to call GetSessionToken and submit an MFA code that | 1077 | // MFA-enabled IAM users would need to call GetSessionToken and submit an MFA |
1008 | // is associated with their MFA device. Using the temporary security credentials | 1078 | // code that is associated with their MFA device. Using the temporary security |
1009 | // that are returned from the call, IAM users can then make programmatic calls | 1079 | // credentials that are returned from the call, IAM users can then make programmatic |
1010 | // to APIs that require MFA authentication. If you do not supply a correct MFA | 1080 | // calls to API operations that require MFA authentication. If you do not supply |
1011 | // code, then the API returns an access denied error. For a comparison of GetSessionToken | 1081 | // a correct MFA code, then the API returns an access denied error. For a comparison |
1012 | // with the other APIs that produce temporary credentials, see Requesting Temporary | 1082 | // of GetSessionToken with the other API operations that produce temporary credentials, |
1013 | // Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) | 1083 | // see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) |
1014 | // and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) | 1084 | // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) |
1015 | // in the IAM User Guide. | 1085 | // in the IAM User Guide. |
1016 | // | 1086 | // |
1017 | // The GetSessionToken action must be called by using the long-term AWS security | 1087 | // The GetSessionToken operation must be called by using the long-term AWS security |
1018 | // credentials of the AWS account or an IAM user. Credentials that are created | 1088 | // credentials of the AWS account root user or an IAM user. Credentials that |
1019 | // by IAM users are valid for the duration that you specify, from 900 seconds | 1089 | // are created by IAM users are valid for the duration that you specify. This |
1020 | // (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default | 1090 | // duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 |
1021 | // of 43200 seconds (12 hours); credentials that are created by using account | 1091 | // seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials |
1022 | // credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 | 1092 | // based on account credentials can range from 900 seconds (15 minutes) up to |
1023 | // seconds (1 hour), with a default of 1 hour. | 1093 | // 3,600 seconds (1 hour), with a default of 1 hour. |
1024 | // | 1094 | // |
1025 | // The temporary security credentials created by GetSessionToken can be used | 1095 | // The temporary security credentials created by GetSessionToken can be used |
1026 | // to make API calls to any AWS service with the following exceptions: | 1096 | // to make API calls to any AWS service with the following exceptions: |
1027 | // | 1097 | // |
1028 | // * You cannot call any IAM APIs unless MFA authentication information is | 1098 | // * You cannot call any IAM API operations unless MFA authentication information |
1029 | // included in the request. | 1099 | // is included in the request. |
1030 | // | 1100 | // |
1031 | // * You cannot call any STS API exceptAssumeRole or GetCallerIdentity. | 1101 | // * You cannot call any STS API except AssumeRole or GetCallerIdentity. |
1032 | // | 1102 | // |
1033 | // We recommend that you do not call GetSessionToken with root account credentials. | 1103 | // We recommend that you do not call GetSessionToken with AWS account root user |
1034 | // Instead, follow our best practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) | 1104 | // credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) |
1035 | // by creating one or more IAM users, giving them the necessary permissions, | 1105 | // by creating one or more IAM users, giving them the necessary permissions, |
1036 | // and using IAM users for everyday interaction with AWS. | 1106 | // and using IAM users for everyday interaction with AWS. |
1037 | // | 1107 | // |
1038 | // The permissions associated with the temporary security credentials returned | 1108 | // The credentials that are returned by GetSessionToken are based on permissions |
1039 | // by GetSessionToken are based on the permissions associated with account or | 1109 | // associated with the user whose credentials were used to call the operation. |
1040 | // IAM user whose credentials are used to call the action. If GetSessionToken | 1110 | // If GetSessionToken is called using AWS account root user credentials, the |
1041 | // is called using root account credentials, the temporary credentials have | 1111 | // temporary credentials have root user permissions. Similarly, if GetSessionToken |
1042 | // root account permissions. Similarly, if GetSessionToken is called using the | 1112 | // is called using the credentials of an IAM user, the temporary credentials |
1043 | // credentials of an IAM user, the temporary credentials have the same permissions | 1113 | // have the same permissions as the IAM user. |
1044 | // as the IAM user. | ||
1045 | // | 1114 | // |
1046 | // For more information about using GetSessionToken to create temporary credentials, | 1115 | // For more information about using GetSessionToken to create temporary credentials, |
1047 | // go to Temporary Credentials for Users in Untrusted Environments (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) | 1116 | // go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) |
1048 | // in the IAM User Guide. | 1117 | // in the IAM User Guide. |
1049 | // | 1118 | // |
1050 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions | 1119 | // Returns awserr.Error for service API and SDK errors. Use runtime type assertions |
@@ -1059,7 +1128,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. | |||
1059 | // STS is not activated in the requested region for the account that is being | 1128 | // STS is not activated in the requested region for the account that is being |
1060 | // asked to generate credentials. The account administrator must use the IAM | 1129 | // asked to generate credentials. The account administrator must use the IAM |
1061 | // console to activate STS in that region. For more information, see Activating | 1130 | // console to activate STS in that region. For more information, see Activating |
1062 | // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 1131 | // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) |
1063 | // in the IAM User Guide. | 1132 | // in the IAM User Guide. |
1064 | // | 1133 | // |
1065 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken | 1134 | // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken |
@@ -1094,7 +1163,7 @@ type AssumeRoleInput struct { | |||
1094 | // a session duration of 12 hours, but your administrator set the maximum session | 1163 | // a session duration of 12 hours, but your administrator set the maximum session |
1095 | // duration to 6 hours, your operation fails. To learn how to view the maximum | 1164 | // duration to 6 hours, your operation fails. To learn how to view the maximum |
1096 | // value for your role, see View the Maximum Session Duration Setting for a | 1165 | // value for your role, see View the Maximum Session Duration Setting for a |
1097 | // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) | 1166 | // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) |
1098 | // in the IAM User Guide. | 1167 | // in the IAM User Guide. |
1099 | // | 1168 | // |
1100 | // By default, the value is set to 3600 seconds. | 1169 | // By default, the value is set to 3600 seconds. |
@@ -1104,51 +1173,77 @@ type AssumeRoleInput struct { | |||
1104 | // to the federation endpoint for a console sign-in token takes a SessionDuration | 1173 | // to the federation endpoint for a console sign-in token takes a SessionDuration |
1105 | // parameter that specifies the maximum length of the console session. For more | 1174 | // parameter that specifies the maximum length of the console session. For more |
1106 | // information, see Creating a URL that Enables Federated Users to Access the | 1175 | // information, see Creating a URL that Enables Federated Users to Access the |
1107 | // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) | 1176 | // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) |
1108 | // in the IAM User Guide. | 1177 | // in the IAM User Guide. |
1109 | DurationSeconds *int64 `min:"900" type:"integer"` | 1178 | DurationSeconds *int64 `min:"900" type:"integer"` |
1110 | 1179 | ||
1111 | // A unique identifier that is used by third parties when assuming roles in | 1180 | // A unique identifier that might be required when you assume a role in another |
1112 | // their customers' accounts. For each role that the third party can assume, | 1181 | // account. If the administrator of the account to which the role belongs provided |
1113 | // they should instruct their customers to ensure the role's trust policy checks | 1182 | // you with an external ID, then provide that value in the ExternalId parameter. |
1114 | // for the external ID that the third party generated. Each time the third party | 1183 | // This value can be any string, such as a passphrase or account number. A cross-account |
1115 | // assumes the role, they should pass the customer's external ID. The external | 1184 | // role is usually set up to trust everyone in an account. Therefore, the administrator |
1116 | // ID is useful in order to help third parties bind a role to the customer who | 1185 | // of the trusting account might send an external ID to the administrator of |
1117 | // created it. For more information about the external ID, see How to Use an | 1186 | // the trusted account. That way, only someone with the ID can assume the role, |
1118 | // External ID When Granting Access to Your AWS Resources to a Third Party (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) | 1187 | // rather than everyone in the account. For more information about the external |
1188 | // ID, see How to Use an External ID When Granting Access to Your AWS Resources | ||
1189 | // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) | ||
1119 | // in the IAM User Guide. | 1190 | // in the IAM User Guide. |
1120 | // | 1191 | // |
1121 | // The regex used to validated this parameter is a string of characters consisting | 1192 | // The regex used to validate this parameter is a string of characters consisting |
1122 | // of upper- and lower-case alphanumeric characters with no spaces. You can | 1193 | // of upper- and lower-case alphanumeric characters with no spaces. You can |
1123 | // also include underscores or any of the following characters: =,.@:/- | 1194 | // also include underscores or any of the following characters: =,.@:/- |
1124 | ExternalId *string `min:"2" type:"string"` | 1195 | ExternalId *string `min:"2" type:"string"` |
1125 | 1196 | ||
1126 | // An IAM policy in JSON format. | 1197 | // An IAM policy in JSON format that you want to use as an inline session policy. |
1127 | // | 1198 | // |
1128 | // This parameter is optional. If you pass a policy, the temporary security | 1199 | // This parameter is optional. Passing policies to this operation returns new |
1129 | // credentials that are returned by the operation have the permissions that | 1200 | // temporary credentials. The resulting session's permissions are the intersection |
1130 | // are allowed by both (the intersection of) the access policy of the role that | 1201 | // of the role's identity-based policy and the session policies. You can use |
1131 | // is being assumed, and the policy that you pass. This gives you a way to further | 1202 | // the role's temporary credentials in subsequent AWS API calls to access resources |
1132 | // restrict the permissions for the resulting temporary security credentials. | 1203 | // in the account that owns the role. You cannot use session policies to grant |
1133 | // You cannot use the passed policy to grant permissions that are in excess | 1204 | // more permissions than those allowed by the identity-based policy of the role |
1134 | // of those allowed by the access policy of the role that is being assumed. | 1205 | // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
1135 | // For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, | ||
1136 | // and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) | ||
1137 | // in the IAM User Guide. | 1206 | // in the IAM User Guide. |
1138 | // | 1207 | // |
1139 | // The format for this parameter, as described by its regex pattern, is a string | 1208 | // The plain text that you use for both inline and managed session policies |
1140 | // of characters up to 2048 characters in length. The characters can be any | 1209 | // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII |
1141 | // ASCII character from the space character to the end of the valid character | 1210 | // character from the space character to the end of the valid character list |
1142 | // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), | 1211 | // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), |
1143 | // and carriage return (\u000D) characters. | 1212 | // and carriage return (\u000D) characters. |
1144 | // | 1213 | // |
1145 | // The policy plain text must be 2048 bytes or shorter. However, an internal | 1214 | // The characters in this parameter count towards the 2048 character session |
1146 | // conversion compresses it into a packed binary format with a separate limit. | 1215 | // policy guideline. However, an AWS conversion compresses the session policies |
1147 | // The PackedPolicySize response element indicates by percentage how close to | 1216 | // into a packed binary format that has a separate limit. This is the enforced |
1148 | // the upper size limit the policy is, with 100% equaling the maximum allowed | 1217 | // limit. The PackedPolicySize response element indicates by percentage how |
1149 | // size. | 1218 | // close the policy is to the upper size limit. |
1150 | Policy *string `min:"1" type:"string"` | 1219 | Policy *string `min:"1" type:"string"` |
1151 | 1220 | ||
1221 | // The Amazon Resource Names (ARNs) of the IAM managed policies that you want | ||
1222 | // to use as managed session policies. The policies must exist in the same account | ||
1223 | // as the role. | ||
1224 | // | ||
1225 | // This parameter is optional. You can provide up to 10 managed policy ARNs. | ||
1226 | // However, the plain text that you use for both inline and managed session | ||
1227 | // policies shouldn't exceed 2048 characters. For more information about ARNs, | ||
1228 | // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) | ||
1229 | // in the AWS General Reference. | ||
1230 | // | ||
1231 | // The characters in this parameter count towards the 2048 character session | ||
1232 | // policy guideline. However, an AWS conversion compresses the session policies | ||
1233 | // into a packed binary format that has a separate limit. This is the enforced | ||
1234 | // limit. The PackedPolicySize response element indicates by percentage how | ||
1235 | // close the policy is to the upper size limit. | ||
1236 | // | ||
1237 | // Passing policies to this operation returns new temporary credentials. The | ||
1238 | // resulting session's permissions are the intersection of the role's identity-based | ||
1239 | // policy and the session policies. You can use the role's temporary credentials | ||
1240 | // in subsequent AWS API calls to access resources in the account that owns | ||
1241 | // the role. You cannot use session policies to grant more permissions than | ||
1242 | // those allowed by the identity-based policy of the role that is being assumed. | ||
1243 | // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) | ||
1244 | // in the IAM User Guide. | ||
1245 | PolicyArns []*PolicyDescriptorType `type:"list"` | ||
1246 | |||
1152 | // The Amazon Resource Name (ARN) of the role to assume. | 1247 | // The Amazon Resource Name (ARN) of the role to assume. |
1153 | // | 1248 | // |
1154 | // RoleArn is a required field | 1249 | // RoleArn is a required field |
@@ -1161,8 +1256,8 @@ type AssumeRoleInput struct { | |||
1161 | // scenarios, the role session name is visible to, and can be logged by the | 1256 | // scenarios, the role session name is visible to, and can be logged by the |
1162 | // account that owns the role. The role session name is also used in the ARN | 1257 | // account that owns the role. The role session name is also used in the ARN |
1163 | // of the assumed role principal. This means that subsequent cross-account API | 1258 | // of the assumed role principal. This means that subsequent cross-account API |
1164 | // requests using the temporary security credentials will expose the role session | 1259 | // requests that use the temporary security credentials will expose the role |
1165 | // name to the external account in their CloudTrail logs. | 1260 | // session name to the external account in their AWS CloudTrail logs. |
1166 | // | 1261 | // |
1167 | // The regex used to validate this parameter is a string of characters consisting | 1262 | // The regex used to validate this parameter is a string of characters consisting |
1168 | // of upper- and lower-case alphanumeric characters with no spaces. You can | 1263 | // of upper- and lower-case alphanumeric characters with no spaces. You can |
@@ -1232,6 +1327,16 @@ func (s *AssumeRoleInput) Validate() error { | |||
1232 | if s.TokenCode != nil && len(*s.TokenCode) < 6 { | 1327 | if s.TokenCode != nil && len(*s.TokenCode) < 6 { |
1233 | invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6)) | 1328 | invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6)) |
1234 | } | 1329 | } |
1330 | if s.PolicyArns != nil { | ||
1331 | for i, v := range s.PolicyArns { | ||
1332 | if v == nil { | ||
1333 | continue | ||
1334 | } | ||
1335 | if err := v.Validate(); err != nil { | ||
1336 | invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) | ||
1337 | } | ||
1338 | } | ||
1339 | } | ||
1235 | 1340 | ||
1236 | if invalidParams.Len() > 0 { | 1341 | if invalidParams.Len() > 0 { |
1237 | return invalidParams | 1342 | return invalidParams |
@@ -1257,6 +1362,12 @@ func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput { | |||
1257 | return s | 1362 | return s |
1258 | } | 1363 | } |
1259 | 1364 | ||
1365 | // SetPolicyArns sets the PolicyArns field's value. | ||
1366 | func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput { | ||
1367 | s.PolicyArns = v | ||
1368 | return s | ||
1369 | } | ||
1370 | |||
1260 | // SetRoleArn sets the RoleArn field's value. | 1371 | // SetRoleArn sets the RoleArn field's value. |
1261 | func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { | 1372 | func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { |
1262 | s.RoleArn = &v | 1373 | s.RoleArn = &v |
@@ -1296,10 +1407,8 @@ type AssumeRoleOutput struct { | |||
1296 | // The temporary security credentials, which include an access key ID, a secret | 1407 | // The temporary security credentials, which include an access key ID, a secret |
1297 | // access key, and a security (or session) token. | 1408 | // access key, and a security (or session) token. |
1298 | // | 1409 | // |
1299 | // Note: The size of the security token that STS APIs return is not fixed. We | 1410 | // The size of the security token that STS API operations return is not fixed. |
1300 | // strongly recommend that you make no assumptions about the maximum size. As | 1411 | // We strongly recommend that you make no assumptions about the maximum size. |
1301 | // of this writing, the typical size is less than 4096 bytes, but that can vary. | ||
1302 | // Also, future updates to AWS might require larger sizes. | ||
1303 | Credentials *Credentials `type:"structure"` | 1412 | Credentials *Credentials `type:"structure"` |
1304 | 1413 | ||
1305 | // A percentage value that indicates the size of the policy in packed form. | 1414 | // A percentage value that indicates the size of the policy in packed form. |
@@ -1349,7 +1458,7 @@ type AssumeRoleWithSAMLInput struct { | |||
1349 | // specify a session duration of 12 hours, but your administrator set the maximum | 1458 | // specify a session duration of 12 hours, but your administrator set the maximum |
1350 | // session duration to 6 hours, your operation fails. To learn how to view the | 1459 | // session duration to 6 hours, your operation fails. To learn how to view the |
1351 | // maximum value for your role, see View the Maximum Session Duration Setting | 1460 | // maximum value for your role, see View the Maximum Session Duration Setting |
1352 | // for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) | 1461 | // for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) |
1353 | // in the IAM User Guide. | 1462 | // in the IAM User Guide. |
1354 | // | 1463 | // |
1355 | // By default, the value is set to 3600 seconds. | 1464 | // By default, the value is set to 3600 seconds. |
@@ -1359,36 +1468,60 @@ type AssumeRoleWithSAMLInput struct { | |||
1359 | // to the federation endpoint for a console sign-in token takes a SessionDuration | 1468 | // to the federation endpoint for a console sign-in token takes a SessionDuration |
1360 | // parameter that specifies the maximum length of the console session. For more | 1469 | // parameter that specifies the maximum length of the console session. For more |
1361 | // information, see Creating a URL that Enables Federated Users to Access the | 1470 | // information, see Creating a URL that Enables Federated Users to Access the |
1362 | // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) | 1471 | // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) |
1363 | // in the IAM User Guide. | 1472 | // in the IAM User Guide. |
1364 | DurationSeconds *int64 `min:"900" type:"integer"` | 1473 | DurationSeconds *int64 `min:"900" type:"integer"` |
1365 | 1474 | ||
1366 | // An IAM policy in JSON format. | 1475 | // An IAM policy in JSON format that you want to use as an inline session policy. |
1367 | // | 1476 | // |
1368 | // The policy parameter is optional. If you pass a policy, the temporary security | 1477 | // This parameter is optional. Passing policies to this operation returns new |
1369 | // credentials that are returned by the operation have the permissions that | 1478 | // temporary credentials. The resulting session's permissions are the intersection |
1370 | // are allowed by both the access policy of the role that is being assumed, | 1479 | // of the role's identity-based policy and the session policies. You can use |
1371 | // and the policy that you pass. This gives you a way to further restrict the | 1480 | // the role's temporary credentials in subsequent AWS API calls to access resources |
1372 | // permissions for the resulting temporary security credentials. You cannot | 1481 | // in the account that owns the role. You cannot use session policies to grant |
1373 | // use the passed policy to grant permissions that are in excess of those allowed | 1482 | // more permissions than those allowed by the identity-based policy of the role |
1374 | // by the access policy of the role that is being assumed. For more information, | 1483 | // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
1375 | // Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity | ||
1376 | // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) | ||
1377 | // in the IAM User Guide. | 1484 | // in the IAM User Guide. |
1378 | // | 1485 | // |
1379 | // The format for this parameter, as described by its regex pattern, is a string | 1486 | // The plain text that you use for both inline and managed session policies |
1380 | // of characters up to 2048 characters in length. The characters can be any | 1487 | // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII |
1381 | // ASCII character from the space character to the end of the valid character | 1488 | // character from the space character to the end of the valid character list |
1382 | // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), | 1489 | // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), |
1383 | // and carriage return (\u000D) characters. | 1490 | // and carriage return (\u000D) characters. |
1384 | // | 1491 | // |
1385 | // The policy plain text must be 2048 bytes or shorter. However, an internal | 1492 | // The characters in this parameter count towards the 2048 character session |
1386 | // conversion compresses it into a packed binary format with a separate limit. | 1493 | // policy guideline. However, an AWS conversion compresses the session policies |
1387 | // The PackedPolicySize response element indicates by percentage how close to | 1494 | // into a packed binary format that has a separate limit. This is the enforced |
1388 | // the upper size limit the policy is, with 100% equaling the maximum allowed | 1495 | // limit. The PackedPolicySize response element indicates by percentage how |
1389 | // size. | 1496 | // close the policy is to the upper size limit. |
1390 | Policy *string `min:"1" type:"string"` | 1497 | Policy *string `min:"1" type:"string"` |
1391 | 1498 | ||
1499 | // The Amazon Resource Names (ARNs) of the IAM managed policies that you want | ||
1500 | // to use as managed session policies. The policies must exist in the same account | ||
1501 | // as the role. | ||
1502 | // | ||
1503 | // This parameter is optional. You can provide up to 10 managed policy ARNs. | ||
1504 | // However, the plain text that you use for both inline and managed session | ||
1505 | // policies shouldn't exceed 2048 characters. For more information about ARNs, | ||
1506 | // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) | ||
1507 | // in the AWS General Reference. | ||
1508 | // | ||
1509 | // The characters in this parameter count towards the 2048 character session | ||
1510 | // policy guideline. However, an AWS conversion compresses the session policies | ||
1511 | // into a packed binary format that has a separate limit. This is the enforced | ||
1512 | // limit. The PackedPolicySize response element indicates by percentage how | ||
1513 | // close the policy is to the upper size limit. | ||
1514 | // | ||
1515 | // Passing policies to this operation returns new temporary credentials. The | ||
1516 | // resulting session's permissions are the intersection of the role's identity-based | ||
1517 | // policy and the session policies. You can use the role's temporary credentials | ||
1518 | // in subsequent AWS API calls to access resources in the account that owns | ||
1519 | // the role. You cannot use session policies to grant more permissions than | ||
1520 | // those allowed by the identity-based policy of the role that is being assumed. | ||
1521 | // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) | ||
1522 | // in the IAM User Guide. | ||
1523 | PolicyArns []*PolicyDescriptorType `type:"list"` | ||
1524 | |||
1392 | // The Amazon Resource Name (ARN) of the SAML provider in IAM that describes | 1525 | // The Amazon Resource Name (ARN) of the SAML provider in IAM that describes |
1393 | // the IdP. | 1526 | // the IdP. |
1394 | // | 1527 | // |
@@ -1402,8 +1535,8 @@ type AssumeRoleWithSAMLInput struct { | |||
1402 | 1535 | ||
1403 | // The base-64 encoded SAML authentication response provided by the IdP. | 1536 | // The base-64 encoded SAML authentication response provided by the IdP. |
1404 | // | 1537 | // |
1405 | // For more information, see Configuring a Relying Party and Adding Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) | 1538 | // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) |
1406 | // in the Using IAM guide. | 1539 | // in the IAM User Guide. |
1407 | // | 1540 | // |
1408 | // SAMLAssertion is a required field | 1541 | // SAMLAssertion is a required field |
1409 | SAMLAssertion *string `min:"4" type:"string" required:"true"` | 1542 | SAMLAssertion *string `min:"4" type:"string" required:"true"` |
@@ -1446,6 +1579,16 @@ func (s *AssumeRoleWithSAMLInput) Validate() error { | |||
1446 | if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 { | 1579 | if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 { |
1447 | invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4)) | 1580 | invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4)) |
1448 | } | 1581 | } |
1582 | if s.PolicyArns != nil { | ||
1583 | for i, v := range s.PolicyArns { | ||
1584 | if v == nil { | ||
1585 | continue | ||
1586 | } | ||
1587 | if err := v.Validate(); err != nil { | ||
1588 | invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) | ||
1589 | } | ||
1590 | } | ||
1591 | } | ||
1449 | 1592 | ||
1450 | if invalidParams.Len() > 0 { | 1593 | if invalidParams.Len() > 0 { |
1451 | return invalidParams | 1594 | return invalidParams |
@@ -1465,6 +1608,12 @@ func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput { | |||
1465 | return s | 1608 | return s |
1466 | } | 1609 | } |
1467 | 1610 | ||
1611 | // SetPolicyArns sets the PolicyArns field's value. | ||
1612 | func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput { | ||
1613 | s.PolicyArns = v | ||
1614 | return s | ||
1615 | } | ||
1616 | |||
1468 | // SetPrincipalArn sets the PrincipalArn field's value. | 1617 | // SetPrincipalArn sets the PrincipalArn field's value. |
1469 | func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput { | 1618 | func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput { |
1470 | s.PrincipalArn = &v | 1619 | s.PrincipalArn = &v |
@@ -1499,10 +1648,8 @@ type AssumeRoleWithSAMLOutput struct { | |||
1499 | // The temporary security credentials, which include an access key ID, a secret | 1648 | // The temporary security credentials, which include an access key ID, a secret |
1500 | // access key, and a security (or session) token. | 1649 | // access key, and a security (or session) token. |
1501 | // | 1650 | // |
1502 | // Note: The size of the security token that STS APIs return is not fixed. We | 1651 | // The size of the security token that STS API operations return is not fixed. |
1503 | // strongly recommend that you make no assumptions about the maximum size. As | 1652 | // We strongly recommend that you make no assumptions about the maximum size. |
1504 | // of this writing, the typical size is less than 4096 bytes, but that can vary. | ||
1505 | // Also, future updates to AWS might require larger sizes. | ||
1506 | Credentials *Credentials `type:"structure"` | 1653 | Credentials *Credentials `type:"structure"` |
1507 | 1654 | ||
1508 | // The value of the Issuer element of the SAML assertion. | 1655 | // The value of the Issuer element of the SAML assertion. |
@@ -1606,7 +1753,7 @@ type AssumeRoleWithWebIdentityInput struct { | |||
1606 | // a session duration of 12 hours, but your administrator set the maximum session | 1753 | // a session duration of 12 hours, but your administrator set the maximum session |
1607 | // duration to 6 hours, your operation fails. To learn how to view the maximum | 1754 | // duration to 6 hours, your operation fails. To learn how to view the maximum |
1608 | // value for your role, see View the Maximum Session Duration Setting for a | 1755 | // value for your role, see View the Maximum Session Duration Setting for a |
1609 | // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) | 1756 | // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) |
1610 | // in the IAM User Guide. | 1757 | // in the IAM User Guide. |
1611 | // | 1758 | // |
1612 | // By default, the value is set to 3600 seconds. | 1759 | // By default, the value is set to 3600 seconds. |
@@ -1616,35 +1763,60 @@ type AssumeRoleWithWebIdentityInput struct { | |||
1616 | // to the federation endpoint for a console sign-in token takes a SessionDuration | 1763 | // to the federation endpoint for a console sign-in token takes a SessionDuration |
1617 | // parameter that specifies the maximum length of the console session. For more | 1764 | // parameter that specifies the maximum length of the console session. For more |
1618 | // information, see Creating a URL that Enables Federated Users to Access the | 1765 | // information, see Creating a URL that Enables Federated Users to Access the |
1619 | // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) | 1766 | // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) |
1620 | // in the IAM User Guide. | 1767 | // in the IAM User Guide. |
1621 | DurationSeconds *int64 `min:"900" type:"integer"` | 1768 | DurationSeconds *int64 `min:"900" type:"integer"` |
1622 | 1769 | ||
1623 | // An IAM policy in JSON format. | 1770 | // An IAM policy in JSON format that you want to use as an inline session policy. |
1624 | // | 1771 | // |
1625 | // The policy parameter is optional. If you pass a policy, the temporary security | 1772 | // This parameter is optional. Passing policies to this operation returns new |
1626 | // credentials that are returned by the operation have the permissions that | 1773 | // temporary credentials. The resulting session's permissions are the intersection |
1627 | // are allowed by both the access policy of the role that is being assumed, | 1774 | // of the role's identity-based policy and the session policies. You can use |
1628 | // and the policy that you pass. This gives you a way to further restrict the | 1775 | // the role's temporary credentials in subsequent AWS API calls to access resources |
1629 | // permissions for the resulting temporary security credentials. You cannot | 1776 | // in the account that owns the role. You cannot use session policies to grant |
1630 | // use the passed policy to grant permissions that are in excess of those allowed | 1777 | // more permissions than those allowed by the identity-based policy of the role |
1631 | // by the access policy of the role that is being assumed. For more information, | 1778 | // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
1632 | // see Permissions for AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) | ||
1633 | // in the IAM User Guide. | 1779 | // in the IAM User Guide. |
1634 | // | 1780 | // |
1635 | // The format for this parameter, as described by its regex pattern, is a string | 1781 | // The plain text that you use for both inline and managed session policies |
1636 | // of characters up to 2048 characters in length. The characters can be any | 1782 | // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII |
1637 | // ASCII character from the space character to the end of the valid character | 1783 | // character from the space character to the end of the valid character list |
1638 | // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), | 1784 | // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), |
1639 | // and carriage return (\u000D) characters. | 1785 | // and carriage return (\u000D) characters. |
1640 | // | 1786 | // |
1641 | // The policy plain text must be 2048 bytes or shorter. However, an internal | 1787 | // The characters in this parameter count towards the 2048 character session |
1642 | // conversion compresses it into a packed binary format with a separate limit. | 1788 | // policy guideline. However, an AWS conversion compresses the session policies |
1643 | // The PackedPolicySize response element indicates by percentage how close to | 1789 | // into a packed binary format that has a separate limit. This is the enforced |
1644 | // the upper size limit the policy is, with 100% equaling the maximum allowed | 1790 | // limit. The PackedPolicySize response element indicates by percentage how |
1645 | // size. | 1791 | // close the policy is to the upper size limit. |
1646 | Policy *string `min:"1" type:"string"` | 1792 | Policy *string `min:"1" type:"string"` |
1647 | 1793 | ||
1794 | // The Amazon Resource Names (ARNs) of the IAM managed policies that you want | ||
1795 | // to use as managed session policies. The policies must exist in the same account | ||
1796 | // as the role. | ||
1797 | // | ||
1798 | // This parameter is optional. You can provide up to 10 managed policy ARNs. | ||
1799 | // However, the plain text that you use for both inline and managed session | ||
1800 | // policies shouldn't exceed 2048 characters. For more information about ARNs, | ||
1801 | // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) | ||
1802 | // in the AWS General Reference. | ||
1803 | // | ||
1804 | // The characters in this parameter count towards the 2048 character session | ||
1805 | // policy guideline. However, an AWS conversion compresses the session policies | ||
1806 | // into a packed binary format that has a separate limit. This is the enforced | ||
1807 | // limit. The PackedPolicySize response element indicates by percentage how | ||
1808 | // close the policy is to the upper size limit. | ||
1809 | // | ||
1810 | // Passing policies to this operation returns new temporary credentials. The | ||
1811 | // resulting session's permissions are the intersection of the role's identity-based | ||
1812 | // policy and the session policies. You can use the role's temporary credentials | ||
1813 | // in subsequent AWS API calls to access resources in the account that owns | ||
1814 | // the role. You cannot use session policies to grant more permissions than | ||
1815 | // those allowed by the identity-based policy of the role that is being assumed. | ||
1816 | // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) | ||
1817 | // in the IAM User Guide. | ||
1818 | PolicyArns []*PolicyDescriptorType `type:"list"` | ||
1819 | |||
1648 | // The fully qualified host component of the domain name of the identity provider. | 1820 | // The fully qualified host component of the domain name of the identity provider. |
1649 | // | 1821 | // |
1650 | // Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com | 1822 | // Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com |
@@ -1721,6 +1893,16 @@ func (s *AssumeRoleWithWebIdentityInput) Validate() error { | |||
1721 | if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 { | 1893 | if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 { |
1722 | invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4)) | 1894 | invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4)) |
1723 | } | 1895 | } |
1896 | if s.PolicyArns != nil { | ||
1897 | for i, v := range s.PolicyArns { | ||
1898 | if v == nil { | ||
1899 | continue | ||
1900 | } | ||
1901 | if err := v.Validate(); err != nil { | ||
1902 | invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) | ||
1903 | } | ||
1904 | } | ||
1905 | } | ||
1724 | 1906 | ||
1725 | if invalidParams.Len() > 0 { | 1907 | if invalidParams.Len() > 0 { |
1726 | return invalidParams | 1908 | return invalidParams |
@@ -1740,6 +1922,12 @@ func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebI | |||
1740 | return s | 1922 | return s |
1741 | } | 1923 | } |
1742 | 1924 | ||
1925 | // SetPolicyArns sets the PolicyArns field's value. | ||
1926 | func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput { | ||
1927 | s.PolicyArns = v | ||
1928 | return s | ||
1929 | } | ||
1930 | |||
1743 | // SetProviderId sets the ProviderId field's value. | 1931 | // SetProviderId sets the ProviderId field's value. |
1744 | func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput { | 1932 | func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput { |
1745 | s.ProviderId = &v | 1933 | s.ProviderId = &v |
@@ -1784,10 +1972,8 @@ type AssumeRoleWithWebIdentityOutput struct { | |||
1784 | // The temporary security credentials, which include an access key ID, a secret | 1972 | // The temporary security credentials, which include an access key ID, a secret |
1785 | // access key, and a security token. | 1973 | // access key, and a security token. |
1786 | // | 1974 | // |
1787 | // Note: The size of the security token that STS APIs return is not fixed. We | 1975 | // The size of the security token that STS API operations return is not fixed. |
1788 | // strongly recommend that you make no assumptions about the maximum size. As | 1976 | // We strongly recommend that you make no assumptions about the maximum size. |
1789 | // of this writing, the typical size is less than 4096 bytes, but that can vary. | ||
1790 | // Also, future updates to AWS might require larger sizes. | ||
1791 | Credentials *Credentials `type:"structure"` | 1977 | Credentials *Credentials `type:"structure"` |
1792 | 1978 | ||
1793 | // A percentage value that indicates the size of the policy in packed form. | 1979 | // A percentage value that indicates the size of the policy in packed form. |
@@ -1796,7 +1982,7 @@ type AssumeRoleWithWebIdentityOutput struct { | |||
1796 | PackedPolicySize *int64 `type:"integer"` | 1982 | PackedPolicySize *int64 `type:"integer"` |
1797 | 1983 | ||
1798 | // The issuing authority of the web identity token presented. For OpenID Connect | 1984 | // The issuing authority of the web identity token presented. For OpenID Connect |
1799 | // ID Tokens this contains the value of the iss field. For OAuth 2.0 access | 1985 | // ID tokens, this contains the value of the iss field. For OAuth 2.0 access |
1800 | // tokens, this contains the value of the ProviderId parameter that was passed | 1986 | // tokens, this contains the value of the ProviderId parameter that was passed |
1801 | // in the AssumeRoleWithWebIdentity request. | 1987 | // in the AssumeRoleWithWebIdentity request. |
1802 | Provider *string `type:"string"` | 1988 | Provider *string `type:"string"` |
@@ -1863,7 +2049,7 @@ type AssumedRoleUser struct { | |||
1863 | 2049 | ||
1864 | // The ARN of the temporary security credentials that are returned from the | 2050 | // The ARN of the temporary security credentials that are returned from the |
1865 | // AssumeRole action. For more information about ARNs and how to use them in | 2051 | // AssumeRole action. For more information about ARNs and how to use them in |
1866 | // policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) | 2052 | // policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) |
1867 | // in Using IAM. | 2053 | // in Using IAM. |
1868 | // | 2054 | // |
1869 | // Arn is a required field | 2055 | // Arn is a required field |
@@ -2031,7 +2217,7 @@ type FederatedUser struct { | |||
2031 | 2217 | ||
2032 | // The ARN that specifies the federated user that is associated with the credentials. | 2218 | // The ARN that specifies the federated user that is associated with the credentials. |
2033 | // For more information about ARNs and how to use them in policies, see IAM | 2219 | // For more information about ARNs and how to use them in policies, see IAM |
2034 | // Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) | 2220 | // Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) |
2035 | // in Using IAM. | 2221 | // in Using IAM. |
2036 | // | 2222 | // |
2037 | // Arn is a required field | 2223 | // Arn is a required field |
@@ -2066,6 +2252,73 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser { | |||
2066 | return s | 2252 | return s |
2067 | } | 2253 | } |
2068 | 2254 | ||
2255 | type GetAccessKeyInfoInput struct { | ||
2256 | _ struct{} `type:"structure"` | ||
2257 | |||
2258 | // The identifier of an access key. | ||
2259 | // | ||
2260 | // This parameter allows (through its regex pattern) a string of characters | ||
2261 | // that can consist of any upper- or lowercased letter or digit. | ||
2262 | // | ||
2263 | // AccessKeyId is a required field | ||
2264 | AccessKeyId *string `min:"16" type:"string" required:"true"` | ||
2265 | } | ||
2266 | |||
2267 | // String returns the string representation | ||
2268 | func (s GetAccessKeyInfoInput) String() string { | ||
2269 | return awsutil.Prettify(s) | ||
2270 | } | ||
2271 | |||
2272 | // GoString returns the string representation | ||
2273 | func (s GetAccessKeyInfoInput) GoString() string { | ||
2274 | return s.String() | ||
2275 | } | ||
2276 | |||
2277 | // Validate inspects the fields of the type to determine if they are valid. | ||
2278 | func (s *GetAccessKeyInfoInput) Validate() error { | ||
2279 | invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"} | ||
2280 | if s.AccessKeyId == nil { | ||
2281 | invalidParams.Add(request.NewErrParamRequired("AccessKeyId")) | ||
2282 | } | ||
2283 | if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 { | ||
2284 | invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16)) | ||
2285 | } | ||
2286 | |||
2287 | if invalidParams.Len() > 0 { | ||
2288 | return invalidParams | ||
2289 | } | ||
2290 | return nil | ||
2291 | } | ||
2292 | |||
2293 | // SetAccessKeyId sets the AccessKeyId field's value. | ||
2294 | func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput { | ||
2295 | s.AccessKeyId = &v | ||
2296 | return s | ||
2297 | } | ||
2298 | |||
2299 | type GetAccessKeyInfoOutput struct { | ||
2300 | _ struct{} `type:"structure"` | ||
2301 | |||
2302 | // The number used to identify the AWS account. | ||
2303 | Account *string `type:"string"` | ||
2304 | } | ||
2305 | |||
2306 | // String returns the string representation | ||
2307 | func (s GetAccessKeyInfoOutput) String() string { | ||
2308 | return awsutil.Prettify(s) | ||
2309 | } | ||
2310 | |||
2311 | // GoString returns the string representation | ||
2312 | func (s GetAccessKeyInfoOutput) GoString() string { | ||
2313 | return s.String() | ||
2314 | } | ||
2315 | |||
2316 | // SetAccount sets the Account field's value. | ||
2317 | func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput { | ||
2318 | s.Account = &v | ||
2319 | return s | ||
2320 | } | ||
2321 | |||
2069 | type GetCallerIdentityInput struct { | 2322 | type GetCallerIdentityInput struct { |
2070 | _ struct{} `type:"structure"` | 2323 | _ struct{} `type:"structure"` |
2071 | } | 2324 | } |
@@ -2093,8 +2346,8 @@ type GetCallerIdentityOutput struct { | |||
2093 | Arn *string `min:"20" type:"string"` | 2346 | Arn *string `min:"20" type:"string"` |
2094 | 2347 | ||
2095 | // The unique identifier of the calling entity. The exact value depends on the | 2348 | // The unique identifier of the calling entity. The exact value depends on the |
2096 | // type of entity making the call. The values returned are those listed in the | 2349 | // type of entity that is making the call. The values returned are those listed |
2097 | // aws:userid column in the Principal table (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable) | 2350 | // in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable) |
2098 | // found on the Policy Variables reference page in the IAM User Guide. | 2351 | // found on the Policy Variables reference page in the IAM User Guide. |
2099 | UserId *string `type:"string"` | 2352 | UserId *string `type:"string"` |
2100 | } | 2353 | } |
@@ -2131,12 +2384,11 @@ type GetFederationTokenInput struct { | |||
2131 | _ struct{} `type:"structure"` | 2384 | _ struct{} `type:"structure"` |
2132 | 2385 | ||
2133 | // The duration, in seconds, that the session should last. Acceptable durations | 2386 | // The duration, in seconds, that the session should last. Acceptable durations |
2134 | // for federation sessions range from 900 seconds (15 minutes) to 129600 seconds | 2387 | // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds |
2135 | // (36 hours), with 43200 seconds (12 hours) as the default. Sessions obtained | 2388 | // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained |
2136 | // using AWS account (root) credentials are restricted to a maximum of 3600 | 2389 | // using AWS account root user credentials are restricted to a maximum of 3,600 |
2137 | // seconds (one hour). If the specified duration is longer than one hour, the | 2390 | // seconds (one hour). If the specified duration is longer than one hour, the |
2138 | // session obtained by using AWS account (root) credentials defaults to one | 2391 | // session obtained by using root user credentials defaults to one hour. |
2139 | // hour. | ||
2140 | DurationSeconds *int64 `min:"900" type:"integer"` | 2392 | DurationSeconds *int64 `min:"900" type:"integer"` |
2141 | 2393 | ||
2142 | // The name of the federated user. The name is used as an identifier for the | 2394 | // The name of the federated user. The name is used as an identifier for the |
@@ -2151,36 +2403,73 @@ type GetFederationTokenInput struct { | |||
2151 | // Name is a required field | 2403 | // Name is a required field |
2152 | Name *string `min:"2" type:"string" required:"true"` | 2404 | Name *string `min:"2" type:"string" required:"true"` |
2153 | 2405 | ||
2154 | // An IAM policy in JSON format that is passed with the GetFederationToken call | 2406 | // An IAM policy in JSON format that you want to use as an inline session policy. |
2155 | // and evaluated along with the policy or policies that are attached to the | 2407 | // |
2156 | // IAM user whose credentials are used to call GetFederationToken. The passed | 2408 | // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) |
2157 | // policy is used to scope down the permissions that are available to the IAM | 2409 | // to this operation. You can pass a single JSON policy document to use as an |
2158 | // user, by allowing only a subset of the permissions that are granted to the | 2410 | // inline session policy. You can also specify up to 10 managed policies to |
2159 | // IAM user. The passed policy cannot grant more permissions than those granted | 2411 | // use as managed session policies. |
2160 | // to the IAM user. The final permissions for the federated user are the most | ||
2161 | // restrictive set based on the intersection of the passed policy and the IAM | ||
2162 | // user policy. | ||
2163 | // | ||
2164 | // If you do not pass a policy, the resulting temporary security credentials | ||
2165 | // have no effective permissions. The only exception is when the temporary security | ||
2166 | // credentials are used to access a resource that has a resource-based policy | ||
2167 | // that specifically allows the federated user to access the resource. | ||
2168 | // | ||
2169 | // The format for this parameter, as described by its regex pattern, is a string | ||
2170 | // of characters up to 2048 characters in length. The characters can be any | ||
2171 | // ASCII character from the space character to the end of the valid character | ||
2172 | // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), | ||
2173 | // and carriage return (\u000D) characters. | ||
2174 | // | 2412 | // |
2175 | // The policy plain text must be 2048 bytes or shorter. However, an internal | 2413 | // This parameter is optional. However, if you do not pass any session policies, |
2176 | // conversion compresses it into a packed binary format with a separate limit. | 2414 | // then the resulting federated user session has no permissions. The only exception |
2177 | // The PackedPolicySize response element indicates by percentage how close to | 2415 | // is when the credentials are used to access a resource that has a resource-based |
2178 | // the upper size limit the policy is, with 100% equaling the maximum allowed | 2416 | // policy that specifically references the federated user session in the Principal |
2179 | // size. | 2417 | // element of the policy. |
2180 | // | 2418 | // |
2181 | // For more information about how permissions work, see Permissions for GetFederationToken | 2419 | // When you pass session policies, the session permissions are the intersection |
2182 | // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html). | 2420 | // of the IAM user policies and the session policies that you pass. This gives |
2421 | // you a way to further restrict the permissions for a federated user. You cannot | ||
2422 | // use session policies to grant more permissions than those that are defined | ||
2423 | // in the permissions policy of the IAM user. For more information, see Session | ||
2424 | // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) | ||
2425 | // in the IAM User Guide. | ||
2426 | // | ||
2427 | // The plain text that you use for both inline and managed session policies | ||
2428 | // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII | ||
2429 | // character from the space character to the end of the valid character list | ||
2430 | // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), | ||
2431 | // and carriage return (\u000D) characters. | ||
2432 | // | ||
2433 | // The characters in this parameter count towards the 2048 character session | ||
2434 | // policy guideline. However, an AWS conversion compresses the session policies | ||
2435 | // into a packed binary format that has a separate limit. This is the enforced | ||
2436 | // limit. The PackedPolicySize response element indicates by percentage how | ||
2437 | // close the policy is to the upper size limit. | ||
2183 | Policy *string `min:"1" type:"string"` | 2438 | Policy *string `min:"1" type:"string"` |
2439 | |||
2440 | // The Amazon Resource Names (ARNs) of the IAM managed policies that you want | ||
2441 | // to use as a managed session policy. The policies must exist in the same account | ||
2442 | // as the IAM user that is requesting federated access. | ||
2443 | // | ||
2444 | // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) | ||
2445 | // to this operation. You can pass a single JSON policy document to use as an | ||
2446 | // inline session policy. You can also specify up to 10 managed policies to | ||
2447 | // use as managed session policies. The plain text that you use for both inline | ||
2448 | // and managed session policies shouldn't exceed 2048 characters. You can provide | ||
2449 | // up to 10 managed policy ARNs. For more information about ARNs, see Amazon | ||
2450 | // Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html) | ||
2451 | // in the AWS General Reference. | ||
2452 | // | ||
2453 | // This parameter is optional. However, if you do not pass any session policies, | ||
2454 | // then the resulting federated user session has no permissions. The only exception | ||
2455 | // is when the credentials are used to access a resource that has a resource-based | ||
2456 | // policy that specifically references the federated user session in the Principal | ||
2457 | // element of the policy. | ||
2458 | // | ||
2459 | // When you pass session policies, the session permissions are the intersection | ||
2460 | // of the IAM user policies and the session policies that you pass. This gives | ||
2461 | // you a way to further restrict the permissions for a federated user. You cannot | ||
2462 | // use session policies to grant more permissions than those that are defined | ||
2463 | // in the permissions policy of the IAM user. For more information, see Session | ||
2464 | // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) | ||
2465 | // in the IAM User Guide. | ||
2466 | // | ||
2467 | // The characters in this parameter count towards the 2048 character session | ||
2468 | // policy guideline. However, an AWS conversion compresses the session policies | ||
2469 | // into a packed binary format that has a separate limit. This is the enforced | ||
2470 | // limit. The PackedPolicySize response element indicates by percentage how | ||
2471 | // close the policy is to the upper size limit. | ||
2472 | PolicyArns []*PolicyDescriptorType `type:"list"` | ||
2184 | } | 2473 | } |
2185 | 2474 | ||
2186 | // String returns the string representation | 2475 | // String returns the string representation |
@@ -2208,6 +2497,16 @@ func (s *GetFederationTokenInput) Validate() error { | |||
2208 | if s.Policy != nil && len(*s.Policy) < 1 { | 2497 | if s.Policy != nil && len(*s.Policy) < 1 { |
2209 | invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) | 2498 | invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) |
2210 | } | 2499 | } |
2500 | if s.PolicyArns != nil { | ||
2501 | for i, v := range s.PolicyArns { | ||
2502 | if v == nil { | ||
2503 | continue | ||
2504 | } | ||
2505 | if err := v.Validate(); err != nil { | ||
2506 | invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams)) | ||
2507 | } | ||
2508 | } | ||
2509 | } | ||
2211 | 2510 | ||
2212 | if invalidParams.Len() > 0 { | 2511 | if invalidParams.Len() > 0 { |
2213 | return invalidParams | 2512 | return invalidParams |
@@ -2233,6 +2532,12 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput { | |||
2233 | return s | 2532 | return s |
2234 | } | 2533 | } |
2235 | 2534 | ||
2535 | // SetPolicyArns sets the PolicyArns field's value. | ||
2536 | func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput { | ||
2537 | s.PolicyArns = v | ||
2538 | return s | ||
2539 | } | ||
2540 | |||
2236 | // Contains the response to a successful GetFederationToken request, including | 2541 | // Contains the response to a successful GetFederationToken request, including |
2237 | // temporary AWS credentials that can be used to make AWS requests. | 2542 | // temporary AWS credentials that can be used to make AWS requests. |
2238 | type GetFederationTokenOutput struct { | 2543 | type GetFederationTokenOutput struct { |
@@ -2241,10 +2546,8 @@ type GetFederationTokenOutput struct { | |||
2241 | // The temporary security credentials, which include an access key ID, a secret | 2546 | // The temporary security credentials, which include an access key ID, a secret |
2242 | // access key, and a security (or session) token. | 2547 | // access key, and a security (or session) token. |
2243 | // | 2548 | // |
2244 | // Note: The size of the security token that STS APIs return is not fixed. We | 2549 | // The size of the security token that STS API operations return is not fixed. |
2245 | // strongly recommend that you make no assumptions about the maximum size. As | 2550 | // We strongly recommend that you make no assumptions about the maximum size. |
2246 | // of this writing, the typical size is less than 4096 bytes, but that can vary. | ||
2247 | // Also, future updates to AWS might require larger sizes. | ||
2248 | Credentials *Credentials `type:"structure"` | 2551 | Credentials *Credentials `type:"structure"` |
2249 | 2552 | ||
2250 | // Identifiers for the federated user associated with the credentials (such | 2553 | // Identifiers for the federated user associated with the credentials (such |
@@ -2291,11 +2594,11 @@ type GetSessionTokenInput struct { | |||
2291 | _ struct{} `type:"structure"` | 2594 | _ struct{} `type:"structure"` |
2292 | 2595 | ||
2293 | // The duration, in seconds, that the credentials should remain valid. Acceptable | 2596 | // The duration, in seconds, that the credentials should remain valid. Acceptable |
2294 | // durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 | 2597 | // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 |
2295 | // seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions | 2598 | // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions |
2296 | // for AWS account owners are restricted to a maximum of 3600 seconds (one hour). | 2599 | // for AWS account owners are restricted to a maximum of 3,600 seconds (one |
2297 | // If the duration is longer than one hour, the session for AWS account owners | 2600 | // hour). If the duration is longer than one hour, the session for AWS account |
2298 | // defaults to one hour. | 2601 | // owners defaults to one hour. |
2299 | DurationSeconds *int64 `min:"900" type:"integer"` | 2602 | DurationSeconds *int64 `min:"900" type:"integer"` |
2300 | 2603 | ||
2301 | // The identification number of the MFA device that is associated with the IAM | 2604 | // The identification number of the MFA device that is associated with the IAM |
@@ -2306,16 +2609,16 @@ type GetSessionTokenInput struct { | |||
2306 | // You can find the device for an IAM user by going to the AWS Management Console | 2609 | // You can find the device for an IAM user by going to the AWS Management Console |
2307 | // and viewing the user's security credentials. | 2610 | // and viewing the user's security credentials. |
2308 | // | 2611 | // |
2309 | // The regex used to validated this parameter is a string of characters consisting | 2612 | // The regex used to validate this parameter is a string of characters consisting |
2310 | // of upper- and lower-case alphanumeric characters with no spaces. You can | 2613 | // of upper- and lower-case alphanumeric characters with no spaces. You can |
2311 | // also include underscores or any of the following characters: =,.@:/- | 2614 | // also include underscores or any of the following characters: =,.@:/- |
2312 | SerialNumber *string `min:"9" type:"string"` | 2615 | SerialNumber *string `min:"9" type:"string"` |
2313 | 2616 | ||
2314 | // The value provided by the MFA device, if MFA is required. If any policy requires | 2617 | // The value provided by the MFA device, if MFA is required. If any policy requires |
2315 | // the IAM user to submit an MFA code, specify this value. If MFA authentication | 2618 | // the IAM user to submit an MFA code, specify this value. If MFA authentication |
2316 | // is required, and the user does not provide a code when requesting a set of | 2619 | // is required, the user must provide a code when requesting a set of temporary |
2317 | // temporary security credentials, the user will receive an "access denied" | 2620 | // security credentials. A user who fails to provide the code receives an "access |
2318 | // response when requesting resources that require MFA authentication. | 2621 | // denied" response when requesting resources that require MFA authentication. |
2319 | // | 2622 | // |
2320 | // The format for this parameter, as described by its regex pattern, is a sequence | 2623 | // The format for this parameter, as described by its regex pattern, is a sequence |
2321 | // of six numeric digits. | 2624 | // of six numeric digits. |
@@ -2377,10 +2680,8 @@ type GetSessionTokenOutput struct { | |||
2377 | // The temporary security credentials, which include an access key ID, a secret | 2680 | // The temporary security credentials, which include an access key ID, a secret |
2378 | // access key, and a security (or session) token. | 2681 | // access key, and a security (or session) token. |
2379 | // | 2682 | // |
2380 | // Note: The size of the security token that STS APIs return is not fixed. We | 2683 | // The size of the security token that STS API operations return is not fixed. |
2381 | // strongly recommend that you make no assumptions about the maximum size. As | 2684 | // We strongly recommend that you make no assumptions about the maximum size. |
2382 | // of this writing, the typical size is less than 4096 bytes, but that can vary. | ||
2383 | // Also, future updates to AWS might require larger sizes. | ||
2384 | Credentials *Credentials `type:"structure"` | 2685 | Credentials *Credentials `type:"structure"` |
2385 | } | 2686 | } |
2386 | 2687 | ||
@@ -2399,3 +2700,44 @@ func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenO | |||
2399 | s.Credentials = v | 2700 | s.Credentials = v |
2400 | return s | 2701 | return s |
2401 | } | 2702 | } |
2703 | |||
2704 | // A reference to the IAM managed policy that is passed as a session policy | ||
2705 | // for a role session or a federated user session. | ||
2706 | type PolicyDescriptorType struct { | ||
2707 | _ struct{} `type:"structure"` | ||
2708 | |||
2709 | // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session | ||
2710 | // policy for the role. For more information about ARNs, see Amazon Resource | ||
2711 | // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) | ||
2712 | // in the AWS General Reference. | ||
2713 | Arn *string `locationName:"arn" min:"20" type:"string"` | ||
2714 | } | ||
2715 | |||
2716 | // String returns the string representation | ||
2717 | func (s PolicyDescriptorType) String() string { | ||
2718 | return awsutil.Prettify(s) | ||
2719 | } | ||
2720 | |||
2721 | // GoString returns the string representation | ||
2722 | func (s PolicyDescriptorType) GoString() string { | ||
2723 | return s.String() | ||
2724 | } | ||
2725 | |||
2726 | // Validate inspects the fields of the type to determine if they are valid. | ||
2727 | func (s *PolicyDescriptorType) Validate() error { | ||
2728 | invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"} | ||
2729 | if s.Arn != nil && len(*s.Arn) < 20 { | ||
2730 | invalidParams.Add(request.NewErrParamMinLen("Arn", 20)) | ||
2731 | } | ||
2732 | |||
2733 | if invalidParams.Len() > 0 { | ||
2734 | return invalidParams | ||
2735 | } | ||
2736 | return nil | ||
2737 | } | ||
2738 | |||
2739 | // SetArn sets the Arn field's value. | ||
2740 | func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { | ||
2741 | s.Arn = &v | ||
2742 | return s | ||
2743 | } | ||
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go index ef681ab..fcb720d 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go | |||
@@ -7,22 +7,14 @@ | |||
7 | // request temporary, limited-privilege credentials for AWS Identity and Access | 7 | // request temporary, limited-privilege credentials for AWS Identity and Access |
8 | // Management (IAM) users or for users that you authenticate (federated users). | 8 | // Management (IAM) users or for users that you authenticate (federated users). |
9 | // This guide provides descriptions of the STS API. For more detailed information | 9 | // This guide provides descriptions of the STS API. For more detailed information |
10 | // about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). | 10 | // about using this service, go to Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). |
11 | // | ||
12 | // As an alternative to using the API, you can use one of the AWS SDKs, which | ||
13 | // consist of libraries and sample code for various programming languages and | ||
14 | // platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient | ||
15 | // way to create programmatic access to STS. For example, the SDKs take care | ||
16 | // of cryptographically signing requests, managing errors, and retrying requests | ||
17 | // automatically. For information about the AWS SDKs, including how to download | ||
18 | // and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/). | ||
19 | // | 11 | // |
20 | // For information about setting up signatures and authorization through the | 12 | // For information about setting up signatures and authorization through the |
21 | // API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) | 13 | // API, go to Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) |
22 | // in the AWS General Reference. For general information about the Query API, | 14 | // in the AWS General Reference. For general information about the Query API, |
23 | // go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) | 15 | // go to Making Query Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) |
24 | // in Using IAM. For information about using security tokens with other AWS | 16 | // in Using IAM. For information about using security tokens with other AWS |
25 | // products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) | 17 | // products, go to AWS Services That Work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) |
26 | // in the IAM User Guide. | 18 | // in the IAM User Guide. |
27 | // | 19 | // |
28 | // If you're new to AWS and need additional technical information about a specific | 20 | // If you're new to AWS and need additional technical information about a specific |
@@ -31,14 +23,38 @@ | |||
31 | // | 23 | // |
32 | // Endpoints | 24 | // Endpoints |
33 | // | 25 | // |
34 | // The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com | 26 | // By default, AWS Security Token Service (STS) is available as a global service, |
35 | // that maps to the US East (N. Virginia) region. Additional regions are available | 27 | // and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. |
36 | // and are activated by default. For more information, see Activating and Deactivating | 28 | // Global requests map to the US East (N. Virginia) region. AWS recommends using |
37 | // AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 29 | // Regional AWS STS endpoints instead of the global endpoint to reduce latency, |
30 | // build in redundancy, and increase session token validity. For more information, | ||
31 | // see Managing AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | ||
32 | // in the IAM User Guide. | ||
33 | // | ||
34 | // Most AWS Regions are enabled for operations in all AWS services by default. | ||
35 | // Those Regions are automatically activated for use with AWS STS. Some Regions, | ||
36 | // such as Asia Pacific (Hong Kong), must be manually enabled. To learn more | ||
37 | // about enabling and disabling AWS Regions, see Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html) | ||
38 | // in the AWS General Reference. When you enable these AWS Regions, they are | ||
39 | // automatically activated for use with AWS STS. You cannot activate the STS | ||
40 | // endpoint for a Region that is disabled. Tokens that are valid in all AWS | ||
41 | // Regions are longer than tokens that are valid in Regions that are enabled | ||
42 | // by default. Changing this setting might affect existing systems where you | ||
43 | // temporarily store tokens. For more information, see Managing Global Endpoint | ||
44 | // Session Tokens (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens) | ||
38 | // in the IAM User Guide. | 45 | // in the IAM User Guide. |
39 | // | 46 | // |
40 | // For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region) | 47 | // After you activate a Region for use with AWS STS, you can direct AWS STS |
41 | // in the AWS General Reference. | 48 | // API calls to that Region. AWS STS recommends that you provide both the Region |
49 | // and endpoint when you make calls to a Regional endpoint. You can provide | ||
50 | // the Region alone for manually enabled Regions, such as Asia Pacific (Hong | ||
51 | // Kong). In this case, the calls are directed to the STS Regional endpoint. | ||
52 | // However, if you provide the Region alone for Regions enabled by default, | ||
53 | // the calls are directed to the global endpoint of https://sts.amazonaws.com. | ||
54 | // | ||
55 | // To view the list of AWS STS endpoints and whether they are active by default, | ||
56 | // see Writing Code to Use AWS STS Regions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code) | ||
57 | // in the IAM User Guide. | ||
42 | // | 58 | // |
43 | // Recording API requests | 59 | // Recording API requests |
44 | // | 60 | // |
@@ -46,8 +62,28 @@ | |||
46 | // your AWS account and delivers log files to an Amazon S3 bucket. By using | 62 | // your AWS account and delivers log files to an Amazon S3 bucket. By using |
47 | // information collected by CloudTrail, you can determine what requests were | 63 | // information collected by CloudTrail, you can determine what requests were |
48 | // successfully made to STS, who made the request, when it was made, and so | 64 | // successfully made to STS, who made the request, when it was made, and so |
49 | // on. To learn more about CloudTrail, including how to turn it on and find | 65 | // on. |
50 | // your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). | 66 | // |
67 | // If you activate AWS STS endpoints in Regions other than the default global | ||
68 | // endpoint, then you must also turn on CloudTrail logging in those Regions. | ||
69 | // This is necessary to record any AWS STS API calls that are made in those | ||
70 | // Regions. For more information, see Turning On CloudTrail in Additional Regions | ||
71 | // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/aggregating_logs_regions_turn_on_ct.html) | ||
72 | // in the AWS CloudTrail User Guide. | ||
73 | // | ||
74 | // AWS Security Token Service (STS) is a global service with a single endpoint | ||
75 | // at https://sts.amazonaws.com. Calls to this endpoint are logged as calls | ||
76 | // to a global service. However, because this endpoint is physically located | ||
77 | // in the US East (N. Virginia) Region, your logs list us-east-1 as the event | ||
78 | // Region. CloudTrail does not write these logs to the US East (Ohio) Region | ||
79 | // unless you choose to include global service logs in that Region. CloudTrail | ||
80 | // writes calls to all Regional endpoints to their respective Regions. For example, | ||
81 | // calls to sts.us-east-2.amazonaws.com are published to the US East (Ohio) | ||
82 | // Region and calls to sts.eu-central-1.amazonaws.com are published to the EU | ||
83 | // (Frankfurt) Region. | ||
84 | // | ||
85 | // To learn more about CloudTrail, including how to turn it on and find your | ||
86 | // log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). | ||
51 | // | 87 | // |
52 | // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. | 88 | // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. |
53 | // | 89 | // |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go index e24884e..41ea09c 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go | |||
@@ -67,7 +67,7 @@ const ( | |||
67 | // STS is not activated in the requested region for the account that is being | 67 | // STS is not activated in the requested region for the account that is being |
68 | // asked to generate credentials. The account administrator must use the IAM | 68 | // asked to generate credentials. The account administrator must use the IAM |
69 | // console to activate STS in that region. For more information, see Activating | 69 | // console to activate STS in that region. For more information, see Activating |
70 | // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) | 70 | // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) |
71 | // in the IAM User Guide. | 71 | // in the IAM User Guide. |
72 | ErrCodeRegionDisabledException = "RegionDisabledException" | 72 | ErrCodeRegionDisabledException = "RegionDisabledException" |
73 | ) | 73 | ) |
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go new file mode 100644 index 0000000..e2e1d6e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go | |||
@@ -0,0 +1,96 @@ | |||
1 | // Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. | ||
2 | |||
3 | // Package stsiface provides an interface to enable mocking the AWS Security Token Service service client | ||
4 | // for testing your code. | ||
5 | // | ||
6 | // It is important to note that this interface will have breaking changes | ||
7 | // when the service model is updated and adds new API operations, paginators, | ||
8 | // and waiters. | ||
9 | package stsiface | ||
10 | |||
11 | import ( | ||
12 | "github.com/aws/aws-sdk-go/aws" | ||
13 | "github.com/aws/aws-sdk-go/aws/request" | ||
14 | "github.com/aws/aws-sdk-go/service/sts" | ||
15 | ) | ||
16 | |||
17 | // STSAPI provides an interface to enable mocking the | ||
18 | // sts.STS service client's API operation, | ||
19 | // paginators, and waiters. This make unit testing your code that calls out | ||
20 | // to the SDK's service client's calls easier. | ||
21 | // | ||
22 | // The best way to use this interface is so the SDK's service client's calls | ||
23 | // can be stubbed out for unit testing your code with the SDK without needing | ||
24 | // to inject custom request handlers into the SDK's request pipeline. | ||
25 | // | ||
26 | // // myFunc uses an SDK service client to make a request to | ||
27 | // // AWS Security Token Service. | ||
28 | // func myFunc(svc stsiface.STSAPI) bool { | ||
29 | // // Make svc.AssumeRole request | ||
30 | // } | ||
31 | // | ||
32 | // func main() { | ||
33 | // sess := session.New() | ||
34 | // svc := sts.New(sess) | ||
35 | // | ||
36 | // myFunc(svc) | ||
37 | // } | ||
38 | // | ||
39 | // In your _test.go file: | ||
40 | // | ||
41 | // // Define a mock struct to be used in your unit tests of myFunc. | ||
42 | // type mockSTSClient struct { | ||
43 | // stsiface.STSAPI | ||
44 | // } | ||
45 | // func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { | ||
46 | // // mock response/functionality | ||
47 | // } | ||
48 | // | ||
49 | // func TestMyFunc(t *testing.T) { | ||
50 | // // Setup Test | ||
51 | // mockSvc := &mockSTSClient{} | ||
52 | // | ||
53 | // myfunc(mockSvc) | ||
54 | // | ||
55 | // // Verify myFunc's functionality | ||
56 | // } | ||
57 | // | ||
58 | // It is important to note that this interface will have breaking changes | ||
59 | // when the service model is updated and adds new API operations, paginators, | ||
60 | // and waiters. Its suggested to use the pattern above for testing, or using | ||
61 | // tooling to generate mocks to satisfy the interfaces. | ||
62 | type STSAPI interface { | ||
63 | AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) | ||
64 | AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error) | ||
65 | AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput) | ||
66 | |||
67 | AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error) | ||
68 | AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error) | ||
69 | AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput) | ||
70 | |||
71 | AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error) | ||
72 | AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error) | ||
73 | AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput) | ||
74 | |||
75 | DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error) | ||
76 | DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error) | ||
77 | DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput) | ||
78 | |||
79 | GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error) | ||
80 | GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error) | ||
81 | GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput) | ||
82 | |||
83 | GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error) | ||
84 | GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error) | ||
85 | GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput) | ||
86 | |||
87 | GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error) | ||
88 | GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error) | ||
89 | GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput) | ||
90 | |||
91 | GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) | ||
92 | GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error) | ||
93 | GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput) | ||
94 | } | ||
95 | |||
96 | var _ STSAPI = (*sts.STS)(nil) | ||