aboutsummaryrefslogtreecommitdiffhomepage
path: root/vendor/github.com/aws/aws-sdk-go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/aws/aws-sdk-go')
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go23
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go31
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go11
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/client/logger.go12
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go9
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go6
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go15
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go3
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go97
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go65
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go34
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go29
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go4
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go4
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go650
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go2
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go17
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go11
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go45
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go15
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/request.go92
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go5
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go2
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go258
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go59
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/session/session.go226
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go339
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go20
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/types.go20
-rw-r--r--vendor/github.com/aws/aws-sdk-go/aws/version.go2
-rw-r--r--vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go6
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go296
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go250
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go2
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go2
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go77
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go20
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go12
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go6
-rw-r--r--vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go19
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/s3/api.go590
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go3
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go3
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/s3/sse.go64
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go4
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go34
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/sts/api.go1126
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/sts/doc.go76
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/sts/errors.go2
-rw-r--r--vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go96
50 files changed, 3637 insertions, 1157 deletions
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
index 56fdfc2..99849c0 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/error.go
@@ -138,8 +138,27 @@ type RequestFailure interface {
138 RequestID() string 138 RequestID() string
139} 139}
140 140
141// NewRequestFailure returns a new request error wrapper for the given Error 141// NewRequestFailure returns a wrapped error with additional information for
142// provided. 142// request status code, and service requestID.
143//
144// Should be used to wrap all request which involve service requests. Even if
145// the request failed without a service response, but had an HTTP status code
146// that may be meaningful.
143func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure { 147func NewRequestFailure(err Error, statusCode int, reqID string) RequestFailure {
144 return newRequestError(err, statusCode, reqID) 148 return newRequestError(err, statusCode, reqID)
145} 149}
150
151// UnmarshalError provides the interface for the SDK failing to unmarshal data.
152type UnmarshalError interface {
153 awsError
154 Bytes() []byte
155}
156
157// NewUnmarshalError returns an initialized UnmarshalError error wrapper adding
158// the bytes that fail to unmarshal to the error.
159func NewUnmarshalError(err error, msg string, bytes []byte) UnmarshalError {
160 return &unmarshalError{
161 awsError: New("UnmarshalError", msg, err),
162 bytes: bytes,
163 }
164}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
index 0202a00..9cf7eaf 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go
@@ -1,6 +1,9 @@
1package awserr 1package awserr
2 2
3import "fmt" 3import (
4 "encoding/hex"
5 "fmt"
6)
4 7
5// SprintError returns a string of the formatted error code. 8// SprintError returns a string of the formatted error code.
6// 9//
@@ -119,6 +122,7 @@ type requestError struct {
119 awsError 122 awsError
120 statusCode int 123 statusCode int
121 requestID string 124 requestID string
125 bytes []byte
122} 126}
123 127
124// newRequestError returns a wrapped error with additional information for 128// newRequestError returns a wrapped error with additional information for
@@ -170,6 +174,29 @@ func (r requestError) OrigErrs() []error {
170 return []error{r.OrigErr()} 174 return []error{r.OrigErr()}
171} 175}
172 176
177type unmarshalError struct {
178 awsError
179 bytes []byte
180}
181
182// Error returns the string representation of the error.
183// Satisfies the error interface.
184func (e unmarshalError) Error() string {
185 extra := hex.Dump(e.bytes)
186 return SprintError(e.Code(), e.Message(), extra, e.OrigErr())
187}
188
189// String returns the string representation of the error.
190// Alias for Error to satisfy the stringer interface.
191func (e unmarshalError) String() string {
192 return e.Error()
193}
194
195// Bytes returns the bytes that failed to unmarshal.
196func (e unmarshalError) Bytes() []byte {
197 return e.bytes
198}
199
173// An error list that satisfies the golang interface 200// An error list that satisfies the golang interface
174type errorList []error 201type errorList []error
175 202
@@ -181,7 +208,7 @@ func (e errorList) Error() string {
181 // How do we want to handle the array size being zero 208 // How do we want to handle the array size being zero
182 if size := len(e); size > 0 { 209 if size := len(e); size > 0 {
183 for i := 0; i < size; i++ { 210 for i := 0; i < size; i++ {
184 msg += fmt.Sprintf("%s", e[i].Error()) 211 msg += e[i].Error()
185 // We check the next index to see if it is within the slice. 212 // We check the next index to see if it is within the slice.
186 // If it is, then we append a newline. We do this, because unit tests 213 // If it is, then we append a newline. We do this, because unit tests
187 // could be broken with the additional '\n' 214 // could be broken with the additional '\n'
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
index 11c52c3..285e54d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go
@@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) {
185// SetValueAtPath sets a value at the case insensitive lexical path inside 185// SetValueAtPath sets a value at the case insensitive lexical path inside
186// of a structure. 186// of a structure.
187func SetValueAtPath(i interface{}, path string, v interface{}) { 187func SetValueAtPath(i interface{}, path string, v interface{}) {
188 if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil { 188 rvals := rValuesAtPath(i, path, true, false, v == nil)
189 for _, rval := range rvals { 189 for _, rval := range rvals {
190 if rval.Kind() == reflect.Ptr && rval.IsNil() { 190 if rval.Kind() == reflect.Ptr && rval.IsNil() {
191 continue 191 continue
192 }
193 setValue(rval, v)
194 } 192 }
193 setValue(rval, v)
195 } 194 }
196} 195}
197 196
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
index 7b5e127..8958c32 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
@@ -67,10 +67,14 @@ func logRequest(r *request.Request) {
67 if !bodySeekable { 67 if !bodySeekable {
68 r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body)) 68 r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body))
69 } 69 }
70 // Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's 70 // Reset the request body because dumpRequest will re-wrap the
71 // Body as a NoOpCloser and will not be reset after read by the HTTP 71 // r.HTTPRequest's Body as a NoOpCloser and will not be reset after
72 // client reader. 72 // read by the HTTP client reader.
73 r.ResetBody() 73 if err := r.Error; err != nil {
74 r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
75 r.ClientInfo.ServiceName, r.Operation.Name, err))
76 return
77 }
74 } 78 }
75 79
76 r.Config.Logger.Log(fmt.Sprintf(logReqMsg, 80 r.Config.Logger.Log(fmt.Sprintf(logReqMsg,
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
index 894bbc7..4af5921 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
@@ -50,9 +50,10 @@ package credentials
50 50
51import ( 51import (
52 "fmt" 52 "fmt"
53 "github.com/aws/aws-sdk-go/aws/awserr"
54 "sync" 53 "sync"
55 "time" 54 "time"
55
56 "github.com/aws/aws-sdk-go/aws/awserr"
56) 57)
57 58
58// AnonymousCredentials is an empty Credential object that can be used as 59// AnonymousCredentials is an empty Credential object that can be used as
@@ -83,6 +84,12 @@ type Value struct {
83 ProviderName string 84 ProviderName string
84} 85}
85 86
87// HasKeys returns if the credentials Value has both AccessKeyID and
88// SecretAccessKey value set.
89func (v Value) HasKeys() bool {
90 return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0
91}
92
86// A Provider is the interface for any component which will provide credentials 93// A Provider is the interface for any component which will provide credentials
87// Value. A provider is required to manage its own Expired state, and what to 94// Value. A provider is required to manage its own Expired state, and what to
88// be expired means. 95// be expired means.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
index 0ed791b..43d4ed3 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds/ec2_role_provider.go
@@ -11,6 +11,7 @@ import (
11 "github.com/aws/aws-sdk-go/aws/client" 11 "github.com/aws/aws-sdk-go/aws/client"
12 "github.com/aws/aws-sdk-go/aws/credentials" 12 "github.com/aws/aws-sdk-go/aws/credentials"
13 "github.com/aws/aws-sdk-go/aws/ec2metadata" 13 "github.com/aws/aws-sdk-go/aws/ec2metadata"
14 "github.com/aws/aws-sdk-go/aws/request"
14 "github.com/aws/aws-sdk-go/internal/sdkuri" 15 "github.com/aws/aws-sdk-go/internal/sdkuri"
15) 16)
16 17
@@ -142,7 +143,8 @@ func requestCredList(client *ec2metadata.EC2Metadata) ([]string, error) {
142 } 143 }
143 144
144 if err := s.Err(); err != nil { 145 if err := s.Err(); err != nil {
145 return nil, awserr.New("SerializationError", "failed to read EC2 instance role from metadata service", err) 146 return nil, awserr.New(request.ErrCodeSerialization,
147 "failed to read EC2 instance role from metadata service", err)
146 } 148 }
147 149
148 return credsList, nil 150 return credsList, nil
@@ -164,7 +166,7 @@ func requestCred(client *ec2metadata.EC2Metadata, credsName string) (ec2RoleCred
164 respCreds := ec2RoleCredRespBody{} 166 respCreds := ec2RoleCredRespBody{}
165 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil { 167 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&respCreds); err != nil {
166 return ec2RoleCredRespBody{}, 168 return ec2RoleCredRespBody{},
167 awserr.New("SerializationError", 169 awserr.New(request.ErrCodeSerialization,
168 fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName), 170 fmt.Sprintf("failed to decode %s EC2 instance role credentials", credsName),
169 err) 171 err)
170 } 172 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
index ace5131..c2b2c5d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go
@@ -39,6 +39,7 @@ import (
39 "github.com/aws/aws-sdk-go/aws/client/metadata" 39 "github.com/aws/aws-sdk-go/aws/client/metadata"
40 "github.com/aws/aws-sdk-go/aws/credentials" 40 "github.com/aws/aws-sdk-go/aws/credentials"
41 "github.com/aws/aws-sdk-go/aws/request" 41 "github.com/aws/aws-sdk-go/aws/request"
42 "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
42) 43)
43 44
44// ProviderName is the name of the credentials provider. 45// ProviderName is the name of the credentials provider.
@@ -174,7 +175,7 @@ func unmarshalHandler(r *request.Request) {
174 175
175 out := r.Data.(*getCredentialsOutput) 176 out := r.Data.(*getCredentialsOutput)
176 if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil { 177 if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&out); err != nil {
177 r.Error = awserr.New("SerializationError", 178 r.Error = awserr.New(request.ErrCodeSerialization,
178 "failed to decode endpoint credentials", 179 "failed to decode endpoint credentials",
179 err, 180 err,
180 ) 181 )
@@ -185,11 +186,15 @@ func unmarshalError(r *request.Request) {
185 defer r.HTTPResponse.Body.Close() 186 defer r.HTTPResponse.Body.Close()
186 187
187 var errOut errorOutput 188 var errOut errorOutput
188 if err := json.NewDecoder(r.HTTPResponse.Body).Decode(&errOut); err != nil { 189 err := jsonutil.UnmarshalJSONError(&errOut, r.HTTPResponse.Body)
189 r.Error = awserr.New("SerializationError", 190 if err != nil {
190 "failed to decode endpoint credentials", 191 r.Error = awserr.NewRequestFailure(
191 err, 192 awserr.New(request.ErrCodeSerialization,
193 "failed to decode error message", err),
194 r.HTTPResponse.StatusCode,
195 r.RequestID,
192 ) 196 )
197 return
193 } 198 }
194 199
195 // Response body format is not consistent between metadata endpoints. 200 // Response body format is not consistent between metadata endpoints.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
index b6dbfd2..2e528d1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
@@ -200,7 +200,7 @@ type AssumeRoleProvider struct {
200 // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must 200 // by a random percentage between 0 and MaxJitterFraction. MaxJitterFrac must
201 // have a value between 0 and 1. Any other value may lead to expected behavior. 201 // have a value between 0 and 1. Any other value may lead to expected behavior.
202 // With a MaxJitterFrac value of 0, default) will no jitter will be used. 202 // With a MaxJitterFrac value of 0, default) will no jitter will be used.
203 // 203 //
204 // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the 204 // For example, with a Duration of 30m and a MaxJitterFrac of 0.1, the
205 // AssumeRole call will be made with an arbitrary Duration between 27m and 205 // AssumeRole call will be made with an arbitrary Duration between 27m and
206 // 30m. 206 // 30m.
@@ -258,7 +258,6 @@ func NewCredentialsWithClient(svc AssumeRoler, roleARN string, options ...func(*
258 258
259// Retrieve generates a new set of temporary credentials using STS. 259// Retrieve generates a new set of temporary credentials using STS.
260func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) { 260func (p *AssumeRoleProvider) Retrieve() (credentials.Value, error) {
261
262 // Apply defaults where parameters are not set. 261 // Apply defaults where parameters are not set.
263 if p.RoleSessionName == "" { 262 if p.RoleSessionName == "" {
264 // Try to work out a role name that will hopefully end up unique. 263 // Try to work out a role name that will hopefully end up unique.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
new file mode 100644
index 0000000..20510d9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
@@ -0,0 +1,97 @@
1package stscreds
2
3import (
4 "fmt"
5 "io/ioutil"
6 "strconv"
7 "time"
8
9 "github.com/aws/aws-sdk-go/aws"
10 "github.com/aws/aws-sdk-go/aws/awserr"
11 "github.com/aws/aws-sdk-go/aws/client"
12 "github.com/aws/aws-sdk-go/aws/credentials"
13 "github.com/aws/aws-sdk-go/service/sts"
14 "github.com/aws/aws-sdk-go/service/sts/stsiface"
15)
16
17const (
18 // ErrCodeWebIdentity will be used as an error code when constructing
19 // a new error to be returned during session creation or retrieval.
20 ErrCodeWebIdentity = "WebIdentityErr"
21
22 // WebIdentityProviderName is the web identity provider name
23 WebIdentityProviderName = "WebIdentityCredentials"
24)
25
26// now is used to return a time.Time object representing
27// the current time. This can be used to easily test and
28// compare test values.
29var now = time.Now
30
31// WebIdentityRoleProvider is used to retrieve credentials using
32// an OIDC token.
33type WebIdentityRoleProvider struct {
34 credentials.Expiry
35
36 client stsiface.STSAPI
37 ExpiryWindow time.Duration
38
39 tokenFilePath string
40 roleARN string
41 roleSessionName string
42}
43
44// NewWebIdentityCredentials will return a new set of credentials with a given
45// configuration, role arn, and token file path.
46func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
47 svc := sts.New(c)
48 p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
49 return credentials.NewCredentials(p)
50}
51
52// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
53// provided stsiface.STSAPI
54func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
55 return &WebIdentityRoleProvider{
56 client: svc,
57 tokenFilePath: path,
58 roleARN: roleARN,
59 roleSessionName: roleSessionName,
60 }
61}
62
63// Retrieve will attempt to assume a role from a token which is located at
64// 'WebIdentityTokenFilePath' specified destination and if that is empty an
65// error will be returned.
66func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
67 b, err := ioutil.ReadFile(p.tokenFilePath)
68 if err != nil {
69 errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath)
70 return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err)
71 }
72
73 sessionName := p.roleSessionName
74 if len(sessionName) == 0 {
75 // session name is used to uniquely identify a session. This simply
76 // uses unix time in nanoseconds to uniquely identify sessions.
77 sessionName = strconv.FormatInt(now().UnixNano(), 10)
78 }
79 resp, err := p.client.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{
80 RoleArn: &p.roleARN,
81 RoleSessionName: &sessionName,
82 WebIdentityToken: aws.String(string(b)),
83 })
84 if err != nil {
85 return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err)
86 }
87
88 p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow)
89
90 value := credentials.Value{
91 AccessKeyID: aws.StringValue(resp.Credentials.AccessKeyId),
92 SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey),
93 SessionToken: aws.StringValue(resp.Credentials.SessionToken),
94 ProviderName: WebIdentityProviderName,
95 }
96 return value, nil
97}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
index 152d785..25a66d1 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go
@@ -1,30 +1,61 @@
1// Package csm provides Client Side Monitoring (CSM) which enables sending metrics 1// Package csm provides the Client Side Monitoring (CSM) client which enables
2// via UDP connection. Using the Start function will enable the reporting of 2// sending metrics via UDP connection to the CSM agent. This package provides
3// metrics on a given port. If Start is called, with different parameters, again, 3// control options, and configuration for the CSM client. The client can be
4// a panic will occur. 4// controlled manually, or automatically via the SDK's Session configuration.
5// 5//
6// Pause can be called to pause any metrics publishing on a given port. Sessions 6// Enabling CSM client via SDK's Session configuration
7// that have had their handlers modified via InjectHandlers may still be used. 7//
8// However, the handlers will act as a no-op meaning no metrics will be published. 8// The CSM client can be enabled automatically via SDK's Session configuration.
9// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
10// environment variable is set to a non-empty value.
11//
12// The configuration options for the CSM client via the SDK's session
13// configuration are:
14//
15// * AWS_CSM_PORT=<port number>
16// The port number the CSM agent will receive metrics on.
17//
18// * AWS_CSM_HOST=<hostname or ip>
19// The hostname, or IP address the CSM agent will receive metrics on.
20// Without port number.
21//
22// Manually enabling the CSM client
23//
24// The CSM client can be started, paused, and resumed manually. The Start
25// function will enable the CSM client to publish metrics to the CSM agent. It
26// is safe to call Start concurrently, but if Start is called additional times
27// with different ClientID or address it will panic.
9// 28//
10// Example:
11// r, err := csm.Start("clientID", ":31000") 29// r, err := csm.Start("clientID", ":31000")
12// if err != nil { 30// if err != nil {
13// panic(fmt.Errorf("failed starting CSM: %v", err)) 31// panic(fmt.Errorf("failed starting CSM: %v", err))
14// } 32// }
15// 33//
34// When controlling the CSM client manually, you must also inject its request
35// handlers into the SDK's Session configuration for the SDK's API clients to
36// publish metrics.
37//
16// sess, err := session.NewSession(&aws.Config{}) 38// sess, err := session.NewSession(&aws.Config{})
17// if err != nil { 39// if err != nil {
18// panic(fmt.Errorf("failed loading session: %v", err)) 40// panic(fmt.Errorf("failed loading session: %v", err))
19// } 41// }
20// 42//
43// // Add CSM client's metric publishing request handlers to the SDK's
44// // Session Configuration.
21// r.InjectHandlers(&sess.Handlers) 45// r.InjectHandlers(&sess.Handlers)
22// 46//
23// client := s3.New(sess) 47// Controlling CSM client
24// resp, err := client.GetObject(&s3.GetObjectInput{ 48//
25// Bucket: aws.String("bucket"), 49// Once the CSM client has been enabled the Get function will return a Reporter
26// Key: aws.String("key"), 50// value that you can use to pause and resume the metrics published to the CSM
27// }) 51// agent. If Get function is called before the reporter is enabled with the
52// Start function or via SDK's Session configuration nil will be returned.
53//
54// The Pause method can be called to stop the CSM client publishing metrics to
55// the CSM agent. The Continue method will resume metric publishing.
56//
57// // Get the CSM client Reporter.
58// r := csm.Get()
28// 59//
29// // Will pause monitoring 60// // Will pause monitoring
30// r.Pause() 61// r.Pause()
@@ -35,12 +66,4 @@
35// 66//
36// // Resume monitoring 67// // Resume monitoring
37// r.Continue() 68// r.Continue()
38//
39// Start returns a Reporter that is used to enable or disable monitoring. If
40// access to the Reporter is required later, calling Get will return the Reporter
41// singleton.
42//
43// Example:
44// r := csm.Get()
45// r.Continue()
46package csm 69package csm
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
index 2f0c6ea..4b19e28 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go
@@ -2,6 +2,7 @@ package csm
2 2
3import ( 3import (
4 "fmt" 4 "fmt"
5 "strings"
5 "sync" 6 "sync"
6) 7)
7 8
@@ -9,19 +10,40 @@ var (
9 lock sync.Mutex 10 lock sync.Mutex
10) 11)
11 12
12// Client side metric handler names
13const ( 13const (
14 APICallMetricHandlerName = "awscsm.SendAPICallMetric" 14 // DefaultPort is used when no port is specified.
15 APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric" 15 DefaultPort = "31000"
16
17 // DefaultHost is the host that will be used when none is specified.
18 DefaultHost = "127.0.0.1"
16) 19)
17 20
18// Start will start the a long running go routine to capture 21// AddressWithDefaults returns a CSM address built from the host and port
22// values. If the host or port is not set, default values will be used
23// instead. If host is "localhost" it will be replaced with "127.0.0.1".
24func AddressWithDefaults(host, port string) string {
25 if len(host) == 0 || strings.EqualFold(host, "localhost") {
26 host = DefaultHost
27 }
28
29 if len(port) == 0 {
30 port = DefaultPort
31 }
32
33 // Only IP6 host can contain a colon
34 if strings.Contains(host, ":") {
35 return "[" + host + "]:" + port
36 }
37
38 return host + ":" + port
39}
40
41// Start will start a long running go routine to capture
19// client side metrics. Calling start multiple time will only 42// client side metrics. Calling start multiple time will only
20// start the metric listener once and will panic if a different 43// start the metric listener once and will panic if a different
21// client ID or port is passed in. 44// client ID or port is passed in.
22// 45//
23// Example: 46// r, err := csm.Start("clientID", "127.0.0.1:31000")
24// r, err := csm.Start("clientID", "127.0.0.1:8094")
25// if err != nil { 47// if err != nil {
26// panic(fmt.Errorf("expected no error, but received %v", err)) 48// panic(fmt.Errorf("expected no error, but received %v", err))
27// } 49// }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
index 0b5571a..c7008d8 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go
@@ -10,11 +10,6 @@ import (
10 "github.com/aws/aws-sdk-go/aws/request" 10 "github.com/aws/aws-sdk-go/aws/request"
11) 11)
12 12
13const (
14 // DefaultPort is used when no port is specified
15 DefaultPort = "31000"
16)
17
18// Reporter will gather metrics of API requests made and 13// Reporter will gather metrics of API requests made and
19// send those metrics to the CSM endpoint. 14// send those metrics to the CSM endpoint.
20type Reporter struct { 15type Reporter struct {
@@ -96,7 +91,7 @@ func getMetricException(err awserr.Error) metricException {
96 91
97 switch code { 92 switch code {
98 case "RequestError", 93 case "RequestError",
99 "SerializationError", 94 request.ErrCodeSerialization,
100 request.CanceledErrorCode: 95 request.CanceledErrorCode:
101 return sdkException{ 96 return sdkException{
102 requestException{exception: code, message: msg}, 97 requestException{exception: code, message: msg},
@@ -123,7 +118,7 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) {
123 Type: aws.String("ApiCall"), 118 Type: aws.String("ApiCall"),
124 AttemptCount: aws.Int(r.RetryCount + 1), 119 AttemptCount: aws.Int(r.RetryCount + 1),
125 Region: r.Config.Region, 120 Region: r.Config.Region,
126 Latency: aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)), 121 Latency: aws.Int(int(time.Since(r.Time) / time.Millisecond)),
127 XAmzRequestID: aws.String(r.RequestID), 122 XAmzRequestID: aws.String(r.RequestID),
128 MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())), 123 MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())),
129 } 124 }
@@ -190,8 +185,9 @@ func (rep *Reporter) start() {
190 } 185 }
191} 186}
192 187
193// Pause will pause the metric channel preventing any new metrics from 188// Pause will pause the metric channel preventing any new metrics from being
194// being added. 189// added. It is safe to call concurrently with other calls to Pause, but if
190// called concurently with Continue can lead to unexpected state.
195func (rep *Reporter) Pause() { 191func (rep *Reporter) Pause() {
196 lock.Lock() 192 lock.Lock()
197 defer lock.Unlock() 193 defer lock.Unlock()
@@ -203,8 +199,9 @@ func (rep *Reporter) Pause() {
203 rep.close() 199 rep.close()
204} 200}
205 201
206// Continue will reopen the metric channel and allow for monitoring 202// Continue will reopen the metric channel and allow for monitoring to be
207// to be resumed. 203// resumed. It is safe to call concurrently with other calls to Continue, but
204// if called concurently with Pause can lead to unexpected state.
208func (rep *Reporter) Continue() { 205func (rep *Reporter) Continue() {
209 lock.Lock() 206 lock.Lock()
210 defer lock.Unlock() 207 defer lock.Unlock()
@@ -219,10 +216,18 @@ func (rep *Reporter) Continue() {
219 rep.metricsCh.Continue() 216 rep.metricsCh.Continue()
220} 217}
221 218
219// Client side metric handler names
220const (
221 APICallMetricHandlerName = "awscsm.SendAPICallMetric"
222 APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
223)
224
222// InjectHandlers will will enable client side metrics and inject the proper 225// InjectHandlers will will enable client side metrics and inject the proper
223// handlers to handle how metrics are sent. 226// handlers to handle how metrics are sent.
224// 227//
225// Example: 228// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
229// multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
230//
226// // Start must be called in order to inject the correct handlers 231// // Start must be called in order to inject the correct handlers
227// r, err := csm.Start("clientID", "127.0.0.1:8094") 232// r, err := csm.Start("clientID", "127.0.0.1:8094")
228// if err != nil { 233// if err != nil {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
index d57a1af..2c8d5f5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
@@ -82,7 +82,7 @@ func (c *EC2Metadata) GetInstanceIdentityDocument() (EC2InstanceIdentityDocument
82 doc := EC2InstanceIdentityDocument{} 82 doc := EC2InstanceIdentityDocument{}
83 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil { 83 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&doc); err != nil {
84 return EC2InstanceIdentityDocument{}, 84 return EC2InstanceIdentityDocument{},
85 awserr.New("SerializationError", 85 awserr.New(request.ErrCodeSerialization,
86 "failed to decode EC2 instance identity document", err) 86 "failed to decode EC2 instance identity document", err)
87 } 87 }
88 88
@@ -101,7 +101,7 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
101 info := EC2IAMInfo{} 101 info := EC2IAMInfo{}
102 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil { 102 if err := json.NewDecoder(strings.NewReader(resp)).Decode(&info); err != nil {
103 return EC2IAMInfo{}, 103 return EC2IAMInfo{},
104 awserr.New("SerializationError", 104 awserr.New(request.ErrCodeSerialization,
105 "failed to decode EC2 IAM info", err) 105 "failed to decode EC2 IAM info", err)
106 } 106 }
107 107
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
index f4438ea..f0c1d31 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
@@ -123,7 +123,7 @@ func unmarshalHandler(r *request.Request) {
123 defer r.HTTPResponse.Body.Close() 123 defer r.HTTPResponse.Body.Close()
124 b := &bytes.Buffer{} 124 b := &bytes.Buffer{}
125 if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { 125 if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
126 r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata respose", err) 126 r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata respose", err)
127 return 127 return
128 } 128 }
129 129
@@ -136,7 +136,7 @@ func unmarshalError(r *request.Request) {
136 defer r.HTTPResponse.Body.Close() 136 defer r.HTTPResponse.Body.Close()
137 b := &bytes.Buffer{} 137 b := &bytes.Buffer{}
138 if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil { 138 if _, err := io.Copy(b, r.HTTPResponse.Body); err != nil {
139 r.Error = awserr.New("SerializationError", "unable to unmarshal EC2 metadata error respose", err) 139 r.Error = awserr.New(request.ErrCodeSerialization, "unable to unmarshal EC2 metadata error respose", err)
140 return 140 return
141 } 141 }
142 142
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 50e170e..2e7bd7a 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -27,6 +27,7 @@ const (
27 EuWest1RegionID = "eu-west-1" // EU (Ireland). 27 EuWest1RegionID = "eu-west-1" // EU (Ireland).
28 EuWest2RegionID = "eu-west-2" // EU (London). 28 EuWest2RegionID = "eu-west-2" // EU (London).
29 EuWest3RegionID = "eu-west-3" // EU (Paris). 29 EuWest3RegionID = "eu-west-3" // EU (Paris).
30 MeSouth1RegionID = "me-south-1" // Middle East (Bahrain).
30 SaEast1RegionID = "sa-east-1" // South America (Sao Paulo). 31 SaEast1RegionID = "sa-east-1" // South America (Sao Paulo).
31 UsEast1RegionID = "us-east-1" // US East (N. Virginia). 32 UsEast1RegionID = "us-east-1" // US East (N. Virginia).
32 UsEast2RegionID = "us-east-2" // US East (Ohio). 33 UsEast2RegionID = "us-east-2" // US East (Ohio).
@@ -128,6 +129,9 @@ var awsPartition = partition{
128 "eu-west-3": region{ 129 "eu-west-3": region{
129 Description: "EU (Paris)", 130 Description: "EU (Paris)",
130 }, 131 },
132 "me-south-1": region{
133 Description: "Middle East (Bahrain)",
134 },
131 "sa-east-1": region{ 135 "sa-east-1": region{
132 Description: "South America (Sao Paulo)", 136 Description: "South America (Sao Paulo)",
133 }, 137 },
@@ -166,6 +170,7 @@ var awsPartition = partition{
166 "eu-west-1": endpoint{}, 170 "eu-west-1": endpoint{},
167 "eu-west-2": endpoint{}, 171 "eu-west-2": endpoint{},
168 "eu-west-3": endpoint{}, 172 "eu-west-3": endpoint{},
173 "me-south-1": endpoint{},
169 "sa-east-1": endpoint{}, 174 "sa-east-1": endpoint{},
170 "us-east-1": endpoint{}, 175 "us-east-1": endpoint{},
171 "us-east-2": endpoint{}, 176 "us-east-2": endpoint{},
@@ -178,6 +183,7 @@ var awsPartition = partition{
178 Protocols: []string{"https"}, 183 Protocols: []string{"https"},
179 }, 184 },
180 Endpoints: endpoints{ 185 Endpoints: endpoints{
186 "ap-east-1": endpoint{},
181 "ap-northeast-1": endpoint{}, 187 "ap-northeast-1": endpoint{},
182 "ap-northeast-2": endpoint{}, 188 "ap-northeast-2": endpoint{},
183 "ap-south-1": endpoint{}, 189 "ap-south-1": endpoint{},
@@ -270,6 +276,12 @@ var awsPartition = partition{
270 Region: "eu-west-3", 276 Region: "eu-west-3",
271 }, 277 },
272 }, 278 },
279 "me-south-1": endpoint{
280 Hostname: "api.ecr.me-south-1.amazonaws.com",
281 CredentialScope: credentialScope{
282 Region: "me-south-1",
283 },
284 },
273 "sa-east-1": endpoint{ 285 "sa-east-1": endpoint{
274 Hostname: "api.ecr.sa-east-1.amazonaws.com", 286 Hostname: "api.ecr.sa-east-1.amazonaws.com",
275 CredentialScope: credentialScope{ 287 CredentialScope: credentialScope{
@@ -381,6 +393,7 @@ var awsPartition = partition{
381 "eu-west-1": endpoint{}, 393 "eu-west-1": endpoint{},
382 "eu-west-2": endpoint{}, 394 "eu-west-2": endpoint{},
383 "eu-west-3": endpoint{}, 395 "eu-west-3": endpoint{},
396 "me-south-1": endpoint{},
384 "sa-east-1": endpoint{}, 397 "sa-east-1": endpoint{},
385 "us-east-1": endpoint{}, 398 "us-east-1": endpoint{},
386 "us-east-2": endpoint{}, 399 "us-east-2": endpoint{},
@@ -409,6 +422,7 @@ var awsPartition = partition{
409 "eu-west-1": endpoint{}, 422 "eu-west-1": endpoint{},
410 "eu-west-2": endpoint{}, 423 "eu-west-2": endpoint{},
411 "eu-west-3": endpoint{}, 424 "eu-west-3": endpoint{},
425 "me-south-1": endpoint{},
412 "sa-east-1": endpoint{}, 426 "sa-east-1": endpoint{},
413 "us-east-1": endpoint{}, 427 "us-east-1": endpoint{},
414 "us-east-2": endpoint{}, 428 "us-east-2": endpoint{},
@@ -416,6 +430,24 @@ var awsPartition = partition{
416 "us-west-2": endpoint{}, 430 "us-west-2": endpoint{},
417 }, 431 },
418 }, 432 },
433 "appmesh": service{
434
435 Endpoints: endpoints{
436 "ap-northeast-1": endpoint{},
437 "ap-northeast-2": endpoint{},
438 "ap-south-1": endpoint{},
439 "ap-southeast-1": endpoint{},
440 "ap-southeast-2": endpoint{},
441 "ca-central-1": endpoint{},
442 "eu-central-1": endpoint{},
443 "eu-west-1": endpoint{},
444 "eu-west-2": endpoint{},
445 "us-east-1": endpoint{},
446 "us-east-2": endpoint{},
447 "us-west-1": endpoint{},
448 "us-west-2": endpoint{},
449 },
450 },
419 "appstream2": service{ 451 "appstream2": service{
420 Defaults: endpoint{ 452 Defaults: endpoint{
421 Protocols: []string{"https"}, 453 Protocols: []string{"https"},
@@ -460,6 +492,7 @@ var awsPartition = partition{
460 "ap-southeast-2": endpoint{}, 492 "ap-southeast-2": endpoint{},
461 "ca-central-1": endpoint{}, 493 "ca-central-1": endpoint{},
462 "eu-central-1": endpoint{}, 494 "eu-central-1": endpoint{},
495 "eu-north-1": endpoint{},
463 "eu-west-1": endpoint{}, 496 "eu-west-1": endpoint{},
464 "eu-west-2": endpoint{}, 497 "eu-west-2": endpoint{},
465 "us-east-1": endpoint{}, 498 "us-east-1": endpoint{},
@@ -484,6 +517,7 @@ var awsPartition = partition{
484 "eu-west-1": endpoint{}, 517 "eu-west-1": endpoint{},
485 "eu-west-2": endpoint{}, 518 "eu-west-2": endpoint{},
486 "eu-west-3": endpoint{}, 519 "eu-west-3": endpoint{},
520 "me-south-1": endpoint{},
487 "sa-east-1": endpoint{}, 521 "sa-east-1": endpoint{},
488 "us-east-1": endpoint{}, 522 "us-east-1": endpoint{},
489 "us-east-2": endpoint{}, 523 "us-east-2": endpoint{},
@@ -515,9 +549,27 @@ var awsPartition = partition{
515 "us-west-2": endpoint{}, 549 "us-west-2": endpoint{},
516 }, 550 },
517 }, 551 },
552 "backup": service{
553
554 Endpoints: endpoints{
555 "ap-northeast-1": endpoint{},
556 "ap-northeast-2": endpoint{},
557 "ap-southeast-1": endpoint{},
558 "ap-southeast-2": endpoint{},
559 "ca-central-1": endpoint{},
560 "eu-central-1": endpoint{},
561 "eu-west-1": endpoint{},
562 "eu-west-2": endpoint{},
563 "us-east-1": endpoint{},
564 "us-east-2": endpoint{},
565 "us-west-1": endpoint{},
566 "us-west-2": endpoint{},
567 },
568 },
518 "batch": service{ 569 "batch": service{
519 570
520 Endpoints: endpoints{ 571 Endpoints: endpoints{
572 "ap-east-1": endpoint{},
521 "ap-northeast-1": endpoint{}, 573 "ap-northeast-1": endpoint{},
522 "ap-northeast-2": endpoint{}, 574 "ap-northeast-2": endpoint{},
523 "ap-south-1": endpoint{}, 575 "ap-south-1": endpoint{},
@@ -584,6 +636,7 @@ var awsPartition = partition{
584 Endpoints: endpoints{ 636 Endpoints: endpoints{
585 "ap-northeast-1": endpoint{}, 637 "ap-northeast-1": endpoint{},
586 "ap-southeast-1": endpoint{}, 638 "ap-southeast-1": endpoint{},
639 "eu-central-1": endpoint{},
587 "eu-west-1": endpoint{}, 640 "eu-west-1": endpoint{},
588 "us-east-1": endpoint{}, 641 "us-east-1": endpoint{},
589 "us-east-2": endpoint{}, 642 "us-east-2": endpoint{},
@@ -619,6 +672,7 @@ var awsPartition = partition{
619 "eu-west-1": endpoint{}, 672 "eu-west-1": endpoint{},
620 "eu-west-2": endpoint{}, 673 "eu-west-2": endpoint{},
621 "eu-west-3": endpoint{}, 674 "eu-west-3": endpoint{},
675 "me-south-1": endpoint{},
622 "sa-east-1": endpoint{}, 676 "sa-east-1": endpoint{},
623 "us-east-1": endpoint{}, 677 "us-east-1": endpoint{},
624 "us-east-2": endpoint{}, 678 "us-east-2": endpoint{},
@@ -662,6 +716,7 @@ var awsPartition = partition{
662 }, 716 },
663 }, 717 },
664 Endpoints: endpoints{ 718 Endpoints: endpoints{
719 "ap-east-1": endpoint{},
665 "ap-northeast-1": endpoint{}, 720 "ap-northeast-1": endpoint{},
666 "ap-northeast-2": endpoint{}, 721 "ap-northeast-2": endpoint{},
667 "ap-south-1": endpoint{}, 722 "ap-south-1": endpoint{},
@@ -709,6 +764,7 @@ var awsPartition = partition{
709 "eu-west-1": endpoint{}, 764 "eu-west-1": endpoint{},
710 "eu-west-2": endpoint{}, 765 "eu-west-2": endpoint{},
711 "eu-west-3": endpoint{}, 766 "eu-west-3": endpoint{},
767 "me-south-1": endpoint{},
712 "sa-east-1": endpoint{}, 768 "sa-east-1": endpoint{},
713 "us-east-1": endpoint{}, 769 "us-east-1": endpoint{},
714 "us-east-2": endpoint{}, 770 "us-east-2": endpoint{},
@@ -726,6 +782,7 @@ var awsPartition = partition{
726 "ap-southeast-2": endpoint{}, 782 "ap-southeast-2": endpoint{},
727 "ca-central-1": endpoint{}, 783 "ca-central-1": endpoint{},
728 "eu-central-1": endpoint{}, 784 "eu-central-1": endpoint{},
785 "eu-north-1": endpoint{},
729 "eu-west-1": endpoint{}, 786 "eu-west-1": endpoint{},
730 "eu-west-2": endpoint{}, 787 "eu-west-2": endpoint{},
731 "eu-west-3": endpoint{}, 788 "eu-west-3": endpoint{},
@@ -789,6 +846,7 @@ var awsPartition = partition{
789 "codedeploy": service{ 846 "codedeploy": service{
790 847
791 Endpoints: endpoints{ 848 Endpoints: endpoints{
849 "ap-east-1": endpoint{},
792 "ap-northeast-1": endpoint{}, 850 "ap-northeast-1": endpoint{},
793 "ap-northeast-2": endpoint{}, 851 "ap-northeast-2": endpoint{},
794 "ap-south-1": endpoint{}, 852 "ap-south-1": endpoint{},
@@ -800,6 +858,7 @@ var awsPartition = partition{
800 "eu-west-1": endpoint{}, 858 "eu-west-1": endpoint{},
801 "eu-west-2": endpoint{}, 859 "eu-west-2": endpoint{},
802 "eu-west-3": endpoint{}, 860 "eu-west-3": endpoint{},
861 "me-south-1": endpoint{},
803 "sa-east-1": endpoint{}, 862 "sa-east-1": endpoint{},
804 "us-east-1": endpoint{}, 863 "us-east-1": endpoint{},
805 "us-east-1-fips": endpoint{ 864 "us-east-1-fips": endpoint{
@@ -937,10 +996,13 @@ var awsPartition = partition{
937 "comprehendmedical": service{ 996 "comprehendmedical": service{
938 997
939 Endpoints: endpoints{ 998 Endpoints: endpoints{
940 "eu-west-1": endpoint{}, 999 "ap-southeast-2": endpoint{},
941 "us-east-1": endpoint{}, 1000 "ca-central-1": endpoint{},
942 "us-east-2": endpoint{}, 1001 "eu-west-1": endpoint{},
943 "us-west-2": endpoint{}, 1002 "eu-west-2": endpoint{},
1003 "us-east-1": endpoint{},
1004 "us-east-2": endpoint{},
1005 "us-west-2": endpoint{},
944 }, 1006 },
945 }, 1007 },
946 "config": service{ 1008 "config": service{
@@ -958,6 +1020,7 @@ var awsPartition = partition{
958 "eu-west-1": endpoint{}, 1020 "eu-west-1": endpoint{},
959 "eu-west-2": endpoint{}, 1021 "eu-west-2": endpoint{},
960 "eu-west-3": endpoint{}, 1022 "eu-west-3": endpoint{},
1023 "me-south-1": endpoint{},
961 "sa-east-1": endpoint{}, 1024 "sa-east-1": endpoint{},
962 "us-east-1": endpoint{}, 1025 "us-east-1": endpoint{},
963 "us-east-2": endpoint{}, 1026 "us-east-2": endpoint{},
@@ -971,6 +1034,19 @@ var awsPartition = partition{
971 "us-east-1": endpoint{}, 1034 "us-east-1": endpoint{},
972 }, 1035 },
973 }, 1036 },
1037 "data.mediastore": service{
1038
1039 Endpoints: endpoints{
1040 "ap-northeast-1": endpoint{},
1041 "ap-northeast-2": endpoint{},
1042 "ap-southeast-2": endpoint{},
1043 "eu-central-1": endpoint{},
1044 "eu-north-1": endpoint{},
1045 "eu-west-1": endpoint{},
1046 "us-east-1": endpoint{},
1047 "us-west-2": endpoint{},
1048 },
1049 },
974 "datapipeline": service{ 1050 "datapipeline": service{
975 1051
976 Endpoints: endpoints{ 1052 Endpoints: endpoints{
@@ -1032,6 +1108,7 @@ var awsPartition = partition{
1032 "eu-west-1": endpoint{}, 1108 "eu-west-1": endpoint{},
1033 "eu-west-2": endpoint{}, 1109 "eu-west-2": endpoint{},
1034 "eu-west-3": endpoint{}, 1110 "eu-west-3": endpoint{},
1111 "me-south-1": endpoint{},
1035 "sa-east-1": endpoint{}, 1112 "sa-east-1": endpoint{},
1036 "us-east-1": endpoint{}, 1113 "us-east-1": endpoint{},
1037 "us-east-2": endpoint{}, 1114 "us-east-2": endpoint{},
@@ -1060,6 +1137,7 @@ var awsPartition = partition{
1060 "eu-west-1": endpoint{}, 1137 "eu-west-1": endpoint{},
1061 "eu-west-2": endpoint{}, 1138 "eu-west-2": endpoint{},
1062 "eu-west-3": endpoint{}, 1139 "eu-west-3": endpoint{},
1140 "me-south-1": endpoint{},
1063 "sa-east-1": endpoint{}, 1141 "sa-east-1": endpoint{},
1064 "us-east-1": endpoint{}, 1142 "us-east-1": endpoint{},
1065 "us-east-2": endpoint{}, 1143 "us-east-2": endpoint{},
@@ -1070,6 +1148,24 @@ var awsPartition = partition{
1070 "docdb": service{ 1148 "docdb": service{
1071 1149
1072 Endpoints: endpoints{ 1150 Endpoints: endpoints{
1151 "ap-northeast-1": endpoint{
1152 Hostname: "rds.ap-northeast-1.amazonaws.com",
1153 CredentialScope: credentialScope{
1154 Region: "ap-northeast-1",
1155 },
1156 },
1157 "ap-northeast-2": endpoint{
1158 Hostname: "rds.ap-northeast-2.amazonaws.com",
1159 CredentialScope: credentialScope{
1160 Region: "ap-northeast-2",
1161 },
1162 },
1163 "ap-southeast-2": endpoint{
1164 Hostname: "rds.ap-southeast-2.amazonaws.com",
1165 CredentialScope: credentialScope{
1166 Region: "ap-southeast-2",
1167 },
1168 },
1073 "eu-central-1": endpoint{ 1169 "eu-central-1": endpoint{
1074 Hostname: "rds.eu-central-1.amazonaws.com", 1170 Hostname: "rds.eu-central-1.amazonaws.com",
1075 CredentialScope: credentialScope{ 1171 CredentialScope: credentialScope{
@@ -1082,6 +1178,12 @@ var awsPartition = partition{
1082 Region: "eu-west-1", 1178 Region: "eu-west-1",
1083 }, 1179 },
1084 }, 1180 },
1181 "eu-west-2": endpoint{
1182 Hostname: "rds.eu-west-2.amazonaws.com",
1183 CredentialScope: credentialScope{
1184 Region: "eu-west-2",
1185 },
1186 },
1085 "us-east-1": endpoint{ 1187 "us-east-1": endpoint{
1086 Hostname: "rds.us-east-1.amazonaws.com", 1188 Hostname: "rds.us-east-1.amazonaws.com",
1087 CredentialScope: credentialScope{ 1189 CredentialScope: credentialScope{
@@ -1112,6 +1214,7 @@ var awsPartition = partition{
1112 "ap-southeast-2": endpoint{}, 1214 "ap-southeast-2": endpoint{},
1113 "ca-central-1": endpoint{}, 1215 "ca-central-1": endpoint{},
1114 "eu-central-1": endpoint{}, 1216 "eu-central-1": endpoint{},
1217 "eu-north-1": endpoint{},
1115 "eu-west-1": endpoint{}, 1218 "eu-west-1": endpoint{},
1116 "eu-west-2": endpoint{}, 1219 "eu-west-2": endpoint{},
1117 "sa-east-1": endpoint{}, 1220 "sa-east-1": endpoint{},
@@ -1133,11 +1236,17 @@ var awsPartition = partition{
1133 "ap-southeast-1": endpoint{}, 1236 "ap-southeast-1": endpoint{},
1134 "ap-southeast-2": endpoint{}, 1237 "ap-southeast-2": endpoint{},
1135 "ca-central-1": endpoint{}, 1238 "ca-central-1": endpoint{},
1136 "eu-central-1": endpoint{}, 1239 "ca-central-1-fips": endpoint{
1137 "eu-north-1": endpoint{}, 1240 Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
1138 "eu-west-1": endpoint{}, 1241 CredentialScope: credentialScope{
1139 "eu-west-2": endpoint{}, 1242 Region: "ca-central-1",
1140 "eu-west-3": endpoint{}, 1243 },
1244 },
1245 "eu-central-1": endpoint{},
1246 "eu-north-1": endpoint{},
1247 "eu-west-1": endpoint{},
1248 "eu-west-2": endpoint{},
1249 "eu-west-3": endpoint{},
1141 "local": endpoint{ 1250 "local": endpoint{
1142 Hostname: "localhost:8000", 1251 Hostname: "localhost:8000",
1143 Protocols: []string{"http"}, 1252 Protocols: []string{"http"},
@@ -1145,11 +1254,36 @@ var awsPartition = partition{
1145 Region: "us-east-1", 1254 Region: "us-east-1",
1146 }, 1255 },
1147 }, 1256 },
1148 "sa-east-1": endpoint{}, 1257 "me-south-1": endpoint{},
1149 "us-east-1": endpoint{}, 1258 "sa-east-1": endpoint{},
1259 "us-east-1": endpoint{},
1260 "us-east-1-fips": endpoint{
1261 Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
1262 CredentialScope: credentialScope{
1263 Region: "us-east-1",
1264 },
1265 },
1150 "us-east-2": endpoint{}, 1266 "us-east-2": endpoint{},
1267 "us-east-2-fips": endpoint{
1268 Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
1269 CredentialScope: credentialScope{
1270 Region: "us-east-2",
1271 },
1272 },
1151 "us-west-1": endpoint{}, 1273 "us-west-1": endpoint{},
1274 "us-west-1-fips": endpoint{
1275 Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
1276 CredentialScope: credentialScope{
1277 Region: "us-west-1",
1278 },
1279 },
1152 "us-west-2": endpoint{}, 1280 "us-west-2": endpoint{},
1281 "us-west-2-fips": endpoint{
1282 Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
1283 CredentialScope: credentialScope{
1284 Region: "us-west-2",
1285 },
1286 },
1153 }, 1287 },
1154 }, 1288 },
1155 "ec2": service{ 1289 "ec2": service{
@@ -1169,6 +1303,7 @@ var awsPartition = partition{
1169 "eu-west-1": endpoint{}, 1303 "eu-west-1": endpoint{},
1170 "eu-west-2": endpoint{}, 1304 "eu-west-2": endpoint{},
1171 "eu-west-3": endpoint{}, 1305 "eu-west-3": endpoint{},
1306 "me-south-1": endpoint{},
1172 "sa-east-1": endpoint{}, 1307 "sa-east-1": endpoint{},
1173 "us-east-1": endpoint{}, 1308 "us-east-1": endpoint{},
1174 "us-east-2": endpoint{}, 1309 "us-east-2": endpoint{},
@@ -1202,6 +1337,7 @@ var awsPartition = partition{
1202 "eu-west-1": endpoint{}, 1337 "eu-west-1": endpoint{},
1203 "eu-west-2": endpoint{}, 1338 "eu-west-2": endpoint{},
1204 "eu-west-3": endpoint{}, 1339 "eu-west-3": endpoint{},
1340 "me-south-1": endpoint{},
1205 "sa-east-1": endpoint{}, 1341 "sa-east-1": endpoint{},
1206 "us-east-1": endpoint{}, 1342 "us-east-1": endpoint{},
1207 "us-east-2": endpoint{}, 1343 "us-east-2": endpoint{},
@@ -1230,16 +1366,18 @@ var awsPartition = partition{
1230 Region: "us-west-1", 1366 Region: "us-west-1",
1231 }, 1367 },
1232 }, 1368 },
1233 "sa-east-1": endpoint{}, 1369 "me-south-1": endpoint{},
1234 "us-east-1": endpoint{}, 1370 "sa-east-1": endpoint{},
1235 "us-east-2": endpoint{}, 1371 "us-east-1": endpoint{},
1236 "us-west-1": endpoint{}, 1372 "us-east-2": endpoint{},
1237 "us-west-2": endpoint{}, 1373 "us-west-1": endpoint{},
1374 "us-west-2": endpoint{},
1238 }, 1375 },
1239 }, 1376 },
1240 "elasticbeanstalk": service{ 1377 "elasticbeanstalk": service{
1241 1378
1242 Endpoints: endpoints{ 1379 Endpoints: endpoints{
1380 "ap-east-1": endpoint{},
1243 "ap-northeast-1": endpoint{}, 1381 "ap-northeast-1": endpoint{},
1244 "ap-northeast-2": endpoint{}, 1382 "ap-northeast-2": endpoint{},
1245 "ap-south-1": endpoint{}, 1383 "ap-south-1": endpoint{},
@@ -1251,6 +1389,7 @@ var awsPartition = partition{
1251 "eu-west-1": endpoint{}, 1389 "eu-west-1": endpoint{},
1252 "eu-west-2": endpoint{}, 1390 "eu-west-2": endpoint{},
1253 "eu-west-3": endpoint{}, 1391 "eu-west-3": endpoint{},
1392 "me-south-1": endpoint{},
1254 "sa-east-1": endpoint{}, 1393 "sa-east-1": endpoint{},
1255 "us-east-1": endpoint{}, 1394 "us-east-1": endpoint{},
1256 "us-east-2": endpoint{}, 1395 "us-east-2": endpoint{},
@@ -1263,11 +1402,14 @@ var awsPartition = partition{
1263 Endpoints: endpoints{ 1402 Endpoints: endpoints{
1264 "ap-northeast-1": endpoint{}, 1403 "ap-northeast-1": endpoint{},
1265 "ap-northeast-2": endpoint{}, 1404 "ap-northeast-2": endpoint{},
1405 "ap-south-1": endpoint{},
1266 "ap-southeast-1": endpoint{}, 1406 "ap-southeast-1": endpoint{},
1267 "ap-southeast-2": endpoint{}, 1407 "ap-southeast-2": endpoint{},
1408 "ca-central-1": endpoint{},
1268 "eu-central-1": endpoint{}, 1409 "eu-central-1": endpoint{},
1269 "eu-west-1": endpoint{}, 1410 "eu-west-1": endpoint{},
1270 "eu-west-2": endpoint{}, 1411 "eu-west-2": endpoint{},
1412 "eu-west-3": endpoint{},
1271 "us-east-1": endpoint{}, 1413 "us-east-1": endpoint{},
1272 "us-east-2": endpoint{}, 1414 "us-east-2": endpoint{},
1273 "us-west-1": endpoint{}, 1415 "us-west-1": endpoint{},
@@ -1291,6 +1433,7 @@ var awsPartition = partition{
1291 "eu-west-1": endpoint{}, 1433 "eu-west-1": endpoint{},
1292 "eu-west-2": endpoint{}, 1434 "eu-west-2": endpoint{},
1293 "eu-west-3": endpoint{}, 1435 "eu-west-3": endpoint{},
1436 "me-south-1": endpoint{},
1294 "sa-east-1": endpoint{}, 1437 "sa-east-1": endpoint{},
1295 "us-east-1": endpoint{}, 1438 "us-east-1": endpoint{},
1296 "us-east-2": endpoint{}, 1439 "us-east-2": endpoint{},
@@ -1318,6 +1461,7 @@ var awsPartition = partition{
1318 "eu-west-1": endpoint{}, 1461 "eu-west-1": endpoint{},
1319 "eu-west-2": endpoint{}, 1462 "eu-west-2": endpoint{},
1320 "eu-west-3": endpoint{}, 1463 "eu-west-3": endpoint{},
1464 "me-south-1": endpoint{},
1321 "sa-east-1": endpoint{}, 1465 "sa-east-1": endpoint{},
1322 "us-east-1": endpoint{ 1466 "us-east-1": endpoint{
1323 SSLCommonName: "{service}.{region}.{dnsSuffix}", 1467 SSLCommonName: "{service}.{region}.{dnsSuffix}",
@@ -1343,10 +1487,12 @@ var awsPartition = partition{
1343 "email": service{ 1487 "email": service{
1344 1488
1345 Endpoints: endpoints{ 1489 Endpoints: endpoints{
1346 "eu-central-1": endpoint{}, 1490 "ap-south-1": endpoint{},
1347 "eu-west-1": endpoint{}, 1491 "ap-southeast-2": endpoint{},
1348 "us-east-1": endpoint{}, 1492 "eu-central-1": endpoint{},
1349 "us-west-2": endpoint{}, 1493 "eu-west-1": endpoint{},
1494 "us-east-1": endpoint{},
1495 "us-west-2": endpoint{},
1350 }, 1496 },
1351 }, 1497 },
1352 "entitlement.marketplace": service{ 1498 "entitlement.marketplace": service{
@@ -1402,6 +1548,7 @@ var awsPartition = partition{
1402 "eu-west-1": endpoint{}, 1548 "eu-west-1": endpoint{},
1403 "eu-west-2": endpoint{}, 1549 "eu-west-2": endpoint{},
1404 "eu-west-3": endpoint{}, 1550 "eu-west-3": endpoint{},
1551 "me-south-1": endpoint{},
1405 "sa-east-1": endpoint{}, 1552 "sa-east-1": endpoint{},
1406 "us-east-1": endpoint{}, 1553 "us-east-1": endpoint{},
1407 "us-east-2": endpoint{}, 1554 "us-east-2": endpoint{},
@@ -1419,6 +1566,7 @@ var awsPartition = partition{
1419 "ap-southeast-2": endpoint{}, 1566 "ap-southeast-2": endpoint{},
1420 "ca-central-1": endpoint{}, 1567 "ca-central-1": endpoint{},
1421 "eu-central-1": endpoint{}, 1568 "eu-central-1": endpoint{},
1569 "eu-north-1": endpoint{},
1422 "eu-west-1": endpoint{}, 1570 "eu-west-1": endpoint{},
1423 "eu-west-2": endpoint{}, 1571 "eu-west-2": endpoint{},
1424 "eu-west-3": endpoint{}, 1572 "eu-west-3": endpoint{},
@@ -1435,11 +1583,15 @@ var awsPartition = partition{
1435 }, 1583 },
1436 Endpoints: endpoints{ 1584 Endpoints: endpoints{
1437 "ap-northeast-1": endpoint{}, 1585 "ap-northeast-1": endpoint{},
1586 "ap-northeast-2": endpoint{},
1587 "ap-southeast-1": endpoint{},
1438 "ap-southeast-2": endpoint{}, 1588 "ap-southeast-2": endpoint{},
1439 "eu-central-1": endpoint{}, 1589 "eu-central-1": endpoint{},
1440 "eu-west-1": endpoint{}, 1590 "eu-west-1": endpoint{},
1591 "eu-west-2": endpoint{},
1441 "us-east-1": endpoint{}, 1592 "us-east-1": endpoint{},
1442 "us-east-2": endpoint{}, 1593 "us-east-2": endpoint{},
1594 "us-west-1": endpoint{},
1443 "us-west-2": endpoint{}, 1595 "us-west-2": endpoint{},
1444 }, 1596 },
1445 }, 1597 },
@@ -1447,10 +1599,14 @@ var awsPartition = partition{
1447 1599
1448 Endpoints: endpoints{ 1600 Endpoints: endpoints{
1449 "ap-northeast-1": endpoint{}, 1601 "ap-northeast-1": endpoint{},
1602 "ap-southeast-1": endpoint{},
1450 "ap-southeast-2": endpoint{}, 1603 "ap-southeast-2": endpoint{},
1604 "eu-central-1": endpoint{},
1451 "eu-west-1": endpoint{}, 1605 "eu-west-1": endpoint{},
1606 "eu-west-2": endpoint{},
1452 "us-east-1": endpoint{}, 1607 "us-east-1": endpoint{},
1453 "us-east-2": endpoint{}, 1608 "us-east-2": endpoint{},
1609 "us-west-1": endpoint{},
1454 "us-west-2": endpoint{}, 1610 "us-west-2": endpoint{},
1455 }, 1611 },
1456 }, 1612 },
@@ -1490,6 +1646,7 @@ var awsPartition = partition{
1490 "eu-west-1": endpoint{}, 1646 "eu-west-1": endpoint{},
1491 "eu-west-2": endpoint{}, 1647 "eu-west-2": endpoint{},
1492 "eu-west-3": endpoint{}, 1648 "eu-west-3": endpoint{},
1649 "me-south-1": endpoint{},
1493 "sa-east-1": endpoint{}, 1650 "sa-east-1": endpoint{},
1494 "us-east-1": endpoint{}, 1651 "us-east-1": endpoint{},
1495 "us-east-2": endpoint{}, 1652 "us-east-2": endpoint{},
@@ -1500,6 +1657,7 @@ var awsPartition = partition{
1500 "glue": service{ 1657 "glue": service{
1501 1658
1502 Endpoints: endpoints{ 1659 Endpoints: endpoints{
1660 "ap-east-1": endpoint{},
1503 "ap-northeast-1": endpoint{}, 1661 "ap-northeast-1": endpoint{},
1504 "ap-northeast-2": endpoint{}, 1662 "ap-northeast-2": endpoint{},
1505 "ap-south-1": endpoint{}, 1663 "ap-south-1": endpoint{},
@@ -1507,9 +1665,11 @@ var awsPartition = partition{
1507 "ap-southeast-2": endpoint{}, 1665 "ap-southeast-2": endpoint{},
1508 "ca-central-1": endpoint{}, 1666 "ca-central-1": endpoint{},
1509 "eu-central-1": endpoint{}, 1667 "eu-central-1": endpoint{},
1668 "eu-north-1": endpoint{},
1510 "eu-west-1": endpoint{}, 1669 "eu-west-1": endpoint{},
1511 "eu-west-2": endpoint{}, 1670 "eu-west-2": endpoint{},
1512 "eu-west-3": endpoint{}, 1671 "eu-west-3": endpoint{},
1672 "sa-east-1": endpoint{},
1513 "us-east-1": endpoint{}, 1673 "us-east-1": endpoint{},
1514 "us-east-2": endpoint{}, 1674 "us-east-2": endpoint{},
1515 "us-west-1": endpoint{}, 1675 "us-west-1": endpoint{},
@@ -1523,19 +1683,32 @@ var awsPartition = partition{
1523 }, 1683 },
1524 Endpoints: endpoints{ 1684 Endpoints: endpoints{
1525 "ap-northeast-1": endpoint{}, 1685 "ap-northeast-1": endpoint{},
1686 "ap-northeast-2": endpoint{},
1687 "ap-south-1": endpoint{},
1688 "ap-southeast-1": endpoint{},
1526 "ap-southeast-2": endpoint{}, 1689 "ap-southeast-2": endpoint{},
1527 "eu-central-1": endpoint{}, 1690 "eu-central-1": endpoint{},
1528 "eu-west-1": endpoint{}, 1691 "eu-west-1": endpoint{},
1692 "eu-west-2": endpoint{},
1529 "us-east-1": endpoint{}, 1693 "us-east-1": endpoint{},
1694 "us-east-2": endpoint{},
1530 "us-west-2": endpoint{}, 1695 "us-west-2": endpoint{},
1531 }, 1696 },
1532 }, 1697 },
1698 "groundstation": service{
1699
1700 Endpoints: endpoints{
1701 "us-east-2": endpoint{},
1702 "us-west-2": endpoint{},
1703 },
1704 },
1533 "guardduty": service{ 1705 "guardduty": service{
1534 IsRegionalized: boxedTrue, 1706 IsRegionalized: boxedTrue,
1535 Defaults: endpoint{ 1707 Defaults: endpoint{
1536 Protocols: []string{"https"}, 1708 Protocols: []string{"https"},
1537 }, 1709 },
1538 Endpoints: endpoints{ 1710 Endpoints: endpoints{
1711 "ap-east-1": endpoint{},
1539 "ap-northeast-1": endpoint{}, 1712 "ap-northeast-1": endpoint{},
1540 "ap-northeast-2": endpoint{}, 1713 "ap-northeast-2": endpoint{},
1541 "ap-south-1": endpoint{}, 1714 "ap-south-1": endpoint{},
@@ -1543,6 +1716,7 @@ var awsPartition = partition{
1543 "ap-southeast-2": endpoint{}, 1716 "ap-southeast-2": endpoint{},
1544 "ca-central-1": endpoint{}, 1717 "ca-central-1": endpoint{},
1545 "eu-central-1": endpoint{}, 1718 "eu-central-1": endpoint{},
1719 "eu-north-1": endpoint{},
1546 "eu-west-1": endpoint{}, 1720 "eu-west-1": endpoint{},
1547 "eu-west-2": endpoint{}, 1721 "eu-west-2": endpoint{},
1548 "eu-west-3": endpoint{}, 1722 "eu-west-3": endpoint{},
@@ -1595,7 +1769,9 @@ var awsPartition = partition{
1595 "ap-south-1": endpoint{}, 1769 "ap-south-1": endpoint{},
1596 "ap-southeast-2": endpoint{}, 1770 "ap-southeast-2": endpoint{},
1597 "eu-central-1": endpoint{}, 1771 "eu-central-1": endpoint{},
1772 "eu-north-1": endpoint{},
1598 "eu-west-1": endpoint{}, 1773 "eu-west-1": endpoint{},
1774 "eu-west-2": endpoint{},
1599 "us-east-1": endpoint{}, 1775 "us-east-1": endpoint{},
1600 "us-east-2": endpoint{}, 1776 "us-east-2": endpoint{},
1601 "us-west-1": endpoint{}, 1777 "us-west-1": endpoint{},
@@ -1614,11 +1790,16 @@ var awsPartition = partition{
1614 "ap-south-1": endpoint{}, 1790 "ap-south-1": endpoint{},
1615 "ap-southeast-1": endpoint{}, 1791 "ap-southeast-1": endpoint{},
1616 "ap-southeast-2": endpoint{}, 1792 "ap-southeast-2": endpoint{},
1793 "ca-central-1": endpoint{},
1617 "eu-central-1": endpoint{}, 1794 "eu-central-1": endpoint{},
1795 "eu-north-1": endpoint{},
1618 "eu-west-1": endpoint{}, 1796 "eu-west-1": endpoint{},
1619 "eu-west-2": endpoint{}, 1797 "eu-west-2": endpoint{},
1798 "eu-west-3": endpoint{},
1799 "sa-east-1": endpoint{},
1620 "us-east-1": endpoint{}, 1800 "us-east-1": endpoint{},
1621 "us-east-2": endpoint{}, 1801 "us-east-2": endpoint{},
1802 "us-west-1": endpoint{},
1622 "us-west-2": endpoint{}, 1803 "us-west-2": endpoint{},
1623 }, 1804 },
1624 }, 1805 },
@@ -1633,6 +1814,95 @@ var awsPartition = partition{
1633 "us-west-2": endpoint{}, 1814 "us-west-2": endpoint{},
1634 }, 1815 },
1635 }, 1816 },
1817 "iotevents": service{
1818
1819 Endpoints: endpoints{
1820 "ap-northeast-1": endpoint{},
1821 "ap-southeast-2": endpoint{},
1822 "eu-central-1": endpoint{},
1823 "eu-west-1": endpoint{},
1824 "us-east-1": endpoint{},
1825 "us-east-2": endpoint{},
1826 "us-west-2": endpoint{},
1827 },
1828 },
1829 "ioteventsdata": service{
1830
1831 Endpoints: endpoints{
1832 "ap-northeast-1": endpoint{
1833 Hostname: "data.iotevents.ap-northeast-1.amazonaws.com",
1834 CredentialScope: credentialScope{
1835 Region: "ap-northeast-1",
1836 },
1837 },
1838 "ap-southeast-2": endpoint{
1839 Hostname: "data.iotevents.ap-southeast-2.amazonaws.com",
1840 CredentialScope: credentialScope{
1841 Region: "ap-southeast-2",
1842 },
1843 },
1844 "eu-central-1": endpoint{
1845 Hostname: "data.iotevents.eu-central-1.amazonaws.com",
1846 CredentialScope: credentialScope{
1847 Region: "eu-central-1",
1848 },
1849 },
1850 "eu-west-1": endpoint{
1851 Hostname: "data.iotevents.eu-west-1.amazonaws.com",
1852 CredentialScope: credentialScope{
1853 Region: "eu-west-1",
1854 },
1855 },
1856 "us-east-1": endpoint{
1857 Hostname: "data.iotevents.us-east-1.amazonaws.com",
1858 CredentialScope: credentialScope{
1859 Region: "us-east-1",
1860 },
1861 },
1862 "us-east-2": endpoint{
1863 Hostname: "data.iotevents.us-east-2.amazonaws.com",
1864 CredentialScope: credentialScope{
1865 Region: "us-east-2",
1866 },
1867 },
1868 "us-west-2": endpoint{
1869 Hostname: "data.iotevents.us-west-2.amazonaws.com",
1870 CredentialScope: credentialScope{
1871 Region: "us-west-2",
1872 },
1873 },
1874 },
1875 },
1876 "iotthingsgraph": service{
1877 Defaults: endpoint{
1878 CredentialScope: credentialScope{
1879 Service: "iotthingsgraph",
1880 },
1881 },
1882 Endpoints: endpoints{
1883 "ap-northeast-1": endpoint{},
1884 "ap-southeast-2": endpoint{},
1885 "eu-west-1": endpoint{},
1886 "us-east-1": endpoint{},
1887 "us-west-2": endpoint{},
1888 },
1889 },
1890 "kafka": service{
1891
1892 Endpoints: endpoints{
1893 "ap-northeast-1": endpoint{},
1894 "ap-southeast-1": endpoint{},
1895 "ap-southeast-2": endpoint{},
1896 "eu-central-1": endpoint{},
1897 "eu-north-1": endpoint{},
1898 "eu-west-1": endpoint{},
1899 "eu-west-2": endpoint{},
1900 "eu-west-3": endpoint{},
1901 "us-east-1": endpoint{},
1902 "us-east-2": endpoint{},
1903 "us-west-2": endpoint{},
1904 },
1905 },
1636 "kinesis": service{ 1906 "kinesis": service{
1637 1907
1638 Endpoints: endpoints{ 1908 Endpoints: endpoints{
@@ -1648,6 +1918,7 @@ var awsPartition = partition{
1648 "eu-west-1": endpoint{}, 1918 "eu-west-1": endpoint{},
1649 "eu-west-2": endpoint{}, 1919 "eu-west-2": endpoint{},
1650 "eu-west-3": endpoint{}, 1920 "eu-west-3": endpoint{},
1921 "me-south-1": endpoint{},
1651 "sa-east-1": endpoint{}, 1922 "sa-east-1": endpoint{},
1652 "us-east-1": endpoint{}, 1923 "us-east-1": endpoint{},
1653 "us-east-2": endpoint{}, 1924 "us-east-2": endpoint{},
@@ -1658,11 +1929,16 @@ var awsPartition = partition{
1658 "kinesisanalytics": service{ 1929 "kinesisanalytics": service{
1659 1930
1660 Endpoints: endpoints{ 1931 Endpoints: endpoints{
1661 "eu-central-1": endpoint{}, 1932 "ap-northeast-1": endpoint{},
1662 "eu-west-1": endpoint{}, 1933 "ap-northeast-2": endpoint{},
1663 "us-east-1": endpoint{}, 1934 "ap-southeast-1": endpoint{},
1664 "us-east-2": endpoint{}, 1935 "ap-southeast-2": endpoint{},
1665 "us-west-2": endpoint{}, 1936 "eu-central-1": endpoint{},
1937 "eu-west-1": endpoint{},
1938 "eu-west-2": endpoint{},
1939 "us-east-1": endpoint{},
1940 "us-east-2": endpoint{},
1941 "us-west-2": endpoint{},
1666 }, 1942 },
1667 }, 1943 },
1668 "kinesisvideo": service{ 1944 "kinesisvideo": service{
@@ -1679,12 +1955,6 @@ var awsPartition = partition{
1679 "kms": service{ 1955 "kms": service{
1680 1956
1681 Endpoints: endpoints{ 1957 Endpoints: endpoints{
1682 "ProdFips": endpoint{
1683 Hostname: "kms-fips.ca-central-1.amazonaws.com",
1684 CredentialScope: credentialScope{
1685 Region: "ca-central-1",
1686 },
1687 },
1688 "ap-east-1": endpoint{}, 1958 "ap-east-1": endpoint{},
1689 "ap-northeast-1": endpoint{}, 1959 "ap-northeast-1": endpoint{},
1690 "ap-northeast-2": endpoint{}, 1960 "ap-northeast-2": endpoint{},
@@ -1697,6 +1967,7 @@ var awsPartition = partition{
1697 "eu-west-1": endpoint{}, 1967 "eu-west-1": endpoint{},
1698 "eu-west-2": endpoint{}, 1968 "eu-west-2": endpoint{},
1699 "eu-west-3": endpoint{}, 1969 "eu-west-3": endpoint{},
1970 "me-south-1": endpoint{},
1700 "sa-east-1": endpoint{}, 1971 "sa-east-1": endpoint{},
1701 "us-east-1": endpoint{}, 1972 "us-east-1": endpoint{},
1702 "us-east-2": endpoint{}, 1973 "us-east-2": endpoint{},
@@ -1719,6 +1990,7 @@ var awsPartition = partition{
1719 "eu-west-1": endpoint{}, 1990 "eu-west-1": endpoint{},
1720 "eu-west-2": endpoint{}, 1991 "eu-west-2": endpoint{},
1721 "eu-west-3": endpoint{}, 1992 "eu-west-3": endpoint{},
1993 "me-south-1": endpoint{},
1722 "sa-east-1": endpoint{}, 1994 "sa-east-1": endpoint{},
1723 "us-east-1": endpoint{}, 1995 "us-east-1": endpoint{},
1724 "us-east-2": endpoint{}, 1996 "us-east-2": endpoint{},
@@ -1729,16 +2001,22 @@ var awsPartition = partition{
1729 "license-manager": service{ 2001 "license-manager": service{
1730 2002
1731 Endpoints: endpoints{ 2003 Endpoints: endpoints{
2004 "ap-east-1": endpoint{},
1732 "ap-northeast-1": endpoint{}, 2005 "ap-northeast-1": endpoint{},
1733 "ap-northeast-2": endpoint{}, 2006 "ap-northeast-2": endpoint{},
1734 "ap-south-1": endpoint{}, 2007 "ap-south-1": endpoint{},
1735 "ap-southeast-1": endpoint{}, 2008 "ap-southeast-1": endpoint{},
1736 "ap-southeast-2": endpoint{}, 2009 "ap-southeast-2": endpoint{},
2010 "ca-central-1": endpoint{},
1737 "eu-central-1": endpoint{}, 2011 "eu-central-1": endpoint{},
2012 "eu-north-1": endpoint{},
1738 "eu-west-1": endpoint{}, 2013 "eu-west-1": endpoint{},
1739 "eu-west-2": endpoint{}, 2014 "eu-west-2": endpoint{},
2015 "eu-west-3": endpoint{},
2016 "sa-east-1": endpoint{},
1740 "us-east-1": endpoint{}, 2017 "us-east-1": endpoint{},
1741 "us-east-2": endpoint{}, 2018 "us-east-2": endpoint{},
2019 "us-west-1": endpoint{},
1742 "us-west-2": endpoint{}, 2020 "us-west-2": endpoint{},
1743 }, 2021 },
1744 }, 2022 },
@@ -1775,6 +2053,7 @@ var awsPartition = partition{
1775 "eu-west-1": endpoint{}, 2053 "eu-west-1": endpoint{},
1776 "eu-west-2": endpoint{}, 2054 "eu-west-2": endpoint{},
1777 "eu-west-3": endpoint{}, 2055 "eu-west-3": endpoint{},
2056 "me-south-1": endpoint{},
1778 "sa-east-1": endpoint{}, 2057 "sa-east-1": endpoint{},
1779 "us-east-1": endpoint{}, 2058 "us-east-1": endpoint{},
1780 "us-east-2": endpoint{}, 2059 "us-east-2": endpoint{},
@@ -1843,6 +2122,7 @@ var awsPartition = partition{
1843 "ap-southeast-1": endpoint{}, 2122 "ap-southeast-1": endpoint{},
1844 "ap-southeast-2": endpoint{}, 2123 "ap-southeast-2": endpoint{},
1845 "eu-central-1": endpoint{}, 2124 "eu-central-1": endpoint{},
2125 "eu-north-1": endpoint{},
1846 "eu-west-1": endpoint{}, 2126 "eu-west-1": endpoint{},
1847 "sa-east-1": endpoint{}, 2127 "sa-east-1": endpoint{},
1848 "us-east-1": endpoint{}, 2128 "us-east-1": endpoint{},
@@ -1873,6 +2153,7 @@ var awsPartition = partition{
1873 "ap-northeast-2": endpoint{}, 2153 "ap-northeast-2": endpoint{},
1874 "ap-southeast-2": endpoint{}, 2154 "ap-southeast-2": endpoint{},
1875 "eu-central-1": endpoint{}, 2155 "eu-central-1": endpoint{},
2156 "eu-north-1": endpoint{},
1876 "eu-west-1": endpoint{}, 2157 "eu-west-1": endpoint{},
1877 "us-east-1": endpoint{}, 2158 "us-east-1": endpoint{},
1878 "us-west-2": endpoint{}, 2159 "us-west-2": endpoint{},
@@ -1945,6 +2226,7 @@ var awsPartition = partition{
1945 "eu-west-1": endpoint{}, 2226 "eu-west-1": endpoint{},
1946 "eu-west-2": endpoint{}, 2227 "eu-west-2": endpoint{},
1947 "eu-west-3": endpoint{}, 2228 "eu-west-3": endpoint{},
2229 "me-south-1": endpoint{},
1948 "sa-east-1": endpoint{}, 2230 "sa-east-1": endpoint{},
1949 "us-east-1": endpoint{}, 2231 "us-east-1": endpoint{},
1950 "us-east-2": endpoint{}, 2232 "us-east-2": endpoint{},
@@ -1957,11 +2239,14 @@ var awsPartition = partition{
1957 Endpoints: endpoints{ 2239 Endpoints: endpoints{
1958 "ap-northeast-1": endpoint{}, 2240 "ap-northeast-1": endpoint{},
1959 "ap-northeast-2": endpoint{}, 2241 "ap-northeast-2": endpoint{},
2242 "ap-south-1": endpoint{},
1960 "ap-southeast-1": endpoint{}, 2243 "ap-southeast-1": endpoint{},
1961 "ap-southeast-2": endpoint{}, 2244 "ap-southeast-2": endpoint{},
2245 "ca-central-1": endpoint{},
1962 "eu-central-1": endpoint{}, 2246 "eu-central-1": endpoint{},
1963 "eu-west-1": endpoint{}, 2247 "eu-west-1": endpoint{},
1964 "eu-west-2": endpoint{}, 2248 "eu-west-2": endpoint{},
2249 "eu-west-3": endpoint{},
1965 "us-east-1": endpoint{}, 2250 "us-east-1": endpoint{},
1966 "us-east-2": endpoint{}, 2251 "us-east-2": endpoint{},
1967 "us-west-1": endpoint{}, 2252 "us-west-1": endpoint{},
@@ -1987,6 +2272,12 @@ var awsPartition = partition{
1987 Region: "ap-northeast-1", 2272 Region: "ap-northeast-1",
1988 }, 2273 },
1989 }, 2274 },
2275 "ap-northeast-2": endpoint{
2276 Hostname: "rds.ap-northeast-2.amazonaws.com",
2277 CredentialScope: credentialScope{
2278 Region: "ap-northeast-2",
2279 },
2280 },
1990 "ap-south-1": endpoint{ 2281 "ap-south-1": endpoint{
1991 Hostname: "rds.ap-south-1.amazonaws.com", 2282 Hostname: "rds.ap-south-1.amazonaws.com",
1992 CredentialScope: credentialScope{ 2283 CredentialScope: credentialScope{
@@ -2011,6 +2302,12 @@ var awsPartition = partition{
2011 Region: "eu-central-1", 2302 Region: "eu-central-1",
2012 }, 2303 },
2013 }, 2304 },
2305 "eu-north-1": endpoint{
2306 Hostname: "rds.eu-north-1.amazonaws.com",
2307 CredentialScope: credentialScope{
2308 Region: "eu-north-1",
2309 },
2310 },
2014 "eu-west-1": endpoint{ 2311 "eu-west-1": endpoint{
2015 Hostname: "rds.eu-west-1.amazonaws.com", 2312 Hostname: "rds.eu-west-1.amazonaws.com",
2016 CredentialScope: credentialScope{ 2313 CredentialScope: credentialScope{
@@ -2126,6 +2423,38 @@ var awsPartition = partition{
2126 "us-west-2": endpoint{}, 2423 "us-west-2": endpoint{},
2127 }, 2424 },
2128 }, 2425 },
2426 "projects.iot1click": service{
2427
2428 Endpoints: endpoints{
2429 "ap-northeast-1": endpoint{},
2430 "eu-central-1": endpoint{},
2431 "eu-west-1": endpoint{},
2432 "eu-west-2": endpoint{},
2433 "us-east-1": endpoint{},
2434 "us-east-2": endpoint{},
2435 "us-west-2": endpoint{},
2436 },
2437 },
2438 "ram": service{
2439
2440 Endpoints: endpoints{
2441 "ap-northeast-1": endpoint{},
2442 "ap-northeast-2": endpoint{},
2443 "ap-south-1": endpoint{},
2444 "ap-southeast-1": endpoint{},
2445 "ap-southeast-2": endpoint{},
2446 "ca-central-1": endpoint{},
2447 "eu-central-1": endpoint{},
2448 "eu-north-1": endpoint{},
2449 "eu-west-1": endpoint{},
2450 "eu-west-2": endpoint{},
2451 "eu-west-3": endpoint{},
2452 "us-east-1": endpoint{},
2453 "us-east-2": endpoint{},
2454 "us-west-1": endpoint{},
2455 "us-west-2": endpoint{},
2456 },
2457 },
2129 "rds": service{ 2458 "rds": service{
2130 2459
2131 Endpoints: endpoints{ 2460 Endpoints: endpoints{
@@ -2165,6 +2494,7 @@ var awsPartition = partition{
2165 "eu-west-1": endpoint{}, 2494 "eu-west-1": endpoint{},
2166 "eu-west-2": endpoint{}, 2495 "eu-west-2": endpoint{},
2167 "eu-west-3": endpoint{}, 2496 "eu-west-3": endpoint{},
2497 "me-south-1": endpoint{},
2168 "sa-east-1": endpoint{}, 2498 "sa-east-1": endpoint{},
2169 "us-east-1": endpoint{}, 2499 "us-east-1": endpoint{},
2170 "us-east-2": endpoint{}, 2500 "us-east-2": endpoint{},
@@ -2178,10 +2508,14 @@ var awsPartition = partition{
2178 "ap-northeast-1": endpoint{}, 2508 "ap-northeast-1": endpoint{},
2179 "ap-northeast-2": endpoint{}, 2509 "ap-northeast-2": endpoint{},
2180 "ap-south-1": endpoint{}, 2510 "ap-south-1": endpoint{},
2511 "ap-southeast-1": endpoint{},
2181 "ap-southeast-2": endpoint{}, 2512 "ap-southeast-2": endpoint{},
2513 "eu-central-1": endpoint{},
2182 "eu-west-1": endpoint{}, 2514 "eu-west-1": endpoint{},
2515 "eu-west-2": endpoint{},
2183 "us-east-1": endpoint{}, 2516 "us-east-1": endpoint{},
2184 "us-east-2": endpoint{}, 2517 "us-east-2": endpoint{},
2518 "us-west-1": endpoint{},
2185 "us-west-2": endpoint{}, 2519 "us-west-2": endpoint{},
2186 }, 2520 },
2187 }, 2521 },
@@ -2200,6 +2534,7 @@ var awsPartition = partition{
2200 "eu-west-1": endpoint{}, 2534 "eu-west-1": endpoint{},
2201 "eu-west-2": endpoint{}, 2535 "eu-west-2": endpoint{},
2202 "eu-west-3": endpoint{}, 2536 "eu-west-3": endpoint{},
2537 "me-south-1": endpoint{},
2203 "sa-east-1": endpoint{}, 2538 "sa-east-1": endpoint{},
2204 "us-east-1": endpoint{}, 2539 "us-east-1": endpoint{},
2205 "us-east-2": endpoint{}, 2540 "us-east-2": endpoint{},
@@ -2211,8 +2546,11 @@ var awsPartition = partition{
2211 2546
2212 Endpoints: endpoints{ 2547 Endpoints: endpoints{
2213 "ap-northeast-1": endpoint{}, 2548 "ap-northeast-1": endpoint{},
2549 "ap-southeast-1": endpoint{},
2550 "eu-central-1": endpoint{},
2214 "eu-west-1": endpoint{}, 2551 "eu-west-1": endpoint{},
2215 "us-east-1": endpoint{}, 2552 "us-east-1": endpoint{},
2553 "us-east-2": endpoint{},
2216 "us-west-2": endpoint{}, 2554 "us-west-2": endpoint{},
2217 }, 2555 },
2218 }, 2556 },
@@ -2281,9 +2619,33 @@ var awsPartition = partition{
2281 "eu-west-1": endpoint{}, 2619 "eu-west-1": endpoint{},
2282 "eu-west-2": endpoint{}, 2620 "eu-west-2": endpoint{},
2283 "us-east-1": endpoint{}, 2621 "us-east-1": endpoint{},
2284 "us-east-2": endpoint{}, 2622 "us-east-1-fips": endpoint{
2285 "us-west-1": endpoint{}, 2623 Hostname: "runtime-fips.sagemaker.us-east-1.amazonaws.com",
2286 "us-west-2": endpoint{}, 2624 CredentialScope: credentialScope{
2625 Region: "us-east-1",
2626 },
2627 },
2628 "us-east-2": endpoint{},
2629 "us-east-2-fips": endpoint{
2630 Hostname: "runtime-fips.sagemaker.us-east-2.amazonaws.com",
2631 CredentialScope: credentialScope{
2632 Region: "us-east-2",
2633 },
2634 },
2635 "us-west-1": endpoint{},
2636 "us-west-1-fips": endpoint{
2637 Hostname: "runtime-fips.sagemaker.us-west-1.amazonaws.com",
2638 CredentialScope: credentialScope{
2639 Region: "us-west-1",
2640 },
2641 },
2642 "us-west-2": endpoint{},
2643 "us-west-2-fips": endpoint{
2644 Hostname: "runtime-fips.sagemaker.us-west-2.amazonaws.com",
2645 CredentialScope: credentialScope{
2646 Region: "us-west-2",
2647 },
2648 },
2287 }, 2649 },
2288 }, 2650 },
2289 "s3": service{ 2651 "s3": service{
@@ -2319,8 +2681,9 @@ var awsPartition = partition{
2319 Hostname: "s3.eu-west-1.amazonaws.com", 2681 Hostname: "s3.eu-west-1.amazonaws.com",
2320 SignatureVersions: []string{"s3", "s3v4"}, 2682 SignatureVersions: []string{"s3", "s3v4"},
2321 }, 2683 },
2322 "eu-west-2": endpoint{}, 2684 "eu-west-2": endpoint{},
2323 "eu-west-3": endpoint{}, 2685 "eu-west-3": endpoint{},
2686 "me-south-1": endpoint{},
2324 "s3-external-1": endpoint{ 2687 "s3-external-1": endpoint{
2325 Hostname: "s3-external-1.amazonaws.com", 2688 Hostname: "s3-external-1.amazonaws.com",
2326 SignatureVersions: []string{"s3", "s3v4"}, 2689 SignatureVersions: []string{"s3", "s3v4"},
@@ -2571,6 +2934,7 @@ var awsPartition = partition{
2571 "ap-southeast-2": endpoint{}, 2934 "ap-southeast-2": endpoint{},
2572 "ca-central-1": endpoint{}, 2935 "ca-central-1": endpoint{},
2573 "eu-central-1": endpoint{}, 2936 "eu-central-1": endpoint{},
2937 "eu-north-1": endpoint{},
2574 "eu-west-1": endpoint{}, 2938 "eu-west-1": endpoint{},
2575 "eu-west-2": endpoint{}, 2939 "eu-west-2": endpoint{},
2576 "eu-west-3": endpoint{}, 2940 "eu-west-3": endpoint{},
@@ -2714,6 +3078,7 @@ var awsPartition = partition{
2714 "sms": service{ 3078 "sms": service{
2715 3079
2716 Endpoints: endpoints{ 3080 Endpoints: endpoints{
3081 "ap-east-1": endpoint{},
2717 "ap-northeast-1": endpoint{}, 3082 "ap-northeast-1": endpoint{},
2718 "ap-northeast-2": endpoint{}, 3083 "ap-northeast-2": endpoint{},
2719 "ap-south-1": endpoint{}, 3084 "ap-south-1": endpoint{},
@@ -2736,6 +3101,7 @@ var awsPartition = partition{
2736 3101
2737 Endpoints: endpoints{ 3102 Endpoints: endpoints{
2738 "ap-northeast-1": endpoint{}, 3103 "ap-northeast-1": endpoint{},
3104 "ap-northeast-2": endpoint{},
2739 "ap-south-1": endpoint{}, 3105 "ap-south-1": endpoint{},
2740 "ap-southeast-1": endpoint{}, 3106 "ap-southeast-1": endpoint{},
2741 "ap-southeast-2": endpoint{}, 3107 "ap-southeast-2": endpoint{},
@@ -2768,6 +3134,7 @@ var awsPartition = partition{
2768 "eu-west-1": endpoint{}, 3134 "eu-west-1": endpoint{},
2769 "eu-west-2": endpoint{}, 3135 "eu-west-2": endpoint{},
2770 "eu-west-3": endpoint{}, 3136 "eu-west-3": endpoint{},
3137 "me-south-1": endpoint{},
2771 "sa-east-1": endpoint{}, 3138 "sa-east-1": endpoint{},
2772 "us-east-1": endpoint{}, 3139 "us-east-1": endpoint{},
2773 "us-east-2": endpoint{}, 3140 "us-east-2": endpoint{},
@@ -2817,7 +3184,8 @@ var awsPartition = partition{
2817 Region: "us-west-2", 3184 Region: "us-west-2",
2818 }, 3185 },
2819 }, 3186 },
2820 "sa-east-1": endpoint{}, 3187 "me-south-1": endpoint{},
3188 "sa-east-1": endpoint{},
2821 "us-east-1": endpoint{ 3189 "us-east-1": endpoint{
2822 SSLCommonName: "queue.{dnsSuffix}", 3190 SSLCommonName: "queue.{dnsSuffix}",
2823 }, 3191 },
@@ -2841,6 +3209,7 @@ var awsPartition = partition{
2841 "eu-west-1": endpoint{}, 3209 "eu-west-1": endpoint{},
2842 "eu-west-2": endpoint{}, 3210 "eu-west-2": endpoint{},
2843 "eu-west-3": endpoint{}, 3211 "eu-west-3": endpoint{},
3212 "me-south-1": endpoint{},
2844 "sa-east-1": endpoint{}, 3213 "sa-east-1": endpoint{},
2845 "us-east-1": endpoint{}, 3214 "us-east-1": endpoint{},
2846 "us-east-2": endpoint{}, 3215 "us-east-2": endpoint{},
@@ -2863,6 +3232,7 @@ var awsPartition = partition{
2863 "eu-west-1": endpoint{}, 3232 "eu-west-1": endpoint{},
2864 "eu-west-2": endpoint{}, 3233 "eu-west-2": endpoint{},
2865 "eu-west-3": endpoint{}, 3234 "eu-west-3": endpoint{},
3235 "me-south-1": endpoint{},
2866 "sa-east-1": endpoint{}, 3236 "sa-east-1": endpoint{},
2867 "us-east-1": endpoint{}, 3237 "us-east-1": endpoint{},
2868 "us-east-2": endpoint{}, 3238 "us-east-2": endpoint{},
@@ -2884,6 +3254,7 @@ var awsPartition = partition{
2884 "eu-west-1": endpoint{}, 3254 "eu-west-1": endpoint{},
2885 "eu-west-2": endpoint{}, 3255 "eu-west-2": endpoint{},
2886 "eu-west-3": endpoint{}, 3256 "eu-west-3": endpoint{},
3257 "me-south-1": endpoint{},
2887 "sa-east-1": endpoint{}, 3258 "sa-east-1": endpoint{},
2888 "us-east-1": endpoint{}, 3259 "us-east-1": endpoint{},
2889 "us-east-2": endpoint{}, 3260 "us-east-2": endpoint{},
@@ -2905,11 +3276,17 @@ var awsPartition = partition{
2905 "ap-southeast-1": endpoint{}, 3276 "ap-southeast-1": endpoint{},
2906 "ap-southeast-2": endpoint{}, 3277 "ap-southeast-2": endpoint{},
2907 "ca-central-1": endpoint{}, 3278 "ca-central-1": endpoint{},
2908 "eu-central-1": endpoint{}, 3279 "ca-central-1-fips": endpoint{
2909 "eu-north-1": endpoint{}, 3280 Hostname: "dynamodb-fips.ca-central-1.amazonaws.com",
2910 "eu-west-1": endpoint{}, 3281 CredentialScope: credentialScope{
2911 "eu-west-2": endpoint{}, 3282 Region: "ca-central-1",
2912 "eu-west-3": endpoint{}, 3283 },
3284 },
3285 "eu-central-1": endpoint{},
3286 "eu-north-1": endpoint{},
3287 "eu-west-1": endpoint{},
3288 "eu-west-2": endpoint{},
3289 "eu-west-3": endpoint{},
2913 "local": endpoint{ 3290 "local": endpoint{
2914 Hostname: "localhost:8000", 3291 Hostname: "localhost:8000",
2915 Protocols: []string{"http"}, 3292 Protocols: []string{"http"},
@@ -2917,11 +3294,36 @@ var awsPartition = partition{
2917 Region: "us-east-1", 3294 Region: "us-east-1",
2918 }, 3295 },
2919 }, 3296 },
2920 "sa-east-1": endpoint{}, 3297 "me-south-1": endpoint{},
2921 "us-east-1": endpoint{}, 3298 "sa-east-1": endpoint{},
3299 "us-east-1": endpoint{},
3300 "us-east-1-fips": endpoint{
3301 Hostname: "dynamodb-fips.us-east-1.amazonaws.com",
3302 CredentialScope: credentialScope{
3303 Region: "us-east-1",
3304 },
3305 },
2922 "us-east-2": endpoint{}, 3306 "us-east-2": endpoint{},
3307 "us-east-2-fips": endpoint{
3308 Hostname: "dynamodb-fips.us-east-2.amazonaws.com",
3309 CredentialScope: credentialScope{
3310 Region: "us-east-2",
3311 },
3312 },
2923 "us-west-1": endpoint{}, 3313 "us-west-1": endpoint{},
3314 "us-west-1-fips": endpoint{
3315 Hostname: "dynamodb-fips.us-west-1.amazonaws.com",
3316 CredentialScope: credentialScope{
3317 Region: "us-west-1",
3318 },
3319 },
2924 "us-west-2": endpoint{}, 3320 "us-west-2": endpoint{},
3321 "us-west-2-fips": endpoint{
3322 Hostname: "dynamodb-fips.us-west-2.amazonaws.com",
3323 CredentialScope: credentialScope{
3324 Region: "us-west-2",
3325 },
3326 },
2925 }, 3327 },
2926 }, 3328 },
2927 "sts": service{ 3329 "sts": service{
@@ -2956,8 +3358,14 @@ var awsPartition = partition{
2956 "eu-west-1": endpoint{}, 3358 "eu-west-1": endpoint{},
2957 "eu-west-2": endpoint{}, 3359 "eu-west-2": endpoint{},
2958 "eu-west-3": endpoint{}, 3360 "eu-west-3": endpoint{},
2959 "sa-east-1": endpoint{}, 3361 "me-south-1": endpoint{
2960 "us-east-1": endpoint{}, 3362 Hostname: "sts.me-south-1.amazonaws.com",
3363 CredentialScope: credentialScope{
3364 Region: "me-south-1",
3365 },
3366 },
3367 "sa-east-1": endpoint{},
3368 "us-east-1": endpoint{},
2961 "us-east-1-fips": endpoint{ 3369 "us-east-1-fips": endpoint{
2962 Hostname: "sts-fips.us-east-1.amazonaws.com", 3370 Hostname: "sts-fips.us-east-1.amazonaws.com",
2963 CredentialScope: credentialScope{ 3371 CredentialScope: credentialScope{
@@ -2988,9 +3396,15 @@ var awsPartition = partition{
2988 }, 3396 },
2989 }, 3397 },
2990 "support": service{ 3398 "support": service{
3399 PartitionEndpoint: "aws-global",
2991 3400
2992 Endpoints: endpoints{ 3401 Endpoints: endpoints{
2993 "us-east-1": endpoint{}, 3402 "aws-global": endpoint{
3403 Hostname: "support.us-east-1.amazonaws.com",
3404 CredentialScope: credentialScope{
3405 Region: "us-east-1",
3406 },
3407 },
2994 }, 3408 },
2995 }, 3409 },
2996 "swf": service{ 3410 "swf": service{
@@ -3008,6 +3422,7 @@ var awsPartition = partition{
3008 "eu-west-1": endpoint{}, 3422 "eu-west-1": endpoint{},
3009 "eu-west-2": endpoint{}, 3423 "eu-west-2": endpoint{},
3010 "eu-west-3": endpoint{}, 3424 "eu-west-3": endpoint{},
3425 "me-south-1": endpoint{},
3011 "sa-east-1": endpoint{}, 3426 "sa-east-1": endpoint{},
3012 "us-east-1": endpoint{}, 3427 "us-east-1": endpoint{},
3013 "us-east-2": endpoint{}, 3428 "us-east-2": endpoint{},
@@ -3030,6 +3445,7 @@ var awsPartition = partition{
3030 "eu-west-1": endpoint{}, 3445 "eu-west-1": endpoint{},
3031 "eu-west-2": endpoint{}, 3446 "eu-west-2": endpoint{},
3032 "eu-west-3": endpoint{}, 3447 "eu-west-3": endpoint{},
3448 "me-south-1": endpoint{},
3033 "sa-east-1": endpoint{}, 3449 "sa-east-1": endpoint{},
3034 "us-east-1": endpoint{}, 3450 "us-east-1": endpoint{},
3035 "us-east-2": endpoint{}, 3451 "us-east-2": endpoint{},
@@ -3061,7 +3477,11 @@ var awsPartition = partition{
3061 Protocols: []string{"https"}, 3477 Protocols: []string{"https"},
3062 }, 3478 },
3063 Endpoints: endpoints{ 3479 Endpoints: endpoints{
3480 "ap-northeast-1": endpoint{},
3064 "ap-northeast-2": endpoint{}, 3481 "ap-northeast-2": endpoint{},
3482 "ap-south-1": endpoint{},
3483 "ap-southeast-1": endpoint{},
3484 "ca-central-1": endpoint{},
3065 "eu-central-1": endpoint{}, 3485 "eu-central-1": endpoint{},
3066 "eu-west-1": endpoint{}, 3486 "eu-west-1": endpoint{},
3067 "us-east-1": endpoint{}, 3487 "us-east-1": endpoint{},
@@ -3105,12 +3525,16 @@ var awsPartition = partition{
3105 Endpoints: endpoints{ 3525 Endpoints: endpoints{
3106 "ap-northeast-1": endpoint{}, 3526 "ap-northeast-1": endpoint{},
3107 "ap-northeast-2": endpoint{}, 3527 "ap-northeast-2": endpoint{},
3528 "ap-south-1": endpoint{},
3108 "ap-southeast-1": endpoint{}, 3529 "ap-southeast-1": endpoint{},
3109 "ap-southeast-2": endpoint{}, 3530 "ap-southeast-2": endpoint{},
3531 "ca-central-1": endpoint{},
3110 "eu-central-1": endpoint{}, 3532 "eu-central-1": endpoint{},
3111 "eu-north-1": endpoint{}, 3533 "eu-north-1": endpoint{},
3112 "eu-west-1": endpoint{}, 3534 "eu-west-1": endpoint{},
3113 "eu-west-2": endpoint{}, 3535 "eu-west-2": endpoint{},
3536 "eu-west-3": endpoint{},
3537 "sa-east-1": endpoint{},
3114 "us-east-1": endpoint{}, 3538 "us-east-1": endpoint{},
3115 "us-east-2": endpoint{}, 3539 "us-east-2": endpoint{},
3116 "us-west-1": endpoint{}, 3540 "us-west-1": endpoint{},
@@ -3157,6 +3581,7 @@ var awsPartition = partition{
3157 "xray": service{ 3581 "xray": service{
3158 3582
3159 Endpoints: endpoints{ 3583 Endpoints: endpoints{
3584 "ap-east-1": endpoint{},
3160 "ap-northeast-1": endpoint{}, 3585 "ap-northeast-1": endpoint{},
3161 "ap-northeast-2": endpoint{}, 3586 "ap-northeast-2": endpoint{},
3162 "ap-south-1": endpoint{}, 3587 "ap-south-1": endpoint{},
@@ -3433,6 +3858,15 @@ var awscnPartition = partition{
3433 "cn-northwest-1": endpoint{}, 3858 "cn-northwest-1": endpoint{},
3434 }, 3859 },
3435 }, 3860 },
3861 "greengrass": service{
3862 IsRegionalized: boxedTrue,
3863 Defaults: endpoint{
3864 Protocols: []string{"https"},
3865 },
3866 Endpoints: endpoints{
3867 "cn-north-1": endpoint{},
3868 },
3869 },
3436 "iam": service{ 3870 "iam": service{
3437 PartitionEndpoint: "aws-cn-global", 3871 PartitionEndpoint: "aws-cn-global",
3438 IsRegionalized: boxedFalse, 3872 IsRegionalized: boxedFalse,
@@ -3463,6 +3897,13 @@ var awscnPartition = partition{
3463 "cn-northwest-1": endpoint{}, 3897 "cn-northwest-1": endpoint{},
3464 }, 3898 },
3465 }, 3899 },
3900 "kms": service{
3901
3902 Endpoints: endpoints{
3903 "cn-north-1": endpoint{},
3904 "cn-northwest-1": endpoint{},
3905 },
3906 },
3466 "lambda": service{ 3907 "lambda": service{
3467 3908
3468 Endpoints: endpoints{ 3909 Endpoints: endpoints{
@@ -3470,6 +3911,13 @@ var awscnPartition = partition{
3470 "cn-northwest-1": endpoint{}, 3911 "cn-northwest-1": endpoint{},
3471 }, 3912 },
3472 }, 3913 },
3914 "license-manager": service{
3915
3916 Endpoints: endpoints{
3917 "cn-north-1": endpoint{},
3918 "cn-northwest-1": endpoint{},
3919 },
3920 },
3473 "logs": service{ 3921 "logs": service{
3474 3922
3475 Endpoints: endpoints{ 3923 Endpoints: endpoints{
@@ -3480,7 +3928,12 @@ var awscnPartition = partition{
3480 "mediaconvert": service{ 3928 "mediaconvert": service{
3481 3929
3482 Endpoints: endpoints{ 3930 Endpoints: endpoints{
3483 "cn-northwest-1": endpoint{}, 3931 "cn-northwest-1": endpoint{
3932 Hostname: "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn",
3933 CredentialScope: credentialScope{
3934 Region: "cn-northwest-1",
3935 },
3936 },
3484 }, 3937 },
3485 }, 3938 },
3486 "monitoring": service{ 3939 "monitoring": service{
@@ -3615,6 +4068,18 @@ var awscnPartition = partition{
3615 "cn-northwest-1": endpoint{}, 4068 "cn-northwest-1": endpoint{},
3616 }, 4069 },
3617 }, 4070 },
4071 "support": service{
4072 PartitionEndpoint: "aws-cn-global",
4073
4074 Endpoints: endpoints{
4075 "aws-cn-global": endpoint{
4076 Hostname: "support.cn-north-1.amazonaws.com",
4077 CredentialScope: credentialScope{
4078 Region: "cn-north-1",
4079 },
4080 },
4081 },
4082 },
3618 "swf": service{ 4083 "swf": service{
3619 4084
3620 Endpoints: endpoints{ 4085 Endpoints: endpoints{
@@ -3668,6 +4133,15 @@ var awsusgovPartition = partition{
3668 "us-gov-west-1": endpoint{}, 4133 "us-gov-west-1": endpoint{},
3669 }, 4134 },
3670 }, 4135 },
4136 "acm-pca": service{
4137 Defaults: endpoint{
4138 Protocols: []string{"https"},
4139 },
4140 Endpoints: endpoints{
4141 "us-gov-east-1": endpoint{},
4142 "us-gov-west-1": endpoint{},
4143 },
4144 },
3671 "api.ecr": service{ 4145 "api.ecr": service{
3672 4146
3673 Endpoints: endpoints{ 4147 Endpoints: endpoints{
@@ -3713,6 +4187,7 @@ var awsusgovPartition = partition{
3713 "athena": service{ 4187 "athena": service{
3714 4188
3715 Endpoints: endpoints{ 4189 Endpoints: endpoints{
4190 "us-gov-east-1": endpoint{},
3716 "us-gov-west-1": endpoint{}, 4191 "us-gov-west-1": endpoint{},
3717 }, 4192 },
3718 }, 4193 },
@@ -3762,9 +4237,17 @@ var awsusgovPartition = partition{
3762 "us-gov-west-1": endpoint{}, 4237 "us-gov-west-1": endpoint{},
3763 }, 4238 },
3764 }, 4239 },
4240 "codebuild": service{
4241
4242 Endpoints: endpoints{
4243 "us-gov-east-1": endpoint{},
4244 "us-gov-west-1": endpoint{},
4245 },
4246 },
3765 "codecommit": service{ 4247 "codecommit": service{
3766 4248
3767 Endpoints: endpoints{ 4249 Endpoints: endpoints{
4250 "us-gov-east-1": endpoint{},
3768 "us-gov-west-1": endpoint{}, 4251 "us-gov-west-1": endpoint{},
3769 }, 4252 },
3770 }, 4253 },
@@ -3802,6 +4285,12 @@ var awsusgovPartition = partition{
3802 "us-gov-west-1": endpoint{}, 4285 "us-gov-west-1": endpoint{},
3803 }, 4286 },
3804 }, 4287 },
4288 "datasync": service{
4289
4290 Endpoints: endpoints{
4291 "us-gov-west-1": endpoint{},
4292 },
4293 },
3805 "directconnect": service{ 4294 "directconnect": service{
3806 4295
3807 Endpoints: endpoints{ 4296 Endpoints: endpoints{
@@ -3819,6 +4308,7 @@ var awsusgovPartition = partition{
3819 "ds": service{ 4308 "ds": service{
3820 4309
3821 Endpoints: endpoints{ 4310 Endpoints: endpoints{
4311 "us-gov-east-1": endpoint{},
3822 "us-gov-west-1": endpoint{}, 4312 "us-gov-west-1": endpoint{},
3823 }, 4313 },
3824 }, 4314 },
@@ -3826,6 +4316,12 @@ var awsusgovPartition = partition{
3826 4316
3827 Endpoints: endpoints{ 4317 Endpoints: endpoints{
3828 "us-gov-east-1": endpoint{}, 4318 "us-gov-east-1": endpoint{},
4319 "us-gov-east-1-fips": endpoint{
4320 Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
4321 CredentialScope: credentialScope{
4322 Region: "us-gov-east-1",
4323 },
4324 },
3829 "us-gov-west-1": endpoint{}, 4325 "us-gov-west-1": endpoint{},
3830 "us-gov-west-1-fips": endpoint{ 4326 "us-gov-west-1-fips": endpoint{
3831 Hostname: "dynamodb.us-gov-west-1.amazonaws.com", 4327 Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
@@ -3927,6 +4423,7 @@ var awsusgovPartition = partition{
3927 "firehose": service{ 4423 "firehose": service{
3928 4424
3929 Endpoints: endpoints{ 4425 Endpoints: endpoints{
4426 "us-gov-east-1": endpoint{},
3930 "us-gov-west-1": endpoint{}, 4427 "us-gov-west-1": endpoint{},
3931 }, 4428 },
3932 }, 4429 },
@@ -3942,6 +4439,16 @@ var awsusgovPartition = partition{
3942 "glue": service{ 4439 "glue": service{
3943 4440
3944 Endpoints: endpoints{ 4441 Endpoints: endpoints{
4442 "us-gov-east-1": endpoint{},
4443 "us-gov-west-1": endpoint{},
4444 },
4445 },
4446 "greengrass": service{
4447 IsRegionalized: boxedTrue,
4448 Defaults: endpoint{
4449 Protocols: []string{"https"},
4450 },
4451 Endpoints: endpoints{
3945 "us-gov-west-1": endpoint{}, 4452 "us-gov-west-1": endpoint{},
3946 }, 4453 },
3947 }, 4454 },
@@ -4048,12 +4555,31 @@ var awsusgovPartition = partition{
4048 "us-gov-west-1": endpoint{}, 4555 "us-gov-west-1": endpoint{},
4049 }, 4556 },
4050 }, 4557 },
4558 "organizations": service{
4559 PartitionEndpoint: "aws-us-gov-global",
4560 IsRegionalized: boxedFalse,
4561
4562 Endpoints: endpoints{
4563 "aws-us-gov-global": endpoint{
4564 Hostname: "organizations.us-gov-west-1.amazonaws.com",
4565 CredentialScope: credentialScope{
4566 Region: "us-gov-west-1",
4567 },
4568 },
4569 },
4570 },
4051 "polly": service{ 4571 "polly": service{
4052 4572
4053 Endpoints: endpoints{ 4573 Endpoints: endpoints{
4054 "us-gov-west-1": endpoint{}, 4574 "us-gov-west-1": endpoint{},
4055 }, 4575 },
4056 }, 4576 },
4577 "ram": service{
4578
4579 Endpoints: endpoints{
4580 "us-gov-west-1": endpoint{},
4581 },
4582 },
4057 "rds": service{ 4583 "rds": service{
4058 4584
4059 Endpoints: endpoints{ 4585 Endpoints: endpoints{
@@ -4137,6 +4663,28 @@ var awsusgovPartition = partition{
4137 }, 4663 },
4138 }, 4664 },
4139 }, 4665 },
4666 "secretsmanager": service{
4667
4668 Endpoints: endpoints{
4669 "us-gov-west-1": endpoint{},
4670 "us-gov-west-1-fips": endpoint{
4671 Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com",
4672 CredentialScope: credentialScope{
4673 Region: "us-gov-west-1",
4674 },
4675 },
4676 },
4677 },
4678 "serverlessrepo": service{
4679 Defaults: endpoint{
4680 Protocols: []string{"https"},
4681 },
4682 Endpoints: endpoints{
4683 "us-gov-west-1": endpoint{
4684 Protocols: []string{"https"},
4685 },
4686 },
4687 },
4140 "sms": service{ 4688 "sms": service{
4141 4689
4142 Endpoints: endpoints{ 4690 Endpoints: endpoints{
@@ -4198,6 +4746,12 @@ var awsusgovPartition = partition{
4198 }, 4746 },
4199 Endpoints: endpoints{ 4747 Endpoints: endpoints{
4200 "us-gov-east-1": endpoint{}, 4748 "us-gov-east-1": endpoint{},
4749 "us-gov-east-1-fips": endpoint{
4750 Hostname: "dynamodb.us-gov-east-1.amazonaws.com",
4751 CredentialScope: credentialScope{
4752 Region: "us-gov-east-1",
4753 },
4754 },
4201 "us-gov-west-1": endpoint{}, 4755 "us-gov-west-1": endpoint{},
4202 "us-gov-west-1-fips": endpoint{ 4756 "us-gov-west-1-fips": endpoint{
4203 Hostname: "dynamodb.us-gov-west-1.amazonaws.com", 4757 Hostname: "dynamodb.us-gov-west-1.amazonaws.com",
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
index 000dd79..ca8fc82 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/dep_service_ids.go
@@ -2,7 +2,7 @@ package endpoints
2 2
3// Service identifiers 3// Service identifiers
4// 4//
5// Deprecated: Use client package's EndpointID value instead of these 5// Deprecated: Use client package's EndpointsID value instead of these
6// ServiceIDs. These IDs are not maintained, and are out of date. 6// ServiceIDs. These IDs are not maintained, and are out of date.
7const ( 7const (
8 A4bServiceID = "a4b" // A4b. 8 A4bServiceID = "a4b" // A4b.
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
index 271da43..d9b37f4 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error.go
@@ -1,18 +1,17 @@
1// +build !appengine,!plan9
2
3package request 1package request
4 2
5import ( 3import (
6 "net" 4 "strings"
7 "os"
8 "syscall"
9) 5)
10 6
11func isErrConnectionReset(err error) bool { 7func isErrConnectionReset(err error) bool {
12 if opErr, ok := err.(*net.OpError); ok { 8 if strings.Contains(err.Error(), "read: connection reset") {
13 if sysErr, ok := opErr.Err.(*os.SyscallError); ok { 9 return false
14 return sysErr.Err == syscall.ECONNRESET 10 }
15 } 11
12 if strings.Contains(err.Error(), "connection reset") ||
13 strings.Contains(err.Error(), "broken pipe") {
14 return true
16 } 15 }
17 16
18 return false 17 return false
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go b/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
deleted file mode 100644
index daf9eca..0000000
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/connection_reset_error_other.go
+++ /dev/null
@@ -1,11 +0,0 @@
1// +build appengine plan9
2
3package request
4
5import (
6 "strings"
7)
8
9func isErrConnectionReset(err error) bool {
10 return strings.Contains(err.Error(), "connection reset")
11}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
index 8ef8548..627ec72 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@@ -59,6 +59,51 @@ func (h *Handlers) Clear() {
59 h.Complete.Clear() 59 h.Complete.Clear()
60} 60}
61 61
62// IsEmpty returns if there are no handlers in any of the handlerlists.
63func (h *Handlers) IsEmpty() bool {
64 if h.Validate.Len() != 0 {
65 return false
66 }
67 if h.Build.Len() != 0 {
68 return false
69 }
70 if h.Send.Len() != 0 {
71 return false
72 }
73 if h.Sign.Len() != 0 {
74 return false
75 }
76 if h.Unmarshal.Len() != 0 {
77 return false
78 }
79 if h.UnmarshalStream.Len() != 0 {
80 return false
81 }
82 if h.UnmarshalMeta.Len() != 0 {
83 return false
84 }
85 if h.UnmarshalError.Len() != 0 {
86 return false
87 }
88 if h.ValidateResponse.Len() != 0 {
89 return false
90 }
91 if h.Retry.Len() != 0 {
92 return false
93 }
94 if h.AfterRetry.Len() != 0 {
95 return false
96 }
97 if h.CompleteAttempt.Len() != 0 {
98 return false
99 }
100 if h.Complete.Len() != 0 {
101 return false
102 }
103
104 return true
105}
106
62// A HandlerListRunItem represents an entry in the HandlerList which 107// A HandlerListRunItem represents an entry in the HandlerList which
63// is being run. 108// is being run.
64type HandlerListRunItem struct { 109type HandlerListRunItem struct {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
index b0c2ef4..9370fa5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go
@@ -15,12 +15,15 @@ type offsetReader struct {
15 closed bool 15 closed bool
16} 16}
17 17
18func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader { 18func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) {
19 reader := &offsetReader{} 19 reader := &offsetReader{}
20 buf.Seek(offset, sdkio.SeekStart) 20 _, err := buf.Seek(offset, sdkio.SeekStart)
21 if err != nil {
22 return nil, err
23 }
21 24
22 reader.buf = buf 25 reader.buf = buf
23 return reader 26 return reader, nil
24} 27}
25 28
26// Close will close the instance of the offset reader's access to 29// Close will close the instance of the offset reader's access to
@@ -54,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) {
54 57
55// CloseAndCopy will return a new offsetReader with a copy of the old buffer 58// CloseAndCopy will return a new offsetReader with a copy of the old buffer
56// and close the old buffer. 59// and close the old buffer.
57func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader { 60func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) {
58 o.Close() 61 if err := o.Close(); err != nil {
62 return nil, err
63 }
59 return newOffsetReader(o.buf, offset) 64 return newOffsetReader(o.buf, offset)
60} 65}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
index 8f2eb3e..e7c9b2b 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go
@@ -4,6 +4,7 @@ import (
4 "bytes" 4 "bytes"
5 "fmt" 5 "fmt"
6 "io" 6 "io"
7 "net"
7 "net/http" 8 "net/http"
8 "net/url" 9 "net/url"
9 "reflect" 10 "reflect"
@@ -231,6 +232,10 @@ func (r *Request) WillRetry() bool {
231 return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries() 232 return r.Error != nil && aws.BoolValue(r.Retryable) && r.RetryCount < r.MaxRetries()
232} 233}
233 234
235func fmtAttemptCount(retryCount, maxRetries int) string {
236 return fmt.Sprintf("attempt %v/%v", retryCount, maxRetries)
237}
238
234// ParamsFilled returns if the request's parameters have been populated 239// ParamsFilled returns if the request's parameters have been populated
235// and the parameters are valid. False is returned if no parameters are 240// and the parameters are valid. False is returned if no parameters are
236// provided or invalid. 241// provided or invalid.
@@ -259,7 +264,18 @@ func (r *Request) SetStringBody(s string) {
259// SetReaderBody will set the request's body reader. 264// SetReaderBody will set the request's body reader.
260func (r *Request) SetReaderBody(reader io.ReadSeeker) { 265func (r *Request) SetReaderBody(reader io.ReadSeeker) {
261 r.Body = reader 266 r.Body = reader
262 r.BodyStart, _ = reader.Seek(0, sdkio.SeekCurrent) // Get the Bodies current offset. 267
268 if aws.IsReaderSeekable(reader) {
269 var err error
270 // Get the Bodies current offset so retries will start from the same
271 // initial position.
272 r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent)
273 if err != nil {
274 r.Error = awserr.New(ErrCodeSerialization,
275 "failed to determine start of request body", err)
276 return
277 }
278 }
263 r.ResetBody() 279 r.ResetBody()
264} 280}
265 281
@@ -330,16 +346,15 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err
330 return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil 346 return r.HTTPRequest.URL.String(), r.SignedHeaderVals, nil
331} 347}
332 348
333func debugLogReqError(r *Request, stage string, retrying bool, err error) { 349const (
350 notRetrying = "not retrying"
351)
352
353func debugLogReqError(r *Request, stage, retryStr string, err error) {
334 if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) { 354 if !r.Config.LogLevel.Matches(aws.LogDebugWithRequestErrors) {
335 return 355 return
336 } 356 }
337 357
338 retryStr := "not retrying"
339 if retrying {
340 retryStr = "will retry"
341 }
342
343 r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v", 358 r.Config.Logger.Log(fmt.Sprintf("DEBUG: %s %s/%s failed, %s, error %v",
344 stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err)) 359 stage, r.ClientInfo.ServiceName, r.Operation.Name, retryStr, err))
345} 360}
@@ -358,12 +373,12 @@ func (r *Request) Build() error {
358 if !r.built { 373 if !r.built {
359 r.Handlers.Validate.Run(r) 374 r.Handlers.Validate.Run(r)
360 if r.Error != nil { 375 if r.Error != nil {
361 debugLogReqError(r, "Validate Request", false, r.Error) 376 debugLogReqError(r, "Validate Request", notRetrying, r.Error)
362 return r.Error 377 return r.Error
363 } 378 }
364 r.Handlers.Build.Run(r) 379 r.Handlers.Build.Run(r)
365 if r.Error != nil { 380 if r.Error != nil {
366 debugLogReqError(r, "Build Request", false, r.Error) 381 debugLogReqError(r, "Build Request", notRetrying, r.Error)
367 return r.Error 382 return r.Error
368 } 383 }
369 r.built = true 384 r.built = true
@@ -379,7 +394,7 @@ func (r *Request) Build() error {
379func (r *Request) Sign() error { 394func (r *Request) Sign() error {
380 r.Build() 395 r.Build()
381 if r.Error != nil { 396 if r.Error != nil {
382 debugLogReqError(r, "Build Request", false, r.Error) 397 debugLogReqError(r, "Build Request", notRetrying, r.Error)
383 return r.Error 398 return r.Error
384 } 399 }
385 400
@@ -387,12 +402,16 @@ func (r *Request) Sign() error {
387 return r.Error 402 return r.Error
388} 403}
389 404
390func (r *Request) getNextRequestBody() (io.ReadCloser, error) { 405func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) {
391 if r.safeBody != nil { 406 if r.safeBody != nil {
392 r.safeBody.Close() 407 r.safeBody.Close()
393 } 408 }
394 409
395 r.safeBody = newOffsetReader(r.Body, r.BodyStart) 410 r.safeBody, err = newOffsetReader(r.Body, r.BodyStart)
411 if err != nil {
412 return nil, awserr.New(ErrCodeSerialization,
413 "failed to get next request body reader", err)
414 }
396 415
397 // Go 1.8 tightened and clarified the rules code needs to use when building 416 // Go 1.8 tightened and clarified the rules code needs to use when building
398 // requests with the http package. Go 1.8 removed the automatic detection 417 // requests with the http package. Go 1.8 removed the automatic detection
@@ -409,10 +428,10 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) {
409 // Related golang/go#18257 428 // Related golang/go#18257
410 l, err := aws.SeekerLen(r.Body) 429 l, err := aws.SeekerLen(r.Body)
411 if err != nil { 430 if err != nil {
412 return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err) 431 return nil, awserr.New(ErrCodeSerialization,
432 "failed to compute request body size", err)
413 } 433 }
414 434
415 var body io.ReadCloser
416 if l == 0 { 435 if l == 0 {
417 body = NoBody 436 body = NoBody
418 } else if l > 0 { 437 } else if l > 0 {
@@ -473,13 +492,13 @@ func (r *Request) Send() error {
473 r.AttemptTime = time.Now() 492 r.AttemptTime = time.Now()
474 493
475 if err := r.Sign(); err != nil { 494 if err := r.Sign(); err != nil {
476 debugLogReqError(r, "Sign Request", false, err) 495 debugLogReqError(r, "Sign Request", notRetrying, err)
477 return err 496 return err
478 } 497 }
479 498
480 if err := r.sendRequest(); err == nil { 499 if err := r.sendRequest(); err == nil {
481 return nil 500 return nil
482 } else if !shouldRetryCancel(r.Error) { 501 } else if !shouldRetryError(r.Error) {
483 return err 502 return err
484 } else { 503 } else {
485 r.Handlers.Retry.Run(r) 504 r.Handlers.Retry.Run(r)
@@ -489,13 +508,16 @@ func (r *Request) Send() error {
489 return r.Error 508 return r.Error
490 } 509 }
491 510
492 r.prepareRetry() 511 if err := r.prepareRetry(); err != nil {
512 r.Error = err
513 return err
514 }
493 continue 515 continue
494 } 516 }
495 } 517 }
496} 518}
497 519
498func (r *Request) prepareRetry() { 520func (r *Request) prepareRetry() error {
499 if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) { 521 if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) {
500 r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d", 522 r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d",
501 r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount)) 523 r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount))
@@ -506,12 +528,19 @@ func (r *Request) prepareRetry() {
506 // the request's body even though the Client's Do returned. 528 // the request's body even though the Client's Do returned.
507 r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil) 529 r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil)
508 r.ResetBody() 530 r.ResetBody()
531 if err := r.Error; err != nil {
532 return awserr.New(ErrCodeSerialization,
533 "failed to prepare body for retry", err)
534
535 }
509 536
510 // Closing response body to ensure that no response body is leaked 537 // Closing response body to ensure that no response body is leaked
511 // between retry attempts. 538 // between retry attempts.
512 if r.HTTPResponse != nil && r.HTTPResponse.Body != nil { 539 if r.HTTPResponse != nil && r.HTTPResponse.Body != nil {
513 r.HTTPResponse.Body.Close() 540 r.HTTPResponse.Body.Close()
514 } 541 }
542
543 return nil
515} 544}
516 545
517func (r *Request) sendRequest() (sendErr error) { 546func (r *Request) sendRequest() (sendErr error) {
@@ -520,7 +549,9 @@ func (r *Request) sendRequest() (sendErr error) {
520 r.Retryable = nil 549 r.Retryable = nil
521 r.Handlers.Send.Run(r) 550 r.Handlers.Send.Run(r)
522 if r.Error != nil { 551 if r.Error != nil {
523 debugLogReqError(r, "Send Request", r.WillRetry(), r.Error) 552 debugLogReqError(r, "Send Request",
553 fmtAttemptCount(r.RetryCount, r.MaxRetries()),
554 r.Error)
524 return r.Error 555 return r.Error
525 } 556 }
526 557
@@ -528,13 +559,17 @@ func (r *Request) sendRequest() (sendErr error) {
528 r.Handlers.ValidateResponse.Run(r) 559 r.Handlers.ValidateResponse.Run(r)
529 if r.Error != nil { 560 if r.Error != nil {
530 r.Handlers.UnmarshalError.Run(r) 561 r.Handlers.UnmarshalError.Run(r)
531 debugLogReqError(r, "Validate Response", r.WillRetry(), r.Error) 562 debugLogReqError(r, "Validate Response",
563 fmtAttemptCount(r.RetryCount, r.MaxRetries()),
564 r.Error)
532 return r.Error 565 return r.Error
533 } 566 }
534 567
535 r.Handlers.Unmarshal.Run(r) 568 r.Handlers.Unmarshal.Run(r)
536 if r.Error != nil { 569 if r.Error != nil {
537 debugLogReqError(r, "Unmarshal Response", r.WillRetry(), r.Error) 570 debugLogReqError(r, "Unmarshal Response",
571 fmtAttemptCount(r.RetryCount, r.MaxRetries()),
572 r.Error)
538 return r.Error 573 return r.Error
539 } 574 }
540 575
@@ -565,13 +600,13 @@ type temporary interface {
565 Temporary() bool 600 Temporary() bool
566} 601}
567 602
568func shouldRetryCancel(err error) bool { 603func shouldRetryError(origErr error) bool {
569 switch err := err.(type) { 604 switch err := origErr.(type) {
570 case awserr.Error: 605 case awserr.Error:
571 if err.Code() == CanceledErrorCode { 606 if err.Code() == CanceledErrorCode {
572 return false 607 return false
573 } 608 }
574 return shouldRetryCancel(err.OrigErr()) 609 return shouldRetryError(err.OrigErr())
575 case *url.Error: 610 case *url.Error:
576 if strings.Contains(err.Error(), "connection refused") { 611 if strings.Contains(err.Error(), "connection refused") {
577 // Refused connections should be retried as the service may not yet 612 // Refused connections should be retried as the service may not yet
@@ -581,14 +616,17 @@ func shouldRetryCancel(err error) bool {
581 } 616 }
582 // *url.Error only implements Temporary after golang 1.6 but since 617 // *url.Error only implements Temporary after golang 1.6 but since
583 // url.Error only wraps the error: 618 // url.Error only wraps the error:
584 return shouldRetryCancel(err.Err) 619 return shouldRetryError(err.Err)
585 case temporary: 620 case temporary:
621 if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
622 return true
623 }
586 // If the error is temporary, we want to allow continuation of the 624 // If the error is temporary, we want to allow continuation of the
587 // retry process 625 // retry process
588 return err.Temporary() 626 return err.Temporary() || isErrConnectionReset(origErr)
589 case nil: 627 case nil:
590 // `awserr.Error.OrigErr()` can be nil, meaning there was an error but 628 // `awserr.Error.OrigErr()` can be nil, meaning there was an error but
591 // because we don't know the cause, it is marked as retriable. See 629 // because we don't know the cause, it is marked as retryable. See
592 // TestRequest4xxUnretryable for an example. 630 // TestRequest4xxUnretryable for an example.
593 return true 631 return true
594 default: 632 default:
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
index 7c6a800..de1292f 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
@@ -4,6 +4,8 @@ package request
4 4
5import ( 5import (
6 "net/http" 6 "net/http"
7
8 "github.com/aws/aws-sdk-go/aws/awserr"
7) 9)
8 10
9// NoBody is a http.NoBody reader instructing Go HTTP client to not include 11// NoBody is a http.NoBody reader instructing Go HTTP client to not include
@@ -24,7 +26,8 @@ var NoBody = http.NoBody
24func (r *Request) ResetBody() { 26func (r *Request) ResetBody() {
25 body, err := r.getNextRequestBody() 27 body, err := r.getNextRequestBody()
26 if err != nil { 28 if err != nil {
27 r.Error = err 29 r.Error = awserr.New(ErrCodeSerialization,
30 "failed to reset request body", err)
28 return 31 return
29 } 32 }
30 33
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
index a633ed5..f093fc5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go
@@ -146,7 +146,7 @@ func (r *Request) nextPageTokens() []interface{} {
146 return nil 146 return nil
147 } 147 }
148 case bool: 148 case bool:
149 if v == false { 149 if !v {
150 return nil 150 return nil
151 } 151 }
152 } 152 }
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
new file mode 100644
index 0000000..ce41518
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
@@ -0,0 +1,258 @@
1package session
2
3import (
4 "fmt"
5 "os"
6
7 "github.com/aws/aws-sdk-go/aws"
8 "github.com/aws/aws-sdk-go/aws/awserr"
9 "github.com/aws/aws-sdk-go/aws/credentials"
10 "github.com/aws/aws-sdk-go/aws/credentials/processcreds"
11 "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
12 "github.com/aws/aws-sdk-go/aws/defaults"
13 "github.com/aws/aws-sdk-go/aws/request"
14 "github.com/aws/aws-sdk-go/internal/shareddefaults"
15)
16
17func resolveCredentials(cfg *aws.Config,
18 envCfg envConfig, sharedCfg sharedConfig,
19 handlers request.Handlers,
20 sessOpts Options,
21) (*credentials.Credentials, error) {
22
23 switch {
24 case len(envCfg.Profile) != 0:
25 // User explicitly provided an Profile, so load from shared config
26 // first.
27 return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
28
29 case envCfg.Creds.HasKeys():
30 // Environment credentials
31 return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil
32
33 case len(envCfg.WebIdentityTokenFilePath) != 0:
34 // Web identity token from environment, RoleARN required to also be
35 // set.
36 return assumeWebIdentity(cfg, handlers,
37 envCfg.WebIdentityTokenFilePath,
38 envCfg.RoleARN,
39 envCfg.RoleSessionName,
40 )
41
42 default:
43 // Fallback to the "default" credential resolution chain.
44 return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts)
45 }
46}
47
48// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but
49// 'AWS_IAM_ROLE_ARN' was not set.
50var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil)
51
52// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_IAM_ROLE_ARN' was set but
53// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set.
54var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil)
55
56func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
57 filepath string,
58 roleARN, sessionName string,
59) (*credentials.Credentials, error) {
60
61 if len(filepath) == 0 {
62 return nil, WebIdentityEmptyTokenFilePathErr
63 }
64
65 if len(roleARN) == 0 {
66 return nil, WebIdentityEmptyRoleARNErr
67 }
68
69 creds := stscreds.NewWebIdentityCredentials(
70 &Session{
71 Config: cfg,
72 Handlers: handlers.Copy(),
73 },
74 roleARN,
75 sessionName,
76 filepath,
77 )
78
79 return creds, nil
80}
81
82func resolveCredsFromProfile(cfg *aws.Config,
83 envCfg envConfig, sharedCfg sharedConfig,
84 handlers request.Handlers,
85 sessOpts Options,
86) (creds *credentials.Credentials, err error) {
87
88 switch {
89 case sharedCfg.SourceProfile != nil:
90 // Assume IAM role with credentials source from a different profile.
91 creds, err = resolveCredsFromProfile(cfg, envCfg,
92 *sharedCfg.SourceProfile, handlers, sessOpts,
93 )
94
95 case sharedCfg.Creds.HasKeys():
96 // Static Credentials from Shared Config/Credentials file.
97 creds = credentials.NewStaticCredentialsFromCreds(
98 sharedCfg.Creds,
99 )
100
101 case len(sharedCfg.CredentialProcess) != 0:
102 // Get credentials from CredentialProcess
103 creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
104
105 case len(sharedCfg.CredentialSource) != 0:
106 creds, err = resolveCredsFromSource(cfg, envCfg,
107 sharedCfg, handlers, sessOpts,
108 )
109
110 case len(sharedCfg.WebIdentityTokenFile) != 0:
111 // Credentials from Assume Web Identity token require an IAM Role, and
112 // that roll will be assumed. May be wrapped with another assume role
113 // via SourceProfile.
114 return assumeWebIdentity(cfg, handlers,
115 sharedCfg.WebIdentityTokenFile,
116 sharedCfg.RoleARN,
117 sharedCfg.RoleSessionName,
118 )
119
120 default:
121 // Fallback to default credentials provider, include mock errors for
122 // the credential chain so user can identify why credentials failed to
123 // be retrieved.
124 creds = credentials.NewCredentials(&credentials.ChainProvider{
125 VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
126 Providers: []credentials.Provider{
127 &credProviderError{
128 Err: awserr.New("EnvAccessKeyNotFound",
129 "failed to find credentials in the environment.", nil),
130 },
131 &credProviderError{
132 Err: awserr.New("SharedCredsLoad",
133 fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil),
134 },
135 defaults.RemoteCredProvider(*cfg, handlers),
136 },
137 })
138 }
139 if err != nil {
140 return nil, err
141 }
142
143 if len(sharedCfg.RoleARN) > 0 {
144 cfgCp := *cfg
145 cfgCp.Credentials = creds
146 return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
147 }
148
149 return creds, nil
150}
151
152// valid credential source values
153const (
154 credSourceEc2Metadata = "Ec2InstanceMetadata"
155 credSourceEnvironment = "Environment"
156 credSourceECSContainer = "EcsContainer"
157)
158
159func resolveCredsFromSource(cfg *aws.Config,
160 envCfg envConfig, sharedCfg sharedConfig,
161 handlers request.Handlers,
162 sessOpts Options,
163) (creds *credentials.Credentials, err error) {
164
165 switch sharedCfg.CredentialSource {
166 case credSourceEc2Metadata:
167 p := defaults.RemoteCredProvider(*cfg, handlers)
168 creds = credentials.NewCredentials(p)
169
170 case credSourceEnvironment:
171 creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds)
172
173 case credSourceECSContainer:
174 if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
175 return nil, ErrSharedConfigECSContainerEnvVarEmpty
176 }
177
178 p := defaults.RemoteCredProvider(*cfg, handlers)
179 creds = credentials.NewCredentials(p)
180
181 default:
182 return nil, ErrSharedConfigInvalidCredSource
183 }
184
185 return creds, nil
186}
187
188func credsFromAssumeRole(cfg aws.Config,
189 handlers request.Handlers,
190 sharedCfg sharedConfig,
191 sessOpts Options,
192) (*credentials.Credentials, error) {
193
194 if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil {
195 // AssumeRole Token provider is required if doing Assume Role
196 // with MFA.
197 return nil, AssumeRoleTokenProviderNotSetError{}
198 }
199
200 return stscreds.NewCredentials(
201 &Session{
202 Config: &cfg,
203 Handlers: handlers.Copy(),
204 },
205 sharedCfg.RoleARN,
206 func(opt *stscreds.AssumeRoleProvider) {
207 opt.RoleSessionName = sharedCfg.RoleSessionName
208 opt.Duration = sessOpts.AssumeRoleDuration
209
210 // Assume role with external ID
211 if len(sharedCfg.ExternalID) > 0 {
212 opt.ExternalID = aws.String(sharedCfg.ExternalID)
213 }
214
215 // Assume role with MFA
216 if len(sharedCfg.MFASerial) > 0 {
217 opt.SerialNumber = aws.String(sharedCfg.MFASerial)
218 opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
219 }
220 },
221 ), nil
222}
223
224// AssumeRoleTokenProviderNotSetError is an error returned when creating a
225// session when the MFAToken option is not set when shared config is configured
226// load assume a role with an MFA token.
227type AssumeRoleTokenProviderNotSetError struct{}
228
229// Code is the short id of the error.
230func (e AssumeRoleTokenProviderNotSetError) Code() string {
231 return "AssumeRoleTokenProviderNotSetError"
232}
233
234// Message is the description of the error
235func (e AssumeRoleTokenProviderNotSetError) Message() string {
236 return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
237}
238
239// OrigErr is the underlying error that caused the failure.
240func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
241 return nil
242}
243
244// Error satisfies the error interface.
245func (e AssumeRoleTokenProviderNotSetError) Error() string {
246 return awserr.SprintError(e.Code(), e.Message(), "", nil)
247}
248
249type credProviderError struct {
250 Err error
251}
252
253func (c credProviderError) Retrieve() (credentials.Value, error) {
254 return credentials.Value{}, c.Err
255}
256func (c credProviderError) IsExpired() bool {
257 return true
258}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
index e3959b9..3a998d5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
@@ -102,18 +102,38 @@ type envConfig struct {
102 CSMEnabled bool 102 CSMEnabled bool
103 CSMPort string 103 CSMPort string
104 CSMClientID string 104 CSMClientID string
105 CSMHost string
105 106
106 enableEndpointDiscovery string
107 // Enables endpoint discovery via environment variables. 107 // Enables endpoint discovery via environment variables.
108 // 108 //
109 // AWS_ENABLE_ENDPOINT_DISCOVERY=true 109 // AWS_ENABLE_ENDPOINT_DISCOVERY=true
110 EnableEndpointDiscovery *bool 110 EnableEndpointDiscovery *bool
111 enableEndpointDiscovery string
112
113 // Specifies the WebIdentity token the SDK should use to assume a role
114 // with.
115 //
116 // AWS_WEB_IDENTITY_TOKEN_FILE=file_path
117 WebIdentityTokenFilePath string
118
119 // Specifies the IAM role arn to use when assuming an role.
120 //
121 // AWS_ROLE_ARN=role_arn
122 RoleARN string
123
124 // Specifies the IAM role session name to use when assuming a role.
125 //
126 // AWS_ROLE_SESSION_NAME=session_name
127 RoleSessionName string
111} 128}
112 129
113var ( 130var (
114 csmEnabledEnvKey = []string{ 131 csmEnabledEnvKey = []string{
115 "AWS_CSM_ENABLED", 132 "AWS_CSM_ENABLED",
116 } 133 }
134 csmHostEnvKey = []string{
135 "AWS_CSM_HOST",
136 }
117 csmPortEnvKey = []string{ 137 csmPortEnvKey = []string{
118 "AWS_CSM_PORT", 138 "AWS_CSM_PORT",
119 } 139 }
@@ -150,6 +170,15 @@ var (
150 sharedConfigFileEnvKey = []string{ 170 sharedConfigFileEnvKey = []string{
151 "AWS_CONFIG_FILE", 171 "AWS_CONFIG_FILE",
152 } 172 }
173 webIdentityTokenFilePathEnvKey = []string{
174 "AWS_WEB_IDENTITY_TOKEN_FILE",
175 }
176 roleARNEnvKey = []string{
177 "AWS_ROLE_ARN",
178 }
179 roleSessionNameEnvKey = []string{
180 "AWS_ROLE_SESSION_NAME",
181 }
153) 182)
154 183
155// loadEnvConfig retrieves the SDK's environment configuration. 184// loadEnvConfig retrieves the SDK's environment configuration.
@@ -178,23 +207,31 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
178 207
179 cfg.EnableSharedConfig = enableSharedConfig 208 cfg.EnableSharedConfig = enableSharedConfig
180 209
181 setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey) 210 // Static environment credentials
182 setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey) 211 var creds credentials.Value
183 setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey) 212 setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey)
213 setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey)
214 setFromEnvVal(&creds.SessionToken, credSessionEnvKey)
215 if creds.HasKeys() {
216 // Require logical grouping of credentials
217 creds.ProviderName = EnvProviderName
218 cfg.Creds = creds
219 }
220
221 // Role Metadata
222 setFromEnvVal(&cfg.RoleARN, roleARNEnvKey)
223 setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey)
224
225 // Web identity environment variables
226 setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey)
184 227
185 // CSM environment variables 228 // CSM environment variables
186 setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) 229 setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
230 setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
187 setFromEnvVal(&cfg.CSMPort, csmPortEnvKey) 231 setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
188 setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) 232 setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
189 cfg.CSMEnabled = len(cfg.csmEnabled) > 0 233 cfg.CSMEnabled = len(cfg.csmEnabled) > 0
190 234
191 // Require logical grouping of credentials
192 if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 {
193 cfg.Creds = credentials.Value{}
194 } else {
195 cfg.Creds.ProviderName = EnvProviderName
196 }
197
198 regionKeys := regionEnvKeys 235 regionKeys := regionEnvKeys
199 profileKeys := profileEnvKeys 236 profileKeys := profileEnvKeys
200 if !cfg.EnableSharedConfig { 237 if !cfg.EnableSharedConfig {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
index be4b5f0..3a28da5 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go
@@ -8,19 +8,17 @@ import (
8 "io/ioutil" 8 "io/ioutil"
9 "net/http" 9 "net/http"
10 "os" 10 "os"
11 "time"
11 12
12 "github.com/aws/aws-sdk-go/aws" 13 "github.com/aws/aws-sdk-go/aws"
13 "github.com/aws/aws-sdk-go/aws/awserr" 14 "github.com/aws/aws-sdk-go/aws/awserr"
14 "github.com/aws/aws-sdk-go/aws/client" 15 "github.com/aws/aws-sdk-go/aws/client"
15 "github.com/aws/aws-sdk-go/aws/corehandlers" 16 "github.com/aws/aws-sdk-go/aws/corehandlers"
16 "github.com/aws/aws-sdk-go/aws/credentials" 17 "github.com/aws/aws-sdk-go/aws/credentials"
17 "github.com/aws/aws-sdk-go/aws/credentials/processcreds"
18 "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
19 "github.com/aws/aws-sdk-go/aws/csm" 18 "github.com/aws/aws-sdk-go/aws/csm"
20 "github.com/aws/aws-sdk-go/aws/defaults" 19 "github.com/aws/aws-sdk-go/aws/defaults"
21 "github.com/aws/aws-sdk-go/aws/endpoints" 20 "github.com/aws/aws-sdk-go/aws/endpoints"
22 "github.com/aws/aws-sdk-go/aws/request" 21 "github.com/aws/aws-sdk-go/aws/request"
23 "github.com/aws/aws-sdk-go/internal/shareddefaults"
24) 22)
25 23
26const ( 24const (
@@ -107,7 +105,15 @@ func New(cfgs ...*aws.Config) *Session {
107 105
108 s := deprecatedNewSession(cfgs...) 106 s := deprecatedNewSession(cfgs...)
109 if envCfg.CSMEnabled { 107 if envCfg.CSMEnabled {
110 enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) 108 err := enableCSM(&s.Handlers, envCfg.CSMClientID,
109 envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger)
110 if err != nil {
111 err = fmt.Errorf("failed to enable CSM, %v", err)
112 s.Config.Logger.Log("ERROR:", err.Error())
113 s.Handlers.Validate.PushBack(func(r *request.Request) {
114 r.Error = err
115 })
116 }
111 } 117 }
112 118
113 return s 119 return s
@@ -210,6 +216,12 @@ type Options struct {
210 // the config enables assume role wit MFA via the mfa_serial field. 216 // the config enables assume role wit MFA via the mfa_serial field.
211 AssumeRoleTokenProvider func() (string, error) 217 AssumeRoleTokenProvider func() (string, error)
212 218
219 // When the SDK's shared config is configured to assume a role this option
220 // may be provided to set the expiry duration of the STS credentials.
221 // Defaults to 15 minutes if not set as documented in the
222 // stscreds.AssumeRoleProvider.
223 AssumeRoleDuration time.Duration
224
213 // Reader for a custom Credentials Authority (CA) bundle in PEM format that 225 // Reader for a custom Credentials Authority (CA) bundle in PEM format that
214 // the SDK will use instead of the default system's root CA bundle. Use this 226 // the SDK will use instead of the default system's root CA bundle. Use this
215 // only if you want to replace the CA bundle the SDK uses for TLS requests. 227 // only if you want to replace the CA bundle the SDK uses for TLS requests.
@@ -224,6 +236,12 @@ type Options struct {
224 // to also enable this feature. CustomCABundle session option field has priority 236 // to also enable this feature. CustomCABundle session option field has priority
225 // over the AWS_CA_BUNDLE environment variable, and will be used if both are set. 237 // over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
226 CustomCABundle io.Reader 238 CustomCABundle io.Reader
239
240 // The handlers that the session and all API clients will be created with.
241 // This must be a complete set of handlers. Use the defaults.Handlers()
242 // function to initialize this value before changing the handlers to be
243 // used by the SDK.
244 Handlers request.Handlers
227} 245}
228 246
229// NewSessionWithOptions returns a new Session created from SDK defaults, config files, 247// NewSessionWithOptions returns a new Session created from SDK defaults, config files,
@@ -329,27 +347,36 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
329 return s 347 return s
330} 348}
331 349
332func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) { 350func enableCSM(handlers *request.Handlers,
333 logger.Log("Enabling CSM") 351 clientID, host, port string,
334 if len(port) == 0 { 352 logger aws.Logger,
335 port = csm.DefaultPort 353) error {
354 if logger != nil {
355 logger.Log("Enabling CSM")
336 } 356 }
337 357
338 r, err := csm.Start(clientID, "127.0.0.1:"+port) 358 r, err := csm.Start(clientID, csm.AddressWithDefaults(host, port))
339 if err != nil { 359 if err != nil {
340 return 360 return err
341 } 361 }
342 r.InjectHandlers(handlers) 362 r.InjectHandlers(handlers)
363
364 return nil
343} 365}
344 366
345func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) { 367func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
346 cfg := defaults.Config() 368 cfg := defaults.Config()
347 handlers := defaults.Handlers() 369
370 handlers := opts.Handlers
371 if handlers.IsEmpty() {
372 handlers = defaults.Handlers()
373 }
348 374
349 // Get a merged version of the user provided config to determine if 375 // Get a merged version of the user provided config to determine if
350 // credentials were. 376 // credentials were.
351 userCfg := &aws.Config{} 377 userCfg := &aws.Config{}
352 userCfg.MergeIn(cfgs...) 378 userCfg.MergeIn(cfgs...)
379 cfg.MergeIn(userCfg)
353 380
354 // Ordered config files will be loaded in with later files overwriting 381 // Ordered config files will be loaded in with later files overwriting
355 // previous config file values. 382 // previous config file values.
@@ -366,9 +393,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
366 } 393 }
367 394
368 // Load additional config from file(s) 395 // Load additional config from file(s)
369 sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles) 396 sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig)
370 if err != nil { 397 if err != nil {
371 return nil, err 398 if _, ok := err.(SharedConfigProfileNotExistsError); !ok {
399 return nil, err
400 }
372 } 401 }
373 402
374 if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil { 403 if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil {
@@ -382,7 +411,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
382 411
383 initHandlers(s) 412 initHandlers(s)
384 if envCfg.CSMEnabled { 413 if envCfg.CSMEnabled {
385 enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger) 414 err := enableCSM(&s.Handlers, envCfg.CSMClientID,
415 envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger)
416 if err != nil {
417 return nil, err
418 }
386 } 419 }
387 420
388 // Setup HTTP client with custom cert bundle if enabled 421 // Setup HTTP client with custom cert bundle if enabled
@@ -443,9 +476,11 @@ func loadCertPool(r io.Reader) (*x509.CertPool, error) {
443 return p, nil 476 return p, nil
444} 477}
445 478
446func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options) error { 479func mergeConfigSrcs(cfg, userCfg *aws.Config,
447 // Merge in user provided configuration 480 envCfg envConfig, sharedCfg sharedConfig,
448 cfg.MergeIn(userCfg) 481 handlers request.Handlers,
482 sessOpts Options,
483) error {
449 484
450 // Region if not already set by user 485 // Region if not already set by user
451 if len(aws.StringValue(cfg.Region)) == 0 { 486 if len(aws.StringValue(cfg.Region)) == 0 {
@@ -464,164 +499,19 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, envCfg envConfig, sharedCfg share
464 } 499 }
465 } 500 }
466 501
467 // Configure credentials if not already set 502 // Configure credentials if not already set by the user when creating the
503 // Session.
468 if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil { 504 if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
469 505 creds, err := resolveCredentials(cfg, envCfg, sharedCfg, handlers, sessOpts)
470 // inspect the profile to see if a credential source has been specified. 506 if err != nil {
471 if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 { 507 return err
472
473 // if both credential_source and source_profile have been set, return an error
474 // as this is undefined behavior.
475 if len(sharedCfg.AssumeRole.SourceProfile) > 0 {
476 return ErrSharedConfigSourceCollision
477 }
478
479 // valid credential source values
480 const (
481 credSourceEc2Metadata = "Ec2InstanceMetadata"
482 credSourceEnvironment = "Environment"
483 credSourceECSContainer = "EcsContainer"
484 )
485
486 switch sharedCfg.AssumeRole.CredentialSource {
487 case credSourceEc2Metadata:
488 cfgCp := *cfg
489 p := defaults.RemoteCredProvider(cfgCp, handlers)
490 cfgCp.Credentials = credentials.NewCredentials(p)
491
492 if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
493 // AssumeRole Token provider is required if doing Assume Role
494 // with MFA.
495 return AssumeRoleTokenProviderNotSetError{}
496 }
497
498 cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
499 case credSourceEnvironment:
500 cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
501 envCfg.Creds,
502 )
503 case credSourceECSContainer:
504 if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 {
505 return ErrSharedConfigECSContainerEnvVarEmpty
506 }
507
508 cfgCp := *cfg
509 p := defaults.RemoteCredProvider(cfgCp, handlers)
510 creds := credentials.NewCredentials(p)
511
512 cfg.Credentials = creds
513 default:
514 return ErrSharedConfigInvalidCredSource
515 }
516
517 return nil
518 }
519
520 if len(envCfg.Creds.AccessKeyID) > 0 {
521 cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
522 envCfg.Creds,
523 )
524 } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil {
525 cfgCp := *cfg
526 cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(
527 sharedCfg.AssumeRoleSource.Creds,
528 )
529
530 if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil {
531 // AssumeRole Token provider is required if doing Assume Role
532 // with MFA.
533 return AssumeRoleTokenProviderNotSetError{}
534 }
535
536 cfg.Credentials = assumeRoleCredentials(cfgCp, handlers, sharedCfg, sessOpts)
537 } else if len(sharedCfg.Creds.AccessKeyID) > 0 {
538 cfg.Credentials = credentials.NewStaticCredentialsFromCreds(
539 sharedCfg.Creds,
540 )
541 } else if len(sharedCfg.CredentialProcess) > 0 {
542 cfg.Credentials = processcreds.NewCredentials(
543 sharedCfg.CredentialProcess,
544 )
545 } else {
546 // Fallback to default credentials provider, include mock errors
547 // for the credential chain so user can identify why credentials
548 // failed to be retrieved.
549 cfg.Credentials = credentials.NewCredentials(&credentials.ChainProvider{
550 VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors),
551 Providers: []credentials.Provider{
552 &credProviderError{Err: awserr.New("EnvAccessKeyNotFound", "failed to find credentials in the environment.", nil)},
553 &credProviderError{Err: awserr.New("SharedCredsLoad", fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil)},
554 defaults.RemoteCredProvider(*cfg, handlers),
555 },
556 })
557 } 508 }
509 cfg.Credentials = creds
558 } 510 }
559 511
560 return nil 512 return nil
561} 513}
562 514
563func assumeRoleCredentials(cfg aws.Config, handlers request.Handlers, sharedCfg sharedConfig, sessOpts Options) *credentials.Credentials {
564 return stscreds.NewCredentials(
565 &Session{
566 Config: &cfg,
567 Handlers: handlers.Copy(),
568 },
569 sharedCfg.AssumeRole.RoleARN,
570 func(opt *stscreds.AssumeRoleProvider) {
571 opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName
572
573 // Assume role with external ID
574 if len(sharedCfg.AssumeRole.ExternalID) > 0 {
575 opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID)
576 }
577
578 // Assume role with MFA
579 if len(sharedCfg.AssumeRole.MFASerial) > 0 {
580 opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial)
581 opt.TokenProvider = sessOpts.AssumeRoleTokenProvider
582 }
583 },
584 )
585}
586
587// AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the
588// MFAToken option is not set when shared config is configured load assume a
589// role with an MFA token.
590type AssumeRoleTokenProviderNotSetError struct{}
591
592// Code is the short id of the error.
593func (e AssumeRoleTokenProviderNotSetError) Code() string {
594 return "AssumeRoleTokenProviderNotSetError"
595}
596
597// Message is the description of the error
598func (e AssumeRoleTokenProviderNotSetError) Message() string {
599 return fmt.Sprintf("assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.")
600}
601
602// OrigErr is the underlying error that caused the failure.
603func (e AssumeRoleTokenProviderNotSetError) OrigErr() error {
604 return nil
605}
606
607// Error satisfies the error interface.
608func (e AssumeRoleTokenProviderNotSetError) Error() string {
609 return awserr.SprintError(e.Code(), e.Message(), "", nil)
610}
611
612type credProviderError struct {
613 Err error
614}
615
616var emptyCreds = credentials.Value{}
617
618func (c credProviderError) Retrieve() (credentials.Value, error) {
619 return credentials.Value{}, c.Err
620}
621func (c credProviderError) IsExpired() bool {
622 return true
623}
624
625func initHandlers(s *Session) { 515func initHandlers(s *Session) {
626 // Add the Validate parameter handler if it is not disabled. 516 // Add the Validate parameter handler if it is not disabled.
627 s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler) 517 s.Handlers.Validate.Remove(corehandlers.ValidateParametersHandler)
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
index 7cb4402..5170b49 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
@@ -5,7 +5,6 @@ import (
5 5
6 "github.com/aws/aws-sdk-go/aws/awserr" 6 "github.com/aws/aws-sdk-go/aws/awserr"
7 "github.com/aws/aws-sdk-go/aws/credentials" 7 "github.com/aws/aws-sdk-go/aws/credentials"
8
9 "github.com/aws/aws-sdk-go/internal/ini" 8 "github.com/aws/aws-sdk-go/internal/ini"
10) 9)
11 10
@@ -28,8 +27,12 @@ const (
28 27
29 // endpoint discovery group 28 // endpoint discovery group
30 enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional 29 enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
30
31 // External Credential Process 31 // External Credential Process
32 credentialProcessKey = `credential_process` 32 credentialProcessKey = `credential_process` // optional
33
34 // Web Identity Token File
35 webIdentityTokenFileKey = `web_identity_token_file` // optional
33 36
34 // DefaultSharedConfigProfile is the default profile to be used when 37 // DefaultSharedConfigProfile is the default profile to be used when
35 // loading configuration from the config files if another profile name 38 // loading configuration from the config files if another profile name
@@ -37,36 +40,33 @@ const (
37 DefaultSharedConfigProfile = `default` 40 DefaultSharedConfigProfile = `default`
38) 41)
39 42
40type assumeRoleConfig struct {
41 RoleARN string
42 SourceProfile string
43 CredentialSource string
44 ExternalID string
45 MFASerial string
46 RoleSessionName string
47}
48
49// sharedConfig represents the configuration fields of the SDK config files. 43// sharedConfig represents the configuration fields of the SDK config files.
50type sharedConfig struct { 44type sharedConfig struct {
51 // Credentials values from the config file. Both aws_access_key_id 45 // Credentials values from the config file. Both aws_access_key_id and
52 // and aws_secret_access_key must be provided together in the same file 46 // aws_secret_access_key must be provided together in the same file to be
53 // to be considered valid. The values will be ignored if not a complete group. 47 // considered valid. The values will be ignored if not a complete group.
54 // aws_session_token is an optional field that can be provided if both of the 48 // aws_session_token is an optional field that can be provided if both of
55 // other two fields are also provided. 49 // the other two fields are also provided.
56 // 50 //
57 // aws_access_key_id 51 // aws_access_key_id
58 // aws_secret_access_key 52 // aws_secret_access_key
59 // aws_session_token 53 // aws_session_token
60 Creds credentials.Value 54 Creds credentials.Value
61 55
62 AssumeRole assumeRoleConfig 56 CredentialSource string
63 AssumeRoleSource *sharedConfig 57 CredentialProcess string
58 WebIdentityTokenFile string
59
60 RoleARN string
61 RoleSessionName string
62 ExternalID string
63 MFASerial string
64 64
65 // An external process to request credentials 65 SourceProfileName string
66 CredentialProcess string 66 SourceProfile *sharedConfig
67 67
68 // Region is the region the SDK should use for looking up AWS service endpoints 68 // Region is the region the SDK should use for looking up AWS service
69 // and signing requests. 69 // endpoints and signing requests.
70 // 70 //
71 // region 71 // region
72 Region string 72 Region string
@@ -83,17 +83,18 @@ type sharedConfigFile struct {
83 IniData ini.Sections 83 IniData ini.Sections
84} 84}
85 85
86// loadSharedConfig retrieves the configuration from the list of files 86// loadSharedConfig retrieves the configuration from the list of files using
87// using the profile provided. The order the files are listed will determine 87// the profile provided. The order the files are listed will determine
88// precedence. Values in subsequent files will overwrite values defined in 88// precedence. Values in subsequent files will overwrite values defined in
89// earlier files. 89// earlier files.
90// 90//
91// For example, given two files A and B. Both define credentials. If the order 91// For example, given two files A and B. Both define credentials. If the order
92// of the files are A then B, B's credential values will be used instead of A's. 92// of the files are A then B, B's credential values will be used instead of
93// A's.
93// 94//
94// See sharedConfig.setFromFile for information how the config files 95// See sharedConfig.setFromFile for information how the config files
95// will be loaded. 96// will be loaded.
96func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) { 97func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) {
97 if len(profile) == 0 { 98 if len(profile) == 0 {
98 profile = DefaultSharedConfigProfile 99 profile = DefaultSharedConfigProfile
99 } 100 }
@@ -104,16 +105,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error)
104 } 105 }
105 106
106 cfg := sharedConfig{} 107 cfg := sharedConfig{}
107 if err = cfg.setFromIniFiles(profile, files); err != nil { 108 profiles := map[string]struct{}{}
109 if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil {
108 return sharedConfig{}, err 110 return sharedConfig{}, err
109 } 111 }
110 112
111 if len(cfg.AssumeRole.SourceProfile) > 0 {
112 if err := cfg.setAssumeRoleSource(profile, files); err != nil {
113 return sharedConfig{}, err
114 }
115 }
116
117 return cfg, nil 113 return cfg, nil
118} 114}
119 115
@@ -137,60 +133,88 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
137 return files, nil 133 return files, nil
138} 134}
139 135
140func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error { 136func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
141 var assumeRoleSrc sharedConfig 137 // Trim files from the list that don't exist.
142 138 var skippedFiles int
143 if len(cfg.AssumeRole.CredentialSource) > 0 { 139 var profileNotFoundErr error
144 // setAssumeRoleSource is only called when source_profile is found. 140 for _, f := range files {
145 // If both source_profile and credential_source are set, then 141 if err := cfg.setFromIniFile(profile, f, exOpts); err != nil {
146 // ErrSharedConfigSourceCollision will be returned 142 if _, ok := err.(SharedConfigProfileNotExistsError); ok {
147 return ErrSharedConfigSourceCollision 143 // Ignore profiles not defined in individual files.
144 profileNotFoundErr = err
145 skippedFiles++
146 continue
147 }
148 return err
149 }
150 }
151 if skippedFiles == len(files) {
152 // If all files were skipped because the profile is not found, return
153 // the original profile not found error.
154 return profileNotFoundErr
148 } 155 }
149 156
150 // Multiple level assume role chains are not support 157 if _, ok := profiles[profile]; ok {
151 if cfg.AssumeRole.SourceProfile == origProfile { 158 // if this is the second instance of the profile the Assume Role
152 assumeRoleSrc = *cfg 159 // options must be cleared because they are only valid for the
153 assumeRoleSrc.AssumeRole = assumeRoleConfig{} 160 // first reference of a profile. The self linked instance of the
161 // profile only have credential provider options.
162 cfg.clearAssumeRoleOptions()
154 } else { 163 } else {
155 err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files) 164 // First time a profile has been seen, It must either be a assume role
156 if err != nil { 165 // or credentials. Assert if the credential type requires a role ARN,
166 // the ARN is also set.
167 if err := cfg.validateCredentialsRequireARN(profile); err != nil {
157 return err 168 return err
158 } 169 }
159 } 170 }
171 profiles[profile] = struct{}{}
160 172
161 if len(assumeRoleSrc.Creds.AccessKeyID) == 0 { 173 if err := cfg.validateCredentialType(); err != nil {
162 return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN} 174 return err
163 } 175 }
164 176
165 cfg.AssumeRoleSource = &assumeRoleSrc 177 // Link source profiles for assume roles
166 178 if len(cfg.SourceProfileName) != 0 {
167 return nil 179 // Linked profile via source_profile ignore credential provider
168} 180 // options, the source profile must provide the credentials.
181 cfg.clearCredentialOptions()
169 182
170func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error { 183 srcCfg := &sharedConfig{}
171 // Trim files from the list that don't exist. 184 err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts)
172 for _, f := range files { 185 if err != nil {
173 if err := cfg.setFromIniFile(profile, f); err != nil { 186 // SourceProfile that doesn't exist is an error in configuration.
174 if _, ok := err.(SharedConfigProfileNotExistsError); ok { 187 if _, ok := err.(SharedConfigProfileNotExistsError); ok {
175 // Ignore proviles missings 188 err = SharedConfigAssumeRoleError{
176 continue 189 RoleARN: cfg.RoleARN,
190 SourceProfile: cfg.SourceProfileName,
191 }
177 } 192 }
178 return err 193 return err
179 } 194 }
195
196 if !srcCfg.hasCredentials() {
197 return SharedConfigAssumeRoleError{
198 RoleARN: cfg.RoleARN,
199 SourceProfile: cfg.SourceProfileName,
200 }
201 }
202
203 cfg.SourceProfile = srcCfg
180 } 204 }
181 205
182 return nil 206 return nil
183} 207}
184 208
185// setFromFile loads the configuration from the file using 209// setFromFile loads the configuration from the file using the profile
186// the profile provided. A sharedConfig pointer type value is used so that 210// provided. A sharedConfig pointer type value is used so that multiple config
187// multiple config file loadings can be chained. 211// file loadings can be chained.
188// 212//
189// Only loads complete logically grouped values, and will not set fields in cfg 213// Only loads complete logically grouped values, and will not set fields in cfg
190// for incomplete grouped values in the config. Such as credentials. For example 214// for incomplete grouped values in the config. Such as credentials. For
191// if a config file only includes aws_access_key_id but no aws_secret_access_key 215// example if a config file only includes aws_access_key_id but no
192// the aws_access_key_id will be ignored. 216// aws_secret_access_key the aws_access_key_id will be ignored.
193func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error { 217func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error {
194 section, ok := file.IniData.GetSection(profile) 218 section, ok := file.IniData.GetSection(profile)
195 if !ok { 219 if !ok {
196 // Fallback to to alternate profile name: profile <name> 220 // Fallback to to alternate profile name: profile <name>
@@ -200,42 +224,30 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e
200 } 224 }
201 } 225 }
202 226
203 // Shared Credentials 227 if exOpts {
204 akid := section.String(accessKeyIDKey) 228 // Assume Role Parameters
205 secret := section.String(secretAccessKey) 229 updateString(&cfg.RoleARN, section, roleArnKey)
206 if len(akid) > 0 && len(secret) > 0 { 230 updateString(&cfg.ExternalID, section, externalIDKey)
207 cfg.Creds = credentials.Value{ 231 updateString(&cfg.MFASerial, section, mfaSerialKey)
208 AccessKeyID: akid, 232 updateString(&cfg.RoleSessionName, section, roleSessionNameKey)
209 SecretAccessKey: secret, 233 updateString(&cfg.SourceProfileName, section, sourceProfileKey)
210 SessionToken: section.String(sessionTokenKey), 234 updateString(&cfg.CredentialSource, section, credentialSourceKey)
211 ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
212 }
213 }
214 235
215 // Assume Role 236 updateString(&cfg.Region, section, regionKey)
216 roleArn := section.String(roleArnKey)
217 srcProfile := section.String(sourceProfileKey)
218 credentialSource := section.String(credentialSourceKey)
219 hasSource := len(srcProfile) > 0 || len(credentialSource) > 0
220 if len(roleArn) > 0 && hasSource {
221 cfg.AssumeRole = assumeRoleConfig{
222 RoleARN: roleArn,
223 SourceProfile: srcProfile,
224 CredentialSource: credentialSource,
225 ExternalID: section.String(externalIDKey),
226 MFASerial: section.String(mfaSerialKey),
227 RoleSessionName: section.String(roleSessionNameKey),
228 }
229 } 237 }
230 238
231 // `credential_process` 239 updateString(&cfg.CredentialProcess, section, credentialProcessKey)
232 if credProc := section.String(credentialProcessKey); len(credProc) > 0 { 240 updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey)
233 cfg.CredentialProcess = credProc
234 }
235 241
236 // Region 242 // Shared Credentials
237 if v := section.String(regionKey); len(v) > 0 { 243 creds := credentials.Value{
238 cfg.Region = v 244 AccessKeyID: section.String(accessKeyIDKey),
245 SecretAccessKey: section.String(secretAccessKey),
246 SessionToken: section.String(sessionTokenKey),
247 ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename),
248 }
249 if creds.HasKeys() {
250 cfg.Creds = creds
239 } 251 }
240 252
241 // Endpoint discovery 253 // Endpoint discovery
@@ -247,6 +259,95 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e
247 return nil 259 return nil
248} 260}
249 261
262func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
263 var credSource string
264
265 switch {
266 case len(cfg.SourceProfileName) != 0:
267 credSource = sourceProfileKey
268 case len(cfg.CredentialSource) != 0:
269 credSource = credentialSourceKey
270 case len(cfg.WebIdentityTokenFile) != 0:
271 credSource = webIdentityTokenFileKey
272 }
273
274 if len(credSource) != 0 && len(cfg.RoleARN) == 0 {
275 return CredentialRequiresARNError{
276 Type: credSource,
277 Profile: profile,
278 }
279 }
280
281 return nil
282}
283
284func (cfg *sharedConfig) validateCredentialType() error {
285 // Only one or no credential type can be defined.
286 if !oneOrNone(
287 len(cfg.SourceProfileName) != 0,
288 len(cfg.CredentialSource) != 0,
289 len(cfg.CredentialProcess) != 0,
290 len(cfg.WebIdentityTokenFile) != 0,
291 ) {
292 return ErrSharedConfigSourceCollision
293 }
294
295 return nil
296}
297
298func (cfg *sharedConfig) hasCredentials() bool {
299 switch {
300 case len(cfg.SourceProfileName) != 0:
301 case len(cfg.CredentialSource) != 0:
302 case len(cfg.CredentialProcess) != 0:
303 case len(cfg.WebIdentityTokenFile) != 0:
304 case cfg.Creds.HasKeys():
305 default:
306 return false
307 }
308
309 return true
310}
311
312func (cfg *sharedConfig) clearCredentialOptions() {
313 cfg.CredentialSource = ""
314 cfg.CredentialProcess = ""
315 cfg.WebIdentityTokenFile = ""
316 cfg.Creds = credentials.Value{}
317}
318
319func (cfg *sharedConfig) clearAssumeRoleOptions() {
320 cfg.RoleARN = ""
321 cfg.ExternalID = ""
322 cfg.MFASerial = ""
323 cfg.RoleSessionName = ""
324 cfg.SourceProfileName = ""
325}
326
327func oneOrNone(bs ...bool) bool {
328 var count int
329
330 for _, b := range bs {
331 if b {
332 count++
333 if count > 1 {
334 return false
335 }
336 }
337 }
338
339 return true
340}
341
342// updateString will only update the dst with the value in the section key, key
343// is present in the section.
344func updateString(dst *string, section ini.Section, key string) {
345 if !section.Has(key) {
346 return
347 }
348 *dst = section.String(key)
349}
350
250// SharedConfigLoadError is an error for the shared config file failed to load. 351// SharedConfigLoadError is an error for the shared config file failed to load.
251type SharedConfigLoadError struct { 352type SharedConfigLoadError struct {
252 Filename string 353 Filename string
@@ -304,7 +405,8 @@ func (e SharedConfigProfileNotExistsError) Error() string {
304// profile contains assume role information, but that information is invalid 405// profile contains assume role information, but that information is invalid
305// or not complete. 406// or not complete.
306type SharedConfigAssumeRoleError struct { 407type SharedConfigAssumeRoleError struct {
307 RoleARN string 408 RoleARN string
409 SourceProfile string
308} 410}
309 411
310// Code is the short id of the error. 412// Code is the short id of the error.
@@ -314,8 +416,10 @@ func (e SharedConfigAssumeRoleError) Code() string {
314 416
315// Message is the description of the error 417// Message is the description of the error
316func (e SharedConfigAssumeRoleError) Message() string { 418func (e SharedConfigAssumeRoleError) Message() string {
317 return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials", 419 return fmt.Sprintf(
318 e.RoleARN) 420 "failed to load assume role for %s, source profile %s has no shared credentials",
421 e.RoleARN, e.SourceProfile,
422 )
319} 423}
320 424
321// OrigErr is the underlying error that caused the failure. 425// OrigErr is the underlying error that caused the failure.
@@ -327,3 +431,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error {
327func (e SharedConfigAssumeRoleError) Error() string { 431func (e SharedConfigAssumeRoleError) Error() string {
328 return awserr.SprintError(e.Code(), e.Message(), "", nil) 432 return awserr.SprintError(e.Code(), e.Message(), "", nil)
329} 433}
434
435// CredentialRequiresARNError provides the error for shared config credentials
436// that are incorrectly configured in the shared config or credentials file.
437type CredentialRequiresARNError struct {
438 // type of credentials that were configured.
439 Type string
440
441 // Profile name the credentials were in.
442 Profile string
443}
444
445// Code is the short id of the error.
446func (e CredentialRequiresARNError) Code() string {
447 return "CredentialRequiresARNError"
448}
449
450// Message is the description of the error
451func (e CredentialRequiresARNError) Message() string {
452 return fmt.Sprintf(
453 "credential type %s requires role_arn, profile %s",
454 e.Type, e.Profile,
455 )
456}
457
458// OrigErr is the underlying error that caused the failure.
459func (e CredentialRequiresARNError) OrigErr() error {
460 return nil
461}
462
463// Error satisfies the error interface.
464func (e CredentialRequiresARNError) Error() string {
465 return awserr.SprintError(e.Code(), e.Message(), "", nil)
466}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
index 523db79..8104793 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
@@ -687,7 +687,11 @@ func (ctx *signingCtx) buildBodyDigest() error {
687 if !aws.IsReaderSeekable(ctx.Body) { 687 if !aws.IsReaderSeekable(ctx.Body) {
688 return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body) 688 return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body)
689 } 689 }
690 hash = hex.EncodeToString(makeSha256Reader(ctx.Body)) 690 hashBytes, err := makeSha256Reader(ctx.Body)
691 if err != nil {
692 return err
693 }
694 hash = hex.EncodeToString(hashBytes)
691 } 695 }
692 696
693 if includeSHA256Header { 697 if includeSHA256Header {
@@ -734,10 +738,16 @@ func makeSha256(data []byte) []byte {
734 return hash.Sum(nil) 738 return hash.Sum(nil)
735} 739}
736 740
737func makeSha256Reader(reader io.ReadSeeker) []byte { 741func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) {
738 hash := sha256.New() 742 hash := sha256.New()
739 start, _ := reader.Seek(0, sdkio.SeekCurrent) 743 start, err := reader.Seek(0, sdkio.SeekCurrent)
740 defer reader.Seek(start, sdkio.SeekStart) 744 if err != nil {
745 return nil, err
746 }
747 defer func() {
748 // ensure error is return if unable to seek back to start of payload.
749 _, err = reader.Seek(start, sdkio.SeekStart)
750 }()
741 751
742 // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies 752 // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies
743 // smaller than 32KB. Fall back to io.Copy if we fail to determine the size. 753 // smaller than 32KB. Fall back to io.Copy if we fail to determine the size.
@@ -748,7 +758,7 @@ func makeSha256Reader(reader io.ReadSeeker) []byte {
748 io.CopyN(hash, reader, size) 758 io.CopyN(hash, reader, size)
749 } 759 }
750 760
751 return hash.Sum(nil) 761 return hash.Sum(nil), nil
752} 762}
753 763
754const doubleSpace = " " 764const doubleSpace = " "
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/types.go b/vendor/github.com/aws/aws-sdk-go/aws/types.go
index 8b6f234..4550915 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/types.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/types.go
@@ -7,13 +7,18 @@ import (
7 "github.com/aws/aws-sdk-go/internal/sdkio" 7 "github.com/aws/aws-sdk-go/internal/sdkio"
8) 8)
9 9
10// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Should 10// ReadSeekCloser wraps a io.Reader returning a ReaderSeekerCloser. Allows the
11// only be used with an io.Reader that is also an io.Seeker. Doing so may 11// SDK to accept an io.Reader that is not also an io.Seeker for unsigned
12// cause request signature errors, or request body's not sent for GET, HEAD 12// streaming payload API operations.
13// and DELETE HTTP methods.
14// 13//
15// Deprecated: Should only be used with io.ReadSeeker. If using for 14// A ReadSeekCloser wrapping an nonseekable io.Reader used in an API
16// S3 PutObject to stream content use s3manager.Uploader instead. 15// operation's input will prevent that operation being retried in the case of
16// network errors, and cause operation requests to fail if the operation
17// requires payload signing.
18//
19// Note: If using With S3 PutObject to stream an object upload The SDK's S3
20// Upload manager (s3manager.Uploader) provides support for streaming with the
21// ability to retry network errors.
17func ReadSeekCloser(r io.Reader) ReaderSeekerCloser { 22func ReadSeekCloser(r io.Reader) ReaderSeekerCloser {
18 return ReaderSeekerCloser{r} 23 return ReaderSeekerCloser{r}
19} 24}
@@ -43,7 +48,8 @@ func IsReaderSeekable(r io.Reader) bool {
43// Read reads from the reader up to size of p. The number of bytes read, and 48// Read reads from the reader up to size of p. The number of bytes read, and
44// error if it occurred will be returned. 49// error if it occurred will be returned.
45// 50//
46// If the reader is not an io.Reader zero bytes read, and nil error will be returned. 51// If the reader is not an io.Reader zero bytes read, and nil error will be
52// returned.
47// 53//
48// Performs the same functionality as io.Reader Read 54// Performs the same functionality as io.Reader Read
49func (r ReaderSeekerCloser) Read(p []byte) (int, error) { 55func (r ReaderSeekerCloser) Read(p []byte) (int, error) {
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 15ad9cf..23aae7d 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
5const SDKName = "aws-sdk-go" 5const SDKName = "aws-sdk-go"
6 6
7// SDKVersion is the version of this SDK 7// SDKVersion is the version of this SDK
8const SDKVersion = "1.19.18" 8const SDKVersion = "1.21.7"
diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
index f997033..e56dcee 100644
--- a/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
+++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
@@ -304,7 +304,9 @@ loop:
304 stmt := newCommentStatement(tok) 304 stmt := newCommentStatement(tok)
305 stack.Push(stmt) 305 stack.Push(stmt)
306 default: 306 default:
307 return nil, NewParseError(fmt.Sprintf("invalid state with ASTKind %v and TokenType %v", k, tok)) 307 return nil, NewParseError(
308 fmt.Sprintf("invalid state with ASTKind %v and TokenType %v",
309 k, tok.Type()))
308 } 310 }
309 311
310 if len(tokens) > 0 { 312 if len(tokens) > 0 {
@@ -314,7 +316,7 @@ loop:
314 316
315 // this occurs when a statement has not been completed 317 // this occurs when a statement has not been completed
316 if stack.top > 1 { 318 if stack.top > 1 {
317 return nil, NewParseError(fmt.Sprintf("incomplete expression: %v", stack.container)) 319 return nil, NewParseError(fmt.Sprintf("incomplete ini expression"))
318 } 320 }
319 321
320 // returns a sublist which excludes the start symbol 322 // returns a sublist which excludes the start symbol
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
new file mode 100644
index 0000000..864fb67
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
@@ -0,0 +1,296 @@
1// Package jsonutil provides JSON serialization of AWS requests and responses.
2package jsonutil
3
4import (
5 "bytes"
6 "encoding/base64"
7 "encoding/json"
8 "fmt"
9 "math"
10 "reflect"
11 "sort"
12 "strconv"
13 "time"
14
15 "github.com/aws/aws-sdk-go/aws"
16 "github.com/aws/aws-sdk-go/private/protocol"
17)
18
19var timeType = reflect.ValueOf(time.Time{}).Type()
20var byteSliceType = reflect.ValueOf([]byte{}).Type()
21
22// BuildJSON builds a JSON string for a given object v.
23func BuildJSON(v interface{}) ([]byte, error) {
24 var buf bytes.Buffer
25
26 err := buildAny(reflect.ValueOf(v), &buf, "")
27 return buf.Bytes(), err
28}
29
30func buildAny(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
31 origVal := value
32 value = reflect.Indirect(value)
33 if !value.IsValid() {
34 return nil
35 }
36
37 vtype := value.Type()
38
39 t := tag.Get("type")
40 if t == "" {
41 switch vtype.Kind() {
42 case reflect.Struct:
43 // also it can't be a time object
44 if value.Type() != timeType {
45 t = "structure"
46 }
47 case reflect.Slice:
48 // also it can't be a byte slice
49 if _, ok := value.Interface().([]byte); !ok {
50 t = "list"
51 }
52 case reflect.Map:
53 // cannot be a JSONValue map
54 if _, ok := value.Interface().(aws.JSONValue); !ok {
55 t = "map"
56 }
57 }
58 }
59
60 switch t {
61 case "structure":
62 if field, ok := vtype.FieldByName("_"); ok {
63 tag = field.Tag
64 }
65 return buildStruct(value, buf, tag)
66 case "list":
67 return buildList(value, buf, tag)
68 case "map":
69 return buildMap(value, buf, tag)
70 default:
71 return buildScalar(origVal, buf, tag)
72 }
73}
74
75func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
76 if !value.IsValid() {
77 return nil
78 }
79
80 // unwrap payloads
81 if payload := tag.Get("payload"); payload != "" {
82 field, _ := value.Type().FieldByName(payload)
83 tag = field.Tag
84 value = elemOf(value.FieldByName(payload))
85
86 if !value.IsValid() {
87 return nil
88 }
89 }
90
91 buf.WriteByte('{')
92
93 t := value.Type()
94 first := true
95 for i := 0; i < t.NumField(); i++ {
96 member := value.Field(i)
97
98 // This allocates the most memory.
99 // Additionally, we cannot skip nil fields due to
100 // idempotency auto filling.
101 field := t.Field(i)
102
103 if field.PkgPath != "" {
104 continue // ignore unexported fields
105 }
106 if field.Tag.Get("json") == "-" {
107 continue
108 }
109 if field.Tag.Get("location") != "" {
110 continue // ignore non-body elements
111 }
112 if field.Tag.Get("ignore") != "" {
113 continue
114 }
115
116 if protocol.CanSetIdempotencyToken(member, field) {
117 token := protocol.GetIdempotencyToken()
118 member = reflect.ValueOf(&token)
119 }
120
121 if (member.Kind() == reflect.Ptr || member.Kind() == reflect.Slice || member.Kind() == reflect.Map) && member.IsNil() {
122 continue // ignore unset fields
123 }
124
125 if first {
126 first = false
127 } else {
128 buf.WriteByte(',')
129 }
130
131 // figure out what this field is called
132 name := field.Name
133 if locName := field.Tag.Get("locationName"); locName != "" {
134 name = locName
135 }
136
137 writeString(name, buf)
138 buf.WriteString(`:`)
139
140 err := buildAny(member, buf, field.Tag)
141 if err != nil {
142 return err
143 }
144
145 }
146
147 buf.WriteString("}")
148
149 return nil
150}
151
152func buildList(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
153 buf.WriteString("[")
154
155 for i := 0; i < value.Len(); i++ {
156 buildAny(value.Index(i), buf, "")
157
158 if i < value.Len()-1 {
159 buf.WriteString(",")
160 }
161 }
162
163 buf.WriteString("]")
164
165 return nil
166}
167
168type sortedValues []reflect.Value
169
170func (sv sortedValues) Len() int { return len(sv) }
171func (sv sortedValues) Swap(i, j int) { sv[i], sv[j] = sv[j], sv[i] }
172func (sv sortedValues) Less(i, j int) bool { return sv[i].String() < sv[j].String() }
173
174func buildMap(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
175 buf.WriteString("{")
176
177 sv := sortedValues(value.MapKeys())
178 sort.Sort(sv)
179
180 for i, k := range sv {
181 if i > 0 {
182 buf.WriteByte(',')
183 }
184
185 writeString(k.String(), buf)
186 buf.WriteString(`:`)
187
188 buildAny(value.MapIndex(k), buf, "")
189 }
190
191 buf.WriteString("}")
192
193 return nil
194}
195
196func buildScalar(v reflect.Value, buf *bytes.Buffer, tag reflect.StructTag) error {
197 // prevents allocation on the heap.
198 scratch := [64]byte{}
199 switch value := reflect.Indirect(v); value.Kind() {
200 case reflect.String:
201 writeString(value.String(), buf)
202 case reflect.Bool:
203 if value.Bool() {
204 buf.WriteString("true")
205 } else {
206 buf.WriteString("false")
207 }
208 case reflect.Int64:
209 buf.Write(strconv.AppendInt(scratch[:0], value.Int(), 10))
210 case reflect.Float64:
211 f := value.Float()
212 if math.IsInf(f, 0) || math.IsNaN(f) {
213 return &json.UnsupportedValueError{Value: v, Str: strconv.FormatFloat(f, 'f', -1, 64)}
214 }
215 buf.Write(strconv.AppendFloat(scratch[:0], f, 'f', -1, 64))
216 default:
217 switch converted := value.Interface().(type) {
218 case time.Time:
219 format := tag.Get("timestampFormat")
220 if len(format) == 0 {
221 format = protocol.UnixTimeFormatName
222 }
223
224 ts := protocol.FormatTime(format, converted)
225 if format != protocol.UnixTimeFormatName {
226 ts = `"` + ts + `"`
227 }
228
229 buf.WriteString(ts)
230 case []byte:
231 if !value.IsNil() {
232 buf.WriteByte('"')
233 if len(converted) < 1024 {
234 // for small buffers, using Encode directly is much faster.
235 dst := make([]byte, base64.StdEncoding.EncodedLen(len(converted)))
236 base64.StdEncoding.Encode(dst, converted)
237 buf.Write(dst)
238 } else {
239 // for large buffers, avoid unnecessary extra temporary
240 // buffer space.
241 enc := base64.NewEncoder(base64.StdEncoding, buf)
242 enc.Write(converted)
243 enc.Close()
244 }
245 buf.WriteByte('"')
246 }
247 case aws.JSONValue:
248 str, err := protocol.EncodeJSONValue(converted, protocol.QuotedEscape)
249 if err != nil {
250 return fmt.Errorf("unable to encode JSONValue, %v", err)
251 }
252 buf.WriteString(str)
253 default:
254 return fmt.Errorf("unsupported JSON value %v (%s)", value.Interface(), value.Type())
255 }
256 }
257 return nil
258}
259
260var hex = "0123456789abcdef"
261
262func writeString(s string, buf *bytes.Buffer) {
263 buf.WriteByte('"')
264 for i := 0; i < len(s); i++ {
265 if s[i] == '"' {
266 buf.WriteString(`\"`)
267 } else if s[i] == '\\' {
268 buf.WriteString(`\\`)
269 } else if s[i] == '\b' {
270 buf.WriteString(`\b`)
271 } else if s[i] == '\f' {
272 buf.WriteString(`\f`)
273 } else if s[i] == '\r' {
274 buf.WriteString(`\r`)
275 } else if s[i] == '\t' {
276 buf.WriteString(`\t`)
277 } else if s[i] == '\n' {
278 buf.WriteString(`\n`)
279 } else if s[i] < 32 {
280 buf.WriteString("\\u00")
281 buf.WriteByte(hex[s[i]>>4])
282 buf.WriteByte(hex[s[i]&0xF])
283 } else {
284 buf.WriteByte(s[i])
285 }
286 }
287 buf.WriteByte('"')
288}
289
290// Returns the reflection element of a value, if it is a pointer.
291func elemOf(value reflect.Value) reflect.Value {
292 for value.Kind() == reflect.Ptr {
293 value = value.Elem()
294 }
295 return value
296}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
new file mode 100644
index 0000000..ea0da79
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/unmarshal.go
@@ -0,0 +1,250 @@
1package jsonutil
2
3import (
4 "bytes"
5 "encoding/base64"
6 "encoding/json"
7 "fmt"
8 "io"
9 "reflect"
10 "time"
11
12 "github.com/aws/aws-sdk-go/aws"
13 "github.com/aws/aws-sdk-go/aws/awserr"
14 "github.com/aws/aws-sdk-go/private/protocol"
15)
16
17// UnmarshalJSONError unmarshal's the reader's JSON document into the passed in
18// type. The value to unmarshal the json document into must be a pointer to the
19// type.
20func UnmarshalJSONError(v interface{}, stream io.Reader) error {
21 var errBuf bytes.Buffer
22 body := io.TeeReader(stream, &errBuf)
23
24 err := json.NewDecoder(body).Decode(v)
25 if err != nil {
26 msg := "failed decoding error message"
27 if err == io.EOF {
28 msg = "error message missing"
29 err = nil
30 }
31 return awserr.NewUnmarshalError(err, msg, errBuf.Bytes())
32 }
33
34 return nil
35}
36
37// UnmarshalJSON reads a stream and unmarshals the results in object v.
38func UnmarshalJSON(v interface{}, stream io.Reader) error {
39 var out interface{}
40
41 err := json.NewDecoder(stream).Decode(&out)
42 if err == io.EOF {
43 return nil
44 } else if err != nil {
45 return err
46 }
47
48 return unmarshalAny(reflect.ValueOf(v), out, "")
49}
50
51func unmarshalAny(value reflect.Value, data interface{}, tag reflect.StructTag) error {
52 vtype := value.Type()
53 if vtype.Kind() == reflect.Ptr {
54 vtype = vtype.Elem() // check kind of actual element type
55 }
56
57 t := tag.Get("type")
58 if t == "" {
59 switch vtype.Kind() {
60 case reflect.Struct:
61 // also it can't be a time object
62 if _, ok := value.Interface().(*time.Time); !ok {
63 t = "structure"
64 }
65 case reflect.Slice:
66 // also it can't be a byte slice
67 if _, ok := value.Interface().([]byte); !ok {
68 t = "list"
69 }
70 case reflect.Map:
71 // cannot be a JSONValue map
72 if _, ok := value.Interface().(aws.JSONValue); !ok {
73 t = "map"
74 }
75 }
76 }
77
78 switch t {
79 case "structure":
80 if field, ok := vtype.FieldByName("_"); ok {
81 tag = field.Tag
82 }
83 return unmarshalStruct(value, data, tag)
84 case "list":
85 return unmarshalList(value, data, tag)
86 case "map":
87 return unmarshalMap(value, data, tag)
88 default:
89 return unmarshalScalar(value, data, tag)
90 }
91}
92
93func unmarshalStruct(value reflect.Value, data interface{}, tag reflect.StructTag) error {
94 if data == nil {
95 return nil
96 }
97 mapData, ok := data.(map[string]interface{})
98 if !ok {
99 return fmt.Errorf("JSON value is not a structure (%#v)", data)
100 }
101
102 t := value.Type()
103 if value.Kind() == reflect.Ptr {
104 if value.IsNil() { // create the structure if it's nil
105 s := reflect.New(value.Type().Elem())
106 value.Set(s)
107 value = s
108 }
109
110 value = value.Elem()
111 t = t.Elem()
112 }
113
114 // unwrap any payloads
115 if payload := tag.Get("payload"); payload != "" {
116 field, _ := t.FieldByName(payload)
117 return unmarshalAny(value.FieldByName(payload), data, field.Tag)
118 }
119
120 for i := 0; i < t.NumField(); i++ {
121 field := t.Field(i)
122 if field.PkgPath != "" {
123 continue // ignore unexported fields
124 }
125
126 // figure out what this field is called
127 name := field.Name
128 if locName := field.Tag.Get("locationName"); locName != "" {
129 name = locName
130 }
131
132 member := value.FieldByIndex(field.Index)
133 err := unmarshalAny(member, mapData[name], field.Tag)
134 if err != nil {
135 return err
136 }
137 }
138 return nil
139}
140
141func unmarshalList(value reflect.Value, data interface{}, tag reflect.StructTag) error {
142 if data == nil {
143 return nil
144 }
145 listData, ok := data.([]interface{})
146 if !ok {
147 return fmt.Errorf("JSON value is not a list (%#v)", data)
148 }
149
150 if value.IsNil() {
151 l := len(listData)
152 value.Set(reflect.MakeSlice(value.Type(), l, l))
153 }
154
155 for i, c := range listData {
156 err := unmarshalAny(value.Index(i), c, "")
157 if err != nil {
158 return err
159 }
160 }
161
162 return nil
163}
164
165func unmarshalMap(value reflect.Value, data interface{}, tag reflect.StructTag) error {
166 if data == nil {
167 return nil
168 }
169 mapData, ok := data.(map[string]interface{})
170 if !ok {
171 return fmt.Errorf("JSON value is not a map (%#v)", data)
172 }
173
174 if value.IsNil() {
175 value.Set(reflect.MakeMap(value.Type()))
176 }
177
178 for k, v := range mapData {
179 kvalue := reflect.ValueOf(k)
180 vvalue := reflect.New(value.Type().Elem()).Elem()
181
182 unmarshalAny(vvalue, v, "")
183 value.SetMapIndex(kvalue, vvalue)
184 }
185
186 return nil
187}
188
189func unmarshalScalar(value reflect.Value, data interface{}, tag reflect.StructTag) error {
190
191 switch d := data.(type) {
192 case nil:
193 return nil // nothing to do here
194 case string:
195 switch value.Interface().(type) {
196 case *string:
197 value.Set(reflect.ValueOf(&d))
198 case []byte:
199 b, err := base64.StdEncoding.DecodeString(d)
200 if err != nil {
201 return err
202 }
203 value.Set(reflect.ValueOf(b))
204 case *time.Time:
205 format := tag.Get("timestampFormat")
206 if len(format) == 0 {
207 format = protocol.ISO8601TimeFormatName
208 }
209
210 t, err := protocol.ParseTime(format, d)
211 if err != nil {
212 return err
213 }
214 value.Set(reflect.ValueOf(&t))
215 case aws.JSONValue:
216 // No need to use escaping as the value is a non-quoted string.
217 v, err := protocol.DecodeJSONValue(d, protocol.NoEscape)
218 if err != nil {
219 return err
220 }
221 value.Set(reflect.ValueOf(v))
222 default:
223 return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
224 }
225 case float64:
226 switch value.Interface().(type) {
227 case *int64:
228 di := int64(d)
229 value.Set(reflect.ValueOf(&di))
230 case *float64:
231 value.Set(reflect.ValueOf(&d))
232 case *time.Time:
233 // Time unmarshaled from a float64 can only be epoch seconds
234 t := time.Unix(int64(d), 0).UTC()
235 value.Set(reflect.ValueOf(&t))
236 default:
237 return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
238 }
239 case bool:
240 switch value.Interface().(type) {
241 case *bool:
242 value.Set(reflect.ValueOf(&d))
243 default:
244 return fmt.Errorf("unsupported value: %v (%s)", value.Interface(), value.Type())
245 }
246 default:
247 return fmt.Errorf("unsupported JSON value (%v)", data)
248 }
249 return nil
250}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
index 60e5b09..0cb99eb 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/build.go
@@ -21,7 +21,7 @@ func Build(r *request.Request) {
21 "Version": {r.ClientInfo.APIVersion}, 21 "Version": {r.ClientInfo.APIVersion},
22 } 22 }
23 if err := queryutil.Parse(body, r.Params, false); err != nil { 23 if err := queryutil.Parse(body, r.Params, false); err != nil {
24 r.Error = awserr.New("SerializationError", "failed encoding Query request", err) 24 r.Error = awserr.New(request.ErrCodeSerialization, "failed encoding Query request", err)
25 return 25 return
26 } 26 }
27 27
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
index 3495c73..f69c1ef 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal.go
@@ -24,7 +24,7 @@ func Unmarshal(r *request.Request) {
24 err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result") 24 err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result")
25 if err != nil { 25 if err != nil {
26 r.Error = awserr.NewRequestFailure( 26 r.Error = awserr.NewRequestFailure(
27 awserr.New("SerializationError", "failed decoding Query response", err), 27 awserr.New(request.ErrCodeSerialization, "failed decoding Query response", err),
28 r.HTTPResponse.StatusCode, 28 r.HTTPResponse.StatusCode,
29 r.RequestID, 29 r.RequestID,
30 ) 30 )
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
index 46d354e..831b011 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
@@ -2,73 +2,68 @@ package query
2 2
3import ( 3import (
4 "encoding/xml" 4 "encoding/xml"
5 "io/ioutil" 5 "fmt"
6 6
7 "github.com/aws/aws-sdk-go/aws/awserr" 7 "github.com/aws/aws-sdk-go/aws/awserr"
8 "github.com/aws/aws-sdk-go/aws/request" 8 "github.com/aws/aws-sdk-go/aws/request"
9 "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
9) 10)
10 11
12// UnmarshalErrorHandler is a name request handler to unmarshal request errors
13var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError}
14
11type xmlErrorResponse struct { 15type xmlErrorResponse struct {
12 XMLName xml.Name `xml:"ErrorResponse"` 16 Code string `xml:"Error>Code"`
13 Code string `xml:"Error>Code"` 17 Message string `xml:"Error>Message"`
14 Message string `xml:"Error>Message"` 18 RequestID string `xml:"RequestId"`
15 RequestID string `xml:"RequestId"`
16} 19}
17 20
18type xmlServiceUnavailableResponse struct { 21type xmlResponseError struct {
19 XMLName xml.Name `xml:"ServiceUnavailableException"` 22 xmlErrorResponse
20} 23}
21 24
22// UnmarshalErrorHandler is a name request handler to unmarshal request errors 25func (e *xmlResponseError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
23var UnmarshalErrorHandler = request.NamedHandler{Name: "awssdk.query.UnmarshalError", Fn: UnmarshalError} 26 const svcUnavailableTagName = "ServiceUnavailableException"
27 const errorResponseTagName = "ErrorResponse"
28
29 switch start.Name.Local {
30 case svcUnavailableTagName:
31 e.Code = svcUnavailableTagName
32 e.Message = "service is unavailable"
33 return d.Skip()
34
35 case errorResponseTagName:
36 return d.DecodeElement(&e.xmlErrorResponse, &start)
37
38 default:
39 return fmt.Errorf("unknown error response tag, %v", start)
40 }
41}
24 42
25// UnmarshalError unmarshals an error response for an AWS Query service. 43// UnmarshalError unmarshals an error response for an AWS Query service.
26func UnmarshalError(r *request.Request) { 44func UnmarshalError(r *request.Request) {
27 defer r.HTTPResponse.Body.Close() 45 defer r.HTTPResponse.Body.Close()
28 46
29 bodyBytes, err := ioutil.ReadAll(r.HTTPResponse.Body) 47 var respErr xmlResponseError
48 err := xmlutil.UnmarshalXMLError(&respErr, r.HTTPResponse.Body)
30 if err != nil { 49 if err != nil {
31 r.Error = awserr.NewRequestFailure( 50 r.Error = awserr.NewRequestFailure(
32 awserr.New("SerializationError", "failed to read from query HTTP response body", err), 51 awserr.New(request.ErrCodeSerialization,
52 "failed to unmarshal error message", err),
33 r.HTTPResponse.StatusCode, 53 r.HTTPResponse.StatusCode,
34 r.RequestID, 54 r.RequestID,
35 ) 55 )
36 return 56 return
37 } 57 }
38 58
39 // First check for specific error 59 reqID := respErr.RequestID
40 resp := xmlErrorResponse{} 60 if len(reqID) == 0 {
41 decodeErr := xml.Unmarshal(bodyBytes, &resp) 61 reqID = r.RequestID
42 if decodeErr == nil {
43 reqID := resp.RequestID
44 if reqID == "" {
45 reqID = r.RequestID
46 }
47 r.Error = awserr.NewRequestFailure(
48 awserr.New(resp.Code, resp.Message, nil),
49 r.HTTPResponse.StatusCode,
50 reqID,
51 )
52 return
53 }
54
55 // Check for unhandled error
56 servUnavailResp := xmlServiceUnavailableResponse{}
57 unavailErr := xml.Unmarshal(bodyBytes, &servUnavailResp)
58 if unavailErr == nil {
59 r.Error = awserr.NewRequestFailure(
60 awserr.New("ServiceUnavailableException", "service is unavailable", nil),
61 r.HTTPResponse.StatusCode,
62 r.RequestID,
63 )
64 return
65 } 62 }
66 63
67 // Failed to retrieve any error message from the response body
68 r.Error = awserr.NewRequestFailure( 64 r.Error = awserr.NewRequestFailure(
69 awserr.New("SerializationError", 65 awserr.New(respErr.Code, respErr.Message, nil),
70 "failed to decode query XML error response", decodeErr),
71 r.HTTPResponse.StatusCode, 66 r.HTTPResponse.StatusCode,
72 r.RequestID, 67 reqID,
73 ) 68 )
74} 69}
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
index b80f84f..1301b14 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@@ -25,6 +25,8 @@ var noEscape [256]bool
25 25
26var errValueNotSet = fmt.Errorf("value not set") 26var errValueNotSet = fmt.Errorf("value not set")
27 27
28var byteSliceType = reflect.TypeOf([]byte{})
29
28func init() { 30func init() {
29 for i := 0; i < len(noEscape); i++ { 31 for i := 0; i < len(noEscape); i++ {
30 // AWS expects every character except these to be escaped 32 // AWS expects every character except these to be escaped
@@ -94,6 +96,14 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
94 continue 96 continue
95 } 97 }
96 98
99 // Support the ability to customize values to be marshaled as a
100 // blob even though they were modeled as a string. Required for S3
101 // API operations like SSECustomerKey is modeled as stirng but
102 // required to be base64 encoded in request.
103 if field.Tag.Get("marshal-as") == "blob" {
104 m = m.Convert(byteSliceType)
105 }
106
97 var err error 107 var err error
98 switch field.Tag.Get("location") { 108 switch field.Tag.Get("location") {
99 case "headers": // header maps 109 case "headers": // header maps
@@ -137,7 +147,7 @@ func buildBody(r *request.Request, v reflect.Value) {
137 case string: 147 case string:
138 r.SetStringBody(reader) 148 r.SetStringBody(reader)
139 default: 149 default:
140 r.Error = awserr.New("SerializationError", 150 r.Error = awserr.New(request.ErrCodeSerialization,
141 "failed to encode REST request", 151 "failed to encode REST request",
142 fmt.Errorf("unknown payload type %s", payload.Type())) 152 fmt.Errorf("unknown payload type %s", payload.Type()))
143 } 153 }
@@ -152,7 +162,7 @@ func buildHeader(header *http.Header, v reflect.Value, name string, tag reflect.
152 if err == errValueNotSet { 162 if err == errValueNotSet {
153 return nil 163 return nil
154 } else if err != nil { 164 } else if err != nil {
155 return awserr.New("SerializationError", "failed to encode REST request", err) 165 return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
156 } 166 }
157 167
158 name = strings.TrimSpace(name) 168 name = strings.TrimSpace(name)
@@ -170,7 +180,7 @@ func buildHeaderMap(header *http.Header, v reflect.Value, tag reflect.StructTag)
170 if err == errValueNotSet { 180 if err == errValueNotSet {
171 continue 181 continue
172 } else if err != nil { 182 } else if err != nil {
173 return awserr.New("SerializationError", "failed to encode REST request", err) 183 return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
174 184
175 } 185 }
176 keyStr := strings.TrimSpace(key.String()) 186 keyStr := strings.TrimSpace(key.String())
@@ -186,7 +196,7 @@ func buildURI(u *url.URL, v reflect.Value, name string, tag reflect.StructTag) e
186 if err == errValueNotSet { 196 if err == errValueNotSet {
187 return nil 197 return nil
188 } else if err != nil { 198 } else if err != nil {
189 return awserr.New("SerializationError", "failed to encode REST request", err) 199 return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
190 } 200 }
191 201
192 u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1) 202 u.Path = strings.Replace(u.Path, "{"+name+"}", value, -1)
@@ -219,7 +229,7 @@ func buildQueryString(query url.Values, v reflect.Value, name string, tag reflec
219 if err == errValueNotSet { 229 if err == errValueNotSet {
220 return nil 230 return nil
221 } else if err != nil { 231 } else if err != nil {
222 return awserr.New("SerializationError", "failed to encode REST request", err) 232 return awserr.New(request.ErrCodeSerialization, "failed to encode REST request", err)
223 } 233 }
224 query.Set(name, str) 234 query.Set(name, str)
225 } 235 }
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
index 33fd53b..de02136 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
@@ -57,7 +57,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
57 defer r.HTTPResponse.Body.Close() 57 defer r.HTTPResponse.Body.Close()
58 b, err := ioutil.ReadAll(r.HTTPResponse.Body) 58 b, err := ioutil.ReadAll(r.HTTPResponse.Body)
59 if err != nil { 59 if err != nil {
60 r.Error = awserr.New("SerializationError", "failed to decode REST response", err) 60 r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
61 } else { 61 } else {
62 payload.Set(reflect.ValueOf(b)) 62 payload.Set(reflect.ValueOf(b))
63 } 63 }
@@ -65,7 +65,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
65 defer r.HTTPResponse.Body.Close() 65 defer r.HTTPResponse.Body.Close()
66 b, err := ioutil.ReadAll(r.HTTPResponse.Body) 66 b, err := ioutil.ReadAll(r.HTTPResponse.Body)
67 if err != nil { 67 if err != nil {
68 r.Error = awserr.New("SerializationError", "failed to decode REST response", err) 68 r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
69 } else { 69 } else {
70 str := string(b) 70 str := string(b)
71 payload.Set(reflect.ValueOf(&str)) 71 payload.Set(reflect.ValueOf(&str))
@@ -77,7 +77,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
77 case "io.ReadSeeker": 77 case "io.ReadSeeker":
78 b, err := ioutil.ReadAll(r.HTTPResponse.Body) 78 b, err := ioutil.ReadAll(r.HTTPResponse.Body)
79 if err != nil { 79 if err != nil {
80 r.Error = awserr.New("SerializationError", 80 r.Error = awserr.New(request.ErrCodeSerialization,
81 "failed to read response body", err) 81 "failed to read response body", err)
82 return 82 return
83 } 83 }
@@ -85,7 +85,7 @@ func unmarshalBody(r *request.Request, v reflect.Value) {
85 default: 85 default:
86 io.Copy(ioutil.Discard, r.HTTPResponse.Body) 86 io.Copy(ioutil.Discard, r.HTTPResponse.Body)
87 defer r.HTTPResponse.Body.Close() 87 defer r.HTTPResponse.Body.Close()
88 r.Error = awserr.New("SerializationError", 88 r.Error = awserr.New(request.ErrCodeSerialization,
89 "failed to decode REST response", 89 "failed to decode REST response",
90 fmt.Errorf("unknown payload type %s", payload.Type())) 90 fmt.Errorf("unknown payload type %s", payload.Type()))
91 } 91 }
@@ -115,14 +115,14 @@ func unmarshalLocationElements(r *request.Request, v reflect.Value) {
115 case "header": 115 case "header":
116 err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag) 116 err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name), field.Tag)
117 if err != nil { 117 if err != nil {
118 r.Error = awserr.New("SerializationError", "failed to decode REST response", err) 118 r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
119 break 119 break
120 } 120 }
121 case "headers": 121 case "headers":
122 prefix := field.Tag.Get("locationName") 122 prefix := field.Tag.Get("locationName")
123 err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix) 123 err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix)
124 if err != nil { 124 if err != nil {
125 r.Error = awserr.New("SerializationError", "failed to decode REST response", err) 125 r.Error = awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
126 break 126 break
127 } 127 }
128 } 128 }
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
index b0f4e24..cf56964 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/restxml/restxml.go
@@ -37,7 +37,8 @@ func Build(r *request.Request) {
37 err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf)) 37 err := xmlutil.BuildXML(r.Params, xml.NewEncoder(&buf))
38 if err != nil { 38 if err != nil {
39 r.Error = awserr.NewRequestFailure( 39 r.Error = awserr.NewRequestFailure(
40 awserr.New("SerializationError", "failed to encode rest XML request", err), 40 awserr.New(request.ErrCodeSerialization,
41 "failed to encode rest XML request", err),
41 r.HTTPResponse.StatusCode, 42 r.HTTPResponse.StatusCode,
42 r.RequestID, 43 r.RequestID,
43 ) 44 )
@@ -55,7 +56,8 @@ func Unmarshal(r *request.Request) {
55 err := xmlutil.UnmarshalXML(r.Data, decoder, "") 56 err := xmlutil.UnmarshalXML(r.Data, decoder, "")
56 if err != nil { 57 if err != nil {
57 r.Error = awserr.NewRequestFailure( 58 r.Error = awserr.NewRequestFailure(
58 awserr.New("SerializationError", "failed to decode REST XML response", err), 59 awserr.New(request.ErrCodeSerialization,
60 "failed to decode REST XML response", err),
59 r.HTTPResponse.StatusCode, 61 r.HTTPResponse.StatusCode,
60 r.RequestID, 62 r.RequestID,
61 ) 63 )
diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
index ff1ef68..7108d38 100644
--- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
+++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/unmarshal.go
@@ -1,6 +1,7 @@
1package xmlutil 1package xmlutil
2 2
3import ( 3import (
4 "bytes"
4 "encoding/base64" 5 "encoding/base64"
5 "encoding/xml" 6 "encoding/xml"
6 "fmt" 7 "fmt"
@@ -10,9 +11,27 @@ import (
10 "strings" 11 "strings"
11 "time" 12 "time"
12 13
14 "github.com/aws/aws-sdk-go/aws/awserr"
13 "github.com/aws/aws-sdk-go/private/protocol" 15 "github.com/aws/aws-sdk-go/private/protocol"
14) 16)
15 17
18// UnmarshalXMLError unmarshals the XML error from the stream into the value
19// type specified. The value must be a pointer. If the message fails to
20// unmarshal, the message content will be included in the returned error as a
21// awserr.UnmarshalError.
22func UnmarshalXMLError(v interface{}, stream io.Reader) error {
23 var errBuf bytes.Buffer
24 body := io.TeeReader(stream, &errBuf)
25
26 err := xml.NewDecoder(body).Decode(v)
27 if err != nil && err != io.EOF {
28 return awserr.NewUnmarshalError(err,
29 "failed to unmarshal error message", errBuf.Bytes())
30 }
31
32 return nil
33}
34
16// UnmarshalXML deserializes an xml.Decoder into the container v. V 35// UnmarshalXML deserializes an xml.Decoder into the container v. V
17// needs to match the shape of the XML expected to be decoded. 36// needs to match the shape of the XML expected to be decoded.
18// If the shape doesn't match unmarshaling will fail. 37// If the shape doesn't match unmarshaling will fail.
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
index 83a42d2..139c27d 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
@@ -545,6 +545,10 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt
545// Deletes an analytics configuration for the bucket (specified by the analytics 545// Deletes an analytics configuration for the bucket (specified by the analytics
546// configuration ID). 546// configuration ID).
547// 547//
548// To use this operation, you must have permissions to perform the s3:PutAnalyticsConfiguration
549// action. The bucket owner has this permission by default. The bucket owner
550// can grant this permission to others.
551//
548// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 552// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
549// with awserr.Error's Code and Message methods to get detailed information about 553// with awserr.Error's Code and Message methods to get detailed information about
550// the error. 554// the error.
@@ -1071,7 +1075,7 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput)
1071// DeleteBucketReplication API operation for Amazon Simple Storage Service. 1075// DeleteBucketReplication API operation for Amazon Simple Storage Service.
1072// 1076//
1073// Deletes the replication configuration from the bucket. For information about 1077// Deletes the replication configuration from the bucket. For information about
1074// replication configuration, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) 1078// replication configuration, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
1075// in the Amazon S3 Developer Guide. 1079// in the Amazon S3 Developer Guide.
1076// 1080//
1077// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1081// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -3335,8 +3339,8 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration
3335 3339
3336// GetObjectLockConfiguration API operation for Amazon Simple Storage Service. 3340// GetObjectLockConfiguration API operation for Amazon Simple Storage Service.
3337// 3341//
3338// Gets the Object Lock configuration for a bucket. The rule specified in the 3342// Gets the object lock configuration for a bucket. The rule specified in the
3339// Object Lock configuration will be applied by default to every new object 3343// object lock configuration will be applied by default to every new object
3340// placed in the specified bucket. 3344// placed in the specified bucket.
3341// 3345//
3342// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3346// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -4210,7 +4214,7 @@ func (c *S3) ListMultipartUploadsWithContext(ctx aws.Context, input *ListMultipa
4210// // Example iterating over at most 3 pages of a ListMultipartUploads operation. 4214// // Example iterating over at most 3 pages of a ListMultipartUploads operation.
4211// pageNum := 0 4215// pageNum := 0
4212// err := client.ListMultipartUploadsPages(params, 4216// err := client.ListMultipartUploadsPages(params,
4213// func(page *ListMultipartUploadsOutput, lastPage bool) bool { 4217// func(page *s3.ListMultipartUploadsOutput, lastPage bool) bool {
4214// pageNum++ 4218// pageNum++
4215// fmt.Println(page) 4219// fmt.Println(page)
4216// return pageNum <= 3 4220// return pageNum <= 3
@@ -4340,7 +4344,7 @@ func (c *S3) ListObjectVersionsWithContext(ctx aws.Context, input *ListObjectVer
4340// // Example iterating over at most 3 pages of a ListObjectVersions operation. 4344// // Example iterating over at most 3 pages of a ListObjectVersions operation.
4341// pageNum := 0 4345// pageNum := 0
4342// err := client.ListObjectVersionsPages(params, 4346// err := client.ListObjectVersionsPages(params,
4343// func(page *ListObjectVersionsOutput, lastPage bool) bool { 4347// func(page *s3.ListObjectVersionsOutput, lastPage bool) bool {
4344// pageNum++ 4348// pageNum++
4345// fmt.Println(page) 4349// fmt.Println(page)
4346// return pageNum <= 3 4350// return pageNum <= 3
@@ -4477,7 +4481,7 @@ func (c *S3) ListObjectsWithContext(ctx aws.Context, input *ListObjectsInput, op
4477// // Example iterating over at most 3 pages of a ListObjects operation. 4481// // Example iterating over at most 3 pages of a ListObjects operation.
4478// pageNum := 0 4482// pageNum := 0
4479// err := client.ListObjectsPages(params, 4483// err := client.ListObjectsPages(params,
4480// func(page *ListObjectsOutput, lastPage bool) bool { 4484// func(page *s3.ListObjectsOutput, lastPage bool) bool {
4481// pageNum++ 4485// pageNum++
4482// fmt.Println(page) 4486// fmt.Println(page)
4483// return pageNum <= 3 4487// return pageNum <= 3
@@ -4615,7 +4619,7 @@ func (c *S3) ListObjectsV2WithContext(ctx aws.Context, input *ListObjectsV2Input
4615// // Example iterating over at most 3 pages of a ListObjectsV2 operation. 4619// // Example iterating over at most 3 pages of a ListObjectsV2 operation.
4616// pageNum := 0 4620// pageNum := 0
4617// err := client.ListObjectsV2Pages(params, 4621// err := client.ListObjectsV2Pages(params,
4618// func(page *ListObjectsV2Output, lastPage bool) bool { 4622// func(page *s3.ListObjectsV2Output, lastPage bool) bool {
4619// pageNum++ 4623// pageNum++
4620// fmt.Println(page) 4624// fmt.Println(page)
4621// return pageNum <= 3 4625// return pageNum <= 3
@@ -4745,7 +4749,7 @@ func (c *S3) ListPartsWithContext(ctx aws.Context, input *ListPartsInput, opts .
4745// // Example iterating over at most 3 pages of a ListParts operation. 4749// // Example iterating over at most 3 pages of a ListParts operation.
4746// pageNum := 0 4750// pageNum := 0
4747// err := client.ListPartsPages(params, 4751// err := client.ListPartsPages(params,
4748// func(page *ListPartsOutput, lastPage bool) bool { 4752// func(page *s3.ListPartsOutput, lastPage bool) bool {
4749// pageNum++ 4753// pageNum++
4750// fmt.Println(page) 4754// fmt.Println(page)
4751// return pageNum <= 3 4755// return pageNum <= 3
@@ -5754,8 +5758,7 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R
5754 5758
5755// PutBucketPolicy API operation for Amazon Simple Storage Service. 5759// PutBucketPolicy API operation for Amazon Simple Storage Service.
5756// 5760//
5757// Replaces a policy on a bucket. If the bucket already has a policy, the one 5761// Applies an Amazon S3 bucket policy to an Amazon S3 bucket.
5758// in this request completely replaces it.
5759// 5762//
5760// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5763// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
5761// with awserr.Error's Code and Message methods to get detailed information about 5764// with awserr.Error's Code and Message methods to get detailed information about
@@ -5831,7 +5834,7 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req
5831// PutBucketReplication API operation for Amazon Simple Storage Service. 5834// PutBucketReplication API operation for Amazon Simple Storage Service.
5832// 5835//
5833// Creates a replication configuration or replaces an existing one. For more 5836// Creates a replication configuration or replaces an existing one. For more
5834// information, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) 5837// information, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
5835// in the Amazon S3 Developer Guide. 5838// in the Amazon S3 Developer Guide.
5836// 5839//
5837// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5840// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -6439,8 +6442,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration
6439 6442
6440// PutObjectLockConfiguration API operation for Amazon Simple Storage Service. 6443// PutObjectLockConfiguration API operation for Amazon Simple Storage Service.
6441// 6444//
6442// Places an Object Lock configuration on the specified bucket. The rule specified 6445// Places an object lock configuration on the specified bucket. The rule specified
6443// in the Object Lock configuration will be applied by default to every new 6446// in the object lock configuration will be applied by default to every new
6444// object placed in the specified bucket. 6447// object placed in the specified bucket.
6445// 6448//
6446// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6449// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -7010,13 +7013,16 @@ func (c *S3) UploadPartCopyWithContext(ctx aws.Context, input *UploadPartCopyInp
7010 return out, req.Send() 7013 return out, req.Send()
7011} 7014}
7012 7015
7013// Specifies the days since the initiation of an Incomplete Multipart Upload 7016// Specifies the days since the initiation of an incomplete multipart upload
7014// that Lifecycle will wait before permanently removing all parts of the upload. 7017// that Amazon S3 will wait before permanently removing all parts of the upload.
7018// For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
7019// Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
7020// in the Amazon Simple Storage Service Developer Guide.
7015type AbortIncompleteMultipartUpload struct { 7021type AbortIncompleteMultipartUpload struct {
7016 _ struct{} `type:"structure"` 7022 _ struct{} `type:"structure"`
7017 7023
7018 // Indicates the number of days that must pass since initiation for Lifecycle 7024 // Specifies the number of days after which Amazon S3 aborts an incomplete multipart
7019 // to abort an Incomplete Multipart Upload. 7025 // upload.
7020 DaysAfterInitiation *int64 `type:"integer"` 7026 DaysAfterInitiation *int64 `type:"integer"`
7021} 7027}
7022 7028
@@ -7039,9 +7045,13 @@ func (s *AbortIncompleteMultipartUpload) SetDaysAfterInitiation(v int64) *AbortI
7039type AbortMultipartUploadInput struct { 7045type AbortMultipartUploadInput struct {
7040 _ struct{} `type:"structure"` 7046 _ struct{} `type:"structure"`
7041 7047
7048 // Name of the bucket to which the multipart upload was initiated.
7049 //
7042 // Bucket is a required field 7050 // Bucket is a required field
7043 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 7051 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
7044 7052
7053 // Key of the object for which the multipart upload was initiated.
7054 //
7045 // Key is a required field 7055 // Key is a required field
7046 Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` 7056 Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"`
7047 7057
@@ -7051,6 +7061,8 @@ type AbortMultipartUploadInput struct {
7051 // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html 7061 // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
7052 RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` 7062 RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
7053 7063
7064 // Upload ID that identifies the multipart upload.
7065 //
7054 // UploadId is a required field 7066 // UploadId is a required field
7055 UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"` 7067 UploadId *string `location:"querystring" locationName:"uploadId" type:"string" required:"true"`
7056} 7068}
@@ -7145,10 +7157,13 @@ func (s *AbortMultipartUploadOutput) SetRequestCharged(v string) *AbortMultipart
7145 return s 7157 return s
7146} 7158}
7147 7159
7160// Configures the transfer acceleration state for an Amazon S3 bucket. For more
7161// information, see Amazon S3 Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
7162// in the Amazon Simple Storage Service Developer Guide.
7148type AccelerateConfiguration struct { 7163type AccelerateConfiguration struct {
7149 _ struct{} `type:"structure"` 7164 _ struct{} `type:"structure"`
7150 7165
7151 // The accelerate configuration of the bucket. 7166 // Specifies the transfer acceleration status of the bucket.
7152 Status *string `type:"string" enum:"BucketAccelerateStatus"` 7167 Status *string `type:"string" enum:"BucketAccelerateStatus"`
7153} 7168}
7154 7169
@@ -7168,12 +7183,14 @@ func (s *AccelerateConfiguration) SetStatus(v string) *AccelerateConfiguration {
7168 return s 7183 return s
7169} 7184}
7170 7185
7186// Contains the elements that set the ACL permissions for an object per grantee.
7171type AccessControlPolicy struct { 7187type AccessControlPolicy struct {
7172 _ struct{} `type:"structure"` 7188 _ struct{} `type:"structure"`
7173 7189
7174 // A list of grants. 7190 // A list of grants.
7175 Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"` 7191 Grants []*Grant `locationName:"AccessControlList" locationNameList:"Grant" type:"list"`
7176 7192
7193 // Container for the bucket owner's display name and ID.
7177 Owner *Owner `type:"structure"` 7194 Owner *Owner `type:"structure"`
7178} 7195}
7179 7196
@@ -7223,7 +7240,9 @@ func (s *AccessControlPolicy) SetOwner(v *Owner) *AccessControlPolicy {
7223type AccessControlTranslation struct { 7240type AccessControlTranslation struct {
7224 _ struct{} `type:"structure"` 7241 _ struct{} `type:"structure"`
7225 7242
7226 // The override value for the owner of the replica object. 7243 // Specifies the replica ownership. For default and valid values, see PUT bucket
7244 // replication (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
7245 // in the Amazon Simple Storage Service API Reference.
7227 // 7246 //
7228 // Owner is a required field 7247 // Owner is a required field
7229 Owner *string `type:"string" required:"true" enum:"OwnerOverride"` 7248 Owner *string `type:"string" required:"true" enum:"OwnerOverride"`
@@ -7258,10 +7277,14 @@ func (s *AccessControlTranslation) SetOwner(v string) *AccessControlTranslation
7258 return s 7277 return s
7259} 7278}
7260 7279
7280// A conjunction (logical AND) of predicates, which is used in evaluating a
7281// metrics filter. The operator must have at least two predicates in any combination,
7282// and an object must match all of the predicates for the filter to apply.
7261type AnalyticsAndOperator struct { 7283type AnalyticsAndOperator struct {
7262 _ struct{} `type:"structure"` 7284 _ struct{} `type:"structure"`
7263 7285
7264 // The prefix to use when evaluating an AND predicate. 7286 // The prefix to use when evaluating an AND predicate: The prefix that an object
7287 // must have to be included in the metrics results.
7265 Prefix *string `type:"string"` 7288 Prefix *string `type:"string"`
7266 7289
7267 // The list of tags to use when evaluating an AND predicate. 7290 // The list of tags to use when evaluating an AND predicate.
@@ -7310,6 +7333,11 @@ func (s *AnalyticsAndOperator) SetTags(v []*Tag) *AnalyticsAndOperator {
7310 return s 7333 return s
7311} 7334}
7312 7335
7336// Specifies the configuration and any analyses for the analytics filter of
7337// an Amazon S3 bucket.
7338//
7339// For more information, see GET Bucket analytics (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETAnalyticsConfig.html)
7340// in the Amazon Simple Storage Service API Reference.
7313type AnalyticsConfiguration struct { 7341type AnalyticsConfiguration struct {
7314 _ struct{} `type:"structure"` 7342 _ struct{} `type:"structure"`
7315 7343
@@ -7318,13 +7346,13 @@ type AnalyticsConfiguration struct {
7318 // If no filter is provided, all objects will be considered in any analysis. 7346 // If no filter is provided, all objects will be considered in any analysis.
7319 Filter *AnalyticsFilter `type:"structure"` 7347 Filter *AnalyticsFilter `type:"structure"`
7320 7348
7321 // The identifier used to represent an analytics configuration. 7349 // The ID that identifies the analytics configuration.
7322 // 7350 //
7323 // Id is a required field 7351 // Id is a required field
7324 Id *string `type:"string" required:"true"` 7352 Id *string `type:"string" required:"true"`
7325 7353
7326 // If present, it indicates that data related to access patterns will be collected 7354 // Contains data related to access patterns to be collected and made available
7327 // and made available to analyze the tradeoffs between different storage classes. 7355 // to analyze the tradeoffs between different storage classes.
7328 // 7356 //
7329 // StorageClassAnalysis is a required field 7357 // StorageClassAnalysis is a required field
7330 StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"` 7358 StorageClassAnalysis *StorageClassAnalysis `type:"structure" required:"true"`
@@ -7384,6 +7412,7 @@ func (s *AnalyticsConfiguration) SetStorageClassAnalysis(v *StorageClassAnalysis
7384 return s 7412 return s
7385} 7413}
7386 7414
7415// Where to publish the analytics results.
7387type AnalyticsExportDestination struct { 7416type AnalyticsExportDestination struct {
7388 _ struct{} `type:"structure"` 7417 _ struct{} `type:"structure"`
7389 7418
@@ -7492,7 +7521,7 @@ func (s *AnalyticsFilter) SetTag(v *Tag) *AnalyticsFilter {
7492type AnalyticsS3BucketDestination struct { 7521type AnalyticsS3BucketDestination struct {
7493 _ struct{} `type:"structure"` 7522 _ struct{} `type:"structure"`
7494 7523
7495 // The Amazon resource name (ARN) of the bucket to which data is exported. 7524 // The Amazon Resource Name (ARN) of the bucket to which data is exported.
7496 // 7525 //
7497 // Bucket is a required field 7526 // Bucket is a required field
7498 Bucket *string `type:"string" required:"true"` 7527 Bucket *string `type:"string" required:"true"`
@@ -7501,13 +7530,12 @@ type AnalyticsS3BucketDestination struct {
7501 // the owner will not be validated prior to exporting data. 7530 // the owner will not be validated prior to exporting data.
7502 BucketAccountId *string `type:"string"` 7531 BucketAccountId *string `type:"string"`
7503 7532
7504 // The file format used when exporting data to Amazon S3. 7533 // Specifies the file format used when exporting data to Amazon S3.
7505 // 7534 //
7506 // Format is a required field 7535 // Format is a required field
7507 Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"` 7536 Format *string `type:"string" required:"true" enum:"AnalyticsS3ExportFileFormat"`
7508 7537
7509 // The prefix to use when exporting data. The exported data begins with this 7538 // The prefix to use when exporting data. The prefix is prepended to all results.
7510 // prefix.
7511 Prefix *string `type:"string"` 7539 Prefix *string `type:"string"`
7512} 7540}
7513 7541
@@ -7600,9 +7628,14 @@ func (s *Bucket) SetName(v string) *Bucket {
7600 return s 7628 return s
7601} 7629}
7602 7630
7631// Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
7632// For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
7633// in the Amazon Simple Storage Service Developer Guide.
7603type BucketLifecycleConfiguration struct { 7634type BucketLifecycleConfiguration struct {
7604 _ struct{} `type:"structure"` 7635 _ struct{} `type:"structure"`
7605 7636
7637 // A lifecycle rule for individual objects in an Amazon S3 bucket.
7638 //
7606 // Rules is a required field 7639 // Rules is a required field
7607 Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"` 7640 Rules []*LifecycleRule `locationName:"Rule" type:"list" flattened:"true" required:"true"`
7608} 7641}
@@ -7649,9 +7682,10 @@ func (s *BucketLifecycleConfiguration) SetRules(v []*LifecycleRule) *BucketLifec
7649type BucketLoggingStatus struct { 7682type BucketLoggingStatus struct {
7650 _ struct{} `type:"structure"` 7683 _ struct{} `type:"structure"`
7651 7684
7652 // Container for logging information. Presence of this element indicates that 7685 // Describes where logs are stored and the prefix that Amazon S3 assigns to
7653 // logging is enabled. Parameters TargetBucket and TargetPrefix are required 7686 // all log object keys for a bucket. For more information, see PUT Bucket logging
7654 // in this case. 7687 // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
7688 // in the Amazon Simple Storage Service API Reference.
7655 LoggingEnabled *LoggingEnabled `type:"structure"` 7689 LoggingEnabled *LoggingEnabled `type:"structure"`
7656} 7690}
7657 7691
@@ -7686,9 +7720,15 @@ func (s *BucketLoggingStatus) SetLoggingEnabled(v *LoggingEnabled) *BucketLoggin
7686 return s 7720 return s
7687} 7721}
7688 7722
7723// Describes the cross-origin access configuration for objects in an Amazon
7724// S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing
7725// (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
7726// Simple Storage Service Developer Guide.
7689type CORSConfiguration struct { 7727type CORSConfiguration struct {
7690 _ struct{} `type:"structure"` 7728 _ struct{} `type:"structure"`
7691 7729
7730 // A set of allowed origins and methods.
7731 //
7692 // CORSRules is a required field 7732 // CORSRules is a required field
7693 CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"` 7733 CORSRules []*CORSRule `locationName:"CORSRule" type:"list" flattened:"true" required:"true"`
7694} 7734}
@@ -7732,14 +7772,18 @@ func (s *CORSConfiguration) SetCORSRules(v []*CORSRule) *CORSConfiguration {
7732 return s 7772 return s
7733} 7773}
7734 7774
7775// Specifies a cross-origin access rule for an Amazon S3 bucket.
7735type CORSRule struct { 7776type CORSRule struct {
7736 _ struct{} `type:"structure"` 7777 _ struct{} `type:"structure"`
7737 7778
7738 // Specifies which headers are allowed in a pre-flight OPTIONS request. 7779 // Headers that are specified in the Access-Control-Request-Headers header.
7780 // These headers are allowed in a preflight OPTIONS request. In response to
7781 // any preflight OPTIONS request, Amazon S3 returns any requested headers that
7782 // are allowed.
7739 AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"` 7783 AllowedHeaders []*string `locationName:"AllowedHeader" type:"list" flattened:"true"`
7740 7784
7741 // Identifies HTTP methods that the domain/origin specified in the rule is allowed 7785 // An HTTP method that you allow the origin to execute. Valid values are GET,
7742 // to execute. 7786 // PUT, HEAD, POST, and DELETE.
7743 // 7787 //
7744 // AllowedMethods is a required field 7788 // AllowedMethods is a required field
7745 AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"` 7789 AllowedMethods []*string `locationName:"AllowedMethod" type:"list" flattened:"true" required:"true"`
@@ -8290,6 +8334,7 @@ func (s *CompletedPart) SetPartNumber(v int64) *CompletedPart {
8290 return s 8334 return s
8291} 8335}
8292 8336
8337// Specifies a condition that must be met for a redirect to apply.
8293type Condition struct { 8338type Condition struct {
8294 _ struct{} `type:"structure"` 8339 _ struct{} `type:"structure"`
8295 8340
@@ -8409,7 +8454,7 @@ type CopyObjectInput struct {
8409 // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt 8454 // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
8410 // the source object. The encryption key provided in this header must be one 8455 // the source object. The encryption key provided in this header must be one
8411 // that was used when the source object was created. 8456 // that was used when the source object was created.
8412 CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` 8457 CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
8413 8458
8414 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 8459 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
8415 // Amazon S3 uses this header for a message integrity check to ensure the encryption 8460 // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -8444,10 +8489,10 @@ type CopyObjectInput struct {
8444 // Specifies whether you want to apply a Legal Hold to the copied object. 8489 // Specifies whether you want to apply a Legal Hold to the copied object.
8445 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` 8490 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
8446 8491
8447 // The Object Lock mode that you want to apply to the copied object. 8492 // The object lock mode that you want to apply to the copied object.
8448 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` 8493 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
8449 8494
8450 // The date and time when you want the copied object's Object Lock to expire. 8495 // The date and time when you want the copied object's object lock to expire.
8451 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` 8496 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
8452 8497
8453 // Confirms that the requester knows that she or he will be charged for the 8498 // Confirms that the requester knows that she or he will be charged for the
@@ -8464,13 +8509,18 @@ type CopyObjectInput struct {
8464 // does not store the encryption key. The key must be appropriate for use with 8509 // does not store the encryption key. The key must be appropriate for use with
8465 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 8510 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
8466 // header. 8511 // header.
8467 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 8512 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
8468 8513
8469 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 8514 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
8470 // Amazon S3 uses this header for a message integrity check to ensure the encryption 8515 // Amazon S3 uses this header for a message integrity check to ensure the encryption
8471 // key was transmitted without error. 8516 // key was transmitted without error.
8472 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 8517 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
8473 8518
8519 // Specifies the AWS KMS Encryption Context to use for object encryption. The
8520 // value of this header is a base64-encoded UTF-8 string holding JSON with the
8521 // encryption context key-value pairs.
8522 SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
8523
8474 // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT 8524 // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
8475 // requests for an object protected by AWS KMS will fail if not made via SSL 8525 // requests for an object protected by AWS KMS will fail if not made via SSL
8476 // or using SigV4. Documentation on configuring any of the officially supported 8526 // or using SigV4. Documentation on configuring any of the officially supported
@@ -8735,6 +8785,12 @@ func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput {
8735 return s 8785 return s
8736} 8786}
8737 8787
8788// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
8789func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput {
8790 s.SSEKMSEncryptionContext = &v
8791 return s
8792}
8793
8738// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. 8794// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
8739func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput { 8795func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput {
8740 s.SSEKMSKeyId = &v 8796 s.SSEKMSKeyId = &v
@@ -8795,6 +8851,11 @@ type CopyObjectOutput struct {
8795 // verification of the customer-provided encryption key. 8851 // verification of the customer-provided encryption key.
8796 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 8852 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
8797 8853
8854 // If present, specifies the AWS KMS Encryption Context to use for object encryption.
8855 // The value of this header is a base64-encoded UTF-8 string holding JSON with
8856 // the encryption context key-value pairs.
8857 SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
8858
8798 // If present, specifies the ID of the AWS Key Management Service (KMS) master 8859 // If present, specifies the ID of the AWS Key Management Service (KMS) master
8799 // encryption key that was used for the object. 8860 // encryption key that was used for the object.
8800 SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` 8861 SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
@@ -8853,6 +8914,12 @@ func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput {
8853 return s 8914 return s
8854} 8915}
8855 8916
8917// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
8918func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput {
8919 s.SSEKMSEncryptionContext = &v
8920 return s
8921}
8922
8856// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. 8923// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
8857func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput { 8924func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput {
8858 s.SSEKMSKeyId = &v 8925 s.SSEKMSKeyId = &v
@@ -8984,7 +9051,8 @@ type CreateBucketInput struct {
8984 // Allows grantee to write the ACL for the applicable bucket. 9051 // Allows grantee to write the ACL for the applicable bucket.
8985 GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` 9052 GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"`
8986 9053
8987 // Specifies whether you want S3 Object Lock to be enabled for the new bucket. 9054 // Specifies whether you want Amazon S3 object lock to be enabled for the new
9055 // bucket.
8988 ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` 9056 ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"`
8989} 9057}
8990 9058
@@ -9147,10 +9215,10 @@ type CreateMultipartUploadInput struct {
9147 // Specifies whether you want to apply a Legal Hold to the uploaded object. 9215 // Specifies whether you want to apply a Legal Hold to the uploaded object.
9148 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` 9216 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
9149 9217
9150 // Specifies the Object Lock mode that you want to apply to the uploaded object. 9218 // Specifies the object lock mode that you want to apply to the uploaded object.
9151 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` 9219 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
9152 9220
9153 // Specifies the date and time when you want the Object Lock to expire. 9221 // Specifies the date and time when you want the object lock to expire.
9154 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` 9222 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
9155 9223
9156 // Confirms that the requester knows that she or he will be charged for the 9224 // Confirms that the requester knows that she or he will be charged for the
@@ -9167,13 +9235,18 @@ type CreateMultipartUploadInput struct {
9167 // does not store the encryption key. The key must be appropriate for use with 9235 // does not store the encryption key. The key must be appropriate for use with
9168 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 9236 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
9169 // header. 9237 // header.
9170 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 9238 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
9171 9239
9172 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 9240 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
9173 // Amazon S3 uses this header for a message integrity check to ensure the encryption 9241 // Amazon S3 uses this header for a message integrity check to ensure the encryption
9174 // key was transmitted without error. 9242 // key was transmitted without error.
9175 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 9243 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
9176 9244
9245 // Specifies the AWS KMS Encryption Context to use for object encryption. The
9246 // value of this header is a base64-encoded UTF-8 string holding JSON with the
9247 // encryption context key-value pairs.
9248 SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
9249
9177 // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT 9250 // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
9178 // requests for an object protected by AWS KMS will fail if not made via SSL 9251 // requests for an object protected by AWS KMS will fail if not made via SSL
9179 // or using SigV4. Documentation on configuring any of the officially supported 9252 // or using SigV4. Documentation on configuring any of the officially supported
@@ -9368,6 +9441,12 @@ func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMulti
9368 return s 9441 return s
9369} 9442}
9370 9443
9444// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
9445func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput {
9446 s.SSEKMSEncryptionContext = &v
9447 return s
9448}
9449
9371// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. 9450// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
9372func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput { 9451func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput {
9373 s.SSEKMSKeyId = &v 9452 s.SSEKMSKeyId = &v
@@ -9428,6 +9507,11 @@ type CreateMultipartUploadOutput struct {
9428 // verification of the customer-provided encryption key. 9507 // verification of the customer-provided encryption key.
9429 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 9508 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
9430 9509
9510 // If present, specifies the AWS KMS Encryption Context to use for object encryption.
9511 // The value of this header is a base64-encoded UTF-8 string holding JSON with
9512 // the encryption context key-value pairs.
9513 SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
9514
9431 // If present, specifies the ID of the AWS Key Management Service (KMS) master 9515 // If present, specifies the ID of the AWS Key Management Service (KMS) master
9432 // encryption key that was used for the object. 9516 // encryption key that was used for the object.
9433 SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` 9517 SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
@@ -9499,6 +9583,12 @@ func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMult
9499 return s 9583 return s
9500} 9584}
9501 9585
9586// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
9587func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput {
9588 s.SSEKMSEncryptionContext = &v
9589 return s
9590}
9591
9502// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. 9592// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
9503func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput { 9593func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput {
9504 s.SSEKMSKeyId = &v 9594 s.SSEKMSKeyId = &v
@@ -9517,7 +9607,7 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo
9517 return s 9607 return s
9518} 9608}
9519 9609
9520// The container element for specifying the default Object Lock retention settings 9610// The container element for specifying the default object lock retention settings
9521// for new objects placed in the specified bucket. 9611// for new objects placed in the specified bucket.
9522type DefaultRetention struct { 9612type DefaultRetention struct {
9523 _ struct{} `type:"structure"` 9613 _ struct{} `type:"structure"`
@@ -9525,7 +9615,7 @@ type DefaultRetention struct {
9525 // The number of days that you want to specify for the default retention period. 9615 // The number of days that you want to specify for the default retention period.
9526 Days *int64 `type:"integer"` 9616 Days *int64 `type:"integer"`
9527 9617
9528 // The default Object Lock retention mode you want to apply to new objects placed 9618 // The default object lock retention mode you want to apply to new objects placed
9529 // in the specified bucket. 9619 // in the specified bucket.
9530 Mode *string `type:"string" enum:"ObjectLockRetentionMode"` 9620 Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
9531 9621
@@ -9625,7 +9715,7 @@ type DeleteBucketAnalyticsConfigurationInput struct {
9625 // Bucket is a required field 9715 // Bucket is a required field
9626 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 9716 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
9627 9717
9628 // The identifier used to represent an analytics configuration. 9718 // The ID that identifies the analytics configuration.
9629 // 9719 //
9630 // Id is a required field 9720 // Id is a required field
9631 Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` 9721 Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
@@ -10425,7 +10515,7 @@ type DeleteObjectInput struct {
10425 // Bucket is a required field 10515 // Bucket is a required field
10426 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 10516 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
10427 10517
10428 // Indicates whether S3 Object Lock should bypass Governance-mode restrictions 10518 // Indicates whether Amazon S3 object lock should bypass governance-mode restrictions
10429 // to process this operation. 10519 // to process this operation.
10430 BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` 10520 BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
10431 10521
@@ -10665,7 +10755,7 @@ type DeleteObjectsInput struct {
10665 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 10755 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
10666 10756
10667 // Specifies whether you want to delete this object even if it has a Governance-type 10757 // Specifies whether you want to delete this object even if it has a Governance-type
10668 // Object Lock in place. You must have sufficient permissions to perform this 10758 // object lock in place. You must have sufficient permissions to perform this
10669 // operation. 10759 // operation.
10670 BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` 10760 BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"`
10671 10761
@@ -10902,33 +10992,33 @@ func (s *DeletedObject) SetVersionId(v string) *DeletedObject {
10902 return s 10992 return s
10903} 10993}
10904 10994
10905// A container for information about the replication destination. 10995// Specifies information about where to publish analysis or configuration results
10996// for an Amazon S3 bucket.
10906type Destination struct { 10997type Destination struct {
10907 _ struct{} `type:"structure"` 10998 _ struct{} `type:"structure"`
10908 10999
10909 // A container for information about access control for replicas. 11000 // Specify this only in a cross-account scenario (where source and destination
10910 // 11001 // bucket owners are not the same), and you want to change replica ownership
10911 // Use this element only in a cross-account scenario where source and destination 11002 // to the AWS account that owns the destination bucket. If this is not specified
10912 // bucket owners are not the same to change replica ownership to the AWS account 11003 // in the replication configuration, the replicas are owned by same AWS account
10913 // that owns the destination bucket. If you don't add this element to the replication 11004 // that owns the source object.
10914 // configuration, the replicas are owned by same AWS account that owns the source
10915 // object.
10916 AccessControlTranslation *AccessControlTranslation `type:"structure"` 11005 AccessControlTranslation *AccessControlTranslation `type:"structure"`
10917 11006
10918 // The account ID of the destination bucket. Currently, Amazon S3 verifies this 11007 // Destination bucket owner account ID. In a cross-account scenario, if you
10919 // value only if Access Control Translation is enabled. 11008 // direct Amazon S3 to change replica ownership to the AWS account that owns
10920 // 11009 // the destination bucket by specifying the AccessControlTranslation property,
10921 // In a cross-account scenario, if you change replica ownership to the AWS account 11010 // this is the account ID of the destination bucket owner. For more information,
10922 // that owns the destination bucket by adding the AccessControlTranslation element, 11011 // see Cross-Region Replication Additional Configuration: Change Replica Owner
10923 // this is the account ID of the owner of the destination bucket. 11012 // (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-change-owner.html) in
11013 // the Amazon Simple Storage Service Developer Guide.
10924 Account *string `type:"string"` 11014 Account *string `type:"string"`
10925 11015
10926 // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to 11016 // The Amazon Resource Name (ARN) of the bucket where you want Amazon S3 to
10927 // store replicas of the object identified by the rule. 11017 // store replicas of the object identified by the rule.
10928 // 11018 //
10929 // If there are multiple rules in your replication configuration, all rules 11019 // A replication configuration can replicate objects to only one destination
10930 // must specify the same bucket as the destination. A replication configuration 11020 // bucket. If there are multiple rules in your replication configuration, all
10931 // can replicate objects to only one destination bucket. 11021 // rules must specify the same destination bucket.
10932 // 11022 //
10933 // Bucket is a required field 11023 // Bucket is a required field
10934 Bucket *string `type:"string" required:"true"` 11024 Bucket *string `type:"string" required:"true"`
@@ -10937,8 +11027,13 @@ type Destination struct {
10937 // is specified, you must specify this element. 11027 // is specified, you must specify this element.
10938 EncryptionConfiguration *EncryptionConfiguration `type:"structure"` 11028 EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
10939 11029
10940 // The class of storage used to store the object. By default Amazon S3 uses 11030 // The storage class to use when replicating objects, such as standard or reduced
10941 // storage class of the source object when creating a replica. 11031 // redundancy. By default, Amazon S3 uses the storage class of the source object
11032 // to create the object replica.
11033 //
11034 // For valid values, see the StorageClass element of the PUT Bucket replication
11035 // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html)
11036 // action in the Amazon Simple Storage Service API Reference.
10942 StorageClass *string `type:"string" enum:"StorageClass"` 11037 StorageClass *string `type:"string" enum:"StorageClass"`
10943} 11038}
10944 11039
@@ -11068,13 +11163,13 @@ func (s *Encryption) SetKMSKeyId(v string) *Encryption {
11068 return s 11163 return s
11069} 11164}
11070 11165
11071// A container for information about the encryption-based configuration for 11166// Specifies encryption-related information for an Amazon S3 bucket that is
11072// replicas. 11167// a destination for replicated objects.
11073type EncryptionConfiguration struct { 11168type EncryptionConfiguration struct {
11074 _ struct{} `type:"structure"` 11169 _ struct{} `type:"structure"`
11075 11170
11076 // The ID of the AWS KMS key for the AWS Region where the destination bucket 11171 // Specifies the AWS KMS Key ID (Key ARN or Alias ARN) for the destination bucket.
11077 // resides. Amazon S3 uses this key to encrypt the replica object. 11172 // Amazon S3 uses this key to encrypt replica objects.
11078 ReplicaKmsKeyID *string `type:"string"` 11173 ReplicaKmsKeyID *string `type:"string"`
11079} 11174}
11080 11175
@@ -11207,18 +11302,19 @@ func (s *ErrorDocument) SetKey(v string) *ErrorDocument {
11207 return s 11302 return s
11208} 11303}
11209 11304
11210// A container for a key value pair that defines the criteria for the filter 11305// Specifies the Amazon S3 object key name to filter on and whether to filter
11211// rule. 11306// on the suffix or prefix of the key name.
11212type FilterRule struct { 11307type FilterRule struct {
11213 _ struct{} `type:"structure"` 11308 _ struct{} `type:"structure"`
11214 11309
11215 // The object key name prefix or suffix identifying one or more objects to which 11310 // The object key name prefix or suffix identifying one or more objects to which
11216 // the filtering rule applies. The maximum prefix length is 1,024 characters. 11311 // the filtering rule applies. The maximum length is 1,024 characters. Overlapping
11217 // Overlapping prefixes and suffixes are not supported. For more information, 11312 // prefixes and suffixes are not supported. For more information, see Configuring
11218 // see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) 11313 // Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
11219 // in the Amazon Simple Storage Service Developer Guide. 11314 // in the Amazon Simple Storage Service Developer Guide.
11220 Name *string `type:"string" enum:"FilterRuleName"` 11315 Name *string `type:"string" enum:"FilterRuleName"`
11221 11316
11317 // The value that the filter searches for in object key names.
11222 Value *string `type:"string"` 11318 Value *string `type:"string"`
11223} 11319}
11224 11320
@@ -11400,7 +11496,7 @@ type GetBucketAnalyticsConfigurationInput struct {
11400 // Bucket is a required field 11496 // Bucket is a required field
11401 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 11497 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
11402 11498
11403 // The identifier used to represent an analytics configuration. 11499 // The ID that identifies the analytics configuration.
11404 // 11500 //
11405 // Id is a required field 11501 // Id is a required field
11406 Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` 11502 Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
@@ -11597,8 +11693,7 @@ func (s *GetBucketEncryptionInput) getBucket() (v string) {
11597type GetBucketEncryptionOutput struct { 11693type GetBucketEncryptionOutput struct {
11598 _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` 11694 _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"`
11599 11695
11600 // Container for server-side encryption configuration rules. Currently S3 supports 11696 // Specifies the default server-side-encryption configuration.
11601 // one rule only.
11602 ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"` 11697 ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"`
11603} 11698}
11604 11699
@@ -11956,9 +12051,10 @@ func (s *GetBucketLoggingInput) getBucket() (v string) {
11956type GetBucketLoggingOutput struct { 12051type GetBucketLoggingOutput struct {
11957 _ struct{} `type:"structure"` 12052 _ struct{} `type:"structure"`
11958 12053
11959 // Container for logging information. Presence of this element indicates that 12054 // Describes where logs are stored and the prefix that Amazon S3 assigns to
11960 // logging is enabled. Parameters TargetBucket and TargetPrefix are required 12055 // all log object keys for a bucket. For more information, see PUT Bucket logging
11961 // in this case. 12056 // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
12057 // in the Amazon Simple Storage Service API Reference.
11962 LoggingEnabled *LoggingEnabled `type:"structure"` 12058 LoggingEnabled *LoggingEnabled `type:"structure"`
11963} 12059}
11964 12060
@@ -12592,6 +12688,8 @@ type GetBucketWebsiteOutput struct {
12592 12688
12593 IndexDocument *IndexDocument `type:"structure"` 12689 IndexDocument *IndexDocument `type:"structure"`
12594 12690
12691 // Specifies the redirect behavior of all requests to a website endpoint of
12692 // an Amazon S3 bucket.
12595 RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` 12693 RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
12596 12694
12597 RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` 12695 RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
@@ -12820,7 +12918,7 @@ type GetObjectInput struct {
12820 // does not store the encryption key. The key must be appropriate for use with 12918 // does not store the encryption key. The key must be appropriate for use with
12821 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 12919 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
12822 // header. 12920 // header.
12823 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 12921 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
12824 12922
12825 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 12923 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
12826 // Amazon S3 uses this header for a message integrity check to ensure the encryption 12924 // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -13103,7 +13201,7 @@ func (s *GetObjectLegalHoldOutput) SetLegalHold(v *ObjectLockLegalHold) *GetObje
13103type GetObjectLockConfigurationInput struct { 13201type GetObjectLockConfigurationInput struct {
13104 _ struct{} `type:"structure"` 13202 _ struct{} `type:"structure"`
13105 13203
13106 // The bucket whose Object Lock configuration you want to retrieve. 13204 // The bucket whose object lock configuration you want to retrieve.
13107 // 13205 //
13108 // Bucket is a required field 13206 // Bucket is a required field
13109 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 13207 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
@@ -13151,7 +13249,7 @@ func (s *GetObjectLockConfigurationInput) getBucket() (v string) {
13151type GetObjectLockConfigurationOutput struct { 13249type GetObjectLockConfigurationOutput struct {
13152 _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` 13250 _ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
13153 13251
13154 // The specified bucket's Object Lock configuration. 13252 // The specified bucket's object lock configuration.
13155 ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"` 13253 ObjectLockConfiguration *ObjectLockConfiguration `type:"structure"`
13156} 13254}
13157 13255
@@ -13235,10 +13333,10 @@ type GetObjectOutput struct {
13235 // returned if you have permission to view an object's legal hold status. 13333 // returned if you have permission to view an object's legal hold status.
13236 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` 13334 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
13237 13335
13238 // The Object Lock mode currently in place for this object. 13336 // The object lock mode currently in place for this object.
13239 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` 13337 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
13240 13338
13241 // The date and time when this object's Object Lock will expire. 13339 // The date and time when this object's object lock will expire.
13242 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` 13340 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
13243 13341
13244 // The count of parts this object has. 13342 // The count of parts this object has.
@@ -14136,7 +14234,7 @@ type HeadObjectInput struct {
14136 // does not store the encryption key. The key must be appropriate for use with 14234 // does not store the encryption key. The key must be appropriate for use with
14137 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 14235 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
14138 // header. 14236 // header.
14139 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 14237 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
14140 14238
14141 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 14239 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
14142 // Amazon S3 uses this header for a message integrity check to ensure the encryption 14240 // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -14328,10 +14426,10 @@ type HeadObjectOutput struct {
14328 // The Legal Hold status for the specified object. 14426 // The Legal Hold status for the specified object.
14329 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` 14427 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
14330 14428
14331 // The Object Lock mode currently in place for this object. 14429 // The object lock mode currently in place for this object.
14332 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` 14430 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
14333 14431
14334 // The date and time when this object's Object Lock will expire. 14432 // The date and time when this object's object lock expires.
14335 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` 14433 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
14336 14434
14337 // The count of parts this object has. 14435 // The count of parts this object has.
@@ -14680,6 +14778,9 @@ func (s *InputSerialization) SetParquet(v *ParquetInput) *InputSerialization {
14680 return s 14778 return s
14681} 14779}
14682 14780
14781// Specifies the inventory configuration for an Amazon S3 bucket. For more information,
14782// see GET Bucket inventory (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html)
14783// in the Amazon Simple Storage Service API Reference.
14683type InventoryConfiguration struct { 14784type InventoryConfiguration struct {
14684 _ struct{} `type:"structure"` 14785 _ struct{} `type:"structure"`
14685 14786
@@ -14697,12 +14798,16 @@ type InventoryConfiguration struct {
14697 // Id is a required field 14798 // Id is a required field
14698 Id *string `type:"string" required:"true"` 14799 Id *string `type:"string" required:"true"`
14699 14800
14700 // Specifies which object version(s) to included in the inventory results. 14801 // Object versions to include in the inventory list. If set to All, the list
14802 // includes all the object versions, which adds the version-related fields VersionId,
14803 // IsLatest, and DeleteMarker to the list. If set to Current, the list does
14804 // not contain these version-related fields.
14701 // 14805 //
14702 // IncludedObjectVersions is a required field 14806 // IncludedObjectVersions is a required field
14703 IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"` 14807 IncludedObjectVersions *string `type:"string" required:"true" enum:"InventoryIncludedObjectVersions"`
14704 14808
14705 // Specifies whether the inventory is enabled or disabled. 14809 // Specifies whether the inventory is enabled or disabled. If set to True, an
14810 // inventory list is generated. If set to False, no inventory list is generated.
14706 // 14811 //
14707 // IsEnabled is a required field 14812 // IsEnabled is a required field
14708 IsEnabled *bool `type:"boolean" required:"true"` 14813 IsEnabled *bool `type:"boolean" required:"true"`
@@ -15145,11 +15250,15 @@ func (s *KeyFilter) SetFilterRules(v []*FilterRule) *KeyFilter {
15145type LambdaFunctionConfiguration struct { 15250type LambdaFunctionConfiguration struct {
15146 _ struct{} `type:"structure"` 15251 _ struct{} `type:"structure"`
15147 15252
15253 // The Amazon S3 bucket event for which to invoke the AWS Lambda function. For
15254 // more information, see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
15255 // in the Amazon Simple Storage Service Developer Guide.
15256 //
15148 // Events is a required field 15257 // Events is a required field
15149 Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` 15258 Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
15150 15259
15151 // A container for object key name filtering rules. For information about key 15260 // Specifies object key name filtering rules. For information about key name
15152 // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) 15261 // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
15153 // in the Amazon Simple Storage Service Developer Guide. 15262 // in the Amazon Simple Storage Service Developer Guide.
15154 Filter *NotificationConfigurationFilter `type:"structure"` 15263 Filter *NotificationConfigurationFilter `type:"structure"`
15155 15264
@@ -15157,8 +15266,8 @@ type LambdaFunctionConfiguration struct {
15157 // If you don't provide one, Amazon S3 will assign an ID. 15266 // If you don't provide one, Amazon S3 will assign an ID.
15158 Id *string `type:"string"` 15267 Id *string `type:"string"`
15159 15268
15160 // The Amazon Resource Name (ARN) of the Lambda cloud function that Amazon S3 15269 // The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon S3
15161 // can invoke when it detects events of the specified type. 15270 // invokes when the specified event type occurs.
15162 // 15271 //
15163 // LambdaFunctionArn is a required field 15272 // LambdaFunctionArn is a required field
15164 LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"` 15273 LambdaFunctionArn *string `locationName:"CloudFunction" type:"string" required:"true"`
@@ -15309,8 +15418,11 @@ func (s *LifecycleExpiration) SetExpiredObjectDeleteMarker(v bool) *LifecycleExp
15309type LifecycleRule struct { 15418type LifecycleRule struct {
15310 _ struct{} `type:"structure"` 15419 _ struct{} `type:"structure"`
15311 15420
15312 // Specifies the days since the initiation of an Incomplete Multipart Upload 15421 // Specifies the days since the initiation of an incomplete multipart upload
15313 // that Lifecycle will wait before permanently removing all parts of the upload. 15422 // that Amazon S3 will wait before permanently removing all parts of the upload.
15423 // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
15424 // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
15425 // in the Amazon Simple Storage Service Developer Guide.
15314 AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` 15426 AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
15315 15427
15316 Expiration *LifecycleExpiration `type:"structure"` 15428 Expiration *LifecycleExpiration `type:"structure"`
@@ -17267,9 +17379,10 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location {
17267 return s 17379 return s
17268} 17380}
17269 17381
17270// Container for logging information. Presence of this element indicates that 17382// Describes where logs are stored and the prefix that Amazon S3 assigns to
17271// logging is enabled. Parameters TargetBucket and TargetPrefix are required 17383// all log object keys for a bucket. For more information, see PUT Bucket logging
17272// in this case. 17384// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html)
17385// in the Amazon Simple Storage Service API Reference.
17273type LoggingEnabled struct { 17386type LoggingEnabled struct {
17274 _ struct{} `type:"structure"` 17387 _ struct{} `type:"structure"`
17275 17388
@@ -17285,8 +17398,9 @@ type LoggingEnabled struct {
17285 17398
17286 TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` 17399 TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"`
17287 17400
17288 // This element lets you specify a prefix for the keys that the log files will 17401 // A prefix for all log object keys. If you store log files from multiple Amazon
17289 // be stored under. 17402 // S3 buckets in a single bucket, you can use a prefix to distinguish which
17403 // log files came from which bucket.
17290 // 17404 //
17291 // TargetPrefix is a required field 17405 // TargetPrefix is a required field
17292 TargetPrefix *string `type:"string" required:"true"` 17406 TargetPrefix *string `type:"string" required:"true"`
@@ -17429,6 +17543,13 @@ func (s *MetricsAndOperator) SetTags(v []*Tag) *MetricsAndOperator {
17429 return s 17543 return s
17430} 17544}
17431 17545
17546// Specifies a metrics configuration for the CloudWatch request metrics (specified
17547// by the metrics configuration ID) from an Amazon S3 bucket. If you're updating
17548// an existing metrics configuration, note that this is a full replacement of
17549// the existing metrics configuration. If you don't include the elements you
17550// want to keep, they are erased. For more information, see PUT Bucket metrics
17551// (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html)
17552// in the Amazon Simple Storage Service API Reference.
17432type MetricsConfiguration struct { 17553type MetricsConfiguration struct {
17433 _ struct{} `type:"structure"` 17554 _ struct{} `type:"structure"`
17434 17555
@@ -17624,7 +17745,7 @@ type NoncurrentVersionExpiration struct {
17624 // Specifies the number of days an object is noncurrent before Amazon S3 can 17745 // Specifies the number of days an object is noncurrent before Amazon S3 can
17625 // perform the associated action. For information about the noncurrent days 17746 // perform the associated action. For information about the noncurrent days
17626 // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent 17747 // calculations, see How Amazon S3 Calculates When an Object Became Noncurrent
17627 // (https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html) 17748 // (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations)
17628 // in the Amazon Simple Storage Service Developer Guide. 17749 // in the Amazon Simple Storage Service Developer Guide.
17629 NoncurrentDays *int64 `type:"integer"` 17750 NoncurrentDays *int64 `type:"integer"`
17630} 17751}
@@ -17646,11 +17767,11 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers
17646} 17767}
17647 17768
17648// Container for the transition rule that describes when noncurrent objects 17769// Container for the transition rule that describes when noncurrent objects
17649// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or 17770// transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER,
17650// DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning 17771// or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning
17651// is suspended), you can set this action to request that Amazon S3 transition 17772// is suspended), you can set this action to request that Amazon S3 transition
17652// noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, 17773// noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
17653// GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's 17774// GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's
17654// lifetime. 17775// lifetime.
17655type NoncurrentVersionTransition struct { 17776type NoncurrentVersionTransition struct {
17656 _ struct{} `type:"structure"` 17777 _ struct{} `type:"structure"`
@@ -17693,10 +17814,16 @@ func (s *NoncurrentVersionTransition) SetStorageClass(v string) *NoncurrentVersi
17693type NotificationConfiguration struct { 17814type NotificationConfiguration struct {
17694 _ struct{} `type:"structure"` 17815 _ struct{} `type:"structure"`
17695 17816
17817 // Describes the AWS Lambda functions to invoke and the events for which to
17818 // invoke them.
17696 LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"` 17819 LambdaFunctionConfigurations []*LambdaFunctionConfiguration `locationName:"CloudFunctionConfiguration" type:"list" flattened:"true"`
17697 17820
17821 // The Amazon Simple Queue Service queues to publish messages to and the events
17822 // for which to publish messages.
17698 QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"` 17823 QueueConfigurations []*QueueConfiguration `locationName:"QueueConfiguration" type:"list" flattened:"true"`
17699 17824
17825 // The topic to which notifications are sent and the events for which notifications
17826 // are generated.
17700 TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"` 17827 TopicConfigurations []*TopicConfiguration `locationName:"TopicConfiguration" type:"list" flattened:"true"`
17701} 17828}
17702 17829
@@ -17806,8 +17933,8 @@ func (s *NotificationConfigurationDeprecated) SetTopicConfiguration(v *TopicConf
17806 return s 17933 return s
17807} 17934}
17808 17935
17809// A container for object key name filtering rules. For information about key 17936// Specifies object key name filtering rules. For information about key name
17810// name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) 17937// filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
17811// in the Amazon Simple Storage Service Developer Guide. 17938// in the Amazon Simple Storage Service Developer Guide.
17812type NotificationConfigurationFilter struct { 17939type NotificationConfigurationFilter struct {
17813 _ struct{} `type:"structure"` 17940 _ struct{} `type:"structure"`
@@ -17945,14 +18072,14 @@ func (s *ObjectIdentifier) SetVersionId(v string) *ObjectIdentifier {
17945 return s 18072 return s
17946} 18073}
17947 18074
17948// The container element for Object Lock configuration parameters. 18075// The container element for object lock configuration parameters.
17949type ObjectLockConfiguration struct { 18076type ObjectLockConfiguration struct {
17950 _ struct{} `type:"structure"` 18077 _ struct{} `type:"structure"`
17951 18078
17952 // Indicates whether this bucket has an Object Lock configuration enabled. 18079 // Indicates whether this bucket has an object lock configuration enabled.
17953 ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"` 18080 ObjectLockEnabled *string `type:"string" enum:"ObjectLockEnabled"`
17954 18081
17955 // The Object Lock rule in place for the specified object. 18082 // The object lock rule in place for the specified object.
17956 Rule *ObjectLockRule `type:"structure"` 18083 Rule *ObjectLockRule `type:"structure"`
17957} 18084}
17958 18085
@@ -18009,7 +18136,7 @@ type ObjectLockRetention struct {
18009 // Indicates the Retention mode for the specified object. 18136 // Indicates the Retention mode for the specified object.
18010 Mode *string `type:"string" enum:"ObjectLockRetentionMode"` 18137 Mode *string `type:"string" enum:"ObjectLockRetentionMode"`
18011 18138
18012 // The date on which this Object Lock Retention will expire. 18139 // The date on which this object lock retention expires.
18013 RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"` 18140 RetainUntilDate *time.Time `type:"timestamp" timestampFormat:"iso8601"`
18014} 18141}
18015 18142
@@ -18035,7 +18162,7 @@ func (s *ObjectLockRetention) SetRetainUntilDate(v time.Time) *ObjectLockRetenti
18035 return s 18162 return s
18036} 18163}
18037 18164
18038// The container element for an Object Lock rule. 18165// The container element for an object lock rule.
18039type ObjectLockRule struct { 18166type ObjectLockRule struct {
18040 _ struct{} `type:"structure"` 18167 _ struct{} `type:"structure"`
18041 18168
@@ -18418,6 +18545,7 @@ func (s *ProgressEvent) UnmarshalEvent(
18418 return nil 18545 return nil
18419} 18546}
18420 18547
18548// Specifies the Block Public Access configuration for an Amazon S3 bucket.
18421type PublicAccessBlockConfiguration struct { 18549type PublicAccessBlockConfiguration struct {
18422 _ struct{} `type:"structure"` 18550 _ struct{} `type:"structure"`
18423 18551
@@ -18575,6 +18703,7 @@ type PutBucketAclInput struct {
18575 // The canned ACL to apply to the bucket. 18703 // The canned ACL to apply to the bucket.
18576 ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` 18704 ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"`
18577 18705
18706 // Contains the elements that set the ACL permissions for an object per grantee.
18578 AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 18707 AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
18579 18708
18580 // Bucket is a required field 18709 // Bucket is a required field
@@ -18710,7 +18839,7 @@ type PutBucketAnalyticsConfigurationInput struct {
18710 // Bucket is a required field 18839 // Bucket is a required field
18711 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 18840 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
18712 18841
18713 // The identifier used to represent an analytics configuration. 18842 // The ID that identifies the analytics configuration.
18714 // 18843 //
18715 // Id is a required field 18844 // Id is a required field
18716 Id *string `location:"querystring" locationName:"id" type:"string" required:"true"` 18845 Id *string `location:"querystring" locationName:"id" type:"string" required:"true"`
@@ -18798,6 +18927,11 @@ type PutBucketCorsInput struct {
18798 // Bucket is a required field 18927 // Bucket is a required field
18799 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 18928 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
18800 18929
18930 // Describes the cross-origin access configuration for objects in an Amazon
18931 // S3 bucket. For more information, see Enabling Cross-Origin Resource Sharing
18932 // (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the Amazon
18933 // Simple Storage Service Developer Guide.
18934 //
18801 // CORSConfiguration is a required field 18935 // CORSConfiguration is a required field
18802 CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 18936 CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
18803} 18937}
@@ -18872,14 +19006,16 @@ func (s PutBucketCorsOutput) GoString() string {
18872type PutBucketEncryptionInput struct { 19006type PutBucketEncryptionInput struct {
18873 _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"` 19007 _ struct{} `type:"structure" payload:"ServerSideEncryptionConfiguration"`
18874 19008
18875 // The name of the bucket for which the server-side encryption configuration 19009 // Specifies default encryption for a bucket using server-side encryption with
18876 // is set. 19010 // Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). For information
19011 // about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket
19012 // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html)
19013 // in the Amazon Simple Storage Service Developer Guide.
18877 // 19014 //
18878 // Bucket is a required field 19015 // Bucket is a required field
18879 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 19016 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
18880 19017
18881 // Container for server-side encryption configuration rules. Currently S3 supports 19018 // Specifies the default server-side-encryption configuration.
18882 // one rule only.
18883 // 19019 //
18884 // ServerSideEncryptionConfiguration is a required field 19020 // ServerSideEncryptionConfiguration is a required field
18885 ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 19021 ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `locationName:"ServerSideEncryptionConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
@@ -19053,6 +19189,9 @@ type PutBucketLifecycleConfigurationInput struct {
19053 // Bucket is a required field 19189 // Bucket is a required field
19054 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 19190 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
19055 19191
19192 // Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
19193 // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
19194 // in the Amazon Simple Storage Service Developer Guide.
19056 LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 19195 LifecycleConfiguration *BucketLifecycleConfiguration `locationName:"LifecycleConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
19057} 19196}
19058 19197
@@ -19612,6 +19751,9 @@ type PutBucketReplicationInput struct {
19612 // 19751 //
19613 // ReplicationConfiguration is a required field 19752 // ReplicationConfiguration is a required field
19614 ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 19753 ReplicationConfiguration *ReplicationConfiguration `locationName:"ReplicationConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
19754
19755 // A token that allows Amazon S3 object lock to be enabled for an existing bucket.
19756 Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
19615} 19757}
19616 19758
19617// String returns the string representation 19759// String returns the string representation
@@ -19667,6 +19809,12 @@ func (s *PutBucketReplicationInput) SetReplicationConfiguration(v *ReplicationCo
19667 return s 19809 return s
19668} 19810}
19669 19811
19812// SetToken sets the Token field's value.
19813func (s *PutBucketReplicationInput) SetToken(v string) *PutBucketReplicationInput {
19814 s.Token = &v
19815 return s
19816}
19817
19670type PutBucketReplicationOutput struct { 19818type PutBucketReplicationOutput struct {
19671 _ struct{} `type:"structure"` 19819 _ struct{} `type:"structure"`
19672} 19820}
@@ -19845,6 +19993,10 @@ type PutBucketVersioningInput struct {
19845 // and the value that is displayed on your authentication device. 19993 // and the value that is displayed on your authentication device.
19846 MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` 19994 MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"`
19847 19995
19996 // Describes the versioning state of an Amazon S3 bucket. For more information,
19997 // see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
19998 // in the Amazon Simple Storage Service API Reference.
19999 //
19848 // VersioningConfiguration is a required field 20000 // VersioningConfiguration is a required field
19849 VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 20001 VersioningConfiguration *VersioningConfiguration `locationName:"VersioningConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
19850} 20002}
@@ -19923,6 +20075,8 @@ type PutBucketWebsiteInput struct {
19923 // Bucket is a required field 20075 // Bucket is a required field
19924 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 20076 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
19925 20077
20078 // Specifies website configuration parameters for an Amazon S3 bucket.
20079 //
19926 // WebsiteConfiguration is a required field 20080 // WebsiteConfiguration is a required field
19927 WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 20081 WebsiteConfiguration *WebsiteConfiguration `locationName:"WebsiteConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
19928} 20082}
@@ -20000,6 +20154,7 @@ type PutObjectAclInput struct {
20000 // The canned ACL to apply to the object. 20154 // The canned ACL to apply to the object.
20001 ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` 20155 ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"`
20002 20156
20157 // Contains the elements that set the ACL permissions for an object per grantee.
20003 AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 20158 AccessControlPolicy *AccessControlPolicy `locationName:"AccessControlPolicy" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
20004 20159
20005 // Bucket is a required field 20160 // Bucket is a required field
@@ -20201,7 +20356,8 @@ type PutObjectInput struct {
20201 ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` 20356 ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
20202 20357
20203 // The base64-encoded 128-bit MD5 digest of the part data. This parameter is 20358 // The base64-encoded 128-bit MD5 digest of the part data. This parameter is
20204 // auto-populated when using the command from the CLI 20359 // auto-populated when using the command from the CLI. This parameted is required
20360 // if object lock parameters are specified.
20205 ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` 20361 ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
20206 20362
20207 // A standard MIME type describing the format of the object data. 20363 // A standard MIME type describing the format of the object data.
@@ -20233,10 +20389,10 @@ type PutObjectInput struct {
20233 // The Legal Hold status that you want to apply to the specified object. 20389 // The Legal Hold status that you want to apply to the specified object.
20234 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` 20390 ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
20235 20391
20236 // The Object Lock mode that you want to apply to this object. 20392 // The object lock mode that you want to apply to this object.
20237 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` 20393 ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
20238 20394
20239 // The date and time when you want this object's Object Lock to expire. 20395 // The date and time when you want this object's object lock to expire.
20240 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` 20396 ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
20241 20397
20242 // Confirms that the requester knows that she or he will be charged for the 20398 // Confirms that the requester knows that she or he will be charged for the
@@ -20253,13 +20409,18 @@ type PutObjectInput struct {
20253 // does not store the encryption key. The key must be appropriate for use with 20409 // does not store the encryption key. The key must be appropriate for use with
20254 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 20410 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
20255 // header. 20411 // header.
20256 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 20412 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
20257 20413
20258 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 20414 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
20259 // Amazon S3 uses this header for a message integrity check to ensure the encryption 20415 // Amazon S3 uses this header for a message integrity check to ensure the encryption
20260 // key was transmitted without error. 20416 // key was transmitted without error.
20261 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 20417 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
20262 20418
20419 // Specifies the AWS KMS Encryption Context to use for object encryption. The
20420 // value of this header is a base64-encoded UTF-8 string holding JSON with the
20421 // encryption context key-value pairs.
20422 SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
20423
20263 // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT 20424 // Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
20264 // requests for an object protected by AWS KMS will fail if not made via SSL 20425 // requests for an object protected by AWS KMS will fail if not made via SSL
20265 // or using SigV4. Documentation on configuring any of the officially supported 20426 // or using SigV4. Documentation on configuring any of the officially supported
@@ -20473,6 +20634,12 @@ func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput {
20473 return s 20634 return s
20474} 20635}
20475 20636
20637// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
20638func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput {
20639 s.SSEKMSEncryptionContext = &v
20640 return s
20641}
20642
20476// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. 20643// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
20477func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput { 20644func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput {
20478 s.SSEKMSKeyId = &v 20645 s.SSEKMSKeyId = &v
@@ -20626,12 +20793,12 @@ func (s *PutObjectLegalHoldOutput) SetRequestCharged(v string) *PutObjectLegalHo
20626type PutObjectLockConfigurationInput struct { 20793type PutObjectLockConfigurationInput struct {
20627 _ struct{} `type:"structure" payload:"ObjectLockConfiguration"` 20794 _ struct{} `type:"structure" payload:"ObjectLockConfiguration"`
20628 20795
20629 // The bucket whose Object Lock configuration you want to create or replace. 20796 // The bucket whose object lock configuration you want to create or replace.
20630 // 20797 //
20631 // Bucket is a required field 20798 // Bucket is a required field
20632 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` 20799 Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"`
20633 20800
20634 // The Object Lock configuration that you want to apply to the specified bucket. 20801 // The object lock configuration that you want to apply to the specified bucket.
20635 ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` 20802 ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"`
20636 20803
20637 // Confirms that the requester knows that she or he will be charged for the 20804 // Confirms that the requester knows that she or he will be charged for the
@@ -20640,7 +20807,7 @@ type PutObjectLockConfigurationInput struct {
20640 // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html 20807 // at http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
20641 RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` 20808 RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"`
20642 20809
20643 // A token to allow Object Lock to be enabled for an existing bucket. 20810 // A token to allow Amazon S3 object lock to be enabled for an existing bucket.
20644 Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"` 20811 Token *string `location:"header" locationName:"x-amz-bucket-object-lock-token" type:"string"`
20645} 20812}
20646 20813
@@ -20749,6 +20916,11 @@ type PutObjectOutput struct {
20749 // verification of the customer-provided encryption key. 20916 // verification of the customer-provided encryption key.
20750 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 20917 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
20751 20918
20919 // If present, specifies the AWS KMS Encryption Context to use for object encryption.
20920 // The value of this header is a base64-encoded UTF-8 string holding JSON with
20921 // the encryption context key-value pairs.
20922 SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
20923
20752 // If present, specifies the ID of the AWS Key Management Service (KMS) master 20924 // If present, specifies the ID of the AWS Key Management Service (KMS) master
20753 // encryption key that was used for the object. 20925 // encryption key that was used for the object.
20754 SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` 20926 SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
@@ -20801,6 +20973,12 @@ func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput {
20801 return s 20973 return s
20802} 20974}
20803 20975
20976// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
20977func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput {
20978 s.SSEKMSEncryptionContext = &v
20979 return s
20980}
20981
20804// SetSSEKMSKeyId sets the SSEKMSKeyId field's value. 20982// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
20805func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput { 20983func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput {
20806 s.SSEKMSKeyId = &v 20984 s.SSEKMSKeyId = &v
@@ -21139,17 +21317,16 @@ func (s PutPublicAccessBlockOutput) GoString() string {
21139 return s.String() 21317 return s.String()
21140} 21318}
21141 21319
21142// A container for specifying the configuration for publication of messages 21320// Specifies the configuration for publishing messages to an Amazon Simple Queue
21143// to an Amazon Simple Queue Service (Amazon SQS) queue.when Amazon S3 detects 21321// Service (Amazon SQS) queue when Amazon S3 detects specified events.
21144// specified events.
21145type QueueConfiguration struct { 21322type QueueConfiguration struct {
21146 _ struct{} `type:"structure"` 21323 _ struct{} `type:"structure"`
21147 21324
21148 // Events is a required field 21325 // Events is a required field
21149 Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` 21326 Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
21150 21327
21151 // A container for object key name filtering rules. For information about key 21328 // Specifies object key name filtering rules. For information about key name
21152 // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) 21329 // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
21153 // in the Amazon Simple Storage Service Developer Guide. 21330 // in the Amazon Simple Storage Service Developer Guide.
21154 Filter *NotificationConfigurationFilter `type:"structure"` 21331 Filter *NotificationConfigurationFilter `type:"structure"`
21155 21332
@@ -21158,7 +21335,7 @@ type QueueConfiguration struct {
21158 Id *string `type:"string"` 21335 Id *string `type:"string"`
21159 21336
21160 // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3 21337 // The Amazon Resource Name (ARN) of the Amazon SQS queue to which Amazon S3
21161 // will publish a message when it detects events of the specified type. 21338 // publishes a message when it detects events of the specified type.
21162 // 21339 //
21163 // QueueArn is a required field 21340 // QueueArn is a required field
21164 QueueArn *string `locationName:"Queue" type:"string" required:"true"` 21341 QueueArn *string `locationName:"Queue" type:"string" required:"true"`
@@ -21304,6 +21481,8 @@ func (s *RecordsEvent) UnmarshalEvent(
21304 return nil 21481 return nil
21305} 21482}
21306 21483
21484// Specifies how requests are redirected. In the event of an error, you can
21485// specify a different error code to return.
21307type Redirect struct { 21486type Redirect struct {
21308 _ struct{} `type:"structure"` 21487 _ struct{} `type:"structure"`
21309 21488
@@ -21314,8 +21493,8 @@ type Redirect struct {
21314 // siblings is present. 21493 // siblings is present.
21315 HttpRedirectCode *string `type:"string"` 21494 HttpRedirectCode *string `type:"string"`
21316 21495
21317 // Protocol to use (http, https) when redirecting requests. The default is the 21496 // Protocol to use when redirecting requests. The default is the protocol that
21318 // protocol that is used in the original request. 21497 // is used in the original request.
21319 Protocol *string `type:"string" enum:"Protocol"` 21498 Protocol *string `type:"string" enum:"Protocol"`
21320 21499
21321 // The object key prefix to use in the redirect request. For example, to redirect 21500 // The object key prefix to use in the redirect request. For example, to redirect
@@ -21327,7 +21506,7 @@ type Redirect struct {
21327 ReplaceKeyPrefixWith *string `type:"string"` 21506 ReplaceKeyPrefixWith *string `type:"string"`
21328 21507
21329 // The specific object key to use in the redirect request. For example, redirect 21508 // The specific object key to use in the redirect request. For example, redirect
21330 // request to error.html. Not required if one of the sibling is present. Can 21509 // request to error.html. Not required if one of the siblings is present. Can
21331 // be present only if ReplaceKeyPrefixWith is not provided. 21510 // be present only if ReplaceKeyPrefixWith is not provided.
21332 ReplaceKeyWith *string `type:"string"` 21511 ReplaceKeyWith *string `type:"string"`
21333} 21512}
@@ -21372,16 +21551,18 @@ func (s *Redirect) SetReplaceKeyWith(v string) *Redirect {
21372 return s 21551 return s
21373} 21552}
21374 21553
21554// Specifies the redirect behavior of all requests to a website endpoint of
21555// an Amazon S3 bucket.
21375type RedirectAllRequestsTo struct { 21556type RedirectAllRequestsTo struct {
21376 _ struct{} `type:"structure"` 21557 _ struct{} `type:"structure"`
21377 21558
21378 // Name of the host where requests will be redirected. 21559 // Name of the host where requests are redirected.
21379 // 21560 //
21380 // HostName is a required field 21561 // HostName is a required field
21381 HostName *string `type:"string" required:"true"` 21562 HostName *string `type:"string" required:"true"`
21382 21563
21383 // Protocol to use (http, https) when redirecting requests. The default is the 21564 // Protocol to use when redirecting requests. The default is the protocol that
21384 // protocol that is used in the original request. 21565 // is used in the original request.
21385 Protocol *string `type:"string" enum:"Protocol"` 21566 Protocol *string `type:"string" enum:"Protocol"`
21386} 21567}
21387 21568
@@ -21426,7 +21607,9 @@ type ReplicationConfiguration struct {
21426 _ struct{} `type:"structure"` 21607 _ struct{} `type:"structure"`
21427 21608
21428 // The Amazon Resource Name (ARN) of the AWS Identity and Access Management 21609 // The Amazon Resource Name (ARN) of the AWS Identity and Access Management
21429 // (IAM) role that Amazon S3 can assume when replicating the objects. 21610 // (IAM) role that Amazon S3 assumes when replicating objects. For more information,
21611 // see How to Set Up Cross-Region Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-how-setup.html)
21612 // in the Amazon Simple Storage Service Developer Guide.
21430 // 21613 //
21431 // Role is a required field 21614 // Role is a required field
21432 Role *string `type:"string" required:"true"` 21615 Role *string `type:"string" required:"true"`
@@ -21486,7 +21669,7 @@ func (s *ReplicationConfiguration) SetRules(v []*ReplicationRule) *ReplicationCo
21486 return s 21669 return s
21487} 21670}
21488 21671
21489// A container for information about a specific replication rule. 21672// Specifies which Amazon S3 objects to replicate and where to store the replicas.
21490type ReplicationRule struct { 21673type ReplicationRule struct {
21491 _ struct{} `type:"structure"` 21674 _ struct{} `type:"structure"`
21492 21675
@@ -21506,7 +21689,8 @@ type ReplicationRule struct {
21506 ID *string `type:"string"` 21689 ID *string `type:"string"`
21507 21690
21508 // An object keyname prefix that identifies the object or objects to which the 21691 // An object keyname prefix that identifies the object or objects to which the
21509 // rule applies. The maximum prefix length is 1,024 characters. 21692 // rule applies. The maximum prefix length is 1,024 characters. To include all
21693 // objects in a bucket, specify an empty string.
21510 // 21694 //
21511 // Deprecated: Prefix has been deprecated 21695 // Deprecated: Prefix has been deprecated
21512 Prefix *string `deprecated:"true" type:"string"` 21696 Prefix *string `deprecated:"true" type:"string"`
@@ -21522,7 +21706,7 @@ type ReplicationRule struct {
21522 // * Same object qualify tag based filter criteria specified in multiple 21706 // * Same object qualify tag based filter criteria specified in multiple
21523 // rules 21707 // rules
21524 // 21708 //
21525 // For more information, see Cross-Region Replication (CRR) ( https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) 21709 // For more information, see Cross-Region Replication (CRR) (https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html)
21526 // in the Amazon S3 Developer Guide. 21710 // in the Amazon S3 Developer Guide.
21527 Priority *int64 `type:"integer"` 21711 Priority *int64 `type:"integer"`
21528 21712
@@ -21531,12 +21715,9 @@ type ReplicationRule struct {
21531 // replication of these objects. Currently, Amazon S3 supports only the filter 21715 // replication of these objects. Currently, Amazon S3 supports only the filter
21532 // that you can specify for objects created with server-side encryption using 21716 // that you can specify for objects created with server-side encryption using
21533 // an AWS KMS-Managed Key (SSE-KMS). 21717 // an AWS KMS-Managed Key (SSE-KMS).
21534 //
21535 // If you want Amazon S3 to replicate objects created with server-side encryption
21536 // using AWS KMS-Managed Keys.
21537 SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"` 21718 SourceSelectionCriteria *SourceSelectionCriteria `type:"structure"`
21538 21719
21539 // If status isn't enabled, the rule is ignored. 21720 // Specifies whether the rule is enabled.
21540 // 21721 //
21541 // Status is a required field 21722 // Status is a required field
21542 Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"` 21723 Status *string `type:"string" required:"true" enum:"ReplicationRuleStatus"`
@@ -22051,6 +22232,7 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest {
22051 return s 22232 return s
22052} 22233}
22053 22234
22235// Specifies the redirect behavior and when a redirect is applied.
22054type RoutingRule struct { 22236type RoutingRule struct {
22055 _ struct{} `type:"structure"` 22237 _ struct{} `type:"structure"`
22056 22238
@@ -22103,16 +22285,22 @@ func (s *RoutingRule) SetRedirect(v *Redirect) *RoutingRule {
22103 return s 22285 return s
22104} 22286}
22105 22287
22288// Specifies lifecycle rules for an Amazon S3 bucket. For more information,
22289// see PUT Bucket lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlifecycle.html)
22290// in the Amazon Simple Storage Service API Reference.
22106type Rule struct { 22291type Rule struct {
22107 _ struct{} `type:"structure"` 22292 _ struct{} `type:"structure"`
22108 22293
22109 // Specifies the days since the initiation of an Incomplete Multipart Upload 22294 // Specifies the days since the initiation of an incomplete multipart upload
22110 // that Lifecycle will wait before permanently removing all parts of the upload. 22295 // that Amazon S3 will wait before permanently removing all parts of the upload.
22296 // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket
22297 // Lifecycle Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config)
22298 // in the Amazon Simple Storage Service Developer Guide.
22111 AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"` 22299 AbortIncompleteMultipartUpload *AbortIncompleteMultipartUpload `type:"structure"`
22112 22300
22113 Expiration *LifecycleExpiration `type:"structure"` 22301 Expiration *LifecycleExpiration `type:"structure"`
22114 22302
22115 // Unique identifier for the rule. The value cannot be longer than 255 characters. 22303 // Unique identifier for the rule. The value can't be longer than 255 characters.
22116 ID *string `type:"string"` 22304 ID *string `type:"string"`
22117 22305
22118 // Specifies when noncurrent object versions expire. Upon expiration, Amazon 22306 // Specifies when noncurrent object versions expire. Upon expiration, Amazon
@@ -22123,25 +22311,27 @@ type Rule struct {
22123 NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"` 22311 NoncurrentVersionExpiration *NoncurrentVersionExpiration `type:"structure"`
22124 22312
22125 // Container for the transition rule that describes when noncurrent objects 22313 // Container for the transition rule that describes when noncurrent objects
22126 // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER or 22314 // transition to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER,
22127 // DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning 22315 // or DEEP_ARCHIVE storage class. If your bucket is versioning-enabled (or versioning
22128 // is suspended), you can set this action to request that Amazon S3 transition 22316 // is suspended), you can set this action to request that Amazon S3 transition
22129 // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, 22317 // noncurrent object versions to the STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
22130 // GLACIER or DEEP_ARCHIVE storage class at a specific period in the object's 22318 // GLACIER, or DEEP_ARCHIVE storage class at a specific period in the object's
22131 // lifetime. 22319 // lifetime.
22132 NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"` 22320 NoncurrentVersionTransition *NoncurrentVersionTransition `type:"structure"`
22133 22321
22134 // Prefix identifying one or more objects to which the rule applies. 22322 // Object key prefix that identifies one or more objects to which this rule
22323 // applies.
22135 // 22324 //
22136 // Prefix is a required field 22325 // Prefix is a required field
22137 Prefix *string `type:"string" required:"true"` 22326 Prefix *string `type:"string" required:"true"`
22138 22327
22139 // If 'Enabled', the rule is currently being applied. If 'Disabled', the rule 22328 // If Enabled, the rule is currently being applied. If Disabled, the rule is
22140 // is not currently being applied. 22329 // not currently being applied.
22141 // 22330 //
22142 // Status is a required field 22331 // Status is a required field
22143 Status *string `type:"string" required:"true" enum:"ExpirationStatus"` 22332 Status *string `type:"string" required:"true" enum:"ExpirationStatus"`
22144 22333
22334 // Specifies when an object transitions to a specified storage class.
22145 Transition *Transition `type:"structure"` 22335 Transition *Transition `type:"structure"`
22146} 22336}
22147 22337
@@ -22537,15 +22727,15 @@ type SelectObjectContentInput struct {
22537 // Specifies if periodic request progress information should be enabled. 22727 // Specifies if periodic request progress information should be enabled.
22538 RequestProgress *RequestProgress `type:"structure"` 22728 RequestProgress *RequestProgress `type:"structure"`
22539 22729
22540 // The SSE Algorithm used to encrypt the object. For more information, see 22730 // The SSE Algorithm used to encrypt the object. For more information, see Server-Side
22541 // Server-Side Encryption (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). 22731 // Encryption (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
22542 SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` 22732 SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"`
22543 22733
22544 // The SSE Customer Key. For more information, see Server-Side Encryption (Using 22734 // The SSE Customer Key. For more information, see Server-Side Encryption (Using
22545 // Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). 22735 // Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
22546 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 22736 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
22547 22737
22548 // The SSE Customer Key MD5. For more information, see Server-Side Encryption 22738 // The SSE Customer Key MD5. For more information, see Server-Side Encryption
22549 // (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). 22739 // (Using Customer-Provided Encryption Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html).
22550 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` 22740 SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
22551} 22741}
@@ -22792,13 +22982,15 @@ func (s *SelectParameters) SetOutputSerialization(v *OutputSerialization) *Selec
22792} 22982}
22793 22983
22794// Describes the default server-side encryption to apply to new objects in the 22984// Describes the default server-side encryption to apply to new objects in the
22795// bucket. If Put Object request does not specify any server-side encryption, 22985// bucket. If a PUT Object request doesn't specify any server-side encryption,
22796// this default encryption will be applied. 22986// this default encryption will be applied. For more information, see PUT Bucket
22987// encryption (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html)
22988// in the Amazon Simple Storage Service API Reference.
22797type ServerSideEncryptionByDefault struct { 22989type ServerSideEncryptionByDefault struct {
22798 _ struct{} `type:"structure"` 22990 _ struct{} `type:"structure"`
22799 22991
22800 // KMS master key ID to use for the default encryption. This parameter is allowed 22992 // KMS master key ID to use for the default encryption. This parameter is allowed
22801 // if SSEAlgorithm is aws:kms. 22993 // if and only if SSEAlgorithm is set to aws:kms.
22802 KMSMasterKeyID *string `type:"string" sensitive:"true"` 22994 KMSMasterKeyID *string `type:"string" sensitive:"true"`
22803 22995
22804 // Server-side encryption algorithm to use for the default encryption. 22996 // Server-side encryption algorithm to use for the default encryption.
@@ -22842,8 +23034,7 @@ func (s *ServerSideEncryptionByDefault) SetSSEAlgorithm(v string) *ServerSideEnc
22842 return s 23034 return s
22843} 23035}
22844 23036
22845// Container for server-side encryption configuration rules. Currently S3 supports 23037// Specifies the default server-side-encryption configuration.
22846// one rule only.
22847type ServerSideEncryptionConfiguration struct { 23038type ServerSideEncryptionConfiguration struct {
22848 _ struct{} `type:"structure"` 23039 _ struct{} `type:"structure"`
22849 23040
@@ -22893,13 +23084,12 @@ func (s *ServerSideEncryptionConfiguration) SetRules(v []*ServerSideEncryptionRu
22893 return s 23084 return s
22894} 23085}
22895 23086
22896// Container for information about a particular server-side encryption configuration 23087// Specifies the default server-side encryption configuration.
22897// rule.
22898type ServerSideEncryptionRule struct { 23088type ServerSideEncryptionRule struct {
22899 _ struct{} `type:"structure"` 23089 _ struct{} `type:"structure"`
22900 23090
22901 // Describes the default server-side encryption to apply to new objects in the 23091 // Specifies the default server-side encryption to apply to new objects in the
22902 // bucket. If Put Object request does not specify any server-side encryption, 23092 // bucket. If a PUT Object request doesn't specify any server-side encryption,
22903 // this default encryption will be applied. 23093 // this default encryption will be applied.
22904 ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"` 23094 ApplyServerSideEncryptionByDefault *ServerSideEncryptionByDefault `type:"structure"`
22905} 23095}
@@ -22935,13 +23125,17 @@ func (s *ServerSideEncryptionRule) SetApplyServerSideEncryptionByDefault(v *Serv
22935 return s 23125 return s
22936} 23126}
22937 23127
22938// A container for filters that define which source objects should be replicated. 23128// A container that describes additional filters for identifying the source
23129// objects that you want to replicate. You can choose to enable or disable the
23130// replication of these objects. Currently, Amazon S3 supports only the filter
23131// that you can specify for objects created with server-side encryption using
23132// an AWS KMS-Managed Key (SSE-KMS).
22939type SourceSelectionCriteria struct { 23133type SourceSelectionCriteria struct {
22940 _ struct{} `type:"structure"` 23134 _ struct{} `type:"structure"`
22941 23135
22942 // A container for filter information for the selection of S3 objects encrypted 23136 // A container for filter information for the selection of Amazon S3 objects
22943 // with AWS KMS. If you include SourceSelectionCriteria in the replication configuration, 23137 // encrypted with AWS KMS. If you include SourceSelectionCriteria in the replication
22944 // this element is required. 23138 // configuration, this element is required.
22945 SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"` 23139 SseKmsEncryptedObjects *SseKmsEncryptedObjects `type:"structure"`
22946} 23140}
22947 23141
@@ -22981,8 +23175,8 @@ func (s *SourceSelectionCriteria) SetSseKmsEncryptedObjects(v *SseKmsEncryptedOb
22981type SseKmsEncryptedObjects struct { 23175type SseKmsEncryptedObjects struct {
22982 _ struct{} `type:"structure"` 23176 _ struct{} `type:"structure"`
22983 23177
22984 // If the status is not Enabled, replication for S3 objects encrypted with AWS 23178 // Specifies whether Amazon S3 replicates objects created with server-side encryption
22985 // KMS is disabled. 23179 // using an AWS KMS-managed key.
22986 // 23180 //
22987 // Status is a required field 23181 // Status is a required field
22988 Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"` 23182 Status *string `type:"string" required:"true" enum:"SseKmsEncryptedObjectsStatus"`
@@ -23098,11 +23292,14 @@ func (s *StatsEvent) UnmarshalEvent(
23098 return nil 23292 return nil
23099} 23293}
23100 23294
23295// Specifies data related to access patterns to be collected and made available
23296// to analyze the tradeoffs between different storage classes for an Amazon
23297// S3 bucket.
23101type StorageClassAnalysis struct { 23298type StorageClassAnalysis struct {
23102 _ struct{} `type:"structure"` 23299 _ struct{} `type:"structure"`
23103 23300
23104 // A container used to describe how data related to the storage class analysis 23301 // Specifies how data related to the storage class analysis for an Amazon S3
23105 // should be exported. 23302 // bucket should be exported.
23106 DataExport *StorageClassAnalysisDataExport `type:"structure"` 23303 DataExport *StorageClassAnalysisDataExport `type:"structure"`
23107} 23304}
23108 23305
@@ -23342,16 +23539,20 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant {
23342} 23539}
23343 23540
23344// A container for specifying the configuration for publication of messages 23541// A container for specifying the configuration for publication of messages
23345// to an Amazon Simple Notification Service (Amazon SNS) topic.when Amazon S3 23542// to an Amazon Simple Notification Service (Amazon SNS) topic when Amazon S3
23346// detects specified events. 23543// detects specified events.
23347type TopicConfiguration struct { 23544type TopicConfiguration struct {
23348 _ struct{} `type:"structure"` 23545 _ struct{} `type:"structure"`
23349 23546
23547 // The Amazon S3 bucket event about which to send notifications. For more information,
23548 // see Supported Event Types (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
23549 // in the Amazon Simple Storage Service Developer Guide.
23550 //
23350 // Events is a required field 23551 // Events is a required field
23351 Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"` 23552 Events []*string `locationName:"Event" type:"list" flattened:"true" required:"true"`
23352 23553
23353 // A container for object key name filtering rules. For information about key 23554 // Specifies object key name filtering rules. For information about key name
23354 // name filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) 23555 // filtering, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)
23355 // in the Amazon Simple Storage Service Developer Guide. 23556 // in the Amazon Simple Storage Service Developer Guide.
23356 Filter *NotificationConfigurationFilter `type:"structure"` 23557 Filter *NotificationConfigurationFilter `type:"structure"`
23357 23558
@@ -23360,7 +23561,7 @@ type TopicConfiguration struct {
23360 Id *string `type:"string"` 23561 Id *string `type:"string"`
23361 23562
23362 // The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3 23563 // The Amazon Resource Name (ARN) of the Amazon SNS topic to which Amazon S3
23363 // will publish a message when it detects events of the specified type. 23564 // publishes a message when it detects events of the specified type.
23364 // 23565 //
23365 // TopicArn is a required field 23566 // TopicArn is a required field
23366 TopicArn *string `locationName:"Topic" type:"string" required:"true"` 23567 TopicArn *string `locationName:"Topic" type:"string" required:"true"`
@@ -23469,18 +23670,19 @@ func (s *TopicConfigurationDeprecated) SetTopic(v string) *TopicConfigurationDep
23469 return s 23670 return s
23470} 23671}
23471 23672
23673// Specifies when an object transitions to a specified storage class.
23472type Transition struct { 23674type Transition struct {
23473 _ struct{} `type:"structure"` 23675 _ struct{} `type:"structure"`
23474 23676
23475 // Indicates at what date the object is to be moved or deleted. Should be in 23677 // Indicates when objects are transitioned to the specified storage class. The
23476 // GMT ISO 8601 Format. 23678 // date value must be in ISO 8601 format. The time is always midnight UTC.
23477 Date *time.Time `type:"timestamp" timestampFormat:"iso8601"` 23679 Date *time.Time `type:"timestamp" timestampFormat:"iso8601"`
23478 23680
23479 // Indicates the lifetime, in days, of the objects that are subject to the rule. 23681 // Indicates the number of days after creation when objects are transitioned
23480 // The value must be a non-zero positive integer. 23682 // to the specified storage class. The value must be a positive integer.
23481 Days *int64 `type:"integer"` 23683 Days *int64 `type:"integer"`
23482 23684
23483 // The class of storage used to store the object. 23685 // The storage class to which you want the object to transition.
23484 StorageClass *string `type:"string" enum:"TransitionStorageClass"` 23686 StorageClass *string `type:"string" enum:"TransitionStorageClass"`
23485} 23687}
23486 23688
@@ -23550,7 +23752,7 @@ type UploadPartCopyInput struct {
23550 // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt 23752 // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt
23551 // the source object. The encryption key provided in this header must be one 23753 // the source object. The encryption key provided in this header must be one
23552 // that was used when the source object was created. 23754 // that was used when the source object was created.
23553 CopySourceSSECustomerKey *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"` 23755 CopySourceSSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key" type:"string" sensitive:"true"`
23554 23756
23555 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 23757 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
23556 // Amazon S3 uses this header for a message integrity check to ensure the encryption 23758 // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -23581,7 +23783,7 @@ type UploadPartCopyInput struct {
23581 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 23783 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
23582 // header. This must be the same encryption key specified in the initiate multipart 23784 // header. This must be the same encryption key specified in the initiate multipart
23583 // upload request. 23785 // upload request.
23584 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 23786 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
23585 23787
23586 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 23788 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
23587 // Amazon S3 uses this header for a message integrity check to ensure the encryption 23789 // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -23857,7 +24059,9 @@ type UploadPartInput struct {
23857 // body cannot be determined automatically. 24059 // body cannot be determined automatically.
23858 ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"` 24060 ContentLength *int64 `location:"header" locationName:"Content-Length" type:"long"`
23859 24061
23860 // The base64-encoded 128-bit MD5 digest of the part data. 24062 // The base64-encoded 128-bit MD5 digest of the part data. This parameter is
24063 // auto-populated when using the command from the CLI. This parameted is required
24064 // if object lock parameters are specified.
23861 ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` 24065 ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"`
23862 24066
23863 // Object key for which the multipart upload was initiated. 24067 // Object key for which the multipart upload was initiated.
@@ -23886,7 +24090,7 @@ type UploadPartInput struct {
23886 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm 24090 // the algorithm specified in the x-amz-server-side​-encryption​-customer-algorithm
23887 // header. This must be the same encryption key specified in the initiate multipart 24091 // header. This must be the same encryption key specified in the initiate multipart
23888 // upload request. 24092 // upload request.
23889 SSECustomerKey *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` 24093 SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"`
23890 24094
23891 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. 24095 // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321.
23892 // Amazon S3 uses this header for a message integrity check to ensure the encryption 24096 // Amazon S3 uses this header for a message integrity check to ensure the encryption
@@ -24092,6 +24296,9 @@ func (s *UploadPartOutput) SetServerSideEncryption(v string) *UploadPartOutput {
24092 return s 24296 return s
24093} 24297}
24094 24298
24299// Describes the versioning state of an Amazon S3 bucket. For more information,
24300// see PUT Bucket versioning (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTVersioningStatus.html)
24301// in the Amazon Simple Storage Service API Reference.
24095type VersioningConfiguration struct { 24302type VersioningConfiguration struct {
24096 _ struct{} `type:"structure"` 24303 _ struct{} `type:"structure"`
24097 24304
@@ -24126,15 +24333,22 @@ func (s *VersioningConfiguration) SetStatus(v string) *VersioningConfiguration {
24126 return s 24333 return s
24127} 24334}
24128 24335
24336// Specifies website configuration parameters for an Amazon S3 bucket.
24129type WebsiteConfiguration struct { 24337type WebsiteConfiguration struct {
24130 _ struct{} `type:"structure"` 24338 _ struct{} `type:"structure"`
24131 24339
24340 // The name of the error document for the website.
24132 ErrorDocument *ErrorDocument `type:"structure"` 24341 ErrorDocument *ErrorDocument `type:"structure"`
24133 24342
24343 // The name of the index document for the website.
24134 IndexDocument *IndexDocument `type:"structure"` 24344 IndexDocument *IndexDocument `type:"structure"`
24135 24345
24346 // The redirect behavior for every request to this bucket's website endpoint.
24347 //
24348 // If you specify this property, you can't specify any other property.
24136 RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"` 24349 RedirectAllRequestsTo *RedirectAllRequestsTo `type:"structure"`
24137 24350
24351 // Rules that define when a redirect is applied and the redirect behavior.
24138 RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"` 24352 RoutingRules []*RoutingRule `locationNameList:"RoutingRule" type:"list"`
24139} 24353}
24140 24354
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
index bc68a46..9ba8a78 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
@@ -80,7 +80,8 @@ func buildGetBucketLocation(r *request.Request) {
80 out := r.Data.(*GetBucketLocationOutput) 80 out := r.Data.(*GetBucketLocationOutput)
81 b, err := ioutil.ReadAll(r.HTTPResponse.Body) 81 b, err := ioutil.ReadAll(r.HTTPResponse.Body)
82 if err != nil { 82 if err != nil {
83 r.Error = awserr.New("SerializationError", "failed reading response body", err) 83 r.Error = awserr.New(request.ErrCodeSerialization,
84 "failed reading response body", err)
84 return 85 return
85 } 86 }
86 87
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
index 95f2456..23d386b 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
@@ -17,7 +17,8 @@ func defaultInitClientFn(c *client.Client) {
17 17
18 // Require SSL when using SSE keys 18 // Require SSL when using SSE keys
19 c.Handlers.Validate.PushBack(validateSSERequiresSSL) 19 c.Handlers.Validate.PushBack(validateSSERequiresSSL)
20 c.Handlers.Build.PushBack(computeSSEKeys) 20 c.Handlers.Build.PushBack(computeSSEKeyMD5)
21 c.Handlers.Build.PushBack(computeCopySourceSSEKeyMD5)
21 22
22 // S3 uses custom error unmarshaling logic 23 // S3 uses custom error unmarshaling logic
23 c.Handlers.UnmarshalError.Clear() 24 c.Handlers.UnmarshalError.Clear()
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
index 8010c4f..b71c835 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
@@ -3,6 +3,7 @@ package s3
3import ( 3import (
4 "crypto/md5" 4 "crypto/md5"
5 "encoding/base64" 5 "encoding/base64"
6 "net/http"
6 7
7 "github.com/aws/aws-sdk-go/aws/awserr" 8 "github.com/aws/aws-sdk-go/aws/awserr"
8 "github.com/aws/aws-sdk-go/aws/request" 9 "github.com/aws/aws-sdk-go/aws/request"
@@ -30,25 +31,54 @@ func validateSSERequiresSSL(r *request.Request) {
30 } 31 }
31} 32}
32 33
33func computeSSEKeys(r *request.Request) { 34const (
34 headers := []string{ 35 sseKeyHeader = "x-amz-server-side-encryption-customer-key"
35 "x-amz-server-side-encryption-customer-key", 36 sseKeyMD5Header = sseKeyHeader + "-md5"
36 "x-amz-copy-source-server-side-encryption-customer-key", 37)
38
39func computeSSEKeyMD5(r *request.Request) {
40 var key string
41 if g, ok := r.Params.(sseCustomerKeyGetter); ok {
42 key = g.getSSECustomerKey()
43 }
44
45 computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
46}
47
48const (
49 copySrcSSEKeyHeader = "x-amz-copy-source-server-side-encryption-customer-key"
50 copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
51)
52
53func computeCopySourceSSEKeyMD5(r *request.Request) {
54 var key string
55 if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
56 key = g.getCopySourceSSECustomerKey()
37 } 57 }
38 58
39 for _, h := range headers { 59 computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
40 md5h := h + "-md5" 60}
41 if key := r.HTTPRequest.Header.Get(h); key != "" { 61
42 // Base64-encode the value 62func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
43 b64v := base64.StdEncoding.EncodeToString([]byte(key)) 63 if len(key) == 0 {
44 r.HTTPRequest.Header.Set(h, b64v) 64 // Backwards compatiablity where user just set the header value instead
45 65 // of using the API parameter, or setting the header value for an
46 // Add MD5 if it wasn't computed 66 // operation without the parameters modeled.
47 if r.HTTPRequest.Header.Get(md5h) == "" { 67 key = r.Header.Get(keyHeader)
48 sum := md5.Sum([]byte(key)) 68 if len(key) == 0 {
49 b64sum := base64.StdEncoding.EncodeToString(sum[:]) 69 return
50 r.HTTPRequest.Header.Set(md5h, b64sum)
51 }
52 } 70 }
71
72 // In backwards compatiable, the header's value is not base64 encoded,
73 // and needs to be encoded and updated by the SDK's customizations.
74 b64Key := base64.StdEncoding.EncodeToString([]byte(key))
75 r.Header.Set(keyHeader, b64Key)
76 }
77
78 // Only update Key's MD5 if not already set.
79 if len(r.Header.Get(keyMD5Header)) == 0 {
80 sum := md5.Sum([]byte(key))
81 keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
82 r.Header.Set(keyMD5Header, keyMD5)
53 } 83 }
54} 84}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
index fde3050..f6a69ae 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
@@ -14,7 +14,7 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
14 b, err := ioutil.ReadAll(r.HTTPResponse.Body) 14 b, err := ioutil.ReadAll(r.HTTPResponse.Body)
15 if err != nil { 15 if err != nil {
16 r.Error = awserr.NewRequestFailure( 16 r.Error = awserr.NewRequestFailure(
17 awserr.New("SerializationError", "unable to read response body", err), 17 awserr.New(request.ErrCodeSerialization, "unable to read response body", err),
18 r.HTTPResponse.StatusCode, 18 r.HTTPResponse.StatusCode,
19 r.RequestID, 19 r.RequestID,
20 ) 20 )
@@ -31,7 +31,7 @@ func copyMultipartStatusOKUnmarhsalError(r *request.Request) {
31 31
32 unmarshalError(r) 32 unmarshalError(r)
33 if err, ok := r.Error.(awserr.Error); ok && err != nil { 33 if err, ok := r.Error.(awserr.Error); ok && err != nil {
34 if err.Code() == "SerializationError" { 34 if err.Code() == request.ErrCodeSerialization {
35 r.Error = nil 35 r.Error = nil
36 return 36 return
37 } 37 }
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
index 1db7e13..5b63fac 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
@@ -11,6 +11,7 @@ import (
11 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws"
12 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/aws/awserr"
13 "github.com/aws/aws-sdk-go/aws/request" 13 "github.com/aws/aws-sdk-go/aws/request"
14 "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
14) 15)
15 16
16type xmlErrorResponse struct { 17type xmlErrorResponse struct {
@@ -42,29 +43,34 @@ func unmarshalError(r *request.Request) {
42 return 43 return
43 } 44 }
44 45
45 var errCode, errMsg string
46
47 // Attempt to parse error from body if it is known 46 // Attempt to parse error from body if it is known
48 resp := &xmlErrorResponse{} 47 var errResp xmlErrorResponse
49 err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp) 48 err := xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
50 if err != nil && err != io.EOF { 49 if err == io.EOF {
51 errCode = "SerializationError" 50 // Only capture the error if an unmarshal error occurs that is not EOF,
52 errMsg = "failed to decode S3 XML error response" 51 // because S3 might send an error without a error message which causes
53 } else { 52 // the XML unmarshal to fail with EOF.
54 errCode = resp.Code
55 errMsg = resp.Message
56 err = nil 53 err = nil
57 } 54 }
55 if err != nil {
56 r.Error = awserr.NewRequestFailure(
57 awserr.New(request.ErrCodeSerialization,
58 "failed to unmarshal error message", err),
59 r.HTTPResponse.StatusCode,
60 r.RequestID,
61 )
62 return
63 }
58 64
59 // Fallback to status code converted to message if still no error code 65 // Fallback to status code converted to message if still no error code
60 if len(errCode) == 0 { 66 if len(errResp.Code) == 0 {
61 statusText := http.StatusText(r.HTTPResponse.StatusCode) 67 statusText := http.StatusText(r.HTTPResponse.StatusCode)
62 errCode = strings.Replace(statusText, " ", "", -1) 68 errResp.Code = strings.Replace(statusText, " ", "", -1)
63 errMsg = statusText 69 errResp.Message = statusText
64 } 70 }
65 71
66 r.Error = awserr.NewRequestFailure( 72 r.Error = awserr.NewRequestFailure(
67 awserr.New(errCode, errMsg, err), 73 awserr.New(errResp.Code, errResp.Message, err),
68 r.HTTPResponse.StatusCode, 74 r.HTTPResponse.StatusCode,
69 r.RequestID, 75 r.RequestID,
70 ) 76 )
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
index 8113089..d22c38b 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -3,6 +3,7 @@
3package sts 3package sts
4 4
5import ( 5import (
6 "fmt"
6 "time" 7 "time"
7 8
8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws"
@@ -55,38 +56,26 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
55 56
56// AssumeRole API operation for AWS Security Token Service. 57// AssumeRole API operation for AWS Security Token Service.
57// 58//
58// Returns a set of temporary security credentials (consisting of an access 59// Returns a set of temporary security credentials that you can use to access
59// key ID, a secret access key, and a security token) that you can use to access 60// AWS resources that you might not normally have access to. These temporary
60// AWS resources that you might not normally have access to. Typically, you 61// credentials consist of an access key ID, a secret access key, and a security
61// use AssumeRole for cross-account access or federation. For a comparison of 62// token. Typically, you use AssumeRole within your account or for cross-account
62// AssumeRole with the other APIs that produce temporary credentials, see Requesting 63// access. For a comparison of AssumeRole with other API operations that produce
63// Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) 64// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
64// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) 65// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
65// in the IAM User Guide. 66// in the IAM User Guide.
66// 67//
67// Important: You cannot call AssumeRole by using AWS root account credentials; 68// You cannot use AWS account root user credentials to call AssumeRole. You
68// access is denied. You must use credentials for an IAM user or an IAM role 69// must use credentials for an IAM user or an IAM role to call AssumeRole.
69// to call AssumeRole.
70// 70//
71// For cross-account access, imagine that you own multiple accounts and need 71// For cross-account access, imagine that you own multiple accounts and need
72// to access resources in each account. You could create long-term credentials 72// to access resources in each account. You could create long-term credentials
73// in each account to access those resources. However, managing all those credentials 73// in each account to access those resources. However, managing all those credentials
74// and remembering which one can access which account can be time consuming. 74// and remembering which one can access which account can be time consuming.
75// Instead, you can create one set of long-term credentials in one account and 75// Instead, you can create one set of long-term credentials in one account.
76// then use temporary security credentials to access all the other accounts 76// Then use temporary security credentials to access all the other accounts
77// by assuming roles in those accounts. For more information about roles, see 77// by assuming roles in those accounts. For more information about roles, see
78// IAM Roles (Delegation and Federation) (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) 78// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html)
79// in the IAM User Guide.
80//
81// For federation, you can, for example, grant single sign-on access to the
82// AWS Management Console. If you already have an identity and authentication
83// system in your corporate network, you don't have to recreate user identities
84// in AWS in order to grant those user identities access to AWS. Instead, after
85// a user has been authenticated, you call AssumeRole (and specify the role
86// with the appropriate permissions) to get temporary security credentials for
87// that user. With those temporary security credentials, you construct a sign-in
88// URL that users can use to access the console. For more information, see Common
89// Scenarios for Temporary Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction)
90// in the IAM User Guide. 79// in the IAM User Guide.
91// 80//
92// By default, the temporary security credentials created by AssumeRole last 81// By default, the temporary security credentials created by AssumeRole last
@@ -95,69 +84,73 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
95// seconds (15 minutes) up to the maximum session duration setting for the role. 84// seconds (15 minutes) up to the maximum session duration setting for the role.
96// This setting can have a value from 1 hour to 12 hours. To learn how to view 85// This setting can have a value from 1 hour to 12 hours. To learn how to view
97// the maximum value for your role, see View the Maximum Session Duration Setting 86// the maximum value for your role, see View the Maximum Session Duration Setting
98// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) 87// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
99// in the IAM User Guide. The maximum session duration limit applies when you 88// in the IAM User Guide. The maximum session duration limit applies when you
100// use the AssumeRole* API operations or the assume-role* CLI operations but 89// use the AssumeRole* API operations or the assume-role* CLI commands. However
101// does not apply when you use those operations to create a console URL. For 90// the limit does not apply when you use those operations to create a console
102// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) 91// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
103// in the IAM User Guide. 92// in the IAM User Guide.
104// 93//
105// The temporary security credentials created by AssumeRole can be used to make 94// The temporary security credentials created by AssumeRole can be used to make
106// API calls to any AWS service with the following exception: you cannot call 95// API calls to any AWS service with the following exception: You cannot call
107// the STS service's GetFederationToken or GetSessionToken APIs. 96// the AWS STS GetFederationToken or GetSessionToken API operations.
108// 97//
109// Optionally, you can pass an IAM access policy to this operation. If you choose 98// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
110// not to pass a policy, the temporary security credentials that are returned 99// to this operation. You can pass a single JSON policy document to use as an
111// by the operation have the permissions that are defined in the access policy 100// inline session policy. You can also specify up to 10 managed policies to
112// of the role that is being assumed. If you pass a policy to this operation, 101// use as managed session policies. The plain text that you use for both inline
113// the temporary security credentials that are returned by the operation have 102// and managed session policies shouldn't exceed 2048 characters. Passing policies
114// the permissions that are allowed by both the access policy of the role that 103// to this operation returns new temporary credentials. The resulting session's
115// is being assumed, and the policy that you pass. This gives you a way to further 104// permissions are the intersection of the role's identity-based policy and
116// restrict the permissions for the resulting temporary security credentials. 105// the session policies. You can use the role's temporary credentials in subsequent
117// You cannot use the passed policy to grant permissions that are in excess 106// AWS API calls to access resources in the account that owns the role. You
118// of those allowed by the access policy of the role that is being assumed. 107// cannot use session policies to grant more permissions than those allowed
119// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, 108// by the identity-based policy of the role that is being assumed. For more
120// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) 109// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
121// in the IAM User Guide. 110// in the IAM User Guide.
122// 111//
123// To assume a role, your AWS account must be trusted by the role. The trust 112// To assume a role from a different account, your AWS account must be trusted
124// relationship is defined in the role's trust policy when the role is created. 113// by the role. The trust relationship is defined in the role's trust policy
125// That trust policy states which accounts are allowed to delegate access to 114// when the role is created. That trust policy states which accounts are allowed
126// this account's role. 115// to delegate that access to users in the account.
127// 116//
128// The user who wants to access the role must also have permissions delegated 117// A user who wants to access a role in a different account must also have permissions
129// from the role's administrator. If the user is in a different account than 118// that are delegated from the user account administrator. The administrator
130// the role, then the user's administrator must attach a policy that allows 119// must attach a policy that allows the user to call AssumeRole for the ARN
131// the user to call AssumeRole on the ARN of the role in the other account. 120// of the role in the other account. If the user is in the same account as the
132// If the user is in the same account as the role, then you can either attach 121// role, then you can do either of the following:
133// a policy to the user (identical to the previous different account user), 122//
134// or you can add the user as a principal directly in the role's trust policy. 123// * Attach a policy to the user (identical to the previous user in a different
135// In this case, the trust policy acts as the only resource-based policy in 124// account).
136// IAM, and users in the same account as the role do not need explicit permission 125//
137// to assume the role. For more information about trust policies and resource-based 126// * Add the user as a principal directly in the role's trust policy.
138// policies, see IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) 127//
128// In this case, the trust policy acts as an IAM resource-based policy. Users
129// in the same account as the role do not need explicit permission to assume
130// the role. For more information about trust policies and resource-based policies,
131// see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
139// in the IAM User Guide. 132// in the IAM User Guide.
140// 133//
141// Using MFA with AssumeRole 134// Using MFA with AssumeRole
142// 135//
143// You can optionally include multi-factor authentication (MFA) information 136// (Optional) You can include multi-factor authentication (MFA) information
144// when you call AssumeRole. This is useful for cross-account scenarios in which 137// when you call AssumeRole. This is useful for cross-account scenarios to ensure
145// you want to make sure that the user who is assuming the role has been authenticated 138// that the user that assumes the role has been authenticated with an AWS MFA
146// using an AWS MFA device. In that scenario, the trust policy of the role being 139// device. In that scenario, the trust policy of the role being assumed includes
147// assumed includes a condition that tests for MFA authentication; if the caller 140// a condition that tests for MFA authentication. If the caller does not include
148// does not include valid MFA information, the request to assume the role is 141// valid MFA information, the request to assume the role is denied. The condition
149// denied. The condition in a trust policy that tests for MFA authentication 142// in a trust policy that tests for MFA authentication might look like the following
150// might look like the following example. 143// example.
151// 144//
152// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} 145// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
153// 146//
154// For more information, see Configuring MFA-Protected API Access (http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html) 147// For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
155// in the IAM User Guide guide. 148// in the IAM User Guide guide.
156// 149//
157// To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode 150// To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode
158// parameters. The SerialNumber value identifies the user's hardware or virtual 151// parameters. The SerialNumber value identifies the user's hardware or virtual
159// MFA device. The TokenCode is the time-based one-time password (TOTP) that 152// MFA device. The TokenCode is the time-based one-time password (TOTP) that
160// the MFA devices produces. 153// the MFA device produces.
161// 154//
162// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 155// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
163// with awserr.Error's Code and Message methods to get detailed information about 156// with awserr.Error's Code and Message methods to get detailed information about
@@ -180,7 +173,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
180// STS is not activated in the requested region for the account that is being 173// STS is not activated in the requested region for the account that is being
181// asked to generate credentials. The account administrator must use the IAM 174// asked to generate credentials. The account administrator must use the IAM
182// console to activate STS in that region. For more information, see Activating 175// console to activate STS in that region. For more information, see Activating
183// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 176// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
184// in the IAM User Guide. 177// in the IAM User Guide.
185// 178//
186// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole 179// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
@@ -254,9 +247,9 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
254// via a SAML authentication response. This operation provides a mechanism for 247// via a SAML authentication response. This operation provides a mechanism for
255// tying an enterprise identity store or directory to role-based AWS access 248// tying an enterprise identity store or directory to role-based AWS access
256// without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML 249// without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML
257// with the other APIs that produce temporary credentials, see Requesting Temporary 250// with the other API operations that produce temporary credentials, see Requesting
258// Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) 251// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
259// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) 252// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
260// in the IAM User Guide. 253// in the IAM User Guide.
261// 254//
262// The temporary security credentials returned by this operation consist of 255// The temporary security credentials returned by this operation consist of
@@ -271,37 +264,36 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
271// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session 264// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
272// duration setting for the role. This setting can have a value from 1 hour 265// duration setting for the role. This setting can have a value from 1 hour
273// to 12 hours. To learn how to view the maximum value for your role, see View 266// to 12 hours. To learn how to view the maximum value for your role, see View
274// the Maximum Session Duration Setting for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) 267// the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
275// in the IAM User Guide. The maximum session duration limit applies when you 268// in the IAM User Guide. The maximum session duration limit applies when you
276// use the AssumeRole* API operations or the assume-role* CLI operations but 269// use the AssumeRole* API operations or the assume-role* CLI commands. However
277// does not apply when you use those operations to create a console URL. For 270// the limit does not apply when you use those operations to create a console
278// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) 271// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
279// in the IAM User Guide. 272// in the IAM User Guide.
280// 273//
281// The temporary security credentials created by AssumeRoleWithSAML can be used 274// The temporary security credentials created by AssumeRoleWithSAML can be used
282// to make API calls to any AWS service with the following exception: you cannot 275// to make API calls to any AWS service with the following exception: you cannot
283// call the STS service's GetFederationToken or GetSessionToken APIs. 276// call the STS GetFederationToken or GetSessionToken API operations.
284// 277//
285// Optionally, you can pass an IAM access policy to this operation. If you choose 278// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
286// not to pass a policy, the temporary security credentials that are returned 279// to this operation. You can pass a single JSON policy document to use as an
287// by the operation have the permissions that are defined in the access policy 280// inline session policy. You can also specify up to 10 managed policies to
288// of the role that is being assumed. If you pass a policy to this operation, 281// use as managed session policies. The plain text that you use for both inline
289// the temporary security credentials that are returned by the operation have 282// and managed session policies shouldn't exceed 2048 characters. Passing policies
290// the permissions that are allowed by the intersection of both the access policy 283// to this operation returns new temporary credentials. The resulting session's
291// of the role that is being assumed, and the policy that you pass. This means 284// permissions are the intersection of the role's identity-based policy and
292// that both policies must grant the permission for the action to be allowed. 285// the session policies. You can use the role's temporary credentials in subsequent
293// This gives you a way to further restrict the permissions for the resulting 286// AWS API calls to access resources in the account that owns the role. You
294// temporary security credentials. You cannot use the passed policy to grant 287// cannot use session policies to grant more permissions than those allowed
295// permissions that are in excess of those allowed by the access policy of the 288// by the identity-based policy of the role that is being assumed. For more
296// role that is being assumed. For more information, see Permissions for AssumeRole, 289// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
297// AssumeRoleWithSAML, and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
298// in the IAM User Guide. 290// in the IAM User Guide.
299// 291//
300// Before your application can call AssumeRoleWithSAML, you must configure your 292// Before your application can call AssumeRoleWithSAML, you must configure your
301// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, 293// SAML identity provider (IdP) to issue the claims required by AWS. Additionally,
302// you must use AWS Identity and Access Management (IAM) to create a SAML provider 294// you must use AWS Identity and Access Management (IAM) to create a SAML provider
303// entity in your AWS account that represents your identity provider, and create 295// entity in your AWS account that represents your identity provider. You must
304// an IAM role that specifies this SAML provider in its trust policy. 296// also create an IAM role that specifies this SAML provider in its trust policy.
305// 297//
306// Calling AssumeRoleWithSAML does not require the use of AWS security credentials. 298// Calling AssumeRoleWithSAML does not require the use of AWS security credentials.
307// The identity of the caller is validated by using keys in the metadata document 299// The identity of the caller is validated by using keys in the metadata document
@@ -315,16 +307,16 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
315// 307//
316// For more information, see the following resources: 308// For more information, see the following resources:
317// 309//
318// * About SAML 2.0-based Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) 310// * About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
319// in the IAM User Guide. 311// in the IAM User Guide.
320// 312//
321// * Creating SAML Identity Providers (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html) 313// * Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
322// in the IAM User Guide. 314// in the IAM User Guide.
323// 315//
324// * Configuring a Relying Party and Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html) 316// * Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
325// in the IAM User Guide. 317// in the IAM User Guide.
326// 318//
327// * Creating a Role for SAML 2.0 Federation (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html) 319// * Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
328// in the IAM User Guide. 320// in the IAM User Guide.
329// 321//
330// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 322// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -363,7 +355,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
363// STS is not activated in the requested region for the account that is being 355// STS is not activated in the requested region for the account that is being
364// asked to generate credentials. The account administrator must use the IAM 356// asked to generate credentials. The account administrator must use the IAM
365// console to activate STS in that region. For more information, see Activating 357// console to activate STS in that region. For more information, see Activating
366// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 358// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
367// in the IAM User Guide. 359// in the IAM User Guide.
368// 360//
369// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML 361// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
@@ -434,35 +426,35 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
434// AssumeRoleWithWebIdentity API operation for AWS Security Token Service. 426// AssumeRoleWithWebIdentity API operation for AWS Security Token Service.
435// 427//
436// Returns a set of temporary security credentials for users who have been authenticated 428// Returns a set of temporary security credentials for users who have been authenticated
437// in a mobile or web application with a web identity provider, such as Amazon 429// in a mobile or web application with a web identity provider. Example providers
438// Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible 430// include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID
439// identity provider. 431// Connect-compatible identity provider.
440// 432//
441// For mobile applications, we recommend that you use Amazon Cognito. You can 433// For mobile applications, we recommend that you use Amazon Cognito. You can
442// use Amazon Cognito with the AWS SDK for iOS (http://aws.amazon.com/sdkforios/) 434// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
443// and the AWS SDK for Android (http://aws.amazon.com/sdkforandroid/) to uniquely 435// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/)
444// identify a user and supply the user with a consistent identity throughout 436// to uniquely identify a user. You can also supply the user with a consistent
445// the lifetime of an application. 437// identity throughout the lifetime of an application.
446// 438//
447// To learn more about Amazon Cognito, see Amazon Cognito Overview (http://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) 439// To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840)
448// in the AWS SDK for Android Developer Guide guide and Amazon Cognito Overview 440// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
449// (http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664)
450// in the AWS SDK for iOS Developer Guide. 441// in the AWS SDK for iOS Developer Guide.
451// 442//
452// Calling AssumeRoleWithWebIdentity does not require the use of AWS security 443// Calling AssumeRoleWithWebIdentity does not require the use of AWS security
453// credentials. Therefore, you can distribute an application (for example, on 444// credentials. Therefore, you can distribute an application (for example, on
454// mobile devices) that requests temporary security credentials without including 445// mobile devices) that requests temporary security credentials without including
455// long-term AWS credentials in the application, and without deploying server-based 446// long-term AWS credentials in the application. You also don't need to deploy
456// proxy services that use long-term AWS credentials. Instead, the identity 447// server-based proxy services that use long-term AWS credentials. Instead,
457// of the caller is validated by using a token from the web identity provider. 448// the identity of the caller is validated by using a token from the web identity
458// For a comparison of AssumeRoleWithWebIdentity with the other APIs that produce 449// provider. For a comparison of AssumeRoleWithWebIdentity with the other API
459// temporary credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) 450// operations that produce temporary credentials, see Requesting Temporary Security
460// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) 451// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
452// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
461// in the IAM User Guide. 453// in the IAM User Guide.
462// 454//
463// The temporary security credentials returned by this API consist of an access 455// The temporary security credentials returned by this API consist of an access
464// key ID, a secret access key, and a security token. Applications can use these 456// key ID, a secret access key, and a security token. Applications can use these
465// temporary security credentials to sign calls to AWS service APIs. 457// temporary security credentials to sign calls to AWS service API operations.
466// 458//
467// By default, the temporary security credentials created by AssumeRoleWithWebIdentity 459// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
468// last for one hour. However, you can use the optional DurationSeconds parameter 460// last for one hour. However, you can use the optional DurationSeconds parameter
@@ -470,29 +462,29 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
470// seconds (15 minutes) up to the maximum session duration setting for the role. 462// seconds (15 minutes) up to the maximum session duration setting for the role.
471// This setting can have a value from 1 hour to 12 hours. To learn how to view 463// This setting can have a value from 1 hour to 12 hours. To learn how to view
472// the maximum value for your role, see View the Maximum Session Duration Setting 464// the maximum value for your role, see View the Maximum Session Duration Setting
473// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) 465// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
474// in the IAM User Guide. The maximum session duration limit applies when you 466// in the IAM User Guide. The maximum session duration limit applies when you
475// use the AssumeRole* API operations or the assume-role* CLI operations but 467// use the AssumeRole* API operations or the assume-role* CLI commands. However
476// does not apply when you use those operations to create a console URL. For 468// the limit does not apply when you use those operations to create a console
477// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) 469// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
478// in the IAM User Guide. 470// in the IAM User Guide.
479// 471//
480// The temporary security credentials created by AssumeRoleWithWebIdentity can 472// The temporary security credentials created by AssumeRoleWithWebIdentity can
481// be used to make API calls to any AWS service with the following exception: 473// be used to make API calls to any AWS service with the following exception:
482// you cannot call the STS service's GetFederationToken or GetSessionToken APIs. 474// you cannot call the STS GetFederationToken or GetSessionToken API operations.
483// 475//
484// Optionally, you can pass an IAM access policy to this operation. If you choose 476// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
485// not to pass a policy, the temporary security credentials that are returned 477// to this operation. You can pass a single JSON policy document to use as an
486// by the operation have the permissions that are defined in the access policy 478// inline session policy. You can also specify up to 10 managed policies to
487// of the role that is being assumed. If you pass a policy to this operation, 479// use as managed session policies. The plain text that you use for both inline
488// the temporary security credentials that are returned by the operation have 480// and managed session policies shouldn't exceed 2048 characters. Passing policies
489// the permissions that are allowed by both the access policy of the role that 481// to this operation returns new temporary credentials. The resulting session's
490// is being assumed, and the policy that you pass. This gives you a way to further 482// permissions are the intersection of the role's identity-based policy and
491// restrict the permissions for the resulting temporary security credentials. 483// the session policies. You can use the role's temporary credentials in subsequent
492// You cannot use the passed policy to grant permissions that are in excess 484// AWS API calls to access resources in the account that owns the role. You
493// of those allowed by the access policy of the role that is being assumed. 485// cannot use session policies to grant more permissions than those allowed
494// For more information, see Permissions for AssumeRole, AssumeRoleWithSAML, 486// by the identity-based policy of the role that is being assumed. For more
495// and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html) 487// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
496// in the IAM User Guide. 488// in the IAM User Guide.
497// 489//
498// Before your application can call AssumeRoleWithWebIdentity, you must have 490// Before your application can call AssumeRoleWithWebIdentity, you must have
@@ -511,21 +503,19 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
511// For more information about how to use web identity federation and the AssumeRoleWithWebIdentity 503// For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
512// API, see the following resources: 504// API, see the following resources:
513// 505//
514// * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html) 506// * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
515// and Federation Through a Web-based Identity Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). 507// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
516// 508//
509// * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html).
510// Walk through the process of authenticating through Login with Amazon,
511// Facebook, or Google, getting temporary security credentials, and then
512// using those credentials to make a request to AWS.
517// 513//
518// * Web Identity Federation Playground (https://web-identity-federation-playground.s3.amazonaws.com/index.html). 514// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and
519// This interactive website lets you walk through the process of authenticating 515// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
520// via Login with Amazon, Facebook, or Google, getting temporary security 516// These toolkits contain sample apps that show how to invoke the identity
521// credentials, and then using those credentials to make a request to AWS. 517// providers, and then how to use the information from these providers to
522// 518// get and use temporary security credentials.
523//
524// * AWS SDK for iOS (http://aws.amazon.com/sdkforios/) and AWS SDK for Android
525// (http://aws.amazon.com/sdkforandroid/). These toolkits contain sample
526// apps that show how to invoke the identity providers, and then how to use
527// the information from these providers to get and use temporary security
528// credentials.
529// 519//
530// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications). 520// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
531// This article discusses web identity federation and shows an example of 521// This article discusses web identity federation and shows an example of
@@ -575,7 +565,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
575// STS is not activated in the requested region for the account that is being 565// STS is not activated in the requested region for the account that is being
576// asked to generate credentials. The account administrator must use the IAM 566// asked to generate credentials. The account administrator must use the IAM
577// console to activate STS in that region. For more information, see Activating 567// console to activate STS in that region. For more information, see Activating
578// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 568// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
579// in the IAM User Guide. 569// in the IAM User Guide.
580// 570//
581// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity 571// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
@@ -647,17 +637,17 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
647// Decodes additional information about the authorization status of a request 637// Decodes additional information about the authorization status of a request
648// from an encoded message returned in response to an AWS request. 638// from an encoded message returned in response to an AWS request.
649// 639//
650// For example, if a user is not authorized to perform an action that he or 640// For example, if a user is not authorized to perform an operation that he
651// she has requested, the request returns a Client.UnauthorizedOperation response 641// or she has requested, the request returns a Client.UnauthorizedOperation
652// (an HTTP 403 response). Some AWS actions additionally return an encoded message 642// response (an HTTP 403 response). Some AWS operations additionally return
653// that can provide details about this authorization failure. 643// an encoded message that can provide details about this authorization failure.
654// 644//
655// Only certain AWS actions return an encoded authorization message. The documentation 645// Only certain AWS operations return an encoded authorization message. The
656// for an individual action indicates whether that action returns an encoded 646// documentation for an individual operation indicates whether that operation
657// message in addition to returning an HTTP code. 647// returns an encoded message in addition to returning an HTTP code.
658// 648//
659// The message is encoded because the details of the authorization status can 649// The message is encoded because the details of the authorization status can
660// constitute privileged information that the user who requested the action 650// constitute privileged information that the user who requested the operation
661// should not see. To decode an authorization status message, a user must be 651// should not see. To decode an authorization status message, a user must be
662// granted permissions via an IAM policy to request the DecodeAuthorizationMessage 652// granted permissions via an IAM policy to request the DecodeAuthorizationMessage
663// (sts:DecodeAuthorizationMessage) action. 653// (sts:DecodeAuthorizationMessage) action.
@@ -666,7 +656,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
666// 656//
667// * Whether the request was denied due to an explicit deny or due to the 657// * Whether the request was denied due to an explicit deny or due to the
668// absence of an explicit allow. For more information, see Determining Whether 658// absence of an explicit allow. For more information, see Determining Whether
669// a Request is Allowed or Denied (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow) 659// a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
670// in the IAM User Guide. 660// in the IAM User Guide.
671// 661//
672// * The principal who made the request. 662// * The principal who made the request.
@@ -712,6 +702,102 @@ func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *Deco
712 return out, req.Send() 702 return out, req.Send()
713} 703}
714 704
705const opGetAccessKeyInfo = "GetAccessKeyInfo"
706
707// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the
708// client's request for the GetAccessKeyInfo operation. The "output" return
709// value will be populated with the request's response once the request completes
710// successfully.
711//
712// Use "Send" method on the returned Request to send the API call to the service.
713// the "output" return value is not valid until after Send returns without error.
714//
715// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo
716// API call, and error handling.
717//
718// This method is useful when you want to inject custom logic or configuration
719// into the SDK's request lifecycle. Such as custom headers, or retry logic.
720//
721//
722// // Example sending a request using the GetAccessKeyInfoRequest method.
723// req, resp := client.GetAccessKeyInfoRequest(params)
724//
725// err := req.Send()
726// if err == nil { // resp is now filled
727// fmt.Println(resp)
728// }
729//
730// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
731func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) {
732 op := &request.Operation{
733 Name: opGetAccessKeyInfo,
734 HTTPMethod: "POST",
735 HTTPPath: "/",
736 }
737
738 if input == nil {
739 input = &GetAccessKeyInfoInput{}
740 }
741
742 output = &GetAccessKeyInfoOutput{}
743 req = c.newRequest(op, input, output)
744 return
745}
746
747// GetAccessKeyInfo API operation for AWS Security Token Service.
748//
749// Returns the account identifier for the specified access key ID.
750//
751// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
752// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
753// For more information about access keys, see Managing Access Keys for IAM
754// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
755// in the IAM User Guide.
756//
757// When you pass an access key ID to this operation, it returns the ID of the
758// AWS account to which the keys belong. Access key IDs beginning with AKIA
759// are long-term credentials for an IAM user or the AWS account root user. Access
760// key IDs beginning with ASIA are temporary credentials that are created using
761// STS operations. If the account in the response belongs to you, you can sign
762// in as the root user and review your root user access keys. Then, you can
763// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report)
764// to learn which IAM user owns the keys. To learn who requested the temporary
765// credentials for an ASIA access key, view the STS events in your CloudTrail
766// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration).
767//
768// This operation does not indicate the state of the access key. The key might
769// be active, inactive, or deleted. Active keys might not have permissions to
770// perform an operation. Providing a deleted keys might return an error that
771// the key doesn't exist.
772//
773// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
774// with awserr.Error's Code and Message methods to get detailed information about
775// the error.
776//
777// See the AWS API reference guide for AWS Security Token Service's
778// API operation GetAccessKeyInfo for usage and error information.
779// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
780func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) {
781 req, out := c.GetAccessKeyInfoRequest(input)
782 return out, req.Send()
783}
784
785// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of
786// the ability to pass a context and additional request options.
787//
788// See GetAccessKeyInfo for details on how to use this API operation.
789//
790// The context must be non-nil and will be used for request cancellation. If
791// the context is nil a panic will occur. In the future the SDK may create
792// sub-contexts for http.Requests. See https://golang.org/pkg/context/
793// for more information on using Contexts.
794func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) {
795 req, out := c.GetAccessKeyInfoRequest(input)
796 req.SetContext(ctx)
797 req.ApplyOptions(opts...)
798 return out, req.Send()
799}
800
715const opGetCallerIdentity = "GetCallerIdentity" 801const opGetCallerIdentity = "GetCallerIdentity"
716 802
717// GetCallerIdentityRequest generates a "aws/request.Request" representing the 803// GetCallerIdentityRequest generates a "aws/request.Request" representing the
@@ -834,81 +920,65 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
834// Returns a set of temporary security credentials (consisting of an access 920// Returns a set of temporary security credentials (consisting of an access
835// key ID, a secret access key, and a security token) for a federated user. 921// key ID, a secret access key, and a security token) for a federated user.
836// A typical use is in a proxy application that gets temporary security credentials 922// A typical use is in a proxy application that gets temporary security credentials
837// on behalf of distributed applications inside a corporate network. Because 923// on behalf of distributed applications inside a corporate network. You must
838// you must call the GetFederationToken action using the long-term security 924// call the GetFederationToken operation using the long-term security credentials
839// credentials of an IAM user, this call is appropriate in contexts where those 925// of an IAM user. As a result, this call is appropriate in contexts where those
840// credentials can be safely stored, usually in a server-based application. 926// credentials can be safely stored, usually in a server-based application.
841// For a comparison of GetFederationToken with the other APIs that produce temporary 927// For a comparison of GetFederationToken with the other API operations that
842// credentials, see Requesting Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) 928// produce temporary credentials, see Requesting Temporary Security Credentials
843// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) 929// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
930// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
844// in the IAM User Guide. 931// in the IAM User Guide.
845// 932//
846// If you are creating a mobile-based or browser-based app that can authenticate 933// You can create a mobile-based or browser-based app that can authenticate
847// users using a web identity provider like Login with Amazon, Facebook, Google, 934// users using a web identity provider like Login with Amazon, Facebook, Google,
848// or an OpenID Connect-compatible identity provider, we recommend that you 935// or an OpenID Connect-compatible identity provider. In this case, we recommend
849// use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. 936// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
850// For more information, see Federation Through a Web-based Identity Provider 937// For more information, see Federation Through a Web-based Identity Provider
851// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity). 938// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
852// 939//
853// The GetFederationToken action must be called by using the long-term AWS security 940// You can also call GetFederationToken using the security credentials of an
854// credentials of an IAM user. You can also call GetFederationToken using the 941// AWS account root user, but we do not recommend it. Instead, we recommend
855// security credentials of an AWS root account, but we do not recommended it. 942// that you create an IAM user for the purpose of the proxy application. Then
856// Instead, we recommend that you create an IAM user for the purpose of the 943// attach a policy to the IAM user that limits federated users to only the actions
857// proxy application and then attach a policy to the IAM user that limits federated 944// and resources that they need to access. For more information, see IAM Best
858// users to only the actions and resources that they need access to. For more 945// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
859// information, see IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
860// in the IAM User Guide. 946// in the IAM User Guide.
861// 947//
862// The temporary security credentials that are obtained by using the long-term 948// The temporary credentials are valid for the specified duration, from 900
863// credentials of an IAM user are valid for the specified duration, from 900 949// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
864// seconds (15 minutes) up to a maximium of 129600 seconds (36 hours). The default 950// is 43,200 seconds (12 hours). Temporary credentials that are obtained by
865// is 43200 seconds (12 hours). Temporary credentials that are obtained by using 951// using AWS account root user credentials have a maximum duration of 3,600
866// AWS root account credentials have a maximum duration of 3600 seconds (1 hour). 952// seconds (1 hour).
867// 953//
868// The temporary security credentials created by GetFederationToken can be used 954// The temporary security credentials created by GetFederationToken can be used
869// to make API calls to any AWS service with the following exceptions: 955// to make API calls to any AWS service with the following exceptions:
870// 956//
871// * You cannot use these credentials to call any IAM APIs. 957// * You cannot use these credentials to call any IAM API operations.
872// 958//
873// * You cannot call any STS APIs except GetCallerIdentity. 959// * You cannot call any STS API operations except GetCallerIdentity.
874// 960//
875// Permissions 961// Permissions
876// 962//
877// The permissions for the temporary security credentials returned by GetFederationToken 963// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
878// are determined by a combination of the following: 964// to this operation. You can pass a single JSON policy document to use as an
879// 965// inline session policy. You can also specify up to 10 managed policies to
880// * The policy or policies that are attached to the IAM user whose credentials 966// use as managed session policies. The plain text that you use for both inline
881// are used to call GetFederationToken. 967// and managed session policies shouldn't exceed 2048 characters.
882// 968//
883// * The policy that is passed as a parameter in the call. 969// Though the session policy parameters are optional, if you do not pass a policy,
884// 970// then the resulting federated user session has no permissions. The only exception
885// The passed policy is attached to the temporary security credentials that 971// is when the credentials are used to access a resource that has a resource-based
886// result from the GetFederationToken API call--that is, to the federated user. 972// policy that specifically references the federated user session in the Principal
887// When the federated user makes an AWS request, AWS evaluates the policy attached 973// element of the policy. When you pass session policies, the session permissions
888// to the federated user in combination with the policy or policies attached 974// are the intersection of the IAM user policies and the session policies that
889// to the IAM user whose credentials were used to call GetFederationToken. AWS 975// you pass. This gives you a way to further restrict the permissions for a
890// allows the federated user's request only when both the federated user and 976// federated user. You cannot use session policies to grant more permissions
891// the IAM user are explicitly allowed to perform the requested action. The 977// than those that are defined in the permissions policy of the IAM user. For
892// passed policy cannot grant more permissions than those that are defined in 978// more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
893// the IAM user policy. 979// in the IAM User Guide. For information about using GetFederationToken to
894// 980// create temporary security credentials, see GetFederationToken—Federation
895// A typical use case is that the permissions of the IAM user whose credentials 981// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
896// are used to call GetFederationToken are designed to allow access to all the
897// actions and resources that any federated user will need. Then, for individual
898// users, you pass a policy to the operation that scopes down the permissions
899// to a level that's appropriate to that individual user, using a policy that
900// allows only a subset of permissions that are granted to the IAM user.
901//
902// If you do not pass a policy, the resulting temporary security credentials
903// have no effective permissions. The only exception is when the temporary security
904// credentials are used to access a resource that has a resource-based policy
905// that specifically allows the federated user to access the resource.
906//
907// For more information about how permissions work, see Permissions for GetFederationToken
908// (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html).
909// For information about using GetFederationToken to create temporary security
910// credentials, see GetFederationToken—Federation Through a Custom Identity
911// Broker (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
912// 982//
913// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 983// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
914// with awserr.Error's Code and Message methods to get detailed information about 984// with awserr.Error's Code and Message methods to get detailed information about
@@ -931,7 +1001,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
931// STS is not activated in the requested region for the account that is being 1001// STS is not activated in the requested region for the account that is being
932// asked to generate credentials. The account administrator must use the IAM 1002// asked to generate credentials. The account administrator must use the IAM
933// console to activate STS in that region. For more information, see Activating 1003// console to activate STS in that region. For more information, see Activating
934// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 1004// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
935// in the IAM User Guide. 1005// in the IAM User Guide.
936// 1006//
937// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken 1007// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
@@ -1003,48 +1073,47 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
1003// Returns a set of temporary credentials for an AWS account or IAM user. The 1073// Returns a set of temporary credentials for an AWS account or IAM user. The
1004// credentials consist of an access key ID, a secret access key, and a security 1074// credentials consist of an access key ID, a secret access key, and a security
1005// token. Typically, you use GetSessionToken if you want to use MFA to protect 1075// token. Typically, you use GetSessionToken if you want to use MFA to protect
1006// programmatic calls to specific AWS APIs like Amazon EC2 StopInstances. MFA-enabled 1076// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances.
1007// IAM users would need to call GetSessionToken and submit an MFA code that 1077// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA
1008// is associated with their MFA device. Using the temporary security credentials 1078// code that is associated with their MFA device. Using the temporary security
1009// that are returned from the call, IAM users can then make programmatic calls 1079// credentials that are returned from the call, IAM users can then make programmatic
1010// to APIs that require MFA authentication. If you do not supply a correct MFA 1080// calls to API operations that require MFA authentication. If you do not supply
1011// code, then the API returns an access denied error. For a comparison of GetSessionToken 1081// a correct MFA code, then the API returns an access denied error. For a comparison
1012// with the other APIs that produce temporary credentials, see Requesting Temporary 1082// of GetSessionToken with the other API operations that produce temporary credentials,
1013// Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) 1083// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
1014// and Comparing the AWS STS APIs (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) 1084// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
1015// in the IAM User Guide. 1085// in the IAM User Guide.
1016// 1086//
1017// The GetSessionToken action must be called by using the long-term AWS security 1087// The GetSessionToken operation must be called by using the long-term AWS security
1018// credentials of the AWS account or an IAM user. Credentials that are created 1088// credentials of the AWS account root user or an IAM user. Credentials that
1019// by IAM users are valid for the duration that you specify, from 900 seconds 1089// are created by IAM users are valid for the duration that you specify. This
1020// (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default 1090// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600
1021// of 43200 seconds (12 hours); credentials that are created by using account 1091// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials
1022// credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 1092// based on account credentials can range from 900 seconds (15 minutes) up to
1023// seconds (1 hour), with a default of 1 hour. 1093// 3,600 seconds (1 hour), with a default of 1 hour.
1024// 1094//
1025// The temporary security credentials created by GetSessionToken can be used 1095// The temporary security credentials created by GetSessionToken can be used
1026// to make API calls to any AWS service with the following exceptions: 1096// to make API calls to any AWS service with the following exceptions:
1027// 1097//
1028// * You cannot call any IAM APIs unless MFA authentication information is 1098// * You cannot call any IAM API operations unless MFA authentication information
1029// included in the request. 1099// is included in the request.
1030// 1100//
1031// * You cannot call any STS API exceptAssumeRole or GetCallerIdentity. 1101// * You cannot call any STS API except AssumeRole or GetCallerIdentity.
1032// 1102//
1033// We recommend that you do not call GetSessionToken with root account credentials. 1103// We recommend that you do not call GetSessionToken with AWS account root user
1034// Instead, follow our best practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) 1104// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
1035// by creating one or more IAM users, giving them the necessary permissions, 1105// by creating one or more IAM users, giving them the necessary permissions,
1036// and using IAM users for everyday interaction with AWS. 1106// and using IAM users for everyday interaction with AWS.
1037// 1107//
1038// The permissions associated with the temporary security credentials returned 1108// The credentials that are returned by GetSessionToken are based on permissions
1039// by GetSessionToken are based on the permissions associated with account or 1109// associated with the user whose credentials were used to call the operation.
1040// IAM user whose credentials are used to call the action. If GetSessionToken 1110// If GetSessionToken is called using AWS account root user credentials, the
1041// is called using root account credentials, the temporary credentials have 1111// temporary credentials have root user permissions. Similarly, if GetSessionToken
1042// root account permissions. Similarly, if GetSessionToken is called using the 1112// is called using the credentials of an IAM user, the temporary credentials
1043// credentials of an IAM user, the temporary credentials have the same permissions 1113// have the same permissions as the IAM user.
1044// as the IAM user.
1045// 1114//
1046// For more information about using GetSessionToken to create temporary credentials, 1115// For more information about using GetSessionToken to create temporary credentials,
1047// go to Temporary Credentials for Users in Untrusted Environments (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) 1116// go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
1048// in the IAM User Guide. 1117// in the IAM User Guide.
1049// 1118//
1050// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1119// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@@ -1059,7 +1128,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
1059// STS is not activated in the requested region for the account that is being 1128// STS is not activated in the requested region for the account that is being
1060// asked to generate credentials. The account administrator must use the IAM 1129// asked to generate credentials. The account administrator must use the IAM
1061// console to activate STS in that region. For more information, see Activating 1130// console to activate STS in that region. For more information, see Activating
1062// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 1131// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
1063// in the IAM User Guide. 1132// in the IAM User Guide.
1064// 1133//
1065// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken 1134// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
@@ -1094,7 +1163,7 @@ type AssumeRoleInput struct {
1094 // a session duration of 12 hours, but your administrator set the maximum session 1163 // a session duration of 12 hours, but your administrator set the maximum session
1095 // duration to 6 hours, your operation fails. To learn how to view the maximum 1164 // duration to 6 hours, your operation fails. To learn how to view the maximum
1096 // value for your role, see View the Maximum Session Duration Setting for a 1165 // value for your role, see View the Maximum Session Duration Setting for a
1097 // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) 1166 // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
1098 // in the IAM User Guide. 1167 // in the IAM User Guide.
1099 // 1168 //
1100 // By default, the value is set to 3600 seconds. 1169 // By default, the value is set to 3600 seconds.
@@ -1104,51 +1173,77 @@ type AssumeRoleInput struct {
1104 // to the federation endpoint for a console sign-in token takes a SessionDuration 1173 // to the federation endpoint for a console sign-in token takes a SessionDuration
1105 // parameter that specifies the maximum length of the console session. For more 1174 // parameter that specifies the maximum length of the console session. For more
1106 // information, see Creating a URL that Enables Federated Users to Access the 1175 // information, see Creating a URL that Enables Federated Users to Access the
1107 // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) 1176 // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
1108 // in the IAM User Guide. 1177 // in the IAM User Guide.
1109 DurationSeconds *int64 `min:"900" type:"integer"` 1178 DurationSeconds *int64 `min:"900" type:"integer"`
1110 1179
1111 // A unique identifier that is used by third parties when assuming roles in 1180 // A unique identifier that might be required when you assume a role in another
1112 // their customers' accounts. For each role that the third party can assume, 1181 // account. If the administrator of the account to which the role belongs provided
1113 // they should instruct their customers to ensure the role's trust policy checks 1182 // you with an external ID, then provide that value in the ExternalId parameter.
1114 // for the external ID that the third party generated. Each time the third party 1183 // This value can be any string, such as a passphrase or account number. A cross-account
1115 // assumes the role, they should pass the customer's external ID. The external 1184 // role is usually set up to trust everyone in an account. Therefore, the administrator
1116 // ID is useful in order to help third parties bind a role to the customer who 1185 // of the trusting account might send an external ID to the administrator of
1117 // created it. For more information about the external ID, see How to Use an 1186 // the trusted account. That way, only someone with the ID can assume the role,
1118 // External ID When Granting Access to Your AWS Resources to a Third Party (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) 1187 // rather than everyone in the account. For more information about the external
1188 // ID, see How to Use an External ID When Granting Access to Your AWS Resources
1189 // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
1119 // in the IAM User Guide. 1190 // in the IAM User Guide.
1120 // 1191 //
1121 // The regex used to validated this parameter is a string of characters consisting 1192 // The regex used to validate this parameter is a string of characters consisting
1122 // of upper- and lower-case alphanumeric characters with no spaces. You can 1193 // of upper- and lower-case alphanumeric characters with no spaces. You can
1123 // also include underscores or any of the following characters: =,.@:/- 1194 // also include underscores or any of the following characters: =,.@:/-
1124 ExternalId *string `min:"2" type:"string"` 1195 ExternalId *string `min:"2" type:"string"`
1125 1196
1126 // An IAM policy in JSON format. 1197 // An IAM policy in JSON format that you want to use as an inline session policy.
1127 // 1198 //
1128 // This parameter is optional. If you pass a policy, the temporary security 1199 // This parameter is optional. Passing policies to this operation returns new
1129 // credentials that are returned by the operation have the permissions that 1200 // temporary credentials. The resulting session's permissions are the intersection
1130 // are allowed by both (the intersection of) the access policy of the role that 1201 // of the role's identity-based policy and the session policies. You can use
1131 // is being assumed, and the policy that you pass. This gives you a way to further 1202 // the role's temporary credentials in subsequent AWS API calls to access resources
1132 // restrict the permissions for the resulting temporary security credentials. 1203 // in the account that owns the role. You cannot use session policies to grant
1133 // You cannot use the passed policy to grant permissions that are in excess 1204 // more permissions than those allowed by the identity-based policy of the role
1134 // of those allowed by the access policy of the role that is being assumed. 1205 // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
1135 // For more information, see Permissions for AssumeRole, AssumeRoleWithSAML,
1136 // and AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
1137 // in the IAM User Guide. 1206 // in the IAM User Guide.
1138 // 1207 //
1139 // The format for this parameter, as described by its regex pattern, is a string 1208 // The plain text that you use for both inline and managed session policies
1140 // of characters up to 2048 characters in length. The characters can be any 1209 // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
1141 // ASCII character from the space character to the end of the valid character 1210 // character from the space character to the end of the valid character list
1142 // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), 1211 // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
1143 // and carriage return (\u000D) characters. 1212 // and carriage return (\u000D) characters.
1144 // 1213 //
1145 // The policy plain text must be 2048 bytes or shorter. However, an internal 1214 // The characters in this parameter count towards the 2048 character session
1146 // conversion compresses it into a packed binary format with a separate limit. 1215 // policy guideline. However, an AWS conversion compresses the session policies
1147 // The PackedPolicySize response element indicates by percentage how close to 1216 // into a packed binary format that has a separate limit. This is the enforced
1148 // the upper size limit the policy is, with 100% equaling the maximum allowed 1217 // limit. The PackedPolicySize response element indicates by percentage how
1149 // size. 1218 // close the policy is to the upper size limit.
1150 Policy *string `min:"1" type:"string"` 1219 Policy *string `min:"1" type:"string"`
1151 1220
1221 // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
1222 // to use as managed session policies. The policies must exist in the same account
1223 // as the role.
1224 //
1225 // This parameter is optional. You can provide up to 10 managed policy ARNs.
1226 // However, the plain text that you use for both inline and managed session
1227 // policies shouldn't exceed 2048 characters. For more information about ARNs,
1228 // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
1229 // in the AWS General Reference.
1230 //
1231 // The characters in this parameter count towards the 2048 character session
1232 // policy guideline. However, an AWS conversion compresses the session policies
1233 // into a packed binary format that has a separate limit. This is the enforced
1234 // limit. The PackedPolicySize response element indicates by percentage how
1235 // close the policy is to the upper size limit.
1236 //
1237 // Passing policies to this operation returns new temporary credentials. The
1238 // resulting session's permissions are the intersection of the role's identity-based
1239 // policy and the session policies. You can use the role's temporary credentials
1240 // in subsequent AWS API calls to access resources in the account that owns
1241 // the role. You cannot use session policies to grant more permissions than
1242 // those allowed by the identity-based policy of the role that is being assumed.
1243 // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
1244 // in the IAM User Guide.
1245 PolicyArns []*PolicyDescriptorType `type:"list"`
1246
1152 // The Amazon Resource Name (ARN) of the role to assume. 1247 // The Amazon Resource Name (ARN) of the role to assume.
1153 // 1248 //
1154 // RoleArn is a required field 1249 // RoleArn is a required field
@@ -1161,8 +1256,8 @@ type AssumeRoleInput struct {
1161 // scenarios, the role session name is visible to, and can be logged by the 1256 // scenarios, the role session name is visible to, and can be logged by the
1162 // account that owns the role. The role session name is also used in the ARN 1257 // account that owns the role. The role session name is also used in the ARN
1163 // of the assumed role principal. This means that subsequent cross-account API 1258 // of the assumed role principal. This means that subsequent cross-account API
1164 // requests using the temporary security credentials will expose the role session 1259 // requests that use the temporary security credentials will expose the role
1165 // name to the external account in their CloudTrail logs. 1260 // session name to the external account in their AWS CloudTrail logs.
1166 // 1261 //
1167 // The regex used to validate this parameter is a string of characters consisting 1262 // The regex used to validate this parameter is a string of characters consisting
1168 // of upper- and lower-case alphanumeric characters with no spaces. You can 1263 // of upper- and lower-case alphanumeric characters with no spaces. You can
@@ -1232,6 +1327,16 @@ func (s *AssumeRoleInput) Validate() error {
1232 if s.TokenCode != nil && len(*s.TokenCode) < 6 { 1327 if s.TokenCode != nil && len(*s.TokenCode) < 6 {
1233 invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6)) 1328 invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
1234 } 1329 }
1330 if s.PolicyArns != nil {
1331 for i, v := range s.PolicyArns {
1332 if v == nil {
1333 continue
1334 }
1335 if err := v.Validate(); err != nil {
1336 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
1337 }
1338 }
1339 }
1235 1340
1236 if invalidParams.Len() > 0 { 1341 if invalidParams.Len() > 0 {
1237 return invalidParams 1342 return invalidParams
@@ -1257,6 +1362,12 @@ func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput {
1257 return s 1362 return s
1258} 1363}
1259 1364
1365// SetPolicyArns sets the PolicyArns field's value.
1366func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput {
1367 s.PolicyArns = v
1368 return s
1369}
1370
1260// SetRoleArn sets the RoleArn field's value. 1371// SetRoleArn sets the RoleArn field's value.
1261func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput { 1372func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput {
1262 s.RoleArn = &v 1373 s.RoleArn = &v
@@ -1296,10 +1407,8 @@ type AssumeRoleOutput struct {
1296 // The temporary security credentials, which include an access key ID, a secret 1407 // The temporary security credentials, which include an access key ID, a secret
1297 // access key, and a security (or session) token. 1408 // access key, and a security (or session) token.
1298 // 1409 //
1299 // Note: The size of the security token that STS APIs return is not fixed. We 1410 // The size of the security token that STS API operations return is not fixed.
1300 // strongly recommend that you make no assumptions about the maximum size. As 1411 // We strongly recommend that you make no assumptions about the maximum size.
1301 // of this writing, the typical size is less than 4096 bytes, but that can vary.
1302 // Also, future updates to AWS might require larger sizes.
1303 Credentials *Credentials `type:"structure"` 1412 Credentials *Credentials `type:"structure"`
1304 1413
1305 // A percentage value that indicates the size of the policy in packed form. 1414 // A percentage value that indicates the size of the policy in packed form.
@@ -1349,7 +1458,7 @@ type AssumeRoleWithSAMLInput struct {
1349 // specify a session duration of 12 hours, but your administrator set the maximum 1458 // specify a session duration of 12 hours, but your administrator set the maximum
1350 // session duration to 6 hours, your operation fails. To learn how to view the 1459 // session duration to 6 hours, your operation fails. To learn how to view the
1351 // maximum value for your role, see View the Maximum Session Duration Setting 1460 // maximum value for your role, see View the Maximum Session Duration Setting
1352 // for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) 1461 // for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
1353 // in the IAM User Guide. 1462 // in the IAM User Guide.
1354 // 1463 //
1355 // By default, the value is set to 3600 seconds. 1464 // By default, the value is set to 3600 seconds.
@@ -1359,36 +1468,60 @@ type AssumeRoleWithSAMLInput struct {
1359 // to the federation endpoint for a console sign-in token takes a SessionDuration 1468 // to the federation endpoint for a console sign-in token takes a SessionDuration
1360 // parameter that specifies the maximum length of the console session. For more 1469 // parameter that specifies the maximum length of the console session. For more
1361 // information, see Creating a URL that Enables Federated Users to Access the 1470 // information, see Creating a URL that Enables Federated Users to Access the
1362 // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) 1471 // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
1363 // in the IAM User Guide. 1472 // in the IAM User Guide.
1364 DurationSeconds *int64 `min:"900" type:"integer"` 1473 DurationSeconds *int64 `min:"900" type:"integer"`
1365 1474
1366 // An IAM policy in JSON format. 1475 // An IAM policy in JSON format that you want to use as an inline session policy.
1367 // 1476 //
1368 // The policy parameter is optional. If you pass a policy, the temporary security 1477 // This parameter is optional. Passing policies to this operation returns new
1369 // credentials that are returned by the operation have the permissions that 1478 // temporary credentials. The resulting session's permissions are the intersection
1370 // are allowed by both the access policy of the role that is being assumed, 1479 // of the role's identity-based policy and the session policies. You can use
1371 // and the policy that you pass. This gives you a way to further restrict the 1480 // the role's temporary credentials in subsequent AWS API calls to access resources
1372 // permissions for the resulting temporary security credentials. You cannot 1481 // in the account that owns the role. You cannot use session policies to grant
1373 // use the passed policy to grant permissions that are in excess of those allowed 1482 // more permissions than those allowed by the identity-based policy of the role
1374 // by the access policy of the role that is being assumed. For more information, 1483 // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
1375 // Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity
1376 // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
1377 // in the IAM User Guide. 1484 // in the IAM User Guide.
1378 // 1485 //
1379 // The format for this parameter, as described by its regex pattern, is a string 1486 // The plain text that you use for both inline and managed session policies
1380 // of characters up to 2048 characters in length. The characters can be any 1487 // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
1381 // ASCII character from the space character to the end of the valid character 1488 // character from the space character to the end of the valid character list
1382 // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), 1489 // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
1383 // and carriage return (\u000D) characters. 1490 // and carriage return (\u000D) characters.
1384 // 1491 //
1385 // The policy plain text must be 2048 bytes or shorter. However, an internal 1492 // The characters in this parameter count towards the 2048 character session
1386 // conversion compresses it into a packed binary format with a separate limit. 1493 // policy guideline. However, an AWS conversion compresses the session policies
1387 // The PackedPolicySize response element indicates by percentage how close to 1494 // into a packed binary format that has a separate limit. This is the enforced
1388 // the upper size limit the policy is, with 100% equaling the maximum allowed 1495 // limit. The PackedPolicySize response element indicates by percentage how
1389 // size. 1496 // close the policy is to the upper size limit.
1390 Policy *string `min:"1" type:"string"` 1497 Policy *string `min:"1" type:"string"`
1391 1498
1499 // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
1500 // to use as managed session policies. The policies must exist in the same account
1501 // as the role.
1502 //
1503 // This parameter is optional. You can provide up to 10 managed policy ARNs.
1504 // However, the plain text that you use for both inline and managed session
1505 // policies shouldn't exceed 2048 characters. For more information about ARNs,
1506 // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
1507 // in the AWS General Reference.
1508 //
1509 // The characters in this parameter count towards the 2048 character session
1510 // policy guideline. However, an AWS conversion compresses the session policies
1511 // into a packed binary format that has a separate limit. This is the enforced
1512 // limit. The PackedPolicySize response element indicates by percentage how
1513 // close the policy is to the upper size limit.
1514 //
1515 // Passing policies to this operation returns new temporary credentials. The
1516 // resulting session's permissions are the intersection of the role's identity-based
1517 // policy and the session policies. You can use the role's temporary credentials
1518 // in subsequent AWS API calls to access resources in the account that owns
1519 // the role. You cannot use session policies to grant more permissions than
1520 // those allowed by the identity-based policy of the role that is being assumed.
1521 // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
1522 // in the IAM User Guide.
1523 PolicyArns []*PolicyDescriptorType `type:"list"`
1524
1392 // The Amazon Resource Name (ARN) of the SAML provider in IAM that describes 1525 // The Amazon Resource Name (ARN) of the SAML provider in IAM that describes
1393 // the IdP. 1526 // the IdP.
1394 // 1527 //
@@ -1402,8 +1535,8 @@ type AssumeRoleWithSAMLInput struct {
1402 1535
1403 // The base-64 encoded SAML authentication response provided by the IdP. 1536 // The base-64 encoded SAML authentication response provided by the IdP.
1404 // 1537 //
1405 // For more information, see Configuring a Relying Party and Adding Claims (http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) 1538 // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
1406 // in the Using IAM guide. 1539 // in the IAM User Guide.
1407 // 1540 //
1408 // SAMLAssertion is a required field 1541 // SAMLAssertion is a required field
1409 SAMLAssertion *string `min:"4" type:"string" required:"true"` 1542 SAMLAssertion *string `min:"4" type:"string" required:"true"`
@@ -1446,6 +1579,16 @@ func (s *AssumeRoleWithSAMLInput) Validate() error {
1446 if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 { 1579 if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 {
1447 invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4)) 1580 invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4))
1448 } 1581 }
1582 if s.PolicyArns != nil {
1583 for i, v := range s.PolicyArns {
1584 if v == nil {
1585 continue
1586 }
1587 if err := v.Validate(); err != nil {
1588 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
1589 }
1590 }
1591 }
1449 1592
1450 if invalidParams.Len() > 0 { 1593 if invalidParams.Len() > 0 {
1451 return invalidParams 1594 return invalidParams
@@ -1465,6 +1608,12 @@ func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput {
1465 return s 1608 return s
1466} 1609}
1467 1610
1611// SetPolicyArns sets the PolicyArns field's value.
1612func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput {
1613 s.PolicyArns = v
1614 return s
1615}
1616
1468// SetPrincipalArn sets the PrincipalArn field's value. 1617// SetPrincipalArn sets the PrincipalArn field's value.
1469func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput { 1618func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput {
1470 s.PrincipalArn = &v 1619 s.PrincipalArn = &v
@@ -1499,10 +1648,8 @@ type AssumeRoleWithSAMLOutput struct {
1499 // The temporary security credentials, which include an access key ID, a secret 1648 // The temporary security credentials, which include an access key ID, a secret
1500 // access key, and a security (or session) token. 1649 // access key, and a security (or session) token.
1501 // 1650 //
1502 // Note: The size of the security token that STS APIs return is not fixed. We 1651 // The size of the security token that STS API operations return is not fixed.
1503 // strongly recommend that you make no assumptions about the maximum size. As 1652 // We strongly recommend that you make no assumptions about the maximum size.
1504 // of this writing, the typical size is less than 4096 bytes, but that can vary.
1505 // Also, future updates to AWS might require larger sizes.
1506 Credentials *Credentials `type:"structure"` 1653 Credentials *Credentials `type:"structure"`
1507 1654
1508 // The value of the Issuer element of the SAML assertion. 1655 // The value of the Issuer element of the SAML assertion.
@@ -1606,7 +1753,7 @@ type AssumeRoleWithWebIdentityInput struct {
1606 // a session duration of 12 hours, but your administrator set the maximum session 1753 // a session duration of 12 hours, but your administrator set the maximum session
1607 // duration to 6 hours, your operation fails. To learn how to view the maximum 1754 // duration to 6 hours, your operation fails. To learn how to view the maximum
1608 // value for your role, see View the Maximum Session Duration Setting for a 1755 // value for your role, see View the Maximum Session Duration Setting for a
1609 // Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) 1756 // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
1610 // in the IAM User Guide. 1757 // in the IAM User Guide.
1611 // 1758 //
1612 // By default, the value is set to 3600 seconds. 1759 // By default, the value is set to 3600 seconds.
@@ -1616,35 +1763,60 @@ type AssumeRoleWithWebIdentityInput struct {
1616 // to the federation endpoint for a console sign-in token takes a SessionDuration 1763 // to the federation endpoint for a console sign-in token takes a SessionDuration
1617 // parameter that specifies the maximum length of the console session. For more 1764 // parameter that specifies the maximum length of the console session. For more
1618 // information, see Creating a URL that Enables Federated Users to Access the 1765 // information, see Creating a URL that Enables Federated Users to Access the
1619 // AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) 1766 // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
1620 // in the IAM User Guide. 1767 // in the IAM User Guide.
1621 DurationSeconds *int64 `min:"900" type:"integer"` 1768 DurationSeconds *int64 `min:"900" type:"integer"`
1622 1769
1623 // An IAM policy in JSON format. 1770 // An IAM policy in JSON format that you want to use as an inline session policy.
1624 // 1771 //
1625 // The policy parameter is optional. If you pass a policy, the temporary security 1772 // This parameter is optional. Passing policies to this operation returns new
1626 // credentials that are returned by the operation have the permissions that 1773 // temporary credentials. The resulting session's permissions are the intersection
1627 // are allowed by both the access policy of the role that is being assumed, 1774 // of the role's identity-based policy and the session policies. You can use
1628 // and the policy that you pass. This gives you a way to further restrict the 1775 // the role's temporary credentials in subsequent AWS API calls to access resources
1629 // permissions for the resulting temporary security credentials. You cannot 1776 // in the account that owns the role. You cannot use session policies to grant
1630 // use the passed policy to grant permissions that are in excess of those allowed 1777 // more permissions than those allowed by the identity-based policy of the role
1631 // by the access policy of the role that is being assumed. For more information, 1778 // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
1632 // see Permissions for AssumeRoleWithWebIdentity (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html)
1633 // in the IAM User Guide. 1779 // in the IAM User Guide.
1634 // 1780 //
1635 // The format for this parameter, as described by its regex pattern, is a string 1781 // The plain text that you use for both inline and managed session policies
1636 // of characters up to 2048 characters in length. The characters can be any 1782 // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
1637 // ASCII character from the space character to the end of the valid character 1783 // character from the space character to the end of the valid character list
1638 // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A), 1784 // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
1639 // and carriage return (\u000D) characters. 1785 // and carriage return (\u000D) characters.
1640 // 1786 //
1641 // The policy plain text must be 2048 bytes or shorter. However, an internal 1787 // The characters in this parameter count towards the 2048 character session
1642 // conversion compresses it into a packed binary format with a separate limit. 1788 // policy guideline. However, an AWS conversion compresses the session policies
1643 // The PackedPolicySize response element indicates by percentage how close to 1789 // into a packed binary format that has a separate limit. This is the enforced
1644 // the upper size limit the policy is, with 100% equaling the maximum allowed 1790 // limit. The PackedPolicySize response element indicates by percentage how
1645 // size. 1791 // close the policy is to the upper size limit.
1646 Policy *string `min:"1" type:"string"` 1792 Policy *string `min:"1" type:"string"`
1647 1793
1794 // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
1795 // to use as managed session policies. The policies must exist in the same account
1796 // as the role.
1797 //
1798 // This parameter is optional. You can provide up to 10 managed policy ARNs.
1799 // However, the plain text that you use for both inline and managed session
1800 // policies shouldn't exceed 2048 characters. For more information about ARNs,
1801 // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
1802 // in the AWS General Reference.
1803 //
1804 // The characters in this parameter count towards the 2048 character session
1805 // policy guideline. However, an AWS conversion compresses the session policies
1806 // into a packed binary format that has a separate limit. This is the enforced
1807 // limit. The PackedPolicySize response element indicates by percentage how
1808 // close the policy is to the upper size limit.
1809 //
1810 // Passing policies to this operation returns new temporary credentials. The
1811 // resulting session's permissions are the intersection of the role's identity-based
1812 // policy and the session policies. You can use the role's temporary credentials
1813 // in subsequent AWS API calls to access resources in the account that owns
1814 // the role. You cannot use session policies to grant more permissions than
1815 // those allowed by the identity-based policy of the role that is being assumed.
1816 // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
1817 // in the IAM User Guide.
1818 PolicyArns []*PolicyDescriptorType `type:"list"`
1819
1648 // The fully qualified host component of the domain name of the identity provider. 1820 // The fully qualified host component of the domain name of the identity provider.
1649 // 1821 //
1650 // Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com 1822 // Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com
@@ -1721,6 +1893,16 @@ func (s *AssumeRoleWithWebIdentityInput) Validate() error {
1721 if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 { 1893 if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 {
1722 invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4)) 1894 invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4))
1723 } 1895 }
1896 if s.PolicyArns != nil {
1897 for i, v := range s.PolicyArns {
1898 if v == nil {
1899 continue
1900 }
1901 if err := v.Validate(); err != nil {
1902 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
1903 }
1904 }
1905 }
1724 1906
1725 if invalidParams.Len() > 0 { 1907 if invalidParams.Len() > 0 {
1726 return invalidParams 1908 return invalidParams
@@ -1740,6 +1922,12 @@ func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebI
1740 return s 1922 return s
1741} 1923}
1742 1924
1925// SetPolicyArns sets the PolicyArns field's value.
1926func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput {
1927 s.PolicyArns = v
1928 return s
1929}
1930
1743// SetProviderId sets the ProviderId field's value. 1931// SetProviderId sets the ProviderId field's value.
1744func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput { 1932func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput {
1745 s.ProviderId = &v 1933 s.ProviderId = &v
@@ -1784,10 +1972,8 @@ type AssumeRoleWithWebIdentityOutput struct {
1784 // The temporary security credentials, which include an access key ID, a secret 1972 // The temporary security credentials, which include an access key ID, a secret
1785 // access key, and a security token. 1973 // access key, and a security token.
1786 // 1974 //
1787 // Note: The size of the security token that STS APIs return is not fixed. We 1975 // The size of the security token that STS API operations return is not fixed.
1788 // strongly recommend that you make no assumptions about the maximum size. As 1976 // We strongly recommend that you make no assumptions about the maximum size.
1789 // of this writing, the typical size is less than 4096 bytes, but that can vary.
1790 // Also, future updates to AWS might require larger sizes.
1791 Credentials *Credentials `type:"structure"` 1977 Credentials *Credentials `type:"structure"`
1792 1978
1793 // A percentage value that indicates the size of the policy in packed form. 1979 // A percentage value that indicates the size of the policy in packed form.
@@ -1796,7 +1982,7 @@ type AssumeRoleWithWebIdentityOutput struct {
1796 PackedPolicySize *int64 `type:"integer"` 1982 PackedPolicySize *int64 `type:"integer"`
1797 1983
1798 // The issuing authority of the web identity token presented. For OpenID Connect 1984 // The issuing authority of the web identity token presented. For OpenID Connect
1799 // ID Tokens this contains the value of the iss field. For OAuth 2.0 access 1985 // ID tokens, this contains the value of the iss field. For OAuth 2.0 access
1800 // tokens, this contains the value of the ProviderId parameter that was passed 1986 // tokens, this contains the value of the ProviderId parameter that was passed
1801 // in the AssumeRoleWithWebIdentity request. 1987 // in the AssumeRoleWithWebIdentity request.
1802 Provider *string `type:"string"` 1988 Provider *string `type:"string"`
@@ -1863,7 +2049,7 @@ type AssumedRoleUser struct {
1863 2049
1864 // The ARN of the temporary security credentials that are returned from the 2050 // The ARN of the temporary security credentials that are returned from the
1865 // AssumeRole action. For more information about ARNs and how to use them in 2051 // AssumeRole action. For more information about ARNs and how to use them in
1866 // policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) 2052 // policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
1867 // in Using IAM. 2053 // in Using IAM.
1868 // 2054 //
1869 // Arn is a required field 2055 // Arn is a required field
@@ -2031,7 +2217,7 @@ type FederatedUser struct {
2031 2217
2032 // The ARN that specifies the federated user that is associated with the credentials. 2218 // The ARN that specifies the federated user that is associated with the credentials.
2033 // For more information about ARNs and how to use them in policies, see IAM 2219 // For more information about ARNs and how to use them in policies, see IAM
2034 // Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) 2220 // Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
2035 // in Using IAM. 2221 // in Using IAM.
2036 // 2222 //
2037 // Arn is a required field 2223 // Arn is a required field
@@ -2066,6 +2252,73 @@ func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
2066 return s 2252 return s
2067} 2253}
2068 2254
2255type GetAccessKeyInfoInput struct {
2256 _ struct{} `type:"structure"`
2257
2258 // The identifier of an access key.
2259 //
2260 // This parameter allows (through its regex pattern) a string of characters
2261 // that can consist of any upper- or lowercased letter or digit.
2262 //
2263 // AccessKeyId is a required field
2264 AccessKeyId *string `min:"16" type:"string" required:"true"`
2265}
2266
2267// String returns the string representation
2268func (s GetAccessKeyInfoInput) String() string {
2269 return awsutil.Prettify(s)
2270}
2271
2272// GoString returns the string representation
2273func (s GetAccessKeyInfoInput) GoString() string {
2274 return s.String()
2275}
2276
2277// Validate inspects the fields of the type to determine if they are valid.
2278func (s *GetAccessKeyInfoInput) Validate() error {
2279 invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"}
2280 if s.AccessKeyId == nil {
2281 invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
2282 }
2283 if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
2284 invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
2285 }
2286
2287 if invalidParams.Len() > 0 {
2288 return invalidParams
2289 }
2290 return nil
2291}
2292
2293// SetAccessKeyId sets the AccessKeyId field's value.
2294func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput {
2295 s.AccessKeyId = &v
2296 return s
2297}
2298
2299type GetAccessKeyInfoOutput struct {
2300 _ struct{} `type:"structure"`
2301
2302 // The number used to identify the AWS account.
2303 Account *string `type:"string"`
2304}
2305
2306// String returns the string representation
2307func (s GetAccessKeyInfoOutput) String() string {
2308 return awsutil.Prettify(s)
2309}
2310
2311// GoString returns the string representation
2312func (s GetAccessKeyInfoOutput) GoString() string {
2313 return s.String()
2314}
2315
2316// SetAccount sets the Account field's value.
2317func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput {
2318 s.Account = &v
2319 return s
2320}
2321
2069type GetCallerIdentityInput struct { 2322type GetCallerIdentityInput struct {
2070 _ struct{} `type:"structure"` 2323 _ struct{} `type:"structure"`
2071} 2324}
@@ -2093,8 +2346,8 @@ type GetCallerIdentityOutput struct {
2093 Arn *string `min:"20" type:"string"` 2346 Arn *string `min:"20" type:"string"`
2094 2347
2095 // The unique identifier of the calling entity. The exact value depends on the 2348 // The unique identifier of the calling entity. The exact value depends on the
2096 // type of entity making the call. The values returned are those listed in the 2349 // type of entity that is making the call. The values returned are those listed
2097 // aws:userid column in the Principal table (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable) 2350 // in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
2098 // found on the Policy Variables reference page in the IAM User Guide. 2351 // found on the Policy Variables reference page in the IAM User Guide.
2099 UserId *string `type:"string"` 2352 UserId *string `type:"string"`
2100} 2353}
@@ -2131,12 +2384,11 @@ type GetFederationTokenInput struct {
2131 _ struct{} `type:"structure"` 2384 _ struct{} `type:"structure"`
2132 2385
2133 // The duration, in seconds, that the session should last. Acceptable durations 2386 // The duration, in seconds, that the session should last. Acceptable durations
2134 // for federation sessions range from 900 seconds (15 minutes) to 129600 seconds 2387 // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
2135 // (36 hours), with 43200 seconds (12 hours) as the default. Sessions obtained 2388 // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
2136 // using AWS account (root) credentials are restricted to a maximum of 3600 2389 // using AWS account root user credentials are restricted to a maximum of 3,600
2137 // seconds (one hour). If the specified duration is longer than one hour, the 2390 // seconds (one hour). If the specified duration is longer than one hour, the
2138 // session obtained by using AWS account (root) credentials defaults to one 2391 // session obtained by using root user credentials defaults to one hour.
2139 // hour.
2140 DurationSeconds *int64 `min:"900" type:"integer"` 2392 DurationSeconds *int64 `min:"900" type:"integer"`
2141 2393
2142 // The name of the federated user. The name is used as an identifier for the 2394 // The name of the federated user. The name is used as an identifier for the
@@ -2151,36 +2403,73 @@ type GetFederationTokenInput struct {
2151 // Name is a required field 2403 // Name is a required field
2152 Name *string `min:"2" type:"string" required:"true"` 2404 Name *string `min:"2" type:"string" required:"true"`
2153 2405
2154 // An IAM policy in JSON format that is passed with the GetFederationToken call 2406 // An IAM policy in JSON format that you want to use as an inline session policy.
2155 // and evaluated along with the policy or policies that are attached to the 2407 //
2156 // IAM user whose credentials are used to call GetFederationToken. The passed 2408 // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
2157 // policy is used to scope down the permissions that are available to the IAM 2409 // to this operation. You can pass a single JSON policy document to use as an
2158 // user, by allowing only a subset of the permissions that are granted to the 2410 // inline session policy. You can also specify up to 10 managed policies to
2159 // IAM user. The passed policy cannot grant more permissions than those granted 2411 // use as managed session policies.
2160 // to the IAM user. The final permissions for the federated user are the most
2161 // restrictive set based on the intersection of the passed policy and the IAM
2162 // user policy.
2163 //
2164 // If you do not pass a policy, the resulting temporary security credentials
2165 // have no effective permissions. The only exception is when the temporary security
2166 // credentials are used to access a resource that has a resource-based policy
2167 // that specifically allows the federated user to access the resource.
2168 //
2169 // The format for this parameter, as described by its regex pattern, is a string
2170 // of characters up to 2048 characters in length. The characters can be any
2171 // ASCII character from the space character to the end of the valid character
2172 // list (\u0020-\u00FF). It can also include the tab (\u0009), linefeed (\u000A),
2173 // and carriage return (\u000D) characters.
2174 // 2412 //
2175 // The policy plain text must be 2048 bytes or shorter. However, an internal 2413 // This parameter is optional. However, if you do not pass any session policies,
2176 // conversion compresses it into a packed binary format with a separate limit. 2414 // then the resulting federated user session has no permissions. The only exception
2177 // The PackedPolicySize response element indicates by percentage how close to 2415 // is when the credentials are used to access a resource that has a resource-based
2178 // the upper size limit the policy is, with 100% equaling the maximum allowed 2416 // policy that specifically references the federated user session in the Principal
2179 // size. 2417 // element of the policy.
2180 // 2418 //
2181 // For more information about how permissions work, see Permissions for GetFederationToken 2419 // When you pass session policies, the session permissions are the intersection
2182 // (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html). 2420 // of the IAM user policies and the session policies that you pass. This gives
2421 // you a way to further restrict the permissions for a federated user. You cannot
2422 // use session policies to grant more permissions than those that are defined
2423 // in the permissions policy of the IAM user. For more information, see Session
2424 // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
2425 // in the IAM User Guide.
2426 //
2427 // The plain text that you use for both inline and managed session policies
2428 // shouldn't exceed 2048 characters. The JSON policy characters can be any ASCII
2429 // character from the space character to the end of the valid character list
2430 // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A),
2431 // and carriage return (\u000D) characters.
2432 //
2433 // The characters in this parameter count towards the 2048 character session
2434 // policy guideline. However, an AWS conversion compresses the session policies
2435 // into a packed binary format that has a separate limit. This is the enforced
2436 // limit. The PackedPolicySize response element indicates by percentage how
2437 // close the policy is to the upper size limit.
2183 Policy *string `min:"1" type:"string"` 2438 Policy *string `min:"1" type:"string"`
2439
2440 // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
2441 // to use as a managed session policy. The policies must exist in the same account
2442 // as the IAM user that is requesting federated access.
2443 //
2444 // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
2445 // to this operation. You can pass a single JSON policy document to use as an
2446 // inline session policy. You can also specify up to 10 managed policies to
2447 // use as managed session policies. The plain text that you use for both inline
2448 // and managed session policies shouldn't exceed 2048 characters. You can provide
2449 // up to 10 managed policy ARNs. For more information about ARNs, see Amazon
2450 // Resource Names (ARNs) and AWS Service Namespaces (general/latest/gr/aws-arns-and-namespaces.html)
2451 // in the AWS General Reference.
2452 //
2453 // This parameter is optional. However, if you do not pass any session policies,
2454 // then the resulting federated user session has no permissions. The only exception
2455 // is when the credentials are used to access a resource that has a resource-based
2456 // policy that specifically references the federated user session in the Principal
2457 // element of the policy.
2458 //
2459 // When you pass session policies, the session permissions are the intersection
2460 // of the IAM user policies and the session policies that you pass. This gives
2461 // you a way to further restrict the permissions for a federated user. You cannot
2462 // use session policies to grant more permissions than those that are defined
2463 // in the permissions policy of the IAM user. For more information, see Session
2464 // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
2465 // in the IAM User Guide.
2466 //
2467 // The characters in this parameter count towards the 2048 character session
2468 // policy guideline. However, an AWS conversion compresses the session policies
2469 // into a packed binary format that has a separate limit. This is the enforced
2470 // limit. The PackedPolicySize response element indicates by percentage how
2471 // close the policy is to the upper size limit.
2472 PolicyArns []*PolicyDescriptorType `type:"list"`
2184} 2473}
2185 2474
2186// String returns the string representation 2475// String returns the string representation
@@ -2208,6 +2497,16 @@ func (s *GetFederationTokenInput) Validate() error {
2208 if s.Policy != nil && len(*s.Policy) < 1 { 2497 if s.Policy != nil && len(*s.Policy) < 1 {
2209 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 2498 invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
2210 } 2499 }
2500 if s.PolicyArns != nil {
2501 for i, v := range s.PolicyArns {
2502 if v == nil {
2503 continue
2504 }
2505 if err := v.Validate(); err != nil {
2506 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
2507 }
2508 }
2509 }
2211 2510
2212 if invalidParams.Len() > 0 { 2511 if invalidParams.Len() > 0 {
2213 return invalidParams 2512 return invalidParams
@@ -2233,6 +2532,12 @@ func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
2233 return s 2532 return s
2234} 2533}
2235 2534
2535// SetPolicyArns sets the PolicyArns field's value.
2536func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput {
2537 s.PolicyArns = v
2538 return s
2539}
2540
2236// Contains the response to a successful GetFederationToken request, including 2541// Contains the response to a successful GetFederationToken request, including
2237// temporary AWS credentials that can be used to make AWS requests. 2542// temporary AWS credentials that can be used to make AWS requests.
2238type GetFederationTokenOutput struct { 2543type GetFederationTokenOutput struct {
@@ -2241,10 +2546,8 @@ type GetFederationTokenOutput struct {
2241 // The temporary security credentials, which include an access key ID, a secret 2546 // The temporary security credentials, which include an access key ID, a secret
2242 // access key, and a security (or session) token. 2547 // access key, and a security (or session) token.
2243 // 2548 //
2244 // Note: The size of the security token that STS APIs return is not fixed. We 2549 // The size of the security token that STS API operations return is not fixed.
2245 // strongly recommend that you make no assumptions about the maximum size. As 2550 // We strongly recommend that you make no assumptions about the maximum size.
2246 // of this writing, the typical size is less than 4096 bytes, but that can vary.
2247 // Also, future updates to AWS might require larger sizes.
2248 Credentials *Credentials `type:"structure"` 2551 Credentials *Credentials `type:"structure"`
2249 2552
2250 // Identifiers for the federated user associated with the credentials (such 2553 // Identifiers for the federated user associated with the credentials (such
@@ -2291,11 +2594,11 @@ type GetSessionTokenInput struct {
2291 _ struct{} `type:"structure"` 2594 _ struct{} `type:"structure"`
2292 2595
2293 // The duration, in seconds, that the credentials should remain valid. Acceptable 2596 // The duration, in seconds, that the credentials should remain valid. Acceptable
2294 // durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 2597 // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
2295 // seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions 2598 // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
2296 // for AWS account owners are restricted to a maximum of 3600 seconds (one hour). 2599 // for AWS account owners are restricted to a maximum of 3,600 seconds (one
2297 // If the duration is longer than one hour, the session for AWS account owners 2600 // hour). If the duration is longer than one hour, the session for AWS account
2298 // defaults to one hour. 2601 // owners defaults to one hour.
2299 DurationSeconds *int64 `min:"900" type:"integer"` 2602 DurationSeconds *int64 `min:"900" type:"integer"`
2300 2603
2301 // The identification number of the MFA device that is associated with the IAM 2604 // The identification number of the MFA device that is associated with the IAM
@@ -2306,16 +2609,16 @@ type GetSessionTokenInput struct {
2306 // You can find the device for an IAM user by going to the AWS Management Console 2609 // You can find the device for an IAM user by going to the AWS Management Console
2307 // and viewing the user's security credentials. 2610 // and viewing the user's security credentials.
2308 // 2611 //
2309 // The regex used to validated this parameter is a string of characters consisting 2612 // The regex used to validate this parameter is a string of characters consisting
2310 // of upper- and lower-case alphanumeric characters with no spaces. You can 2613 // of upper- and lower-case alphanumeric characters with no spaces. You can
2311 // also include underscores or any of the following characters: =,.@:/- 2614 // also include underscores or any of the following characters: =,.@:/-
2312 SerialNumber *string `min:"9" type:"string"` 2615 SerialNumber *string `min:"9" type:"string"`
2313 2616
2314 // The value provided by the MFA device, if MFA is required. If any policy requires 2617 // The value provided by the MFA device, if MFA is required. If any policy requires
2315 // the IAM user to submit an MFA code, specify this value. If MFA authentication 2618 // the IAM user to submit an MFA code, specify this value. If MFA authentication
2316 // is required, and the user does not provide a code when requesting a set of 2619 // is required, the user must provide a code when requesting a set of temporary
2317 // temporary security credentials, the user will receive an "access denied" 2620 // security credentials. A user who fails to provide the code receives an "access
2318 // response when requesting resources that require MFA authentication. 2621 // denied" response when requesting resources that require MFA authentication.
2319 // 2622 //
2320 // The format for this parameter, as described by its regex pattern, is a sequence 2623 // The format for this parameter, as described by its regex pattern, is a sequence
2321 // of six numeric digits. 2624 // of six numeric digits.
@@ -2377,10 +2680,8 @@ type GetSessionTokenOutput struct {
2377 // The temporary security credentials, which include an access key ID, a secret 2680 // The temporary security credentials, which include an access key ID, a secret
2378 // access key, and a security (or session) token. 2681 // access key, and a security (or session) token.
2379 // 2682 //
2380 // Note: The size of the security token that STS APIs return is not fixed. We 2683 // The size of the security token that STS API operations return is not fixed.
2381 // strongly recommend that you make no assumptions about the maximum size. As 2684 // We strongly recommend that you make no assumptions about the maximum size.
2382 // of this writing, the typical size is less than 4096 bytes, but that can vary.
2383 // Also, future updates to AWS might require larger sizes.
2384 Credentials *Credentials `type:"structure"` 2685 Credentials *Credentials `type:"structure"`
2385} 2686}
2386 2687
@@ -2399,3 +2700,44 @@ func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenO
2399 s.Credentials = v 2700 s.Credentials = v
2400 return s 2701 return s
2401} 2702}
2703
2704// A reference to the IAM managed policy that is passed as a session policy
2705// for a role session or a federated user session.
2706type PolicyDescriptorType struct {
2707 _ struct{} `type:"structure"`
2708
2709 // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
2710 // policy for the role. For more information about ARNs, see Amazon Resource
2711 // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
2712 // in the AWS General Reference.
2713 Arn *string `locationName:"arn" min:"20" type:"string"`
2714}
2715
2716// String returns the string representation
2717func (s PolicyDescriptorType) String() string {
2718 return awsutil.Prettify(s)
2719}
2720
2721// GoString returns the string representation
2722func (s PolicyDescriptorType) GoString() string {
2723 return s.String()
2724}
2725
2726// Validate inspects the fields of the type to determine if they are valid.
2727func (s *PolicyDescriptorType) Validate() error {
2728 invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"}
2729 if s.Arn != nil && len(*s.Arn) < 20 {
2730 invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
2731 }
2732
2733 if invalidParams.Len() > 0 {
2734 return invalidParams
2735 }
2736 return nil
2737}
2738
2739// SetArn sets the Arn field's value.
2740func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
2741 s.Arn = &v
2742 return s
2743}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
index ef681ab..fcb720d 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@@ -7,22 +7,14 @@
7// request temporary, limited-privilege credentials for AWS Identity and Access 7// request temporary, limited-privilege credentials for AWS Identity and Access
8// Management (IAM) users or for users that you authenticate (federated users). 8// Management (IAM) users or for users that you authenticate (federated users).
9// This guide provides descriptions of the STS API. For more detailed information 9// This guide provides descriptions of the STS API. For more detailed information
10// about using this service, go to Temporary Security Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). 10// about using this service, go to Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
11//
12// As an alternative to using the API, you can use one of the AWS SDKs, which
13// consist of libraries and sample code for various programming languages and
14// platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient
15// way to create programmatic access to STS. For example, the SDKs take care
16// of cryptographically signing requests, managing errors, and retrying requests
17// automatically. For information about the AWS SDKs, including how to download
18// and install them, see the Tools for Amazon Web Services page (http://aws.amazon.com/tools/).
19// 11//
20// For information about setting up signatures and authorization through the 12// For information about setting up signatures and authorization through the
21// API, go to Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) 13// API, go to Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html)
22// in the AWS General Reference. For general information about the Query API, 14// in the AWS General Reference. For general information about the Query API,
23// go to Making Query Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) 15// go to Making Query Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
24// in Using IAM. For information about using security tokens with other AWS 16// in Using IAM. For information about using security tokens with other AWS
25// products, go to AWS Services That Work with IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) 17// products, go to AWS Services That Work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html)
26// in the IAM User Guide. 18// in the IAM User Guide.
27// 19//
28// If you're new to AWS and need additional technical information about a specific 20// If you're new to AWS and need additional technical information about a specific
@@ -31,14 +23,38 @@
31// 23//
32// Endpoints 24// Endpoints
33// 25//
34// The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com 26// By default, AWS Security Token Service (STS) is available as a global service,
35// that maps to the US East (N. Virginia) region. Additional regions are available 27// and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com.
36// and are activated by default. For more information, see Activating and Deactivating 28// Global requests map to the US East (N. Virginia) region. AWS recommends using
37// AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 29// Regional AWS STS endpoints instead of the global endpoint to reduce latency,
30// build in redundancy, and increase session token validity. For more information,
31// see Managing AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
32// in the IAM User Guide.
33//
34// Most AWS Regions are enabled for operations in all AWS services by default.
35// Those Regions are automatically activated for use with AWS STS. Some Regions,
36// such as Asia Pacific (Hong Kong), must be manually enabled. To learn more
37// about enabling and disabling AWS Regions, see Managing AWS Regions (https://docs.aws.amazon.com/general/latest/gr/rande-manage.html)
38// in the AWS General Reference. When you enable these AWS Regions, they are
39// automatically activated for use with AWS STS. You cannot activate the STS
40// endpoint for a Region that is disabled. Tokens that are valid in all AWS
41// Regions are longer than tokens that are valid in Regions that are enabled
42// by default. Changing this setting might affect existing systems where you
43// temporarily store tokens. For more information, see Managing Global Endpoint
44// Session Tokens (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens)
38// in the IAM User Guide. 45// in the IAM User Guide.
39// 46//
40// For information about STS endpoints, see Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region) 47// After you activate a Region for use with AWS STS, you can direct AWS STS
41// in the AWS General Reference. 48// API calls to that Region. AWS STS recommends that you provide both the Region
49// and endpoint when you make calls to a Regional endpoint. You can provide
50// the Region alone for manually enabled Regions, such as Asia Pacific (Hong
51// Kong). In this case, the calls are directed to the STS Regional endpoint.
52// However, if you provide the Region alone for Regions enabled by default,
53// the calls are directed to the global endpoint of https://sts.amazonaws.com.
54//
55// To view the list of AWS STS endpoints and whether they are active by default,
56// see Writing Code to Use AWS STS Regions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#id_credentials_temp_enable-regions_writing_code)
57// in the IAM User Guide.
42// 58//
43// Recording API requests 59// Recording API requests
44// 60//
@@ -46,8 +62,28 @@
46// your AWS account and delivers log files to an Amazon S3 bucket. By using 62// your AWS account and delivers log files to an Amazon S3 bucket. By using
47// information collected by CloudTrail, you can determine what requests were 63// information collected by CloudTrail, you can determine what requests were
48// successfully made to STS, who made the request, when it was made, and so 64// successfully made to STS, who made the request, when it was made, and so
49// on. To learn more about CloudTrail, including how to turn it on and find 65// on.
50// your log files, see the AWS CloudTrail User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). 66//
67// If you activate AWS STS endpoints in Regions other than the default global
68// endpoint, then you must also turn on CloudTrail logging in those Regions.
69// This is necessary to record any AWS STS API calls that are made in those
70// Regions. For more information, see Turning On CloudTrail in Additional Regions
71// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/aggregating_logs_regions_turn_on_ct.html)
72// in the AWS CloudTrail User Guide.
73//
74// AWS Security Token Service (STS) is a global service with a single endpoint
75// at https://sts.amazonaws.com. Calls to this endpoint are logged as calls
76// to a global service. However, because this endpoint is physically located
77// in the US East (N. Virginia) Region, your logs list us-east-1 as the event
78// Region. CloudTrail does not write these logs to the US East (Ohio) Region
79// unless you choose to include global service logs in that Region. CloudTrail
80// writes calls to all Regional endpoints to their respective Regions. For example,
81// calls to sts.us-east-2.amazonaws.com are published to the US East (Ohio)
82// Region and calls to sts.eu-central-1.amazonaws.com are published to the EU
83// (Frankfurt) Region.
84//
85// To learn more about CloudTrail, including how to turn it on and find your
86// log files, see the AWS CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).
51// 87//
52// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. 88// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
53// 89//
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
index e24884e..41ea09c 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@@ -67,7 +67,7 @@ const (
67 // STS is not activated in the requested region for the account that is being 67 // STS is not activated in the requested region for the account that is being
68 // asked to generate credentials. The account administrator must use the IAM 68 // asked to generate credentials. The account administrator must use the IAM
69 // console to activate STS in that region. For more information, see Activating 69 // console to activate STS in that region. For more information, see Activating
70 // and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) 70 // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
71 // in the IAM User Guide. 71 // in the IAM User Guide.
72 ErrCodeRegionDisabledException = "RegionDisabledException" 72 ErrCodeRegionDisabledException = "RegionDisabledException"
73) 73)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
new file mode 100644
index 0000000..e2e1d6e
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
@@ -0,0 +1,96 @@
1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
2
3// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
4// for testing your code.
5//
6// It is important to note that this interface will have breaking changes
7// when the service model is updated and adds new API operations, paginators,
8// and waiters.
9package stsiface
10
11import (
12 "github.com/aws/aws-sdk-go/aws"
13 "github.com/aws/aws-sdk-go/aws/request"
14 "github.com/aws/aws-sdk-go/service/sts"
15)
16
17// STSAPI provides an interface to enable mocking the
18// sts.STS service client's API operation,
19// paginators, and waiters. This make unit testing your code that calls out
20// to the SDK's service client's calls easier.
21//
22// The best way to use this interface is so the SDK's service client's calls
23// can be stubbed out for unit testing your code with the SDK without needing
24// to inject custom request handlers into the SDK's request pipeline.
25//
26// // myFunc uses an SDK service client to make a request to
27// // AWS Security Token Service.
28// func myFunc(svc stsiface.STSAPI) bool {
29// // Make svc.AssumeRole request
30// }
31//
32// func main() {
33// sess := session.New()
34// svc := sts.New(sess)
35//
36// myFunc(svc)
37// }
38//
39// In your _test.go file:
40//
41// // Define a mock struct to be used in your unit tests of myFunc.
42// type mockSTSClient struct {
43// stsiface.STSAPI
44// }
45// func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
46// // mock response/functionality
47// }
48//
49// func TestMyFunc(t *testing.T) {
50// // Setup Test
51// mockSvc := &mockSTSClient{}
52//
53// myfunc(mockSvc)
54//
55// // Verify myFunc's functionality
56// }
57//
58// It is important to note that this interface will have breaking changes
59// when the service model is updated and adds new API operations, paginators,
60// and waiters. Its suggested to use the pattern above for testing, or using
61// tooling to generate mocks to satisfy the interfaces.
62type STSAPI interface {
63 AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
64 AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
65 AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
66
67 AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
68 AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
69 AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
70
71 AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
72 AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
73 AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
74
75 DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
76 DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
77 DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
78
79 GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
80 GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
81 GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
82
83 GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
84 GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
85 GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
86
87 GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
88 GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
89 GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
90
91 GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
92 GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
93 GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
94}
95
96var _ STSAPI = (*sts.STS)(nil)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 05:08:38 +0000