TrueCloudLab/distribution
13
0
Fork 3
Code Issues 2 Pull requests Projects Releases 2 Packages Wiki Activity Actions

update: AWS Go SDK bump to the latest release

Browse source 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
This commit is contained in:
Milos Gajdos 2023-12-01 08:51:16 +00:00
parent a2613975a1
commit 6f84e87803
No known key found for this signature in database
23 changed files with 8582 additions and 2321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
go.mod
View file

@ -8,7 +8,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
github.com/aws/aws-sdk-go v1.44.325
github.com/aws/aws-sdk-go v1.48.10
github.com/bshuster-repo/logrus-logstash-hook v1.0.0
github.com/coreos/go-systemd/v22 v22.5.0
github.com/distribution/reference v0.5.0

20
go.sum
View file

@ -61,8 +61,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/aws/aws-sdk-go v1.44.325 h1:jF/L99fJSq/BfiLmUOflO/aM+LwcqBm0Fe/qTK5xxuI=
github.com/aws/aws-sdk-go v1.44.325/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.48.10 h1:0LIFG3wp2Dt6PsxKWCg1Y1xRrn2vZnW5/gWdgaBalKg=
github.com/aws/aws-sdk-go v1.48.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -319,7 +319,6 @@ github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gt
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@ -341,7 +340,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -374,7 +372,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -404,10 +401,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -427,7 +421,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -466,27 +459,19 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -532,7 +517,6 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

4
vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go generated vendored Normal file
View file

@ -0,0 +1,4 @@
// DO NOT EDIT
package corehandlers
const isAwsInternal = ""

10
vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go generated vendored
View file

@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{
request.AddToUserAgent(r, execEnvUAKey+"/"+v)
},
}
var AddAwsInternal = request.NamedHandler{
Name: "core.AddAwsInternal",
Fn: func(r *request.Request) {
if len(isAwsInternal) == 0 {
return
}
request.AddToUserAgent(r, isAwsInternal)
},
}

47
vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go generated vendored
View file

@ -31,6 +31,8 @@ package endpointcreds
import (
"encoding/json"
"fmt"
"strings"
"time"
"github.com/aws/aws-sdk-go/aws"
@ -69,7 +71,37 @@ type Provider struct {
// Optional authorization token value if set will be used as the value of
// the Authorization header of the endpoint credential request.
//
// When constructed from environment, the provider will use the value of
// AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token
//
// Will be overridden if AuthorizationTokenProvider is configured
AuthorizationToken string
// Optional auth provider func to dynamically load the auth token from a file
// everytime a credential is retrieved
//
// When constructed from environment, the provider will read and use the content
// of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable
// as the auth token everytime credentials are retrieved
//
// Will override AuthorizationToken if configured
AuthorizationTokenProvider AuthTokenProvider
}
// AuthTokenProvider defines an interface to dynamically load a value to be passed
// for the Authorization header of a credentials request.
type AuthTokenProvider interface {
GetToken() (string, error)
}
// TokenProviderFunc is a func type implementing AuthTokenProvider interface
// and enables customizing token provider behavior
type TokenProviderFunc func() (string, error)
// GetToken func retrieves auth token according to TokenProviderFunc implementation
func (p TokenProviderFunc) GetToken() (string, error) {
return p()
}
// NewProviderClient returns a credentials Provider for retrieving AWS credentials
@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error
req := p.Client.NewRequest(op, nil, out)
req.SetContext(ctx)
req.HTTPRequest.Header.Set("Accept", "application/json")
if authToken := p.AuthorizationToken; len(authToken) != 0 {
authToken := p.AuthorizationToken
var err error
if p.AuthorizationTokenProvider != nil {
authToken, err = p.AuthorizationTokenProvider.GetToken()
if err != nil {
return nil, fmt.Errorf("get authorization token: %v", err)
}
}
if strings.ContainsAny(authToken, "\r\n") {
return nil, fmt.Errorf("authorization token contains invalid newline sequence")
}
if len(authToken) != 0 {
req.HTTPRequest.Header.Set("Authorization", authToken)
}

9
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go generated vendored
View file

@ -111,6 +111,15 @@ func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error)
if err != nil {
return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err)
}
if createResult.ExpiresIn == nil {
return cachedToken{}, fmt.Errorf("missing required field ExpiresIn")
}
if createResult.AccessToken == nil {
return cachedToken{}, fmt.Errorf("missing required field AccessToken")
}
if createResult.RefreshToken == nil {
return cachedToken{}, fmt.Errorf("missing required field RefreshToken")
}
expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second)

65
vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go generated vendored
View file

@ -9,6 +9,7 @@ package defaults
import (
"fmt"
"io/ioutil"
"net"
"net/http"
"net/url"
@ -74,6 +75,7 @@ func Handlers() request.Handlers {
handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler)
handlers.Validate.AfterEachFn = request.HandlerListStopOnError
handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
handlers.Build.PushBackNamed(corehandlers.AddAwsInternal)
handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander)
handlers.Build.AfterEachFn = request.HandlerListStopOnError
handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
@ -114,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro
const (
httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"
httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
)
// direct representation of the IPv4 address for the ECS container
// "169.254.170.2"
var ecsContainerIPv4 net.IP = []byte{
169, 254, 170, 2,
}
// direct representation of the IPv4 address for the EKS container
// "169.254.170.23"
var eksContainerIPv4 net.IP = []byte{
169, 254, 170, 23,
}
// direct representation of the IPv6 address for the EKS container
// "fd00:ec2::23"
var eksContainerIPv6 net.IP = []byte{
0xFD, 0, 0xE, 0xC2,
0, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0x23,
}
// RemoteCredProvider returns a credentials provider for the default remote
// endpoints such as EC2 or ECS Roles.
func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
@ -134,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
var lookupHostFn = net.LookupHost
func isLoopbackHost(host string) (bool, error) {
ip := net.ParseIP(host)
if ip != nil {
return ip.IsLoopback(), nil
// isAllowedHost allows host to be loopback or known ECS/EKS container IPs
//
// host can either be an IP address OR an unresolved hostname - resolution will
// be automatically performed in the latter case
func isAllowedHost(host string) (bool, error) {
if ip := net.ParseIP(host); ip != nil {
return isIPAllowed(ip), nil
}
// Host is not an ip, perform lookup
addrs, err := lookupHostFn(host)
if err != nil {
return false, err
}
for _, addr := range addrs {
if !net.ParseIP(addr).IsLoopback() {
if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) {
return false, nil
}
}
@ -154,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) {
return true, nil
}
func isIPAllowed(ip net.IP) bool {
return ip.IsLoopback() ||
ip.Equal(ecsContainerIPv4) ||
ip.Equal(eksContainerIPv4) ||
ip.Equal(eksContainerIPv6)
}
func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
var errMsg string
@ -164,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string)
host := aws.URLHostname(parsed)
if len(host) == 0 {
errMsg = "unable to parse host from local HTTP cred provider URL"
} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil {
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr)
} else if !isLoopback {
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host)
} else if parsed.Scheme == "http" {
if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil {
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr)
} else if !isAllowedHost {
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host)
}
}
}
@ -189,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
func(p *endpointcreds.Provider) {
p.ExpiryWindow = 5 * time.Minute
p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" {
p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) {
if contents, err := ioutil.ReadFile(authFilePath); err != nil {
return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err)
} else {
return string(contents), nil
}
})
}
},
)
}

2281
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go generated vendored
View file

File diff suppressed because it is too large Load diff

28
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go generated vendored
View file

@ -171,6 +171,12 @@ type envConfig struct {
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
// Specifies that IMDS clients should not fallback to IMDSv1 if token
// requests fail.
//
// AWS_EC2_METADATA_V1_DISABLED=true
EC2IMDSv1Disabled *bool
// Specifies that SDK clients must resolve a dual-stack endpoint for
// services.
//
@ -251,6 +257,9 @@ var (
ec2IMDSEndpointModeEnvKey = []string{
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
}
ec2MetadataV1DisabledEnvKey = []string{
"AWS_EC2_METADATA_V1_DISABLED",
}
useCABundleKey = []string{
"AWS_CA_BUNDLE",
}
@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
return envConfig{}, err
}
setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey)
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
return cfg, err
@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) {
}
}
func setBoolPtrFromEnvVal(dst **bool, keys []string) {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch {
case strings.EqualFold(value, "false"):
*dst = new(bool)
**dst = false
case strings.EqualFold(value, "true"):
*dst = new(bool)
**dst = true
}
}
}
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)

8
vendor/github.com/aws/aws-sdk-go/aws/session/session.go generated vendored
View file

@ -779,6 +779,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
}
cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback
if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil {
cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled)
}
if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil {
cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled)
}
cfg.S3UseARNRegion = userCfg.S3UseARNRegion
if cfg.S3UseARNRegion == nil {
cfg.S3UseARNRegion = &envCfg.S3UseARNRegion

35
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go generated vendored
View file

@ -80,6 +80,9 @@ const (
// EC2 IMDS Endpoint
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
// ECS IMDSv1 disable fallback
ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled"
// Use DualStack Endpoint Resolution
useDualStackEndpoint = "use_dualstack_endpoint"
@ -179,6 +182,12 @@ type sharedConfig struct {
// ec2_metadata_service_endpoint=http://fd00:ec2::254
EC2IMDSEndpoint string
// Specifies that IMDS clients should not fallback to IMDSv1 if token
// requests fail.
//
// ec2_metadata_v1_disabled=true
EC2IMDSv1Disabled *bool
// Specifies that SDK clients must resolve a dual-stack endpoint for
// services.
//
@ -389,8 +398,15 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
updateString(&cfg.Region, section, regionKey)
updateString(&cfg.CustomCABundle, section, customCABundleKey)
// we're retaining a behavioral quirk with this field that existed before
// the removal of literal parsing for (aws-sdk-go-v2/#2276):
// - if the key is missing, the config field will not be set
// - if the key is set to a non-numeric, the config field will be set to 0
if section.Has(roleDurationSecondsKey) {
d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
var d time.Duration
if v, ok := section.Int(roleDurationSecondsKey); ok {
d = time.Duration(v) * time.Second
}
cfg.AssumeRoleDuration = &d
}
@ -427,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
ec2MetadataServiceEndpointModeKey, file.Filename, err)
}
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey)
updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
@ -668,7 +685,10 @@ func updateBool(dst *bool, section ini.Section, key string) {
if !section.Has(key) {
return
}
*dst = section.Bool(key)
// retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false
v, _ := section.Bool(key)
*dst = v
}
// updateBoolPtr will only update the dst with the value in the section key,
@ -677,8 +697,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) {
if !section.Has(key) {
return
}
// retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false
v, _ := section.Bool(key)
*dst = new(bool)
**dst = section.Bool(key)
**dst = v
}
// SharedConfigLoadError is an error for the shared config file failed to load.
@ -805,7 +828,8 @@ func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section i
return
}
if section.Bool(key) {
// retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false
if v, _ := section.Bool(key); v {
*dst = endpoints.DualStackEndpointStateEnabled
} else {
*dst = endpoints.DualStackEndpointStateDisabled
@ -821,7 +845,8 @@ func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section
return
}
if section.Bool(key) {
// retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false
if v, _ := section.Bool(key); v {
*dst = endpoints.FIPSEndpointStateEnabled
} else {
*dst = endpoints.FIPSEndpointStateDisabled

2
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go generated vendored
View file

@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
"X-Amz-Expected-Bucket-Owner": struct{}{},
"X-Amz-Grant-Full-control": struct{}{},
"X-Amz-Grant-Read": struct{}{},
"X-Amz-Grant-Read-Acp": struct{}{},
@ -135,6 +136,7 @@ var requiredSignedHeaders = rules{
"X-Amz-Request-Payer": struct{}{},
"X-Amz-Server-Side-Encryption": struct{}{},
"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{},
"X-Amz-Server-Side-Encryption-Context": struct{}{},
"X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{},
"X-Amz-Server-Side-Encryption-Customer-Key": struct{}{},
"X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{},

2
vendor/github.com/aws/aws-sdk-go/aws/version.go generated vendored
View file

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.44.325"
const SDKVersion = "1.48.10"

57
vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go generated vendored
View file

@ -154,11 +154,11 @@ func (v ValueType) String() string {
// ValueType enums
const (
NoneType = ValueType(iota)
DecimalType
IntegerType
DecimalType // deprecated
IntegerType // deprecated
StringType
QuotedStringType
BoolType
BoolType // deprecated
)
// Value is a union container
@ -166,9 +166,9 @@ type Value struct {
Type ValueType
raw []rune
integer int64
decimal float64
boolean bool
integer int64 // deprecated
decimal float64 // deprecated
boolean bool // deprecated
str string
}
@ -253,24 +253,6 @@ func newLitToken(b []rune) (Token, int, error) {
}
token = newToken(TokenLit, b[:n], QuotedStringType)
} else if isNumberValue(b) {
var base int
base, n, err = getNumericalValue(b)
if err != nil {
return token, 0, err
}
value := b[:n]
vType := IntegerType
if contains(value, '.') || hasExponent(value) {
vType = DecimalType
}
token = newToken(TokenLit, value, vType)
token.base = base
} else if isBoolValue(b) {
n, err = getBoolValue(b)
token = newToken(TokenLit, b[:n], BoolType)
} else {
n, err = getValue(b)
token = newToken(TokenLit, b[:n], StringType)
@ -280,18 +262,33 @@ func newLitToken(b []rune) (Token, int, error) {
}
// IntValue returns an integer value
func (v Value) IntValue() int64 {
return v.integer
func (v Value) IntValue() (int64, bool) {
i, err := strconv.ParseInt(string(v.raw), 0, 64)
if err != nil {
return 0, false
}
return i, true
}
// FloatValue returns a float value
func (v Value) FloatValue() float64 {
return v.decimal
func (v Value) FloatValue() (float64, bool) {
f, err := strconv.ParseFloat(string(v.raw), 64)
if err != nil {
return 0, false
}
return f, true
}
// BoolValue returns a bool value
func (v Value) BoolValue() bool {
return v.boolean
func (v Value) BoolValue() (bool, bool) {
// we don't use ParseBool as it recognizes more than what we've
// historically supported
if isCaselessLitValue(runesTrue, v.raw) {
return true, true
} else if isCaselessLitValue(runesFalse, v.raw) {
return false, true
}
return false, false
}
func isTrimmable(r rune) bool {

6
vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go generated vendored
View file

@ -145,17 +145,17 @@ func (t Section) ValueType(k string) (ValueType, bool) {
}
// Bool returns a bool value at k
func (t Section) Bool(k string) bool {
func (t Section) Bool(k string) (bool, bool) {
return t.values[k].BoolValue()
}
// Int returns an integer value at k
func (t Section) Int(k string) int64 {
func (t Section) Int(k string) (int64, bool) {
return t.values[k].IntValue()
}
// Float64 returns a float value at k
func (t Section) Float64(k string) float64 {
func (t Section) Float64(k string) (float64, bool) {
return t.values[k].FloatValue()
}

7581
vendor/github.com/aws/aws-sdk-go/service/s3/api.go generated vendored
View file

File diff suppressed because it is too large Load diff

9
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go generated vendored
View file

@ -25,6 +25,15 @@ const (
// "InvalidObjectState".
//
// Object is archived and inaccessible until restored.
//
// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering
// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier,
// before you can retrieve the object you must first restore a copy using RestoreObject
// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
// Otherwise, this operation returns an InvalidObjectState error. For information
// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
// in the Amazon S3 User Guide.
ErrCodeInvalidObjectState = "InvalidObjectState"
// ErrCodeNoSuchBucket for service response error code

664
vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go generated vendored
View file

@ -56,9 +56,10 @@ func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Requ
// CreateToken API operation for AWS SSO OIDC.
//
// Creates and returns an access token for the authorized client. The access
// token issued will be used to fetch short-term credentials for the assigned
// roles in the AWS account.
// Creates and returns access and refresh tokens for clients that are authenticated
// using client secrets. The access token can be used to fetch short-term credentials
// for the assigned AWS accounts or to access application APIs using bearer
// authentication.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
@ -133,6 +134,131 @@ func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInpu
return out, req.Send()
}
const opCreateTokenWithIAM = "CreateTokenWithIAM"
// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the
// client's request for the CreateTokenWithIAM operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateTokenWithIAMRequest method.
// req, resp := client.CreateTokenWithIAMRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) {
op := &request.Operation{
Name: opCreateTokenWithIAM,
HTTPMethod: "POST",
HTTPPath: "/token?aws_iam=t",
}
if input == nil {
input = &CreateTokenWithIAMInput{}
}
output = &CreateTokenWithIAMOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateTokenWithIAM API operation for AWS SSO OIDC.
//
// Creates and returns access and refresh tokens for clients and applications
// that are authenticated using IAM entities. The access token can be used to
// fetch short-term credentials for the assigned AWS accounts or to access application
// APIs using bearer authentication.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS SSO OIDC's
// API operation CreateTokenWithIAM for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// Indicates that something is wrong with the input to the request. For example,
// a required parameter might be missing or out of range.
//
// - InvalidClientException
// Indicates that the clientId or clientSecret in the request is invalid. For
// example, this can occur when a client sends an incorrect clientId or an expired
// clientSecret.
//
// - InvalidGrantException
// Indicates that a request contains an invalid grant. This can occur if a client
// makes a CreateToken request with an invalid grant type.
//
// - UnauthorizedClientException
// Indicates that the client is not currently authorized to make the request.
// This can happen when a clientId is not issued for a public client.
//
// - UnsupportedGrantTypeException
// Indicates that the grant type in the request is not supported by the service.
//
// - InvalidScopeException
// Indicates that the scope provided in the request is invalid.
//
// - AuthorizationPendingException
// Indicates that a request to authorize a client with an access user session
// token is pending.
//
// - SlowDownException
// Indicates that the client is making the request too frequently and is more
// than the service can handle.
//
// - AccessDeniedException
// You do not have sufficient access to perform this action.
//
// - ExpiredTokenException
// Indicates that the token issued by the service is expired and is no longer
// valid.
//
// - InternalServerException
// Indicates that an error from the service occurred while trying to process
// a request.
//
// - InvalidRequestRegionException
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) {
req, out := c.CreateTokenWithIAMRequest(input)
return out, req.Send()
}
// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of
// the ability to pass a context and additional request options.
//
// See CreateTokenWithIAM for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) {
req, out := c.CreateTokenWithIAMRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opRegisterClient = "RegisterClient"
// RegisterClientRequest generates a "aws/request.Request" representing the
@ -331,8 +457,11 @@ type AccessDeniedException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be access_denied.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -400,8 +529,11 @@ type AuthorizationPendingException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be authorization_pending.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -466,8 +598,8 @@ func (s *AuthorizationPendingException) RequestID() string {
type CreateTokenInput struct {
_ struct{} `type:"structure"`
// The unique identifier string for each client. This value should come from
// the persisted result of the RegisterClient API.
// The unique identifier string for the client or application. This value comes
// from the result of the RegisterClient API.
//
// ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"`
@ -475,23 +607,30 @@ type CreateTokenInput struct {
// A secret string generated for the client. This value should come from the
// persisted result of the RegisterClient API.
//
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenInput's
// String and GoString methods.
//
// ClientSecret is a required field
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"`
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
// The authorization code received from the authorization service. This parameter
// is required to perform an authorization grant request to get access to a
// token.
// Used only when calling this API for the Authorization Code grant type. The
// short-term code is used to identify this authorization request. This grant
// type is currently unsupported for the CreateToken API.
Code *string `locationName:"code" type:"string"`
// Used only when calling this API for the device code grant type. This short-term
// code is used to identify this authentication attempt. This should come from
// an in-memory reference to the result of the StartDeviceAuthorization API.
// Used only when calling this API for the Device Code grant type. This short-term
// code is used to identify this authorization request. This comes from the
// result of the StartDeviceAuthorization API.
DeviceCode *string `locationName:"deviceCode" type:"string"`
// Supports grant types for the authorization code, refresh token, and device
// code request. For device code requests, specify the following value:
// Supports the following OAuth grant types: Device Code and Refresh Token.
// Specify either of the following values, depending on the grant type that
// you want:
//
// urn:ietf:params:oauth:grant-type:device_code
// * Device Code - urn:ietf:params:oauth:grant-type:device_code
//
// * Refresh Token - refresh_token
//
// For information about how to obtain the device code, see the StartDeviceAuthorization
// topic.
@ -499,21 +638,28 @@ type CreateTokenInput struct {
// GrantType is a required field
GrantType *string `locationName:"grantType" type:"string" required:"true"`
// The location of the application that will receive the authorization code.
// Users authorize the service to send the request to this location.
// Used only when calling this API for the Authorization Code grant type. This
// value specifies the location of the client or application that has registered
// to receive the authorization code.
RedirectUri *string `locationName:"redirectUri" type:"string"`
// Currently, refreshToken is not yet implemented and is not supported. For
// more information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
// Used only when calling this API for the Refresh Token grant type. This token
// is used to refresh short-term tokens, such as the access token, that might
// expire.
//
// The token used to obtain an access token in the event that the access token
// is invalid or expired.
RefreshToken *string `locationName:"refreshToken" type:"string"`
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenInput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// The list of scopes that is defined by the client. Upon authorization, this
// list is used to restrict permissions when granting an access token.
// The list of scopes for which authorization is requested. The access token
// that is issued is limited to the scopes that are granted. If this value is
// not specified, IAM Identity Center authorizes all scopes that are configured
// for the client during the call to RegisterClient.
Scope []*string `locationName:"scope" type:"list"`
}
@ -605,31 +751,43 @@ func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput {
type CreateTokenOutput struct {
_ struct{} `type:"structure"`
// An opaque token to access IAM Identity Center resources assigned to a user.
AccessToken *string `locationName:"accessToken" type:"string"`
// A bearer token to access AWS accounts and applications assigned to a user.
//
// AccessToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
// Indicates the time in seconds when an access token will expire.
ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
// Currently, idToken is not yet implemented and is not supported. For more
// information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
// The idToken is not implemented or supported. For more information about the
// features and limitations of the current IAM Identity Center OIDC implementation,
// see Considerations for Using this Guide in the IAM Identity Center OIDC API
// Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// The identifier of the user that associated with the access token, if present.
IdToken *string `locationName:"idToken" type:"string"`
// A JSON Web Token (JWT) that identifies who is associated with the issued
// access token.
//
// IdToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
// Currently, refreshToken is not yet implemented and is not supported. For
// more information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired.
RefreshToken *string `locationName:"refreshToken" type:"string"`
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// Used to notify the client that the returned token is an access token. The
// supported type is BearerToken.
// supported token type is Bearer.
TokenType *string `locationName:"tokenType" type:"string"`
}
@ -681,14 +839,312 @@ func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput {
return s
}
type CreateTokenWithIAMInput struct {
_ struct{} `type:"structure"`
// Used only when calling this API for the JWT Bearer grant type. This value
// specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize
// a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
//
// Assertion is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
Assertion *string `locationName:"assertion" type:"string" sensitive:"true"`
// The unique identifier string for the client or application. This value is
// an application ARN that has OAuth grants configured.
//
// ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"`
// Used only when calling this API for the Authorization Code grant type. This
// short-term code is used to identify this authorization request. The code
// is obtained through a redirect from IAM Identity Center to a redirect URI
// persisted in the Authorization Code GrantOptions for the application.
Code *string `locationName:"code" type:"string"`
// Supports the following OAuth grant types: Authorization Code, Refresh Token,
// JWT Bearer, and Token Exchange. Specify one of the following values, depending
// on the grant type that you want:
//
// * Authorization Code - authorization_code
//
// * Refresh Token - refresh_token
//
// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
//
// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
//
// GrantType is a required field
GrantType *string `locationName:"grantType" type:"string" required:"true"`
// Used only when calling this API for the Authorization Code grant type. This
// value specifies the location of the client or application that has registered
// to receive the authorization code.
RedirectUri *string `locationName:"redirectUri" type:"string"`
// Used only when calling this API for the Refresh Token grant type. This token
// is used to refresh short-term tokens, such as the access token, that might
// expire.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that the requester can receive. The following
// values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
RequestedTokenType *string `locationName:"requestedTokenType" type:"string"`
// The list of scopes for which authorization is requested. The access token
// that is issued is limited to the scopes that are granted. If the value is
// not specified, IAM Identity Center authorizes all scopes configured for the
// application, including the following default scopes: openid, aws, sts:identity_context.
Scope []*string `locationName:"scope" type:"list"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the subject of the exchange. The value of the subject token must
// be an access token issued by IAM Identity Center to a different client or
// application. The access token must have authorized scopes that indicate the
// requested application as a target audience.
//
// SubjectToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that is passed as the subject of the exchange.
// The following value is supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
SubjectTokenType *string `locationName:"subjectTokenType" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateTokenWithIAMInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"}
if s.ClientId == nil {
invalidParams.Add(request.NewErrParamRequired("ClientId"))
}
if s.GrantType == nil {
invalidParams.Add(request.NewErrParamRequired("GrantType"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAssertion sets the Assertion field's value.
func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput {
s.Assertion = &v
return s
}
// SetClientId sets the ClientId field's value.
func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput {
s.ClientId = &v
return s
}
// SetCode sets the Code field's value.
func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput {
s.Code = &v
return s
}
// SetGrantType sets the GrantType field's value.
func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput {
s.GrantType = &v
return s
}
// SetRedirectUri sets the RedirectUri field's value.
func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput {
s.RedirectUri = &v
return s
}
// SetRefreshToken sets the RefreshToken field's value.
func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput {
s.RefreshToken = &v
return s
}
// SetRequestedTokenType sets the RequestedTokenType field's value.
func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput {
s.RequestedTokenType = &v
return s
}
// SetScope sets the Scope field's value.
func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput {
s.Scope = v
return s
}
// SetSubjectToken sets the SubjectToken field's value.
func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput {
s.SubjectToken = &v
return s
}
// SetSubjectTokenType sets the SubjectTokenType field's value.
func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput {
s.SubjectTokenType = &v
return s
}
type CreateTokenWithIAMOutput struct {
_ struct{} `type:"structure"`
// A bearer token to access AWS accounts and applications assigned to a user.
//
// AccessToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
// Indicates the time in seconds when an access token will expire.
ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
// A JSON Web Token (JWT) that identifies the user associated with the issued
// access token.
//
// IdToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
// Indicates the type of tokens that are issued by IAM Identity Center. The
// following values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
IssuedTokenType *string `locationName:"issuedTokenType" type:"string"`
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// The list of scopes for which authorization is granted. The access token that
// is issued is limited to the scopes that are granted.
Scope []*string `locationName:"scope" type:"list"`
// Used to notify the requester that the returned token is an access token.
// The supported token type is Bearer.
TokenType *string `locationName:"tokenType" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMOutput) GoString() string {
return s.String()
}
// SetAccessToken sets the AccessToken field's value.
func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput {
s.AccessToken = &v
return s
}
// SetExpiresIn sets the ExpiresIn field's value.
func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput {
s.ExpiresIn = &v
return s
}
// SetIdToken sets the IdToken field's value.
func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput {
s.IdToken = &v
return s
}
// SetIssuedTokenType sets the IssuedTokenType field's value.
func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput {
s.IssuedTokenType = &v
return s
}
// SetRefreshToken sets the RefreshToken field's value.
func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput {
s.RefreshToken = &v
return s
}
// SetScope sets the Scope field's value.
func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput {
s.Scope = v
return s
}
// SetTokenType sets the TokenType field's value.
func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput {
s.TokenType = &v
return s
}
// Indicates that the token issued by the service is expired and is no longer
// valid.
type ExpiredTokenException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be expired_token.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -756,8 +1212,11 @@ type InternalServerException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be server_error.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -826,8 +1285,11 @@ type InvalidClientException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_client.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -895,8 +1357,11 @@ type InvalidClientMetadataException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_client_metadata.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -964,8 +1429,11 @@ type InvalidGrantException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_grant.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1033,8 +1501,11 @@ type InvalidRequestException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_request.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1096,13 +1567,95 @@ func (s *InvalidRequestException) RequestID() string {
return s.RespMetadata.RequestID
}
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
type InvalidRequestRegionException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Indicates the IAM Identity Center endpoint which the requester may call with
// this token.
Endpoint *string `locationName:"endpoint" type:"string"`
// Single error code. For this exception the value will be invalid_request.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
// Indicates the region which the requester may call with this token.
Region *string `locationName:"region" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestRegionException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestRegionException) GoString() string {
return s.String()
}
func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error {
return &InvalidRequestRegionException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidRequestRegionException) Code() string {
return "InvalidRequestRegionException"
}
// Message returns the exception's message.
func (s *InvalidRequestRegionException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidRequestRegionException) OrigErr() error {
return nil
}
func (s *InvalidRequestRegionException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidRequestRegionException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidRequestRegionException) RequestID() string {
return s.RespMetadata.RequestID
}
// Indicates that the scope provided in the request is invalid.
type InvalidScopeException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_scope.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1238,7 +1791,7 @@ func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput {
type RegisterClientOutput struct {
_ struct{} `type:"structure"`
// The endpoint where the client can request authorization.
// An endpoint that the client can use to request authorization.
AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`
// The unique identifier string for each client. This client uses this identifier
@ -1250,12 +1803,16 @@ type RegisterClientOutput struct {
// A secret string generated for the client. The client will use this string
// to get authenticated by the service in subsequent calls.
ClientSecret *string `locationName:"clientSecret" type:"string"`
//
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by RegisterClientOutput's
// String and GoString methods.
ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"`
// Indicates the time at which the clientId and clientSecret will become invalid.
ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`
// The endpoint where the client can get an access token.
// An endpoint that the client can use to create tokens.
TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
}
@ -1319,8 +1876,11 @@ type SlowDownException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be slow_down.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1395,11 +1955,15 @@ type StartDeviceAuthorizationInput struct {
// A secret string that is generated for the client. This value should come
// from the persisted result of the RegisterClient API operation.
//
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's
// String and GoString methods.
//
// ClientSecret is a required field
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"`
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
// The URL for the AWS access portal. For more information, see Using the AWS
// access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// The URL for the Amazon Web Services access portal. For more information,
// see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// in the IAM Identity Center User Guide.
//
// StartUrl is a required field
@ -1550,8 +2114,11 @@ type UnauthorizedClientException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be unauthorized_client.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
@ -1618,8 +2185,11 @@ type UnsupportedGrantTypeException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be unsupported_grant_type.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`

39
vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go generated vendored
View file

@ -3,15 +3,13 @@
// Package ssooidc provides the client and types for making API
// requests to AWS SSO OIDC.
//
// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect
// (OIDC) is a web service that enables a client (such as AWS CLI or a native
// application) to register with IAM Identity Center. The service also enables
// the client to fetch the users access token upon successful authentication
// and authorization with IAM Identity Center.
// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
// client (such as CLI or a native application) to register with IAM Identity
// Center. The service also enables the client to fetch the users access
// token upon successful authentication and authorization with IAM Identity
// Center.
//
// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
// will continue to retain their original name for backward compatibility purposes.
// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
// IAM Identity Center uses the sso and identitystore API namespaces.
//
// # Considerations for Using This Guide
//
@ -22,21 +20,24 @@
// - The IAM Identity Center OIDC service currently implements only the portions
// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
// sign-on authentication with the AWS CLI. Support for other OIDC flows
// frequently needed for native applications, such as Authorization Code
// Flow (+ PKCE), will be addressed in future releases.
// sign-on authentication with the CLI.
//
// - The service emits only OIDC access tokens, such that obtaining a new
// token (For example, token refresh) requires explicit user re-authentication.
// - With older versions of the CLI, the service only emits OIDC access tokens,
// so to obtain a new token, users must explicitly re-authenticate. To access
// the OIDC flow that supports token refresh and doesnt require re-authentication,
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI
// V2) with support for OIDC token refresh and configurable IAM Identity
// Center session durations. For more information, see Configure Amazon Web
// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
//
// - The access tokens provided by this service grant access to all AWS account
// entitlements assigned to an IAM Identity Center user, not just a particular
// application.
// - The access tokens provided by this service grant access to all Amazon
// Web Services account entitlements assigned to an IAM Identity Center user,
// not just a particular application.
//
// - The documentation in this guide does not describe the mechanism to convert
// the access token into AWS Auth (“sigv4”) credentials for use with
// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials
// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
// the access token into Amazon Web Services Auth (“sigv4”) credentials
// for use with IAM-protected Amazon Web Services service endpoints. For
// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
// in the IAM Identity Center Portal API Reference Guide.
//
// For general information about IAM Identity Center, see What is IAM Identity

8
vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go generated vendored
View file

@ -64,6 +64,13 @@ const (
// a required parameter might be missing or out of range.
ErrCodeInvalidRequestException = "InvalidRequestException"
// ErrCodeInvalidRequestRegionException for service response error code
// "InvalidRequestRegionException".
//
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"
// ErrCodeInvalidScopeException for service response error code
// "InvalidScopeException".
//
@ -100,6 +107,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
"InvalidClientMetadataException": newErrorInvalidClientMetadataException,
"InvalidGrantException": newErrorInvalidGrantException,
"InvalidRequestException": newErrorInvalidRequestException,
"InvalidRequestRegionException": newErrorInvalidRequestRegionException,
"InvalidScopeException": newErrorInvalidScopeException,
"SlowDownException": newErrorSlowDownException,
"UnauthorizedClientException": newErrorUnauthorizedClientException,

2
vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go generated vendored
View file

@ -51,7 +51,7 @@ const (
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
c := p.ClientConfig(EndpointsID, cfgs...)
if c.SigningNameDerived || len(c.SigningName) == 0 {
c.SigningName = "awsssooidc"
c.SigningName = "sso-oauth"
}
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
}

20
vendor/github.com/aws/aws-sdk-go/service/sts/api.go generated vendored
View file

@ -1460,7 +1460,15 @@ type AssumeRoleInput struct {
// in the IAM User Guide.
PolicyArns []*PolicyDescriptorType `type:"list"`
// Reserved for future use.
// A list of previously acquired trusted context assertions in the format of
// a JSON array. The trusted context assertion is signed and encrypted by Amazon
// Web Services STS.
//
// The following is an example of a ProvidedContext value that includes a single
// trusted context assertion and the ARN of the context provider from which
// the trusted context assertion was generated.
//
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
ProvidedContexts []*ProvidedContext `type:"list"`
// The Amazon Resource Name (ARN) of the role to assume.
@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
return s
}
// Reserved for future use.
// Contains information about the provided context. This includes the signed
// and encrypted trusted context assertion and the context provider ARN from
// which the trusted context assertion was generated.
type ProvidedContext struct {
_ struct{} `type:"structure"`
// Reserved for future use.
// The signed and encrypted trusted context assertion generated by the context
// provider. The trusted context assertion is signed and encrypted by Amazon
// Web Services STS.
ContextAssertion *string `min:"4" type:"string"`
// Reserved for future use.
// The context provider ARN from which the trusted context assertion was generated.
ProviderArn *string `min:"20" type:"string"`
}

4
vendor/modules.txt vendored
View file

@ -91,8 +91,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/options
github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/shared
github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version
github.com/AzureAD/microsoft-authentication-library-for-go/apps/public
# github.com/aws/aws-sdk-go v1.44.325
## explicit; go 1.11
# github.com/aws/aws-sdk-go v1.48.10
## explicit; go 1.19
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/arn
github.com/aws/aws-sdk-go/aws/auth/bearer