Merge pull request #3068 from adambkaplan/s3-dualstack
Add dualstack option to S3 storage driver
This commit is contained in:
commit
77f2180378
154 changed files with 51774 additions and 8821 deletions
|
@ -128,6 +128,7 @@ storage:
|
|||
multipartcopymaxconcurrency: 100
|
||||
multipartcopythresholdsize: 33554432
|
||||
rootdirectory: /s3/object/name/prefix
|
||||
usedualstack: false
|
||||
swift:
|
||||
username: username
|
||||
password: password
|
||||
|
|
2
go.mod
2
go.mod
|
@ -8,7 +8,7 @@ require (
|
|||
github.com/Azure/go-autorest/autorest/adal v0.9.15 // indirect
|
||||
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
|
||||
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d
|
||||
github.com/aws/aws-sdk-go v1.34.9
|
||||
github.com/aws/aws-sdk-go v1.42.27
|
||||
github.com/bitly/go-simplejson v0.5.0 // indirect
|
||||
github.com/bshuster-repo/logrus-logstash-hook v1.0.0
|
||||
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd
|
||||
|
|
20
go.sum
20
go.sum
|
@ -23,8 +23,8 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O
|
|||
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/aws/aws-sdk-go v1.34.9 h1:cUGBW9CVdi0mS7K1hDzxIqTpfeWhpoQiguq81M1tjK0=
|
||||
github.com/aws/aws-sdk-go v1.34.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
|
||||
github.com/aws/aws-sdk-go v1.42.27 h1:kxsBXQg3ee6LLbqjp5/oUeDgG7TENFrWYDmEVnd7spU=
|
||||
github.com/aws/aws-sdk-go v1.42.27/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
|
@ -58,7 +58,6 @@ github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoD
|
|||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
|
||||
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
|
||||
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
|
||||
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||
github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
|
||||
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||
|
@ -79,8 +78,10 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
|
|||
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
|
||||
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc=
|
||||
github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
|
||||
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
|
||||
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
|
||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
||||
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||
|
@ -150,9 +151,9 @@ golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73r
|
|||
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
|
||||
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
@ -164,12 +165,14 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff h1:mk5zS3XLqVUzdF/CQCZ5ERujSF/8JFo+Wpkp/5I93NA=
|
||||
google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
|
||||
|
@ -185,5 +188,6 @@ gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789 h1:NMiUjDZiD6qDVeBOzpImftxX
|
|||
gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
|
|
|
@ -102,6 +102,7 @@ type DriverParameters struct {
|
|||
UserAgent string
|
||||
ObjectACL string
|
||||
SessionToken string
|
||||
UseDualStack bool
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
@ -338,6 +339,23 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
|||
objectACL = objectACLString
|
||||
}
|
||||
|
||||
useDualStackBool := false
|
||||
useDualStack := parameters["usedualstack"]
|
||||
switch useDualStack := useDualStack.(type) {
|
||||
case string:
|
||||
b, err := strconv.ParseBool(useDualStack)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("the useDualStack parameter should be a boolean")
|
||||
}
|
||||
useDualStackBool = b
|
||||
case bool:
|
||||
useDualStackBool = useDualStack
|
||||
case nil:
|
||||
// do nothing
|
||||
default:
|
||||
return nil, fmt.Errorf("the useDualStack parameter should be a boolean")
|
||||
}
|
||||
|
||||
sessionToken := ""
|
||||
|
||||
params := DriverParameters{
|
||||
|
@ -360,6 +378,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
|||
fmt.Sprint(userAgent),
|
||||
objectACL,
|
||||
fmt.Sprint(sessionToken),
|
||||
useDualStackBool,
|
||||
}
|
||||
|
||||
return New(params)
|
||||
|
@ -421,6 +440,9 @@ func New(params DriverParameters) (*Driver, error) {
|
|||
|
||||
awsConfig.WithRegion(params.Region)
|
||||
awsConfig.WithDisableSSL(!params.Secure)
|
||||
if params.UseDualStack {
|
||||
awsConfig.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled
|
||||
}
|
||||
|
||||
if params.UserAgent != "" || params.SkipVerify {
|
||||
httpTransport := http.DefaultTransport
|
||||
|
|
|
@ -42,6 +42,7 @@ func init() {
|
|||
root, err := ioutil.TempDir("", "driver-")
|
||||
regionEndpoint := os.Getenv("REGION_ENDPOINT")
|
||||
sessionToken := os.Getenv("AWS_SESSION_TOKEN")
|
||||
useDualStack := os.Getenv("S3_USE_DUALSTACK")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
@ -80,6 +81,14 @@ func init() {
|
|||
}
|
||||
}
|
||||
|
||||
useDualStackBool := false
|
||||
if useDualStack != "" {
|
||||
useDualStackBool, err = strconv.ParseBool(useDualStack)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
parameters := DriverParameters{
|
||||
accessKey,
|
||||
secretKey,
|
||||
|
@ -100,6 +109,7 @@ func init() {
|
|||
driverName + "-test",
|
||||
objectACL,
|
||||
sessionToken,
|
||||
useDualStackBool,
|
||||
}
|
||||
|
||||
return New(parameters)
|
||||
|
|
12
vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
generated
vendored
12
vendor/github.com/aws/aws-sdk-go/aws/awsutil/prettify.go
generated
vendored
|
@ -50,9 +50,19 @@ func prettify(v reflect.Value, indent int, buf *bytes.Buffer) {
|
|||
|
||||
for i, n := range names {
|
||||
val := v.FieldByName(n)
|
||||
ft, ok := v.Type().FieldByName(n)
|
||||
if !ok {
|
||||
panic(fmt.Sprintf("expected to find field %v on type %v, but was not found", n, v.Type()))
|
||||
}
|
||||
|
||||
buf.WriteString(strings.Repeat(" ", indent+2))
|
||||
buf.WriteString(n + ": ")
|
||||
prettify(val, indent+2, buf)
|
||||
|
||||
if tag := ft.Tag.Get("sensitive"); tag == "true" {
|
||||
buf.WriteString("<sensitive>")
|
||||
} else {
|
||||
prettify(val, indent+2, buf)
|
||||
}
|
||||
|
||||
if i < len(names)-1 {
|
||||
buf.WriteString(",\n")
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/aws/awsutil/string_value.go
generated
vendored
|
@ -8,6 +8,8 @@ import (
|
|||
)
|
||||
|
||||
// StringValue returns the string representation of a value.
|
||||
//
|
||||
// Deprecated: Use Prettify instead.
|
||||
func StringValue(i interface{}) string {
|
||||
var buf bytes.Buffer
|
||||
stringValue(reflect.ValueOf(i), 0, &buf)
|
||||
|
|
17
vendor/github.com/aws/aws-sdk-go/aws/client/client.go
generated
vendored
17
vendor/github.com/aws/aws-sdk-go/aws/client/client.go
generated
vendored
|
@ -10,12 +10,13 @@ import (
|
|||
|
||||
// A Config provides configuration to a service client instance.
|
||||
type Config struct {
|
||||
Config *aws.Config
|
||||
Handlers request.Handlers
|
||||
PartitionID string
|
||||
Endpoint string
|
||||
SigningRegion string
|
||||
SigningName string
|
||||
Config *aws.Config
|
||||
Handlers request.Handlers
|
||||
PartitionID string
|
||||
Endpoint string
|
||||
SigningRegion string
|
||||
SigningName string
|
||||
ResolvedRegion string
|
||||
|
||||
// States that the signing name did not come from a modeled source but
|
||||
// was derived based on other data. Used by service client constructors
|
||||
|
@ -88,10 +89,6 @@ func (c *Client) NewRequest(operation *request.Operation, params interface{}, da
|
|||
// AddDebugHandlers injects debug logging handlers into the service to log request
|
||||
// debug information.
|
||||
func (c *Client) AddDebugHandlers() {
|
||||
if !c.Config.LogLevel.AtLeast(aws.LogDebug) {
|
||||
return
|
||||
}
|
||||
|
||||
c.Handlers.Send.PushFrontNamed(LogHTTPRequestHandler)
|
||||
c.Handlers.Send.PushBackNamed(LogHTTPResponseHandler)
|
||||
}
|
||||
|
|
14
vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
generated
vendored
14
vendor/github.com/aws/aws-sdk-go/aws/client/logger.go
generated
vendored
|
@ -53,6 +53,10 @@ var LogHTTPRequestHandler = request.NamedHandler{
|
|||
}
|
||||
|
||||
func logRequest(r *request.Request) {
|
||||
if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
|
||||
return
|
||||
}
|
||||
|
||||
logBody := r.Config.LogLevel.Matches(aws.LogDebugWithHTTPBody)
|
||||
bodySeekable := aws.IsReaderSeekable(r.Body)
|
||||
|
||||
|
@ -90,6 +94,10 @@ var LogHTTPRequestHeaderHandler = request.NamedHandler{
|
|||
}
|
||||
|
||||
func logRequestHeader(r *request.Request) {
|
||||
if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
|
||||
return
|
||||
}
|
||||
|
||||
b, err := httputil.DumpRequestOut(r.HTTPRequest, false)
|
||||
if err != nil {
|
||||
r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg,
|
||||
|
@ -120,6 +128,10 @@ var LogHTTPResponseHandler = request.NamedHandler{
|
|||
}
|
||||
|
||||
func logResponse(r *request.Request) {
|
||||
if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
|
||||
return
|
||||
}
|
||||
|
||||
lw := &logWriter{r.Config.Logger, bytes.NewBuffer(nil)}
|
||||
|
||||
if r.HTTPResponse == nil {
|
||||
|
@ -178,7 +190,7 @@ var LogHTTPResponseHeaderHandler = request.NamedHandler{
|
|||
}
|
||||
|
||||
func logResponseHeader(r *request.Request) {
|
||||
if r.Config.Logger == nil {
|
||||
if !r.Config.LogLevel.AtLeast(aws.LogDebug) || r.Config.Logger == nil {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
19
vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
generated
vendored
19
vendor/github.com/aws/aws-sdk-go/aws/client/metadata/client_info.go
generated
vendored
|
@ -2,13 +2,14 @@ package metadata
|
|||
|
||||
// ClientInfo wraps immutable data from the client.Client structure.
|
||||
type ClientInfo struct {
|
||||
ServiceName string
|
||||
ServiceID string
|
||||
APIVersion string
|
||||
PartitionID string
|
||||
Endpoint string
|
||||
SigningName string
|
||||
SigningRegion string
|
||||
JSONVersion string
|
||||
TargetPrefix string
|
||||
ServiceName string
|
||||
ServiceID string
|
||||
APIVersion string
|
||||
PartitionID string
|
||||
Endpoint string
|
||||
SigningName string
|
||||
SigningRegion string
|
||||
JSONVersion string
|
||||
TargetPrefix string
|
||||
ResolvedRegion string
|
||||
}
|
||||
|
|
55
vendor/github.com/aws/aws-sdk-go/aws/config.go
generated
vendored
55
vendor/github.com/aws/aws-sdk-go/aws/config.go
generated
vendored
|
@ -208,8 +208,19 @@ type Config struct {
|
|||
// svc := s3.New(sess, &aws.Config{
|
||||
// UseDualStack: aws.Bool(true),
|
||||
// })
|
||||
//
|
||||
// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
|
||||
// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
|
||||
// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
|
||||
// precedence then this option.
|
||||
UseDualStack *bool
|
||||
|
||||
// Sets the resolver to resolve a dual-stack endpoint for the service.
|
||||
UseDualStackEndpoint endpoints.DualStackEndpointState
|
||||
|
||||
// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
|
||||
UseFIPSEndpoint endpoints.FIPSEndpointState
|
||||
|
||||
// SleepDelay is an override for the func the SDK will call when sleeping
|
||||
// during the lifecycle of a request. Specifically this will be used for
|
||||
// request delays. This value should only be used for testing. To adjust
|
||||
|
@ -438,13 +449,6 @@ func (c *Config) WithDisableEndpointHostPrefix(t bool) *Config {
|
|||
return c
|
||||
}
|
||||
|
||||
// MergeIn merges the passed in configs into the existing config object.
|
||||
func (c *Config) MergeIn(cfgs ...*Config) {
|
||||
for _, other := range cfgs {
|
||||
mergeInConfig(c, other)
|
||||
}
|
||||
}
|
||||
|
||||
// WithSTSRegionalEndpoint will set whether or not to use regional endpoint flag
|
||||
// when resolving the endpoint for a service
|
||||
func (c *Config) WithSTSRegionalEndpoint(sre endpoints.STSRegionalEndpoint) *Config {
|
||||
|
@ -459,6 +463,27 @@ func (c *Config) WithS3UsEast1RegionalEndpoint(sre endpoints.S3UsEast1RegionalEn
|
|||
return c
|
||||
}
|
||||
|
||||
// WithLowerCaseHeaderMaps sets a config LowerCaseHeaderMaps value
|
||||
// returning a Config pointer for chaining.
|
||||
func (c *Config) WithLowerCaseHeaderMaps(t bool) *Config {
|
||||
c.LowerCaseHeaderMaps = &t
|
||||
return c
|
||||
}
|
||||
|
||||
// WithDisableRestProtocolURICleaning sets a config DisableRestProtocolURICleaning value
|
||||
// returning a Config pointer for chaining.
|
||||
func (c *Config) WithDisableRestProtocolURICleaning(t bool) *Config {
|
||||
c.DisableRestProtocolURICleaning = &t
|
||||
return c
|
||||
}
|
||||
|
||||
// MergeIn merges the passed in configs into the existing config object.
|
||||
func (c *Config) MergeIn(cfgs ...*Config) {
|
||||
for _, other := range cfgs {
|
||||
mergeInConfig(c, other)
|
||||
}
|
||||
}
|
||||
|
||||
func mergeInConfig(dst *Config, other *Config) {
|
||||
if other == nil {
|
||||
return
|
||||
|
@ -540,6 +565,10 @@ func mergeInConfig(dst *Config, other *Config) {
|
|||
dst.UseDualStack = other.UseDualStack
|
||||
}
|
||||
|
||||
if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
|
||||
dst.UseDualStackEndpoint = other.UseDualStackEndpoint
|
||||
}
|
||||
|
||||
if other.EC2MetadataDisableTimeoutOverride != nil {
|
||||
dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride
|
||||
}
|
||||
|
@ -571,6 +600,18 @@ func mergeInConfig(dst *Config, other *Config) {
|
|||
if other.S3UsEast1RegionalEndpoint != endpoints.UnsetS3UsEast1Endpoint {
|
||||
dst.S3UsEast1RegionalEndpoint = other.S3UsEast1RegionalEndpoint
|
||||
}
|
||||
|
||||
if other.LowerCaseHeaderMaps != nil {
|
||||
dst.LowerCaseHeaderMaps = other.LowerCaseHeaderMaps
|
||||
}
|
||||
|
||||
if other.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
|
||||
dst.UseDualStackEndpoint = other.UseDualStackEndpoint
|
||||
}
|
||||
|
||||
if other.UseFIPSEndpoint != endpoints.FIPSEndpointStateUnset {
|
||||
dst.UseFIPSEndpoint = other.UseFIPSEndpoint
|
||||
}
|
||||
}
|
||||
|
||||
// Copy will return a shallow copy of the Config object. If any additional
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/context_1_5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.9
|
||||
// +build !go1.9
|
||||
|
||||
package aws
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/context_1_9.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.9
|
||||
// +build go1.9
|
||||
|
||||
package aws
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/context_background_1_5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package aws
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/context_background_1_7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.7
|
||||
// +build go1.7
|
||||
|
||||
package aws
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go
generated
vendored
|
@ -178,7 +178,7 @@ func handleSendError(r *request.Request, err error) {
|
|||
var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseHandler", Fn: func(r *request.Request) {
|
||||
if r.HTTPResponse.StatusCode == 0 || r.HTTPResponse.StatusCode >= 300 {
|
||||
// this may be replaced by an UnmarshalError handler
|
||||
r.Error = awserr.New("UnknownError", "unknown error", nil)
|
||||
r.Error = awserr.New("UnknownError", "unknown error", r.Error)
|
||||
}
|
||||
}}
|
||||
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package credentials
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_background_go1.7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.7
|
||||
// +build go1.7
|
||||
|
||||
package credentials
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.9
|
||||
// +build !go1.9
|
||||
|
||||
package credentials
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/credentials/context_go1.9.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.9
|
||||
// +build go1.9
|
||||
|
||||
package credentials
|
||||
|
|
78
vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
generated
vendored
78
vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go
generated
vendored
|
@ -50,7 +50,7 @@ package credentials
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"sync/atomic"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
|
@ -173,7 +173,9 @@ type Expiry struct {
|
|||
// the expiration time given to ensure no requests are made with expired
|
||||
// tokens.
|
||||
func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
|
||||
e.expiration = expiration
|
||||
// Passed in expirations should have the monotonic clock values stripped.
|
||||
// This ensures time comparisons will be based on wall-time.
|
||||
e.expiration = expiration.Round(0)
|
||||
if window > 0 {
|
||||
e.expiration = e.expiration.Add(-window)
|
||||
}
|
||||
|
@ -205,9 +207,10 @@ func (e *Expiry) ExpiresAt() time.Time {
|
|||
// first instance of the credentials Value. All calls to Get() after that
|
||||
// will return the cached credentials Value until IsExpired() returns true.
|
||||
type Credentials struct {
|
||||
creds atomic.Value
|
||||
sf singleflight.Group
|
||||
sf singleflight.Group
|
||||
|
||||
m sync.RWMutex
|
||||
creds Value
|
||||
provider Provider
|
||||
}
|
||||
|
||||
|
@ -216,7 +219,6 @@ func NewCredentials(provider Provider) *Credentials {
|
|||
c := &Credentials{
|
||||
provider: provider,
|
||||
}
|
||||
c.creds.Store(Value{})
|
||||
return c
|
||||
}
|
||||
|
||||
|
@ -233,8 +235,17 @@ func NewCredentials(provider Provider) *Credentials {
|
|||
//
|
||||
// Passed in Context is equivalent to aws.Context, and context.Context.
|
||||
func (c *Credentials) GetWithContext(ctx Context) (Value, error) {
|
||||
if curCreds := c.creds.Load(); !c.isExpired(curCreds) {
|
||||
return curCreds.(Value), nil
|
||||
// Check if credentials are cached, and not expired.
|
||||
select {
|
||||
case curCreds, ok := <-c.asyncIsExpired():
|
||||
// ok will only be true, of the credentials were not expired. ok will
|
||||
// be false and have no value if the credentials are expired.
|
||||
if ok {
|
||||
return curCreds, nil
|
||||
}
|
||||
case <-ctx.Done():
|
||||
return Value{}, awserr.New("RequestCanceled",
|
||||
"request context canceled", ctx.Err())
|
||||
}
|
||||
|
||||
// Cannot pass context down to the actual retrieve, because the first
|
||||
|
@ -252,18 +263,23 @@ func (c *Credentials) GetWithContext(ctx Context) (Value, error) {
|
|||
}
|
||||
}
|
||||
|
||||
func (c *Credentials) singleRetrieve(ctx Context) (creds interface{}, err error) {
|
||||
if curCreds := c.creds.Load(); !c.isExpired(curCreds) {
|
||||
return curCreds.(Value), nil
|
||||
func (c *Credentials) singleRetrieve(ctx Context) (interface{}, error) {
|
||||
c.m.Lock()
|
||||
defer c.m.Unlock()
|
||||
|
||||
if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
|
||||
return curCreds, nil
|
||||
}
|
||||
|
||||
var creds Value
|
||||
var err error
|
||||
if p, ok := c.provider.(ProviderWithContext); ok {
|
||||
creds, err = p.RetrieveWithContext(ctx)
|
||||
} else {
|
||||
creds, err = c.provider.Retrieve()
|
||||
}
|
||||
if err == nil {
|
||||
c.creds.Store(creds)
|
||||
c.creds = creds
|
||||
}
|
||||
|
||||
return creds, err
|
||||
|
@ -288,7 +304,10 @@ func (c *Credentials) Get() (Value, error) {
|
|||
// This will override the Provider's expired state, and force Credentials
|
||||
// to call the Provider's Retrieve().
|
||||
func (c *Credentials) Expire() {
|
||||
c.creds.Store(Value{})
|
||||
c.m.Lock()
|
||||
defer c.m.Unlock()
|
||||
|
||||
c.creds = Value{}
|
||||
}
|
||||
|
||||
// IsExpired returns if the credentials are no longer valid, and need
|
||||
|
@ -297,11 +316,32 @@ func (c *Credentials) Expire() {
|
|||
// If the Credentials were forced to be expired with Expire() this will
|
||||
// reflect that override.
|
||||
func (c *Credentials) IsExpired() bool {
|
||||
return c.isExpired(c.creds.Load())
|
||||
c.m.RLock()
|
||||
defer c.m.RUnlock()
|
||||
|
||||
return c.isExpiredLocked(c.creds)
|
||||
}
|
||||
|
||||
// isExpired helper method wrapping the definition of expired credentials.
|
||||
func (c *Credentials) isExpired(creds interface{}) bool {
|
||||
// asyncIsExpired returns a channel of credentials Value. If the channel is
|
||||
// closed the credentials are expired and credentials value are not empty.
|
||||
func (c *Credentials) asyncIsExpired() <-chan Value {
|
||||
ch := make(chan Value, 1)
|
||||
go func() {
|
||||
c.m.RLock()
|
||||
defer c.m.RUnlock()
|
||||
|
||||
if curCreds := c.creds; !c.isExpiredLocked(curCreds) {
|
||||
ch <- curCreds
|
||||
}
|
||||
|
||||
close(ch)
|
||||
}()
|
||||
|
||||
return ch
|
||||
}
|
||||
|
||||
// isExpiredLocked helper method wrapping the definition of expired credentials.
|
||||
func (c *Credentials) isExpiredLocked(creds interface{}) bool {
|
||||
return creds == nil || creds.(Value) == Value{} || c.provider.IsExpired()
|
||||
}
|
||||
|
||||
|
@ -309,13 +349,17 @@ func (c *Credentials) isExpired(creds interface{}) bool {
|
|||
// the underlying Provider, if it supports that interface. Otherwise, it returns
|
||||
// an error.
|
||||
func (c *Credentials) ExpiresAt() (time.Time, error) {
|
||||
c.m.RLock()
|
||||
defer c.m.RUnlock()
|
||||
|
||||
expirer, ok := c.provider.(Expirer)
|
||||
if !ok {
|
||||
return time.Time{}, awserr.New("ProviderNotExpirer",
|
||||
fmt.Sprintf("provider %s does not support ExpiresAt()", c.creds.Load().(Value).ProviderName),
|
||||
fmt.Sprintf("provider %s does not support ExpiresAt()",
|
||||
c.creds.ProviderName),
|
||||
nil)
|
||||
}
|
||||
if c.creds.Load().(Value) == (Value{}) {
|
||||
if c.creds == (Value{}) {
|
||||
// set expiration time to the distant past
|
||||
return time.Time{}, nil
|
||||
}
|
||||
|
|
60
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
generated
vendored
Normal file
60
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,60 @@
|
|||
// Package ssocreds provides a credential provider for retrieving temporary AWS credentials using an SSO access token.
|
||||
//
|
||||
// IMPORTANT: The provider in this package does not initiate or perform the AWS SSO login flow. The SDK provider
|
||||
// expects that you have already performed the SSO login flow using AWS CLI using the "aws sso login" command, or by
|
||||
// some other mechanism. The provider must find a valid non-expired access token for the AWS SSO user portal URL in
|
||||
// ~/.aws/sso/cache. If a cached token is not found, it is expired, or the file is malformed an error will be returned.
|
||||
//
|
||||
// Loading AWS SSO credentials with the AWS shared configuration file
|
||||
//
|
||||
// You can use configure AWS SSO credentials from the AWS shared configuration file by
|
||||
// providing the specifying the required keys in the profile:
|
||||
//
|
||||
// sso_account_id
|
||||
// sso_region
|
||||
// sso_role_name
|
||||
// sso_start_url
|
||||
//
|
||||
// For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target
|
||||
// account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be
|
||||
// provided, or an error will be returned.
|
||||
//
|
||||
// [profile devsso]
|
||||
// sso_start_url = https://my-sso-portal.awsapps.com/start
|
||||
// sso_role_name = SSOReadOnlyRole
|
||||
// sso_region = us-east-1
|
||||
// sso_account_id = 123456789012
|
||||
//
|
||||
// Using the config module, you can load the AWS SDK shared configuration, and specify that this profile be used to
|
||||
// retrieve credentials. For example:
|
||||
//
|
||||
// sess, err := session.NewSessionWithOptions(session.Options{
|
||||
// SharedConfigState: session.SharedConfigEnable,
|
||||
// Profile: "devsso",
|
||||
// })
|
||||
// if err != nil {
|
||||
// return err
|
||||
// }
|
||||
//
|
||||
// Programmatically loading AWS SSO credentials directly
|
||||
//
|
||||
// You can programmatically construct the AWS SSO Provider in your application, and provide the necessary information
|
||||
// to load and retrieve temporary credentials using an access token from ~/.aws/sso/cache.
|
||||
//
|
||||
// svc := sso.New(sess, &aws.Config{
|
||||
// Region: aws.String("us-west-2"), // Client Region must correspond to the AWS SSO user portal region
|
||||
// })
|
||||
//
|
||||
// provider := ssocreds.NewCredentialsWithClient(svc, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start")
|
||||
//
|
||||
// credentials, err := provider.Get()
|
||||
// if err != nil {
|
||||
// return err
|
||||
// }
|
||||
//
|
||||
// Additional Resources
|
||||
//
|
||||
// Configuring the AWS CLI to use AWS Single Sign-On: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
|
||||
//
|
||||
// AWS Single Sign-On User Guide: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
||||
package ssocreds
|
10
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
generated
vendored
Normal file
10
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os.go
generated
vendored
Normal file
|
@ -0,0 +1,10 @@
|
|||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package ssocreds
|
||||
|
||||
import "os"
|
||||
|
||||
func getHomeDirectory() string {
|
||||
return os.Getenv("HOME")
|
||||
}
|
7
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
generated
vendored
Normal file
7
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/os_windows.go
generated
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
package ssocreds
|
||||
|
||||
import "os"
|
||||
|
||||
func getHomeDirectory() string {
|
||||
return os.Getenv("USERPROFILE")
|
||||
}
|
180
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
generated
vendored
Normal file
180
vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/provider.go
generated
vendored
Normal file
|
@ -0,0 +1,180 @@
|
|||
package ssocreds
|
||||
|
||||
import (
|
||||
"crypto/sha1"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/client"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
"github.com/aws/aws-sdk-go/service/sso"
|
||||
"github.com/aws/aws-sdk-go/service/sso/ssoiface"
|
||||
)
|
||||
|
||||
// ErrCodeSSOProviderInvalidToken is the code type that is returned if loaded token has expired or is otherwise invalid.
|
||||
// To refresh the SSO session run aws sso login with the corresponding profile.
|
||||
const ErrCodeSSOProviderInvalidToken = "SSOProviderInvalidToken"
|
||||
|
||||
const invalidTokenMessage = "the SSO session has expired or is invalid"
|
||||
|
||||
func init() {
|
||||
nowTime = time.Now
|
||||
defaultCacheLocation = defaultCacheLocationImpl
|
||||
}
|
||||
|
||||
var nowTime func() time.Time
|
||||
|
||||
// ProviderName is the name of the provider used to specify the source of credentials.
|
||||
const ProviderName = "SSOProvider"
|
||||
|
||||
var defaultCacheLocation func() string
|
||||
|
||||
func defaultCacheLocationImpl() string {
|
||||
return filepath.Join(getHomeDirectory(), ".aws", "sso", "cache")
|
||||
}
|
||||
|
||||
// Provider is an AWS credential provider that retrieves temporary AWS credentials by exchanging an SSO login token.
|
||||
type Provider struct {
|
||||
credentials.Expiry
|
||||
|
||||
// The Client which is configured for the AWS Region where the AWS SSO user portal is located.
|
||||
Client ssoiface.SSOAPI
|
||||
|
||||
// The AWS account that is assigned to the user.
|
||||
AccountID string
|
||||
|
||||
// The role name that is assigned to the user.
|
||||
RoleName string
|
||||
|
||||
// The URL that points to the organization's AWS Single Sign-On (AWS SSO) user portal.
|
||||
StartURL string
|
||||
}
|
||||
|
||||
// NewCredentials returns a new AWS Single Sign-On (AWS SSO) credential provider. The ConfigProvider is expected to be configured
|
||||
// for the AWS Region where the AWS SSO user portal is located.
|
||||
func NewCredentials(configProvider client.ConfigProvider, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials {
|
||||
return NewCredentialsWithClient(sso.New(configProvider), accountID, roleName, startURL, optFns...)
|
||||
}
|
||||
|
||||
// NewCredentialsWithClient returns a new AWS Single Sign-On (AWS SSO) credential provider. The provided client is expected to be configured
|
||||
// for the AWS Region where the AWS SSO user portal is located.
|
||||
func NewCredentialsWithClient(client ssoiface.SSOAPI, accountID, roleName, startURL string, optFns ...func(provider *Provider)) *credentials.Credentials {
|
||||
p := &Provider{
|
||||
Client: client,
|
||||
AccountID: accountID,
|
||||
RoleName: roleName,
|
||||
StartURL: startURL,
|
||||
}
|
||||
|
||||
for _, fn := range optFns {
|
||||
fn(p)
|
||||
}
|
||||
|
||||
return credentials.NewCredentials(p)
|
||||
}
|
||||
|
||||
// Retrieve retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal
|
||||
// by exchanging the accessToken present in ~/.aws/sso/cache.
|
||||
func (p *Provider) Retrieve() (credentials.Value, error) {
|
||||
return p.RetrieveWithContext(aws.BackgroundContext())
|
||||
}
|
||||
|
||||
// RetrieveWithContext retrieves temporary AWS credentials from the configured Amazon Single Sign-On (AWS SSO) user portal
|
||||
// by exchanging the accessToken present in ~/.aws/sso/cache.
|
||||
func (p *Provider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
|
||||
tokenFile, err := loadTokenFile(p.StartURL)
|
||||
if err != nil {
|
||||
return credentials.Value{}, err
|
||||
}
|
||||
|
||||
output, err := p.Client.GetRoleCredentialsWithContext(ctx, &sso.GetRoleCredentialsInput{
|
||||
AccessToken: &tokenFile.AccessToken,
|
||||
AccountId: &p.AccountID,
|
||||
RoleName: &p.RoleName,
|
||||
})
|
||||
if err != nil {
|
||||
return credentials.Value{}, err
|
||||
}
|
||||
|
||||
expireTime := time.Unix(0, aws.Int64Value(output.RoleCredentials.Expiration)*int64(time.Millisecond)).UTC()
|
||||
p.SetExpiration(expireTime, 0)
|
||||
|
||||
return credentials.Value{
|
||||
AccessKeyID: aws.StringValue(output.RoleCredentials.AccessKeyId),
|
||||
SecretAccessKey: aws.StringValue(output.RoleCredentials.SecretAccessKey),
|
||||
SessionToken: aws.StringValue(output.RoleCredentials.SessionToken),
|
||||
ProviderName: ProviderName,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func getCacheFileName(url string) (string, error) {
|
||||
hash := sha1.New()
|
||||
_, err := hash.Write([]byte(url))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return strings.ToLower(hex.EncodeToString(hash.Sum(nil))) + ".json", nil
|
||||
}
|
||||
|
||||
type rfc3339 time.Time
|
||||
|
||||
func (r *rfc3339) UnmarshalJSON(bytes []byte) error {
|
||||
var value string
|
||||
|
||||
if err := json.Unmarshal(bytes, &value); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
parse, err := time.Parse(time.RFC3339, value)
|
||||
if err != nil {
|
||||
return fmt.Errorf("expected RFC3339 timestamp: %v", err)
|
||||
}
|
||||
|
||||
*r = rfc3339(parse)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type token struct {
|
||||
AccessToken string `json:"accessToken"`
|
||||
ExpiresAt rfc3339 `json:"expiresAt"`
|
||||
Region string `json:"region,omitempty"`
|
||||
StartURL string `json:"startUrl,omitempty"`
|
||||
}
|
||||
|
||||
func (t token) Expired() bool {
|
||||
return nowTime().Round(0).After(time.Time(t.ExpiresAt))
|
||||
}
|
||||
|
||||
func loadTokenFile(startURL string) (t token, err error) {
|
||||
key, err := getCacheFileName(startURL)
|
||||
if err != nil {
|
||||
return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
|
||||
}
|
||||
|
||||
fileBytes, err := ioutil.ReadFile(filepath.Join(defaultCacheLocation(), key))
|
||||
if err != nil {
|
||||
return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(fileBytes, &t); err != nil {
|
||||
return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, err)
|
||||
}
|
||||
|
||||
if len(t.AccessToken) == 0 {
|
||||
return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil)
|
||||
}
|
||||
|
||||
if t.Expired() {
|
||||
return token{}, awserr.New(ErrCodeSSOProviderInvalidToken, invalidTokenMessage, nil)
|
||||
}
|
||||
|
||||
return t, nil
|
||||
}
|
14
vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
generated
vendored
14
vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/assume_role_provider.go
generated
vendored
|
@ -95,7 +95,7 @@ import (
|
|||
// StdinTokenProvider will prompt on stderr and read from stdin for a string value.
|
||||
// An error is returned if reading from stdin fails.
|
||||
//
|
||||
// Use this function go read MFA tokens from stdin. The function makes no attempt
|
||||
// Use this function to read MFA tokens from stdin. The function makes no attempt
|
||||
// to make atomic prompts from stdin across multiple gorouties.
|
||||
//
|
||||
// Using StdinTokenProvider with multiple AssumeRoleProviders, or Credentials will
|
||||
|
@ -244,9 +244,11 @@ type AssumeRoleProvider struct {
|
|||
MaxJitterFrac float64
|
||||
}
|
||||
|
||||
// NewCredentials returns a pointer to a new Credentials object wrapping the
|
||||
// NewCredentials returns a pointer to a new Credentials value wrapping the
|
||||
// AssumeRoleProvider. The credentials will expire every 15 minutes and the
|
||||
// role will be named after a nanosecond timestamp of this operation.
|
||||
// role will be named after a nanosecond timestamp of this operation. The
|
||||
// Credentials value will attempt to refresh the credentials using the provider
|
||||
// when Credentials.Get is called, if the cached credentials are expiring.
|
||||
//
|
||||
// Takes a Config provider to create the STS client. The ConfigProvider is
|
||||
// satisfied by the session.Session type.
|
||||
|
@ -268,9 +270,11 @@ func NewCredentials(c client.ConfigProvider, roleARN string, options ...func(*As
|
|||
return credentials.NewCredentials(p)
|
||||
}
|
||||
|
||||
// NewCredentialsWithClient returns a pointer to a new Credentials object wrapping the
|
||||
// NewCredentialsWithClient returns a pointer to a new Credentials value wrapping the
|
||||
// AssumeRoleProvider. The credentials will expire every 15 minutes and the
|
||||
// role will be named after a nanosecond timestamp of this operation.
|
||||
// role will be named after a nanosecond timestamp of this operation. The
|
||||
// Credentials value will attempt to refresh the credentials using the provider
|
||||
// when Credentials.Get is called, if the cached credentials are expiring.
|
||||
//
|
||||
// Takes an AssumeRoler which can be satisfied by the STS client.
|
||||
//
|
||||
|
|
40
vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
generated
vendored
40
vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go
generated
vendored
|
@ -28,7 +28,7 @@ const (
|
|||
// compare test values.
|
||||
var now = time.Now
|
||||
|
||||
// TokenFetcher shuold return WebIdentity token bytes or an error
|
||||
// TokenFetcher should return WebIdentity token bytes or an error
|
||||
type TokenFetcher interface {
|
||||
FetchToken(credentials.Context) ([]byte, error)
|
||||
}
|
||||
|
@ -50,6 +50,8 @@ func (f FetchTokenPath) FetchToken(ctx credentials.Context) ([]byte, error) {
|
|||
// an OIDC token.
|
||||
type WebIdentityRoleProvider struct {
|
||||
credentials.Expiry
|
||||
|
||||
// The policy ARNs to use with the web identity assumed role.
|
||||
PolicyArns []*sts.PolicyDescriptorType
|
||||
|
||||
// Duration the STS credentials will be valid for. Truncated to seconds.
|
||||
|
@ -74,6 +76,9 @@ type WebIdentityRoleProvider struct {
|
|||
|
||||
// NewWebIdentityCredentials will return a new set of credentials with a given
|
||||
// configuration, role arn, and token file path.
|
||||
//
|
||||
// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
|
||||
// functional options, and wrap with credentials.NewCredentials helper.
|
||||
func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials {
|
||||
svc := sts.New(c)
|
||||
p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path)
|
||||
|
@ -82,19 +87,42 @@ func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName
|
|||
|
||||
// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the
|
||||
// provided stsiface.STSAPI
|
||||
//
|
||||
// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
|
||||
// functional options.
|
||||
func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider {
|
||||
return NewWebIdentityRoleProviderWithToken(svc, roleARN, roleSessionName, FetchTokenPath(path))
|
||||
return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, FetchTokenPath(path))
|
||||
}
|
||||
|
||||
// NewWebIdentityRoleProviderWithToken will return a new WebIdentityRoleProvider with the
|
||||
// provided stsiface.STSAPI and a TokenFetcher
|
||||
//
|
||||
// Deprecated: Use NewWebIdentityRoleProviderWithOptions for flexible
|
||||
// functional options.
|
||||
func NewWebIdentityRoleProviderWithToken(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher) *WebIdentityRoleProvider {
|
||||
return &WebIdentityRoleProvider{
|
||||
return NewWebIdentityRoleProviderWithOptions(svc, roleARN, roleSessionName, tokenFetcher)
|
||||
}
|
||||
|
||||
// NewWebIdentityRoleProviderWithOptions will return an initialize
|
||||
// WebIdentityRoleProvider with the provided stsiface.STSAPI, role ARN, and a
|
||||
// TokenFetcher. Additional options can be provided as functional options.
|
||||
//
|
||||
// TokenFetcher is the implementation that will retrieve the JWT token from to
|
||||
// assume the role with. Use the provided FetchTokenPath implementation to
|
||||
// retrieve the JWT token using a file system path.
|
||||
func NewWebIdentityRoleProviderWithOptions(svc stsiface.STSAPI, roleARN, roleSessionName string, tokenFetcher TokenFetcher, optFns ...func(*WebIdentityRoleProvider)) *WebIdentityRoleProvider {
|
||||
p := WebIdentityRoleProvider{
|
||||
client: svc,
|
||||
tokenFetcher: tokenFetcher,
|
||||
roleARN: roleARN,
|
||||
roleSessionName: roleSessionName,
|
||||
}
|
||||
|
||||
for _, fn := range optFns {
|
||||
fn(&p)
|
||||
}
|
||||
|
||||
return &p
|
||||
}
|
||||
|
||||
// Retrieve will attempt to assume a role from a token which is located at
|
||||
|
@ -104,9 +132,9 @@ func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) {
|
|||
return p.RetrieveWithContext(aws.BackgroundContext())
|
||||
}
|
||||
|
||||
// RetrieveWithContext will attempt to assume a role from a token which is located at
|
||||
// 'WebIdentityTokenFilePath' specified destination and if that is empty an
|
||||
// error will be returned.
|
||||
// RetrieveWithContext will attempt to assume a role from a token which is
|
||||
// located at 'WebIdentityTokenFilePath' specified destination and if that is
|
||||
// empty an error will be returned.
|
||||
func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) (credentials.Value, error) {
|
||||
b, err := p.tokenFetcher.FetchToken(ctx)
|
||||
if err != nil {
|
||||
|
|
8
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
generated
vendored
8
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/api.go
generated
vendored
|
@ -20,7 +20,7 @@ func (c *EC2Metadata) getToken(ctx aws.Context, duration time.Duration) (tokenOu
|
|||
op := &request.Operation{
|
||||
Name: "GetToken",
|
||||
HTTPMethod: "PUT",
|
||||
HTTPPath: "/api/token",
|
||||
HTTPPath: "/latest/api/token",
|
||||
}
|
||||
|
||||
var output tokenOutput
|
||||
|
@ -62,7 +62,7 @@ func (c *EC2Metadata) GetMetadataWithContext(ctx aws.Context, p string) (string,
|
|||
op := &request.Operation{
|
||||
Name: "GetMetadata",
|
||||
HTTPMethod: "GET",
|
||||
HTTPPath: sdkuri.PathJoin("/meta-data", p),
|
||||
HTTPPath: sdkuri.PathJoin("/latest/meta-data", p),
|
||||
}
|
||||
output := &metadataOutput{}
|
||||
|
||||
|
@ -88,7 +88,7 @@ func (c *EC2Metadata) GetUserDataWithContext(ctx aws.Context) (string, error) {
|
|||
op := &request.Operation{
|
||||
Name: "GetUserData",
|
||||
HTTPMethod: "GET",
|
||||
HTTPPath: "/user-data",
|
||||
HTTPPath: "/latest/user-data",
|
||||
}
|
||||
|
||||
output := &metadataOutput{}
|
||||
|
@ -113,7 +113,7 @@ func (c *EC2Metadata) GetDynamicDataWithContext(ctx aws.Context, p string) (stri
|
|||
op := &request.Operation{
|
||||
Name: "GetDynamicData",
|
||||
HTTPMethod: "GET",
|
||||
HTTPPath: sdkuri.PathJoin("/dynamic", p),
|
||||
HTTPPath: sdkuri.PathJoin("/latest/dynamic", p),
|
||||
}
|
||||
|
||||
output := &metadataOutput{}
|
||||
|
|
21
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
generated
vendored
21
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go
generated
vendored
|
@ -5,13 +5,17 @@
|
|||
// variable "AWS_EC2_METADATA_DISABLED=true". This environment variable set to
|
||||
// true instructs the SDK to disable the EC2 Metadata client. The client cannot
|
||||
// be used while the environment variable is set to true, (case insensitive).
|
||||
//
|
||||
// The endpoint of the EC2 IMDS client can be configured via the environment
|
||||
// variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
|
||||
// Session. See aws/session#Options.EC2IMDSEndpoint for more details.
|
||||
package ec2metadata
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -69,6 +73,9 @@ func New(p client.ConfigProvider, cfgs ...*aws.Config) *EC2Metadata {
|
|||
// a client when not using a session. Generally using just New with a session
|
||||
// is preferred.
|
||||
//
|
||||
// Will remove the URL path from the endpoint provided to ensure the EC2 IMDS
|
||||
// client is able to communicate with the EC2 IMDS API.
|
||||
//
|
||||
// If an unmodified HTTP client is provided from the stdlib default, or no client
|
||||
// the EC2RoleProvider's EC2Metadata HTTP client's timeout will be shortened.
|
||||
// To disable this set Config.EC2MetadataDisableTimeoutOverride to false. Enabled by default.
|
||||
|
@ -86,6 +93,15 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
|
|||
cfg.MaxRetries = aws.Int(2)
|
||||
}
|
||||
|
||||
if u, err := url.Parse(endpoint); err == nil {
|
||||
// Remove path from the endpoint since it will be added by requests.
|
||||
// This is an artifact of the SDK adding `/latest` to the endpoint for
|
||||
// EC2 IMDS, but this is now moved to the operation definition.
|
||||
u.Path = ""
|
||||
u.RawPath = ""
|
||||
endpoint = u.String()
|
||||
}
|
||||
|
||||
svc := &EC2Metadata{
|
||||
Client: client.New(
|
||||
cfg,
|
||||
|
@ -217,7 +233,8 @@ func unmarshalError(r *request.Request) {
|
|||
|
||||
// Response body format is not consistent between metadata endpoints.
|
||||
// Grab the error message as a string and include that as the source error
|
||||
r.Error = awserr.NewRequestFailure(awserr.New("EC2MetadataError", "failed to make EC2Metadata request", errors.New(b.String())),
|
||||
r.Error = awserr.NewRequestFailure(
|
||||
awserr.New("EC2MetadataError", "failed to make EC2Metadata request\n"+b.String(), nil),
|
||||
r.HTTPResponse.StatusCode, r.RequestID)
|
||||
}
|
||||
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
generated
vendored
|
@ -87,6 +87,7 @@ func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
|
|||
// If the error code status is 401, we enable the token provider
|
||||
if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
|
||||
e.StatusCode() == http.StatusUnauthorized {
|
||||
t.token.Store(ec2Token{})
|
||||
atomic.StoreUint32(&t.disabled, 0)
|
||||
}
|
||||
}
|
||||
|
|
73
vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
generated
vendored
73
vendor/github.com/aws/aws-sdk-go/aws/endpoints/decode.go
generated
vendored
|
@ -81,8 +81,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
|
|||
// Customization
|
||||
for i := 0; i < len(ps); i++ {
|
||||
p := &ps[i]
|
||||
custAddEC2Metadata(p)
|
||||
custAddS3DualStack(p)
|
||||
custRegionalS3(p)
|
||||
custRmIotDataService(p)
|
||||
custFixAppAutoscalingChina(p)
|
||||
|
@ -92,15 +90,6 @@ func decodeV3Endpoints(modelDef modelDefinition, opts DecodeModelOptions) (Resol
|
|||
return ps, nil
|
||||
}
|
||||
|
||||
func custAddS3DualStack(p *partition) {
|
||||
if !(p.ID == "aws" || p.ID == "aws-cn" || p.ID == "aws-us-gov") {
|
||||
return
|
||||
}
|
||||
|
||||
custAddDualstack(p, "s3")
|
||||
custAddDualstack(p, "s3-control")
|
||||
}
|
||||
|
||||
func custRegionalS3(p *partition) {
|
||||
if p.ID != "aws" {
|
||||
return
|
||||
|
@ -111,48 +100,28 @@ func custRegionalS3(p *partition) {
|
|||
return
|
||||
}
|
||||
|
||||
const awsGlobal = "aws-global"
|
||||
const usEast1 = "us-east-1"
|
||||
|
||||
// If global endpoint already exists no customization needed.
|
||||
if _, ok := service.Endpoints["aws-global"]; ok {
|
||||
if _, ok := service.Endpoints[endpointKey{Region: awsGlobal}]; ok {
|
||||
return
|
||||
}
|
||||
|
||||
service.PartitionEndpoint = "aws-global"
|
||||
service.Endpoints["us-east-1"] = endpoint{}
|
||||
service.Endpoints["aws-global"] = endpoint{
|
||||
service.PartitionEndpoint = awsGlobal
|
||||
if _, ok := service.Endpoints[endpointKey{Region: usEast1}]; !ok {
|
||||
service.Endpoints[endpointKey{Region: usEast1}] = endpoint{}
|
||||
}
|
||||
service.Endpoints[endpointKey{Region: awsGlobal}] = endpoint{
|
||||
Hostname: "s3.amazonaws.com",
|
||||
CredentialScope: credentialScope{
|
||||
Region: "us-east-1",
|
||||
Region: usEast1,
|
||||
},
|
||||
}
|
||||
|
||||
p.Services["s3"] = service
|
||||
}
|
||||
|
||||
func custAddDualstack(p *partition, svcName string) {
|
||||
s, ok := p.Services[svcName]
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
s.Defaults.HasDualStack = boxedTrue
|
||||
s.Defaults.DualStackHostname = "{service}.dualstack.{region}.{dnsSuffix}"
|
||||
|
||||
p.Services[svcName] = s
|
||||
}
|
||||
|
||||
func custAddEC2Metadata(p *partition) {
|
||||
p.Services["ec2metadata"] = service{
|
||||
IsRegionalized: boxedFalse,
|
||||
PartitionEndpoint: "aws-global",
|
||||
Endpoints: endpoints{
|
||||
"aws-global": endpoint{
|
||||
Hostname: "169.254.169.254/latest",
|
||||
Protocols: []string{"http"},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func custRmIotDataService(p *partition) {
|
||||
delete(p.Services, "data.iot")
|
||||
}
|
||||
|
@ -169,12 +138,13 @@ func custFixAppAutoscalingChina(p *partition) {
|
|||
}
|
||||
|
||||
const expectHostname = `autoscaling.{region}.amazonaws.com`
|
||||
if e, a := s.Defaults.Hostname, expectHostname; e != a {
|
||||
serviceDefault := s.Defaults[defaultKey{}]
|
||||
if e, a := expectHostname, serviceDefault.Hostname; e != a {
|
||||
fmt.Printf("custFixAppAutoscalingChina: ignoring customization, expected %s, got %s\n", e, a)
|
||||
return
|
||||
}
|
||||
|
||||
s.Defaults.Hostname = expectHostname + ".cn"
|
||||
serviceDefault.Hostname = expectHostname + ".cn"
|
||||
s.Defaults[defaultKey{}] = serviceDefault
|
||||
p.Services[serviceName] = s
|
||||
}
|
||||
|
||||
|
@ -189,18 +159,25 @@ func custFixAppAutoscalingUsGov(p *partition) {
|
|||
return
|
||||
}
|
||||
|
||||
if a := s.Defaults.CredentialScope.Service; a != "" {
|
||||
serviceDefault := s.Defaults[defaultKey{}]
|
||||
if a := serviceDefault.CredentialScope.Service; a != "" {
|
||||
fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty credential scope service, got %s\n", a)
|
||||
return
|
||||
}
|
||||
|
||||
if a := s.Defaults.Hostname; a != "" {
|
||||
if a := serviceDefault.Hostname; a != "" {
|
||||
fmt.Printf("custFixAppAutoscalingUsGov: ignoring customization, expected empty hostname, got %s\n", a)
|
||||
return
|
||||
}
|
||||
|
||||
s.Defaults.CredentialScope.Service = "application-autoscaling"
|
||||
s.Defaults.Hostname = "autoscaling.{region}.amazonaws.com"
|
||||
serviceDefault.CredentialScope.Service = "application-autoscaling"
|
||||
serviceDefault.Hostname = "autoscaling.{region}.amazonaws.com"
|
||||
|
||||
if s.Defaults == nil {
|
||||
s.Defaults = make(endpointDefaults)
|
||||
}
|
||||
|
||||
s.Defaults[defaultKey{}] = serviceDefault
|
||||
|
||||
p.Services[serviceName] = s
|
||||
}
|
||||
|
|
28581
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
28581
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
generated
vendored
File diff suppressed because it is too large
Load diff
158
vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
generated
vendored
158
vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
generated
vendored
|
@ -8,6 +8,41 @@ import (
|
|||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
)
|
||||
|
||||
// A Logger is a minimalistic interface for the SDK to log messages to.
|
||||
type Logger interface {
|
||||
Log(...interface{})
|
||||
}
|
||||
|
||||
// DualStackEndpointState is a constant to describe the dual-stack endpoint resolution
|
||||
// behavior.
|
||||
type DualStackEndpointState uint
|
||||
|
||||
const (
|
||||
// DualStackEndpointStateUnset is the default value behavior for dual-stack endpoint
|
||||
// resolution.
|
||||
DualStackEndpointStateUnset DualStackEndpointState = iota
|
||||
|
||||
// DualStackEndpointStateEnabled enable dual-stack endpoint resolution for endpoints.
|
||||
DualStackEndpointStateEnabled
|
||||
|
||||
// DualStackEndpointStateDisabled disables dual-stack endpoint resolution for endpoints.
|
||||
DualStackEndpointStateDisabled
|
||||
)
|
||||
|
||||
// FIPSEndpointState is a constant to describe the FIPS endpoint resolution behavior.
|
||||
type FIPSEndpointState uint
|
||||
|
||||
const (
|
||||
// FIPSEndpointStateUnset is the default value behavior for FIPS endpoint resolution.
|
||||
FIPSEndpointStateUnset FIPSEndpointState = iota
|
||||
|
||||
// FIPSEndpointStateEnabled enables FIPS endpoint resolution for service endpoints.
|
||||
FIPSEndpointStateEnabled
|
||||
|
||||
// FIPSEndpointStateDisabled disables FIPS endpoint resolution for endpoints.
|
||||
FIPSEndpointStateDisabled
|
||||
)
|
||||
|
||||
// Options provide the configuration needed to direct how the
|
||||
// endpoints will be resolved.
|
||||
type Options struct {
|
||||
|
@ -21,8 +56,19 @@ type Options struct {
|
|||
// be returned. This endpoint may not be valid. If StrictMatching is
|
||||
// enabled only services that are known to support dualstack will return
|
||||
// dualstack endpoints.
|
||||
//
|
||||
// Deprecated: This option will continue to function for S3 and S3 Control for backwards compatibility.
|
||||
// UseDualStackEndpoint should be used to enable usage of a service's dual-stack endpoint for all service clients
|
||||
// moving forward. For S3 and S3 Control, when UseDualStackEndpoint is set to a non-zero value it takes higher
|
||||
// precedence then this option.
|
||||
UseDualStack bool
|
||||
|
||||
// Sets the resolver to resolve a dual-stack endpoint for the service.
|
||||
UseDualStackEndpoint DualStackEndpointState
|
||||
|
||||
// UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint.
|
||||
UseFIPSEndpoint FIPSEndpointState
|
||||
|
||||
// Enables strict matching of services and regions resolved endpoints.
|
||||
// If the partition doesn't enumerate the exact service and region an
|
||||
// error will be returned. This option will prevent returning endpoints
|
||||
|
@ -48,11 +94,65 @@ type Options struct {
|
|||
// This option is ignored if StrictMatching is enabled.
|
||||
ResolveUnknownService bool
|
||||
|
||||
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
|
||||
EC2MetadataEndpointMode EC2IMDSEndpointModeState
|
||||
|
||||
// STS Regional Endpoint flag helps with resolving the STS endpoint
|
||||
STSRegionalEndpoint STSRegionalEndpoint
|
||||
|
||||
// S3 Regional Endpoint flag helps with resolving the S3 endpoint
|
||||
S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint
|
||||
|
||||
// ResolvedRegion is the resolved region string. If provided (non-zero length) it takes priority
|
||||
// over the region name passed to the ResolveEndpoint call.
|
||||
ResolvedRegion string
|
||||
|
||||
// Logger is the logger that will be used to log messages.
|
||||
Logger Logger
|
||||
|
||||
// Determines whether logging of deprecated endpoints usage is enabled.
|
||||
LogDeprecated bool
|
||||
}
|
||||
|
||||
func (o Options) getEndpointVariant(service string) (v endpointVariant) {
|
||||
const s3 = "s3"
|
||||
const s3Control = "s3-control"
|
||||
|
||||
if (o.UseDualStackEndpoint == DualStackEndpointStateEnabled) ||
|
||||
((service == s3 || service == s3Control) && (o.UseDualStackEndpoint == DualStackEndpointStateUnset && o.UseDualStack)) {
|
||||
v |= dualStackVariant
|
||||
}
|
||||
if o.UseFIPSEndpoint == FIPSEndpointStateEnabled {
|
||||
v |= fipsVariant
|
||||
}
|
||||
return v
|
||||
}
|
||||
|
||||
// EC2IMDSEndpointModeState is an enum configuration variable describing the client endpoint mode.
|
||||
type EC2IMDSEndpointModeState uint
|
||||
|
||||
// Enumeration values for EC2IMDSEndpointModeState
|
||||
const (
|
||||
EC2IMDSEndpointModeStateUnset EC2IMDSEndpointModeState = iota
|
||||
EC2IMDSEndpointModeStateIPv4
|
||||
EC2IMDSEndpointModeStateIPv6
|
||||
)
|
||||
|
||||
// SetFromString sets the EC2IMDSEndpointModeState based on the provided string value. Unknown values will default to EC2IMDSEndpointModeStateUnset
|
||||
func (e *EC2IMDSEndpointModeState) SetFromString(v string) error {
|
||||
v = strings.TrimSpace(v)
|
||||
|
||||
switch {
|
||||
case len(v) == 0:
|
||||
*e = EC2IMDSEndpointModeStateUnset
|
||||
case strings.EqualFold(v, "IPv6"):
|
||||
*e = EC2IMDSEndpointModeStateIPv6
|
||||
case strings.EqualFold(v, "IPv4"):
|
||||
*e = EC2IMDSEndpointModeStateIPv4
|
||||
default:
|
||||
return fmt.Errorf("unknown EC2 IMDS endpoint mode, must be either IPv6 or IPv4")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// STSRegionalEndpoint is an enum for the states of the STS Regional Endpoint
|
||||
|
@ -166,10 +266,25 @@ func DisableSSLOption(o *Options) {
|
|||
|
||||
// UseDualStackOption sets the UseDualStack option. Can be used as a functional
|
||||
// option when resolving endpoints.
|
||||
//
|
||||
// Deprecated: UseDualStackEndpointOption should be used to enable usage of a service's dual-stack endpoint.
|
||||
// When DualStackEndpointState is set to a non-zero value it takes higher precedence then this option.
|
||||
func UseDualStackOption(o *Options) {
|
||||
o.UseDualStack = true
|
||||
}
|
||||
|
||||
// UseDualStackEndpointOption sets the UseDualStackEndpoint option to enabled. Can be used as a functional
|
||||
// option when resolving endpoints.
|
||||
func UseDualStackEndpointOption(o *Options) {
|
||||
o.UseDualStackEndpoint = DualStackEndpointStateEnabled
|
||||
}
|
||||
|
||||
// UseFIPSEndpointOption sets the UseFIPSEndpoint option to enabled. Can be used as a functional
|
||||
// option when resolving endpoints.
|
||||
func UseFIPSEndpointOption(o *Options) {
|
||||
o.UseFIPSEndpoint = FIPSEndpointStateEnabled
|
||||
}
|
||||
|
||||
// StrictMatchingOption sets the StrictMatching option. Can be used as a functional
|
||||
// option when resolving endpoints.
|
||||
func StrictMatchingOption(o *Options) {
|
||||
|
@ -247,7 +362,7 @@ func RegionsForService(ps []Partition, partitionID, serviceID string) (map[strin
|
|||
if p.ID() != partitionID {
|
||||
continue
|
||||
}
|
||||
if _, ok := p.p.Services[serviceID]; !ok {
|
||||
if _, ok := p.p.Services[serviceID]; !(ok || serviceID == Ec2metadataServiceID) {
|
||||
break
|
||||
}
|
||||
|
||||
|
@ -333,6 +448,7 @@ func (p Partition) Regions() map[string]Region {
|
|||
// enumerating over the services in a partition.
|
||||
func (p Partition) Services() map[string]Service {
|
||||
ss := make(map[string]Service, len(p.p.Services))
|
||||
|
||||
for id := range p.p.Services {
|
||||
ss[id] = Service{
|
||||
id: id,
|
||||
|
@ -340,6 +456,15 @@ func (p Partition) Services() map[string]Service {
|
|||
}
|
||||
}
|
||||
|
||||
// Since we have removed the customization that injected this into the model
|
||||
// we still need to pretend that this is a modeled service.
|
||||
if _, ok := ss[Ec2metadataServiceID]; !ok {
|
||||
ss[Ec2metadataServiceID] = Service{
|
||||
id: Ec2metadataServiceID,
|
||||
p: p.p,
|
||||
}
|
||||
}
|
||||
|
||||
return ss
|
||||
}
|
||||
|
||||
|
@ -367,7 +492,7 @@ func (r Region) ResolveEndpoint(service string, opts ...func(*Options)) (Resolve
|
|||
func (r Region) Services() map[string]Service {
|
||||
ss := map[string]Service{}
|
||||
for id, s := range r.p.Services {
|
||||
if _, ok := s.Endpoints[r.id]; ok {
|
||||
if _, ok := s.Endpoints[endpointKey{Region: r.id}]; ok {
|
||||
ss[id] = Service{
|
||||
id: id,
|
||||
p: r.p,
|
||||
|
@ -400,10 +525,24 @@ func (s Service) ResolveEndpoint(region string, opts ...func(*Options)) (Resolve
|
|||
// an URL that can be resolved to a instance of a service.
|
||||
func (s Service) Regions() map[string]Region {
|
||||
rs := map[string]Region{}
|
||||
for id := range s.p.Services[s.id].Endpoints {
|
||||
if r, ok := s.p.Regions[id]; ok {
|
||||
rs[id] = Region{
|
||||
id: id,
|
||||
|
||||
service, ok := s.p.Services[s.id]
|
||||
|
||||
// Since ec2metadata customization has been removed we need to check
|
||||
// if it was defined in non-standard endpoints.json file. If it's not
|
||||
// then we can return the empty map as there is no regional-endpoints for IMDS.
|
||||
// Otherwise, we iterate need to iterate the non-standard model.
|
||||
if s.id == Ec2metadataServiceID && !ok {
|
||||
return rs
|
||||
}
|
||||
|
||||
for id := range service.Endpoints {
|
||||
if id.Variant != 0 {
|
||||
continue
|
||||
}
|
||||
if r, ok := s.p.Regions[id.Region]; ok {
|
||||
rs[id.Region] = Region{
|
||||
id: id.Region,
|
||||
desc: r.Description,
|
||||
p: s.p,
|
||||
}
|
||||
|
@ -421,8 +560,11 @@ func (s Service) Regions() map[string]Region {
|
|||
func (s Service) Endpoints() map[string]Endpoint {
|
||||
es := make(map[string]Endpoint, len(s.p.Services[s.id].Endpoints))
|
||||
for id := range s.p.Services[s.id].Endpoints {
|
||||
es[id] = Endpoint{
|
||||
id: id,
|
||||
if id.Variant != 0 {
|
||||
continue
|
||||
}
|
||||
es[id.Region] = Endpoint{
|
||||
id: id.Region,
|
||||
serviceID: s.id,
|
||||
p: s.p,
|
||||
}
|
||||
|
|
339
vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
generated
vendored
339
vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model.go
generated
vendored
|
@ -1,12 +1,46 @@
|
|||
package endpoints
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const (
|
||||
ec2MetadataEndpointIPv6 = "http://[fd00:ec2::254]/latest"
|
||||
ec2MetadataEndpointIPv4 = "http://169.254.169.254/latest"
|
||||
)
|
||||
|
||||
const dnsSuffixTemplateKey = "{dnsSuffix}"
|
||||
|
||||
// defaultKey is a compound map key of a variant and other values.
|
||||
type defaultKey struct {
|
||||
Variant endpointVariant
|
||||
ServiceVariant serviceVariant
|
||||
}
|
||||
|
||||
// endpointKey is a compound map key of a region and associated variant value.
|
||||
type endpointKey struct {
|
||||
Region string
|
||||
Variant endpointVariant
|
||||
}
|
||||
|
||||
// endpointVariant is a bit field to describe the endpoints attributes.
|
||||
type endpointVariant uint64
|
||||
|
||||
// serviceVariant is a bit field to describe the service endpoint attributes.
|
||||
type serviceVariant uint64
|
||||
|
||||
const (
|
||||
// fipsVariant indicates that the endpoint is FIPS capable.
|
||||
fipsVariant endpointVariant = 1 << (64 - 1 - iota)
|
||||
|
||||
// dualStackVariant indicates that the endpoint is DualStack capable.
|
||||
dualStackVariant
|
||||
)
|
||||
|
||||
var regionValidationRegex = regexp.MustCompile(`^[[:alnum:]]([[:alnum:]\-]*[[:alnum:]])?$`)
|
||||
|
||||
type partitions []partition
|
||||
|
@ -15,8 +49,12 @@ func (ps partitions) EndpointFor(service, region string, opts ...func(*Options))
|
|||
var opt Options
|
||||
opt.Set(opts...)
|
||||
|
||||
if len(opt.ResolvedRegion) > 0 {
|
||||
region = opt.ResolvedRegion
|
||||
}
|
||||
|
||||
for i := 0; i < len(ps); i++ {
|
||||
if !ps[i].canResolveEndpoint(service, region, opt.StrictMatching) {
|
||||
if !ps[i].canResolveEndpoint(service, region, opt) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
@ -44,14 +82,76 @@ func (ps partitions) Partitions() []Partition {
|
|||
return parts
|
||||
}
|
||||
|
||||
type endpointWithVariants struct {
|
||||
endpoint
|
||||
Variants []endpointWithTags `json:"variants"`
|
||||
}
|
||||
|
||||
type endpointWithTags struct {
|
||||
endpoint
|
||||
Tags []string `json:"tags"`
|
||||
}
|
||||
|
||||
type endpointDefaults map[defaultKey]endpoint
|
||||
|
||||
func (p *endpointDefaults) UnmarshalJSON(data []byte) error {
|
||||
if *p == nil {
|
||||
*p = make(endpointDefaults)
|
||||
}
|
||||
|
||||
var e endpointWithVariants
|
||||
if err := json.Unmarshal(data, &e); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
(*p)[defaultKey{Variant: 0}] = e.endpoint
|
||||
|
||||
e.Hostname = ""
|
||||
e.DNSSuffix = ""
|
||||
|
||||
for _, variant := range e.Variants {
|
||||
endpointVariant, unknown := parseVariantTags(variant.Tags)
|
||||
if unknown {
|
||||
continue
|
||||
}
|
||||
|
||||
var ve endpoint
|
||||
ve.mergeIn(e.endpoint)
|
||||
ve.mergeIn(variant.endpoint)
|
||||
|
||||
(*p)[defaultKey{Variant: endpointVariant}] = ve
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func parseVariantTags(tags []string) (ev endpointVariant, unknown bool) {
|
||||
if len(tags) == 0 {
|
||||
unknown = true
|
||||
return
|
||||
}
|
||||
|
||||
for _, tag := range tags {
|
||||
switch {
|
||||
case strings.EqualFold("fips", tag):
|
||||
ev |= fipsVariant
|
||||
case strings.EqualFold("dualstack", tag):
|
||||
ev |= dualStackVariant
|
||||
default:
|
||||
unknown = true
|
||||
}
|
||||
}
|
||||
return ev, unknown
|
||||
}
|
||||
|
||||
type partition struct {
|
||||
ID string `json:"partition"`
|
||||
Name string `json:"partitionName"`
|
||||
DNSSuffix string `json:"dnsSuffix"`
|
||||
RegionRegex regionRegex `json:"regionRegex"`
|
||||
Defaults endpoint `json:"defaults"`
|
||||
Regions regions `json:"regions"`
|
||||
Services services `json:"services"`
|
||||
ID string `json:"partition"`
|
||||
Name string `json:"partitionName"`
|
||||
DNSSuffix string `json:"dnsSuffix"`
|
||||
RegionRegex regionRegex `json:"regionRegex"`
|
||||
Defaults endpointDefaults `json:"defaults"`
|
||||
Regions regions `json:"regions"`
|
||||
Services services `json:"services"`
|
||||
}
|
||||
|
||||
func (p partition) Partition() Partition {
|
||||
|
@ -62,15 +162,18 @@ func (p partition) Partition() Partition {
|
|||
}
|
||||
}
|
||||
|
||||
func (p partition) canResolveEndpoint(service, region string, strictMatch bool) bool {
|
||||
func (p partition) canResolveEndpoint(service, region string, options Options) bool {
|
||||
s, hasService := p.Services[service]
|
||||
_, hasEndpoint := s.Endpoints[region]
|
||||
_, hasEndpoint := s.Endpoints[endpointKey{
|
||||
Region: region,
|
||||
Variant: options.getEndpointVariant(service),
|
||||
}]
|
||||
|
||||
if hasEndpoint && hasService {
|
||||
return true
|
||||
}
|
||||
|
||||
if strictMatch {
|
||||
if options.StrictMatching {
|
||||
return false
|
||||
}
|
||||
|
||||
|
@ -101,7 +204,17 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
|
|||
var opt Options
|
||||
opt.Set(opts...)
|
||||
|
||||
if len(opt.ResolvedRegion) > 0 {
|
||||
region = opt.ResolvedRegion
|
||||
}
|
||||
|
||||
s, hasService := p.Services[service]
|
||||
|
||||
if service == Ec2metadataServiceID && !hasService {
|
||||
endpoint := getEC2MetadataEndpoint(p.ID, service, opt.EC2MetadataEndpointMode)
|
||||
return endpoint, nil
|
||||
}
|
||||
|
||||
if len(service) == 0 || !(hasService || opt.ResolveUnknownService) {
|
||||
// Only return error if the resolver will not fallback to creating
|
||||
// endpoint based on service endpoint ID passed in.
|
||||
|
@ -112,21 +225,94 @@ func (p partition) EndpointFor(service, region string, opts ...func(*Options)) (
|
|||
region = s.PartitionEndpoint
|
||||
}
|
||||
|
||||
if (service == "sts" && opt.STSRegionalEndpoint != RegionalSTSEndpoint) ||
|
||||
(service == "s3" && opt.S3UsEast1RegionalEndpoint != RegionalS3UsEast1Endpoint) {
|
||||
if r, ok := isLegacyGlobalRegion(service, region, opt); ok {
|
||||
region = r
|
||||
}
|
||||
|
||||
variant := opt.getEndpointVariant(service)
|
||||
|
||||
endpoints := s.Endpoints
|
||||
|
||||
serviceDefaults, hasServiceDefault := s.Defaults[defaultKey{Variant: variant}]
|
||||
// If we searched for a variant which may have no explicit service defaults,
|
||||
// then we need to inherit the standard service defaults except the hostname and dnsSuffix
|
||||
if variant != 0 && !hasServiceDefault {
|
||||
serviceDefaults = s.Defaults[defaultKey{}]
|
||||
serviceDefaults.Hostname = ""
|
||||
serviceDefaults.DNSSuffix = ""
|
||||
}
|
||||
|
||||
partitionDefaults, hasPartitionDefault := p.Defaults[defaultKey{Variant: variant}]
|
||||
|
||||
var dnsSuffix string
|
||||
if len(serviceDefaults.DNSSuffix) > 0 {
|
||||
dnsSuffix = serviceDefaults.DNSSuffix
|
||||
} else if variant == 0 {
|
||||
// For legacy reasons the partition dnsSuffix is not in the defaults, so if we looked for
|
||||
// a non-variant endpoint then we need to set the dnsSuffix.
|
||||
dnsSuffix = p.DNSSuffix
|
||||
}
|
||||
|
||||
noDefaults := !hasServiceDefault && !hasPartitionDefault
|
||||
|
||||
e, hasEndpoint := s.endpointForRegion(region, endpoints, variant)
|
||||
if len(region) == 0 || (!hasEndpoint && (opt.StrictMatching || noDefaults)) {
|
||||
return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(endpoints, variant))
|
||||
}
|
||||
|
||||
defs := []endpoint{partitionDefaults, serviceDefaults}
|
||||
|
||||
return e.resolve(service, p.ID, region, dnsSuffixTemplateKey, dnsSuffix, defs, opt)
|
||||
}
|
||||
|
||||
func getEC2MetadataEndpoint(partitionID, service string, mode EC2IMDSEndpointModeState) ResolvedEndpoint {
|
||||
switch mode {
|
||||
case EC2IMDSEndpointModeStateIPv6:
|
||||
return ResolvedEndpoint{
|
||||
URL: ec2MetadataEndpointIPv6,
|
||||
PartitionID: partitionID,
|
||||
SigningRegion: "aws-global",
|
||||
SigningName: service,
|
||||
SigningNameDerived: true,
|
||||
SigningMethod: "v4",
|
||||
}
|
||||
case EC2IMDSEndpointModeStateIPv4:
|
||||
fallthrough
|
||||
default:
|
||||
return ResolvedEndpoint{
|
||||
URL: ec2MetadataEndpointIPv4,
|
||||
PartitionID: partitionID,
|
||||
SigningRegion: "aws-global",
|
||||
SigningName: service,
|
||||
SigningNameDerived: true,
|
||||
SigningMethod: "v4",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func isLegacyGlobalRegion(service string, region string, opt Options) (string, bool) {
|
||||
if opt.getEndpointVariant(service) != 0 {
|
||||
return "", false
|
||||
}
|
||||
|
||||
const (
|
||||
sts = "sts"
|
||||
s3 = "s3"
|
||||
awsGlobal = "aws-global"
|
||||
)
|
||||
|
||||
switch {
|
||||
case service == sts && opt.STSRegionalEndpoint == RegionalSTSEndpoint:
|
||||
return region, false
|
||||
case service == s3 && opt.S3UsEast1RegionalEndpoint == RegionalS3UsEast1Endpoint:
|
||||
return region, false
|
||||
default:
|
||||
if _, ok := legacyGlobalRegions[service][region]; ok {
|
||||
region = "aws-global"
|
||||
return awsGlobal, true
|
||||
}
|
||||
}
|
||||
|
||||
e, hasEndpoint := s.endpointForRegion(region)
|
||||
if len(region) == 0 || (!hasEndpoint && opt.StrictMatching) {
|
||||
return resolved, NewUnknownEndpointError(p.ID, service, region, endpointList(s.Endpoints))
|
||||
}
|
||||
|
||||
defs := []endpoint{p.Defaults, s.Defaults}
|
||||
|
||||
return e.resolve(service, p.ID, region, p.DNSSuffix, defs, opt)
|
||||
return region, false
|
||||
}
|
||||
|
||||
func serviceList(ss services) []string {
|
||||
|
@ -136,10 +322,13 @@ func serviceList(ss services) []string {
|
|||
}
|
||||
return list
|
||||
}
|
||||
func endpointList(es endpoints) []string {
|
||||
func endpointList(es serviceEndpoints, variant endpointVariant) []string {
|
||||
list := make([]string, 0, len(es))
|
||||
for k := range es {
|
||||
list = append(list, k)
|
||||
if k.Variant != variant {
|
||||
continue
|
||||
}
|
||||
list = append(list, k.Region)
|
||||
}
|
||||
return list
|
||||
}
|
||||
|
@ -171,19 +360,19 @@ type region struct {
|
|||
type services map[string]service
|
||||
|
||||
type service struct {
|
||||
PartitionEndpoint string `json:"partitionEndpoint"`
|
||||
IsRegionalized boxedBool `json:"isRegionalized,omitempty"`
|
||||
Defaults endpoint `json:"defaults"`
|
||||
Endpoints endpoints `json:"endpoints"`
|
||||
PartitionEndpoint string `json:"partitionEndpoint"`
|
||||
IsRegionalized boxedBool `json:"isRegionalized,omitempty"`
|
||||
Defaults endpointDefaults `json:"defaults"`
|
||||
Endpoints serviceEndpoints `json:"endpoints"`
|
||||
}
|
||||
|
||||
func (s *service) endpointForRegion(region string) (endpoint, bool) {
|
||||
if s.IsRegionalized == boxedFalse {
|
||||
return s.Endpoints[s.PartitionEndpoint], region == s.PartitionEndpoint
|
||||
func (s *service) endpointForRegion(region string, endpoints serviceEndpoints, variant endpointVariant) (endpoint, bool) {
|
||||
if e, ok := endpoints[endpointKey{Region: region, Variant: variant}]; ok {
|
||||
return e, true
|
||||
}
|
||||
|
||||
if e, ok := s.Endpoints[region]; ok {
|
||||
return e, true
|
||||
if s.IsRegionalized == boxedFalse {
|
||||
return endpoints[endpointKey{Region: s.PartitionEndpoint, Variant: variant}], region == s.PartitionEndpoint
|
||||
}
|
||||
|
||||
// Unable to find any matching endpoint, return
|
||||
|
@ -191,22 +380,73 @@ func (s *service) endpointForRegion(region string) (endpoint, bool) {
|
|||
return endpoint{}, false
|
||||
}
|
||||
|
||||
type endpoints map[string]endpoint
|
||||
type serviceEndpoints map[endpointKey]endpoint
|
||||
|
||||
func (s *serviceEndpoints) UnmarshalJSON(data []byte) error {
|
||||
if *s == nil {
|
||||
*s = make(serviceEndpoints)
|
||||
}
|
||||
|
||||
var regionToEndpoint map[string]endpointWithVariants
|
||||
|
||||
if err := json.Unmarshal(data, ®ionToEndpoint); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for region, e := range regionToEndpoint {
|
||||
(*s)[endpointKey{Region: region}] = e.endpoint
|
||||
|
||||
e.Hostname = ""
|
||||
e.DNSSuffix = ""
|
||||
|
||||
for _, variant := range e.Variants {
|
||||
endpointVariant, unknown := parseVariantTags(variant.Tags)
|
||||
if unknown {
|
||||
continue
|
||||
}
|
||||
|
||||
var ve endpoint
|
||||
ve.mergeIn(e.endpoint)
|
||||
ve.mergeIn(variant.endpoint)
|
||||
|
||||
(*s)[endpointKey{Region: region, Variant: endpointVariant}] = ve
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type endpoint struct {
|
||||
Hostname string `json:"hostname"`
|
||||
Protocols []string `json:"protocols"`
|
||||
CredentialScope credentialScope `json:"credentialScope"`
|
||||
|
||||
// Custom fields not modeled
|
||||
HasDualStack boxedBool `json:"-"`
|
||||
DualStackHostname string `json:"-"`
|
||||
DNSSuffix string `json:"dnsSuffix"`
|
||||
|
||||
// Signature Version not used
|
||||
SignatureVersions []string `json:"signatureVersions"`
|
||||
|
||||
// SSLCommonName not used.
|
||||
SSLCommonName string `json:"sslCommonName"`
|
||||
|
||||
Deprecated boxedBool `json:"deprecated"`
|
||||
}
|
||||
|
||||
// isZero returns whether the endpoint structure is an empty (zero) value.
|
||||
func (e endpoint) isZero() bool {
|
||||
switch {
|
||||
case len(e.Hostname) != 0:
|
||||
return false
|
||||
case len(e.Protocols) != 0:
|
||||
return false
|
||||
case e.CredentialScope != (credentialScope{}):
|
||||
return false
|
||||
case len(e.SignatureVersions) != 0:
|
||||
return false
|
||||
case len(e.SSLCommonName) != 0:
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
const (
|
||||
|
@ -235,7 +475,7 @@ func getByPriority(s []string, p []string, def string) string {
|
|||
return s[0]
|
||||
}
|
||||
|
||||
func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
|
||||
func (e endpoint) resolve(service, partitionID, region, dnsSuffixTemplateVariable, dnsSuffix string, defs []endpoint, opts Options) (ResolvedEndpoint, error) {
|
||||
var merged endpoint
|
||||
for _, def := range defs {
|
||||
merged.mergeIn(def)
|
||||
|
@ -256,23 +496,26 @@ func (e endpoint) resolve(service, partitionID, region, dnsSuffix string, defs [
|
|||
}
|
||||
|
||||
hostname := e.Hostname
|
||||
// Offset the hostname for dualstack if enabled
|
||||
if opts.UseDualStack && e.HasDualStack == boxedTrue {
|
||||
hostname = e.DualStackHostname
|
||||
region = signingRegion
|
||||
}
|
||||
|
||||
if !validateInputRegion(region) {
|
||||
return ResolvedEndpoint{}, fmt.Errorf("invalid region identifier format provided")
|
||||
}
|
||||
|
||||
if len(merged.DNSSuffix) > 0 {
|
||||
dnsSuffix = merged.DNSSuffix
|
||||
}
|
||||
|
||||
u := strings.Replace(hostname, "{service}", service, 1)
|
||||
u = strings.Replace(u, "{region}", region, 1)
|
||||
u = strings.Replace(u, "{dnsSuffix}", dnsSuffix, 1)
|
||||
u = strings.Replace(u, dnsSuffixTemplateVariable, dnsSuffix, 1)
|
||||
|
||||
scheme := getEndpointScheme(e.Protocols, opts.DisableSSL)
|
||||
u = fmt.Sprintf("%s://%s", scheme, u)
|
||||
|
||||
if e.Deprecated == boxedTrue && opts.LogDeprecated && opts.Logger != nil {
|
||||
opts.Logger.Log(fmt.Sprintf("endpoint identifier %q, url %q marked as deprecated", region, u))
|
||||
}
|
||||
|
||||
return ResolvedEndpoint{
|
||||
URL: u,
|
||||
PartitionID: partitionID,
|
||||
|
@ -310,11 +553,11 @@ func (e *endpoint) mergeIn(other endpoint) {
|
|||
if len(other.SSLCommonName) > 0 {
|
||||
e.SSLCommonName = other.SSLCommonName
|
||||
}
|
||||
if other.HasDualStack != boxedBoolUnset {
|
||||
e.HasDualStack = other.HasDualStack
|
||||
if len(other.DNSSuffix) > 0 {
|
||||
e.DNSSuffix = other.DNSSuffix
|
||||
}
|
||||
if len(other.DualStackHostname) > 0 {
|
||||
e.DualStackHostname = other.DualStackHostname
|
||||
if other.Deprecated != boxedBoolUnset {
|
||||
e.Deprecated = other.Deprecated
|
||||
}
|
||||
}
|
||||
|
||||
|
|
107
vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
generated
vendored
107
vendor/github.com/aws/aws-sdk-go/aws/endpoints/v3model_codegen.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build codegen
|
||||
// +build codegen
|
||||
|
||||
package endpoints
|
||||
|
@ -154,18 +155,71 @@ func serviceSet(ps partitions) map[string]struct{} {
|
|||
return set
|
||||
}
|
||||
|
||||
func endpointVariantSetter(variant endpointVariant) (string, error) {
|
||||
if variant == 0 {
|
||||
return "0", nil
|
||||
}
|
||||
|
||||
if variant > (fipsVariant | dualStackVariant) {
|
||||
return "", fmt.Errorf("unknown endpoint variant")
|
||||
}
|
||||
|
||||
var symbols []string
|
||||
if variant&fipsVariant != 0 {
|
||||
symbols = append(symbols, "fipsVariant")
|
||||
}
|
||||
if variant&dualStackVariant != 0 {
|
||||
symbols = append(symbols, "dualStackVariant")
|
||||
}
|
||||
v := strings.Join(symbols, "|")
|
||||
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func endpointKeySetter(e endpointKey) (string, error) {
|
||||
var sb strings.Builder
|
||||
sb.WriteString("endpointKey{\n")
|
||||
sb.WriteString(fmt.Sprintf("Region: %q,\n", e.Region))
|
||||
if e.Variant != 0 {
|
||||
variantSetter, err := endpointVariantSetter(e.Variant)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
|
||||
}
|
||||
sb.WriteString("}")
|
||||
return sb.String(), nil
|
||||
}
|
||||
|
||||
func defaultKeySetter(e defaultKey) (string, error) {
|
||||
var sb strings.Builder
|
||||
sb.WriteString("defaultKey{\n")
|
||||
if e.Variant != 0 {
|
||||
variantSetter, err := endpointVariantSetter(e.Variant)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
sb.WriteString(fmt.Sprintf("Variant: %s,\n", variantSetter))
|
||||
}
|
||||
sb.WriteString("}")
|
||||
return sb.String(), nil
|
||||
}
|
||||
|
||||
var funcMap = template.FuncMap{
|
||||
"ToSymbol": toSymbol,
|
||||
"QuoteString": quoteString,
|
||||
"RegionConst": regionConstName,
|
||||
"PartitionGetter": partitionGetter,
|
||||
"PartitionVarName": partitionVarName,
|
||||
"ListPartitionNames": listPartitionNames,
|
||||
"BoxedBoolIfSet": boxedBoolIfSet,
|
||||
"StringIfSet": stringIfSet,
|
||||
"StringSliceIfSet": stringSliceIfSet,
|
||||
"EndpointIsSet": endpointIsSet,
|
||||
"ServicesSet": serviceSet,
|
||||
"ToSymbol": toSymbol,
|
||||
"QuoteString": quoteString,
|
||||
"RegionConst": regionConstName,
|
||||
"PartitionGetter": partitionGetter,
|
||||
"PartitionVarName": partitionVarName,
|
||||
"ListPartitionNames": listPartitionNames,
|
||||
"BoxedBoolIfSet": boxedBoolIfSet,
|
||||
"StringIfSet": stringIfSet,
|
||||
"StringSliceIfSet": stringSliceIfSet,
|
||||
"EndpointIsSet": endpointIsSet,
|
||||
"ServicesSet": serviceSet,
|
||||
"EndpointVariantSetter": endpointVariantSetter,
|
||||
"EndpointKeySetter": endpointKeySetter,
|
||||
"DefaultKeySetter": defaultKeySetter,
|
||||
}
|
||||
|
||||
const v3Tmpl = `
|
||||
|
@ -271,9 +325,9 @@ partition{
|
|||
{{ StringIfSet "Name: %q,\n" .Name -}}
|
||||
{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
|
||||
RegionRegex: {{ template "gocode RegionRegex" .RegionRegex }},
|
||||
{{ if EndpointIsSet .Defaults -}}
|
||||
Defaults: {{ template "gocode Endpoint" .Defaults }},
|
||||
{{- end }}
|
||||
{{ if (gt (len .Defaults) 0) -}}
|
||||
Defaults: {{ template "gocode Defaults" .Defaults -}},
|
||||
{{ end -}}
|
||||
Regions: {{ template "gocode Regions" .Regions }},
|
||||
Services: {{ template "gocode Services" .Services }},
|
||||
}
|
||||
|
@ -314,19 +368,27 @@ services{
|
|||
service{
|
||||
{{ StringIfSet "PartitionEndpoint: %q,\n" .PartitionEndpoint -}}
|
||||
{{ BoxedBoolIfSet "IsRegionalized: %s,\n" .IsRegionalized -}}
|
||||
{{ if EndpointIsSet .Defaults -}}
|
||||
Defaults: {{ template "gocode Endpoint" .Defaults -}},
|
||||
{{- end }}
|
||||
{{ if (gt (len .Defaults) 0) -}}
|
||||
Defaults: {{ template "gocode Defaults" .Defaults -}},
|
||||
{{ end -}}
|
||||
{{ if .Endpoints -}}
|
||||
Endpoints: {{ template "gocode Endpoints" .Endpoints }},
|
||||
{{- end }}
|
||||
}
|
||||
{{- end }}
|
||||
|
||||
{{ define "gocode Endpoints" -}}
|
||||
endpoints{
|
||||
{{ define "gocode Defaults" -}}
|
||||
endpointDefaults{
|
||||
{{ range $id, $endpoint := . -}}
|
||||
"{{ $id }}": {{ template "gocode Endpoint" $endpoint }},
|
||||
{{ DefaultKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
|
||||
{{ end }}
|
||||
}
|
||||
{{- end }}
|
||||
|
||||
{{ define "gocode Endpoints" -}}
|
||||
serviceEndpoints{
|
||||
{{ range $id, $endpoint := . -}}
|
||||
{{ EndpointKeySetter $id }}: {{ template "gocode Endpoint" $endpoint }},
|
||||
{{ end }}
|
||||
}
|
||||
{{- end }}
|
||||
|
@ -334,6 +396,7 @@ endpoints{
|
|||
{{ define "gocode Endpoint" -}}
|
||||
endpoint{
|
||||
{{ StringIfSet "Hostname: %q,\n" .Hostname -}}
|
||||
{{ StringIfSet "DNSSuffix: %q,\n" .DNSSuffix -}}
|
||||
{{ StringIfSet "SSLCommonName: %q,\n" .SSLCommonName -}}
|
||||
{{ StringSliceIfSet "Protocols: []string{%s},\n" .Protocols -}}
|
||||
{{ StringSliceIfSet "SignatureVersions: []string{%s},\n" .SignatureVersions -}}
|
||||
|
@ -343,9 +406,7 @@ endpoint{
|
|||
{{ StringIfSet "Service: %q,\n" .CredentialScope.Service -}}
|
||||
},
|
||||
{{- end }}
|
||||
{{ BoxedBoolIfSet "HasDualStack: %s,\n" .HasDualStack -}}
|
||||
{{ StringIfSet "DualStackHostname: %q,\n" .DualStackHostname -}}
|
||||
|
||||
{{ BoxedBoolIfSet "Deprecated: %s,\n" .Deprecated -}}
|
||||
}
|
||||
{{- end }}
|
||||
`
|
||||
|
|
3
vendor/github.com/aws/aws-sdk-go/aws/logger.go
generated
vendored
3
vendor/github.com/aws/aws-sdk-go/aws/logger.go
generated
vendored
|
@ -77,6 +77,9 @@ const (
|
|||
// wire unmarshaled message content of requests and responses made while
|
||||
// using the SDK Will also enable LogDebug.
|
||||
LogDebugWithEventStreamBody
|
||||
|
||||
// LogDebugWithDeprecated states the SDK should log details about deprecated functionality.
|
||||
LogDebugWithDeprecated
|
||||
)
|
||||
|
||||
// A Logger is a minimalistic interface for the SDK to log messages to. Should
|
||||
|
|
17
vendor/github.com/aws/aws-sdk-go/aws/request/request.go
generated
vendored
17
vendor/github.com/aws/aws-sdk-go/aws/request/request.go
generated
vendored
|
@ -129,12 +129,27 @@ func New(cfg aws.Config, clientInfo metadata.ClientInfo, handlers Handlers,
|
|||
httpReq, _ := http.NewRequest(method, "", nil)
|
||||
|
||||
var err error
|
||||
httpReq.URL, err = url.Parse(clientInfo.Endpoint + operation.HTTPPath)
|
||||
httpReq.URL, err = url.Parse(clientInfo.Endpoint)
|
||||
if err != nil {
|
||||
httpReq.URL = &url.URL{}
|
||||
err = awserr.New("InvalidEndpointURL", "invalid endpoint uri", err)
|
||||
}
|
||||
|
||||
if len(operation.HTTPPath) != 0 {
|
||||
opHTTPPath := operation.HTTPPath
|
||||
var opQueryString string
|
||||
if idx := strings.Index(opHTTPPath, "?"); idx >= 0 {
|
||||
opQueryString = opHTTPPath[idx+1:]
|
||||
opHTTPPath = opHTTPPath[:idx]
|
||||
}
|
||||
|
||||
if strings.HasSuffix(httpReq.URL.Path, "/") && strings.HasPrefix(opHTTPPath, "/") {
|
||||
opHTTPPath = opHTTPPath[1:]
|
||||
}
|
||||
httpReq.URL.Path += opHTTPPath
|
||||
httpReq.URL.RawQuery = opQueryString
|
||||
}
|
||||
|
||||
r := &Request{
|
||||
Config: cfg,
|
||||
ClientInfo: clientInfo,
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_1_7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.8
|
||||
// +build !go1.8
|
||||
|
||||
package request
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.8
|
||||
// +build go1.8
|
||||
|
||||
package request
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_context.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.7
|
||||
// +build go1.7
|
||||
|
||||
package request
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/request/request_context_1_6.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package request
|
||||
|
|
64
vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
generated
vendored
64
vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go
generated
vendored
|
@ -9,12 +9,22 @@ import (
|
|||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/processcreds"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/ssocreds"
|
||||
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
|
||||
"github.com/aws/aws-sdk-go/aws/defaults"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/internal/shareddefaults"
|
||||
"github.com/aws/aws-sdk-go/service/sts"
|
||||
)
|
||||
|
||||
// CredentialsProviderOptions specifies additional options for configuring
|
||||
// credentials providers.
|
||||
type CredentialsProviderOptions struct {
|
||||
// WebIdentityRoleProviderOptions configures a WebIdentityRoleProvider,
|
||||
// such as setting its ExpiryWindow.
|
||||
WebIdentityRoleProviderOptions func(*stscreds.WebIdentityRoleProvider)
|
||||
}
|
||||
|
||||
func resolveCredentials(cfg *aws.Config,
|
||||
envCfg envConfig, sharedCfg sharedConfig,
|
||||
handlers request.Handlers,
|
||||
|
@ -39,6 +49,7 @@ func resolveCredentials(cfg *aws.Config,
|
|||
envCfg.WebIdentityTokenFilePath,
|
||||
envCfg.RoleARN,
|
||||
envCfg.RoleSessionName,
|
||||
sessOpts.CredentialsProviderOptions,
|
||||
)
|
||||
|
||||
default:
|
||||
|
@ -58,6 +69,7 @@ var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "
|
|||
func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
|
||||
filepath string,
|
||||
roleARN, sessionName string,
|
||||
credOptions *CredentialsProviderOptions,
|
||||
) (*credentials.Credentials, error) {
|
||||
|
||||
if len(filepath) == 0 {
|
||||
|
@ -68,17 +80,18 @@ func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers,
|
|||
return nil, WebIdentityEmptyRoleARNErr
|
||||
}
|
||||
|
||||
creds := stscreds.NewWebIdentityCredentials(
|
||||
&Session{
|
||||
Config: cfg,
|
||||
Handlers: handlers.Copy(),
|
||||
},
|
||||
roleARN,
|
||||
sessionName,
|
||||
filepath,
|
||||
)
|
||||
svc := sts.New(&Session{
|
||||
Config: cfg,
|
||||
Handlers: handlers.Copy(),
|
||||
})
|
||||
|
||||
return creds, nil
|
||||
var optFns []func(*stscreds.WebIdentityRoleProvider)
|
||||
if credOptions != nil && credOptions.WebIdentityRoleProviderOptions != nil {
|
||||
optFns = append(optFns, credOptions.WebIdentityRoleProviderOptions)
|
||||
}
|
||||
|
||||
p := stscreds.NewWebIdentityRoleProviderWithOptions(svc, roleARN, sessionName, stscreds.FetchTokenPath(filepath), optFns...)
|
||||
return credentials.NewCredentials(p), nil
|
||||
}
|
||||
|
||||
func resolveCredsFromProfile(cfg *aws.Config,
|
||||
|
@ -100,10 +113,6 @@ func resolveCredsFromProfile(cfg *aws.Config,
|
|||
sharedCfg.Creds,
|
||||
)
|
||||
|
||||
case len(sharedCfg.CredentialProcess) != 0:
|
||||
// Get credentials from CredentialProcess
|
||||
creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
|
||||
|
||||
case len(sharedCfg.CredentialSource) != 0:
|
||||
creds, err = resolveCredsFromSource(cfg, envCfg,
|
||||
sharedCfg, handlers, sessOpts,
|
||||
|
@ -117,8 +126,16 @@ func resolveCredsFromProfile(cfg *aws.Config,
|
|||
sharedCfg.WebIdentityTokenFile,
|
||||
sharedCfg.RoleARN,
|
||||
sharedCfg.RoleSessionName,
|
||||
sessOpts.CredentialsProviderOptions,
|
||||
)
|
||||
|
||||
case sharedCfg.hasSSOConfiguration():
|
||||
creds, err = resolveSSOCredentials(cfg, sharedCfg, handlers)
|
||||
|
||||
case len(sharedCfg.CredentialProcess) != 0:
|
||||
// Get credentials from CredentialProcess
|
||||
creds = processcreds.NewCredentials(sharedCfg.CredentialProcess)
|
||||
|
||||
default:
|
||||
// Fallback to default credentials provider, include mock errors for
|
||||
// the credential chain so user can identify why credentials failed to
|
||||
|
@ -151,6 +168,25 @@ func resolveCredsFromProfile(cfg *aws.Config,
|
|||
return creds, nil
|
||||
}
|
||||
|
||||
func resolveSSOCredentials(cfg *aws.Config, sharedCfg sharedConfig, handlers request.Handlers) (*credentials.Credentials, error) {
|
||||
if err := sharedCfg.validateSSOConfiguration(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cfgCopy := cfg.Copy()
|
||||
cfgCopy.Region = &sharedCfg.SSORegion
|
||||
|
||||
return ssocreds.NewCredentials(
|
||||
&Session{
|
||||
Config: cfgCopy,
|
||||
Handlers: handlers.Copy(),
|
||||
},
|
||||
sharedCfg.SSOAccountID,
|
||||
sharedCfg.SSORoleName,
|
||||
sharedCfg.SSOStartURL,
|
||||
), nil
|
||||
}
|
||||
|
||||
// valid credential source values
|
||||
const (
|
||||
credSourceEc2Metadata = "Ec2InstanceMetadata"
|
||||
|
|
28
vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
generated
vendored
Normal file
28
vendor/github.com/aws/aws-sdk-go/aws/session/custom_transport.go
generated
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
//go:build go1.13
|
||||
// +build go1.13
|
||||
|
||||
package session
|
||||
|
||||
import (
|
||||
"net"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Transport that should be used when a custom CA bundle is specified with the
|
||||
// SDK.
|
||||
func getCustomTransport() *http.Transport {
|
||||
return &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
DialContext: (&net.Dialer{
|
||||
Timeout: 30 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
DualStack: true,
|
||||
}).DialContext,
|
||||
ForceAttemptHTTP2: true,
|
||||
MaxIdleConns: 100,
|
||||
IdleConnTimeout: 90 * time.Second,
|
||||
TLSHandshakeTimeout: 10 * time.Second,
|
||||
ExpectContinueTimeout: 1 * time.Second,
|
||||
}
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
// +build go1.7
|
||||
//go:build !go1.13 && go1.7
|
||||
// +build !go1.13,go1.7
|
||||
|
||||
package session
|
||||
|
||||
|
@ -10,7 +11,7 @@ import (
|
|||
|
||||
// Transport that should be used when a custom CA bundle is specified with the
|
||||
// SDK.
|
||||
func getCABundleTransport() *http.Transport {
|
||||
func getCustomTransport() *http.Transport {
|
||||
return &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
DialContext: (&net.Dialer{
|
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.6 && go1.5
|
||||
// +build !go1.6,go1.5
|
||||
|
||||
package session
|
||||
|
@ -10,7 +11,7 @@ import (
|
|||
|
||||
// Transport that should be used when a custom CA bundle is specified with the
|
||||
// SDK.
|
||||
func getCABundleTransport() *http.Transport {
|
||||
func getCustomTransport() *http.Transport {
|
||||
return &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
Dial: (&net.Dialer{
|
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7 && go1.6
|
||||
// +build !go1.7,go1.6
|
||||
|
||||
package session
|
||||
|
@ -10,7 +11,7 @@ import (
|
|||
|
||||
// Transport that should be used when a custom CA bundle is specified with the
|
||||
// SDK.
|
||||
func getCABundleTransport() *http.Transport {
|
||||
func getCustomTransport() *http.Transport {
|
||||
return &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
Dial: (&net.Dialer{
|
122
vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
generated
vendored
122
vendor/github.com/aws/aws-sdk-go/aws/session/doc.go
generated
vendored
|
@ -208,6 +208,8 @@ env values as well.
|
|||
|
||||
AWS_SDK_LOAD_CONFIG=1
|
||||
|
||||
Custom Shared Config and Credential Files
|
||||
|
||||
Shared credentials file path can be set to instruct the SDK to use an alternative
|
||||
file for the shared credentials. If not set the file will be loaded from
|
||||
$HOME/.aws/credentials on Linux/Unix based systems, and
|
||||
|
@ -222,6 +224,8 @@ $HOME/.aws/config on Linux/Unix based systems, and
|
|||
|
||||
AWS_CONFIG_FILE=$HOME/my_shared_config
|
||||
|
||||
Custom CA Bundle
|
||||
|
||||
Path to a custom Credentials Authority (CA) bundle PEM file that the SDK
|
||||
will use instead of the default system's root CA bundle. Use this only
|
||||
if you want to replace the CA bundle the SDK uses for TLS requests.
|
||||
|
@ -241,5 +245,123 @@ over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
|
|||
Setting a custom HTTPClient in the aws.Config options will override this setting.
|
||||
To use this option and custom HTTP client, the HTTP client needs to be provided
|
||||
when creating the session. Not the service client.
|
||||
|
||||
Custom Client TLS Certificate
|
||||
|
||||
The SDK supports the environment and session option being configured with
|
||||
Client TLS certificates that are sent as a part of the client's TLS handshake
|
||||
for client authentication. If used, both Cert and Key values are required. If
|
||||
one is missing, or either fail to load the contents of the file an error will
|
||||
be returned.
|
||||
|
||||
HTTP Client's Transport concrete implementation must be a http.Transport
|
||||
or creating the session will fail.
|
||||
|
||||
AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
|
||||
AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
|
||||
|
||||
This can also be configured via the session.Options ClientTLSCert and ClientTLSKey.
|
||||
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
ClientTLSCert: myCertFile,
|
||||
ClientTLSKey: myKeyFile,
|
||||
})
|
||||
|
||||
Custom EC2 IMDS Endpoint
|
||||
|
||||
The endpoint of the EC2 IMDS client can be configured via the environment
|
||||
variable, AWS_EC2_METADATA_SERVICE_ENDPOINT when creating the client with a
|
||||
Session. See Options.EC2IMDSEndpoint for more details.
|
||||
|
||||
AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
|
||||
|
||||
If using an URL with an IPv6 address literal, the IPv6 address
|
||||
component must be enclosed in square brackets.
|
||||
|
||||
AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
|
||||
|
||||
The custom EC2 IMDS endpoint can also be specified via the Session options.
|
||||
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
EC2MetadataEndpoint: "http://[::1]",
|
||||
})
|
||||
|
||||
FIPS and DualStack Endpoints
|
||||
|
||||
The SDK can be configured to resolve an endpoint with certain capabilities such as FIPS and DualStack.
|
||||
|
||||
You can configure a FIPS endpoint using an environment variable, shared config ($HOME/.aws/config),
|
||||
or programmatically.
|
||||
|
||||
To configure a FIPS endpoint set the environment variable set the AWS_USE_FIPS_ENDPOINT to true or false to enable
|
||||
or disable FIPS endpoint resolution.
|
||||
|
||||
AWS_USE_FIPS_ENDPOINT=true
|
||||
|
||||
To configure a FIPS endpoint using shared config, set use_fips_endpoint to true or false to enable
|
||||
or disable FIPS endpoint resolution.
|
||||
|
||||
[profile myprofile]
|
||||
region=us-west-2
|
||||
use_fips_endpoint=true
|
||||
|
||||
To configure a FIPS endpoint programmatically
|
||||
|
||||
// Option 1: Configure it on a session for all clients
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
|
||||
})
|
||||
if err != nil {
|
||||
// handle error
|
||||
}
|
||||
|
||||
client := s3.New(sess)
|
||||
|
||||
// Option 2: Configure it per client
|
||||
sess, err := session.NewSession()
|
||||
if err != nil {
|
||||
// handle error
|
||||
}
|
||||
|
||||
client := s3.New(sess, &aws.Config{
|
||||
UseFIPSEndpoint: endpoints.FIPSEndpointStateEnabled,
|
||||
})
|
||||
|
||||
You can configure a DualStack endpoint using an environment variable, shared config ($HOME/.aws/config),
|
||||
or programmatically.
|
||||
|
||||
To configure a DualStack endpoint set the environment variable set the AWS_USE_DUALSTACK_ENDPOINT to true or false to
|
||||
enable or disable DualStack endpoint resolution.
|
||||
|
||||
AWS_USE_DUALSTACK_ENDPOINT=true
|
||||
|
||||
To configure a DualStack endpoint using shared config, set use_dualstack_endpoint to true or false to enable
|
||||
or disable DualStack endpoint resolution.
|
||||
|
||||
[profile myprofile]
|
||||
region=us-west-2
|
||||
use_dualstack_endpoint=true
|
||||
|
||||
To configure a DualStack endpoint programmatically
|
||||
|
||||
// Option 1: Configure it on a session for all clients
|
||||
sess, err := session.NewSessionWithOptions(session.Options{
|
||||
UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
|
||||
})
|
||||
if err != nil {
|
||||
// handle error
|
||||
}
|
||||
|
||||
client := s3.New(sess)
|
||||
|
||||
// Option 2: Configure it per client
|
||||
sess, err := session.NewSession()
|
||||
if err != nil {
|
||||
// handle error
|
||||
}
|
||||
|
||||
client := s3.New(sess, &aws.Config{
|
||||
UseDualStackEndpoint: endpoints.DualStackEndpointStateEnabled,
|
||||
})
|
||||
*/
|
||||
package session
|
||||
|
|
128
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
generated
vendored
128
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go
generated
vendored
|
@ -101,6 +101,18 @@ type envConfig struct {
|
|||
// AWS_CA_BUNDLE=$HOME/my_custom_ca_bundle
|
||||
CustomCABundle string
|
||||
|
||||
// Sets the TLC client certificate that should be used by the SDK's HTTP transport
|
||||
// when making requests. The certificate must be paired with a TLS client key file.
|
||||
//
|
||||
// AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
|
||||
ClientTLSCert string
|
||||
|
||||
// Sets the TLC client key that should be used by the SDK's HTTP transport
|
||||
// when making requests. The key must be paired with a TLS client certificate file.
|
||||
//
|
||||
// AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
|
||||
ClientTLSKey string
|
||||
|
||||
csmEnabled string
|
||||
CSMEnabled *bool
|
||||
CSMPort string
|
||||
|
@ -148,6 +160,28 @@ type envConfig struct {
|
|||
//
|
||||
// AWS_S3_USE_ARN_REGION=true
|
||||
S3UseARNRegion bool
|
||||
|
||||
// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
|
||||
//
|
||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
|
||||
EC2IMDSEndpoint string
|
||||
|
||||
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
|
||||
//
|
||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
|
||||
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
|
||||
|
||||
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
||||
// services.
|
||||
//
|
||||
// AWS_USE_DUALSTACK_ENDPOINT=true
|
||||
UseDualStackEndpoint endpoints.DualStackEndpointState
|
||||
|
||||
// Specifies that SDK clients must resolve a FIPS endpoint for
|
||||
// services.
|
||||
//
|
||||
// AWS_USE_FIPS_ENDPOINT=true
|
||||
UseFIPSEndpoint endpoints.FIPSEndpointState
|
||||
}
|
||||
|
||||
var (
|
||||
|
@ -211,6 +245,27 @@ var (
|
|||
s3UseARNRegionEnvKey = []string{
|
||||
"AWS_S3_USE_ARN_REGION",
|
||||
}
|
||||
ec2IMDSEndpointEnvKey = []string{
|
||||
"AWS_EC2_METADATA_SERVICE_ENDPOINT",
|
||||
}
|
||||
ec2IMDSEndpointModeEnvKey = []string{
|
||||
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
|
||||
}
|
||||
useCABundleKey = []string{
|
||||
"AWS_CA_BUNDLE",
|
||||
}
|
||||
useClientTLSCert = []string{
|
||||
"AWS_SDK_GO_CLIENT_TLS_CERT",
|
||||
}
|
||||
useClientTLSKey = []string{
|
||||
"AWS_SDK_GO_CLIENT_TLS_KEY",
|
||||
}
|
||||
awsUseDualStackEndpoint = []string{
|
||||
"AWS_USE_DUALSTACK_ENDPOINT",
|
||||
}
|
||||
awsUseFIPSEndpoint = []string{
|
||||
"AWS_USE_FIPS_ENDPOINT",
|
||||
}
|
||||
)
|
||||
|
||||
// loadEnvConfig retrieves the SDK's environment configuration.
|
||||
|
@ -294,7 +349,9 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
|
|||
cfg.SharedConfigFile = defaults.SharedConfigFilename()
|
||||
}
|
||||
|
||||
cfg.CustomCABundle = os.Getenv("AWS_CA_BUNDLE")
|
||||
setFromEnvVal(&cfg.CustomCABundle, useCABundleKey)
|
||||
setFromEnvVal(&cfg.ClientTLSCert, useClientTLSCert)
|
||||
setFromEnvVal(&cfg.ClientTLSKey, useClientTLSKey)
|
||||
|
||||
var err error
|
||||
// STS Regional Endpoint variable
|
||||
|
@ -332,6 +389,19 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
|
|||
}
|
||||
}
|
||||
|
||||
setFromEnvVal(&cfg.EC2IMDSEndpoint, ec2IMDSEndpointEnvKey)
|
||||
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
|
||||
return envConfig{}, err
|
||||
}
|
||||
|
||||
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
|
||||
return cfg, err
|
||||
}
|
||||
|
||||
if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, awsUseFIPSEndpoint); err != nil {
|
||||
return cfg, err
|
||||
}
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
|
@ -343,3 +413,59 @@ func setFromEnvVal(dst *string, keys []string) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
|
||||
for _, k := range keys {
|
||||
value := os.Getenv(k)
|
||||
if len(value) == 0 {
|
||||
continue
|
||||
}
|
||||
if err := mode.SetFromString(value); err != nil {
|
||||
return fmt.Errorf("invalid value for environment variable, %s=%s, %v", k, value, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func setUseDualStackEndpointFromEnvVal(dst *endpoints.DualStackEndpointState, keys []string) error {
|
||||
for _, k := range keys {
|
||||
value := os.Getenv(k)
|
||||
if len(value) == 0 {
|
||||
continue // skip if empty
|
||||
}
|
||||
|
||||
switch {
|
||||
case strings.EqualFold(value, "true"):
|
||||
*dst = endpoints.DualStackEndpointStateEnabled
|
||||
case strings.EqualFold(value, "false"):
|
||||
*dst = endpoints.DualStackEndpointStateDisabled
|
||||
default:
|
||||
return fmt.Errorf(
|
||||
"invalid value for environment variable, %s=%s, need true, false",
|
||||
k, value)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func setUseFIPSEndpointFromEnvVal(dst *endpoints.FIPSEndpointState, keys []string) error {
|
||||
for _, k := range keys {
|
||||
value := os.Getenv(k)
|
||||
if len(value) == 0 {
|
||||
continue // skip if empty
|
||||
}
|
||||
|
||||
switch {
|
||||
case strings.EqualFold(value, "true"):
|
||||
*dst = endpoints.FIPSEndpointStateEnabled
|
||||
case strings.EqualFold(value, "false"):
|
||||
*dst = endpoints.FIPSEndpointStateDisabled
|
||||
default:
|
||||
return fmt.Errorf(
|
||||
"invalid value for environment variable, %s=%s, need true, false",
|
||||
k, value)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
339
vendor/github.com/aws/aws-sdk-go/aws/session/session.go
generated
vendored
339
vendor/github.com/aws/aws-sdk-go/aws/session/session.go
generated
vendored
|
@ -8,6 +8,7 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
|
@ -25,11 +26,18 @@ const (
|
|||
// ErrCodeSharedConfig represents an error that occurs in the shared
|
||||
// configuration logic
|
||||
ErrCodeSharedConfig = "SharedConfigErr"
|
||||
|
||||
// ErrCodeLoadCustomCABundle error code for unable to load custom CA bundle.
|
||||
ErrCodeLoadCustomCABundle = "LoadCustomCABundleError"
|
||||
|
||||
// ErrCodeLoadClientTLSCert error code for unable to load client TLS
|
||||
// certificate or key
|
||||
ErrCodeLoadClientTLSCert = "LoadClientTLSCertError"
|
||||
)
|
||||
|
||||
// ErrSharedConfigSourceCollision will be returned if a section contains both
|
||||
// source_profile and credential_source
|
||||
var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only source profile or credential source can be specified, not both", nil)
|
||||
var ErrSharedConfigSourceCollision = awserr.New(ErrCodeSharedConfig, "only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso", nil)
|
||||
|
||||
// ErrSharedConfigECSContainerEnvVarEmpty will be returned if the environment
|
||||
// variables are empty and Environment was set as the credential source
|
||||
|
@ -48,6 +56,8 @@ var ErrSharedConfigInvalidCredSource = awserr.New(ErrCodeSharedConfig, "credenti
|
|||
type Session struct {
|
||||
Config *aws.Config
|
||||
Handlers request.Handlers
|
||||
|
||||
options Options
|
||||
}
|
||||
|
||||
// New creates a new instance of the handlers merging in the provided configs
|
||||
|
@ -99,7 +109,7 @@ func New(cfgs ...*aws.Config) *Session {
|
|||
return s
|
||||
}
|
||||
|
||||
s := deprecatedNewSession(cfgs...)
|
||||
s := deprecatedNewSession(envCfg, cfgs...)
|
||||
if envErr != nil {
|
||||
msg := "failed to load env config"
|
||||
s.logDeprecatedNewSessionError(msg, envErr, cfgs)
|
||||
|
@ -227,22 +237,78 @@ type Options struct {
|
|||
// the SDK will use instead of the default system's root CA bundle. Use this
|
||||
// only if you want to replace the CA bundle the SDK uses for TLS requests.
|
||||
//
|
||||
// Enabling this option will attempt to merge the Transport into the SDK's HTTP
|
||||
// client. If the client's Transport is not a http.Transport an error will be
|
||||
// returned. If the Transport's TLS config is set this option will cause the SDK
|
||||
// HTTP Client's Transport concrete implementation must be a http.Transport
|
||||
// or creating the session will fail.
|
||||
//
|
||||
// If the Transport's TLS config is set this option will cause the SDK
|
||||
// to overwrite the Transport's TLS config's RootCAs value. If the CA
|
||||
// bundle reader contains multiple certificates all of them will be loaded.
|
||||
//
|
||||
// The Session option CustomCABundle is also available when creating sessions
|
||||
// to also enable this feature. CustomCABundle session option field has priority
|
||||
// over the AWS_CA_BUNDLE environment variable, and will be used if both are set.
|
||||
// Can also be specified via the environment variable:
|
||||
//
|
||||
// AWS_CA_BUNDLE=$HOME/ca_bundle
|
||||
//
|
||||
// Can also be specified via the shared config field:
|
||||
//
|
||||
// ca_bundle = $HOME/ca_bundle
|
||||
CustomCABundle io.Reader
|
||||
|
||||
// Reader for the TLC client certificate that should be used by the SDK's
|
||||
// HTTP transport when making requests. The certificate must be paired with
|
||||
// a TLS client key file. Will be ignored if both are not provided.
|
||||
//
|
||||
// HTTP Client's Transport concrete implementation must be a http.Transport
|
||||
// or creating the session will fail.
|
||||
//
|
||||
// Can also be specified via the environment variable:
|
||||
//
|
||||
// AWS_SDK_GO_CLIENT_TLS_CERT=$HOME/my_client_cert
|
||||
ClientTLSCert io.Reader
|
||||
|
||||
// Reader for the TLC client key that should be used by the SDK's HTTP
|
||||
// transport when making requests. The key must be paired with a TLS client
|
||||
// certificate file. Will be ignored if both are not provided.
|
||||
//
|
||||
// HTTP Client's Transport concrete implementation must be a http.Transport
|
||||
// or creating the session will fail.
|
||||
//
|
||||
// Can also be specified via the environment variable:
|
||||
//
|
||||
// AWS_SDK_GO_CLIENT_TLS_KEY=$HOME/my_client_key
|
||||
ClientTLSKey io.Reader
|
||||
|
||||
// The handlers that the session and all API clients will be created with.
|
||||
// This must be a complete set of handlers. Use the defaults.Handlers()
|
||||
// function to initialize this value before changing the handlers to be
|
||||
// used by the SDK.
|
||||
Handlers request.Handlers
|
||||
|
||||
// Allows specifying a custom endpoint to be used by the EC2 IMDS client
|
||||
// when making requests to the EC2 IMDS API. The endpoint value should
|
||||
// include the URI scheme. If the scheme is not present it will be defaulted to http.
|
||||
//
|
||||
// If unset, will the EC2 IMDS client will use its default endpoint.
|
||||
//
|
||||
// Can also be specified via the environment variable,
|
||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT.
|
||||
//
|
||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://169.254.169.254
|
||||
//
|
||||
// If using an URL with an IPv6 address literal, the IPv6 address
|
||||
// component must be enclosed in square brackets.
|
||||
//
|
||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT=http://[::1]
|
||||
EC2IMDSEndpoint string
|
||||
|
||||
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
|
||||
//
|
||||
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
|
||||
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
|
||||
|
||||
// Specifies options for creating credential providers.
|
||||
// These are only used if the aws.Config does not already
|
||||
// include credentials.
|
||||
CredentialsProviderOptions *CredentialsProviderOptions
|
||||
}
|
||||
|
||||
// NewSessionWithOptions returns a new Session created from SDK defaults, config files,
|
||||
|
@ -300,17 +366,6 @@ func NewSessionWithOptions(opts Options) (*Session, error) {
|
|||
envCfg.EnableSharedConfig = true
|
||||
}
|
||||
|
||||
// Only use AWS_CA_BUNDLE if session option is not provided.
|
||||
if len(envCfg.CustomCABundle) != 0 && opts.CustomCABundle == nil {
|
||||
f, err := os.Open(envCfg.CustomCABundle)
|
||||
if err != nil {
|
||||
return nil, awserr.New("LoadCustomCABundleError",
|
||||
"failed to open custom CA bundle PEM file", err)
|
||||
}
|
||||
defer f.Close()
|
||||
opts.CustomCABundle = f
|
||||
}
|
||||
|
||||
return newSession(opts, envCfg, &opts.Config)
|
||||
}
|
||||
|
||||
|
@ -329,7 +384,29 @@ func Must(sess *Session, err error) *Session {
|
|||
return sess
|
||||
}
|
||||
|
||||
func deprecatedNewSession(cfgs ...*aws.Config) *Session {
|
||||
// Wraps the endpoint resolver with a resolver that will return a custom
|
||||
// endpoint for EC2 IMDS.
|
||||
func wrapEC2IMDSEndpoint(resolver endpoints.Resolver, endpoint string, mode endpoints.EC2IMDSEndpointModeState) endpoints.Resolver {
|
||||
return endpoints.ResolverFunc(
|
||||
func(service, region string, opts ...func(*endpoints.Options)) (
|
||||
endpoints.ResolvedEndpoint, error,
|
||||
) {
|
||||
if service == ec2MetadataServiceID && len(endpoint) > 0 {
|
||||
return endpoints.ResolvedEndpoint{
|
||||
URL: endpoint,
|
||||
SigningName: ec2MetadataServiceID,
|
||||
SigningRegion: region,
|
||||
}, nil
|
||||
} else if service == ec2MetadataServiceID {
|
||||
opts = append(opts, func(o *endpoints.Options) {
|
||||
o.EC2MetadataEndpointMode = mode
|
||||
})
|
||||
}
|
||||
return resolver.EndpointFor(service, region, opts...)
|
||||
})
|
||||
}
|
||||
|
||||
func deprecatedNewSession(envCfg envConfig, cfgs ...*aws.Config) *Session {
|
||||
cfg := defaults.Config()
|
||||
handlers := defaults.Handlers()
|
||||
|
||||
|
@ -341,6 +418,11 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
|
|||
// endpoints for service client configurations.
|
||||
cfg.EndpointResolver = endpoints.DefaultResolver()
|
||||
}
|
||||
|
||||
if !(len(envCfg.EC2IMDSEndpoint) == 0 && envCfg.EC2IMDSEndpointMode == endpoints.EC2IMDSEndpointModeStateUnset) {
|
||||
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, envCfg.EC2IMDSEndpoint, envCfg.EC2IMDSEndpointMode)
|
||||
}
|
||||
|
||||
cfg.Credentials = defaults.CredChain(cfg, handlers)
|
||||
|
||||
// Reapply any passed in configs to override credentials if set
|
||||
|
@ -349,6 +431,9 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
|
|||
s := &Session{
|
||||
Config: cfg,
|
||||
Handlers: handlers,
|
||||
options: Options{
|
||||
EC2IMDSEndpoint: envCfg.EC2IMDSEndpoint,
|
||||
},
|
||||
}
|
||||
|
||||
initHandlers(s)
|
||||
|
@ -415,9 +500,14 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if err := setTLSOptions(&opts, cfg, envCfg, sharedCfg); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
s := &Session{
|
||||
Config: cfg,
|
||||
Handlers: handlers,
|
||||
options: opts,
|
||||
}
|
||||
|
||||
initHandlers(s)
|
||||
|
@ -433,13 +523,6 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
|
|||
}
|
||||
}
|
||||
|
||||
// Setup HTTP client with custom cert bundle if enabled
|
||||
if opts.CustomCABundle != nil {
|
||||
if err := loadCustomCABundle(s, opts.CustomCABundle); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return s, nil
|
||||
}
|
||||
|
||||
|
@ -483,22 +566,83 @@ func loadCSMConfig(envCfg envConfig, cfgFiles []string) (csmConfig, error) {
|
|||
return csmConfig{}, nil
|
||||
}
|
||||
|
||||
func loadCustomCABundle(s *Session, bundle io.Reader) error {
|
||||
func setTLSOptions(opts *Options, cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig) error {
|
||||
// CA Bundle can be specified in both environment variable shared config file.
|
||||
var caBundleFilename = envCfg.CustomCABundle
|
||||
if len(caBundleFilename) == 0 {
|
||||
caBundleFilename = sharedCfg.CustomCABundle
|
||||
}
|
||||
|
||||
// Only use environment value if session option is not provided.
|
||||
customTLSOptions := map[string]struct {
|
||||
filename string
|
||||
field *io.Reader
|
||||
errCode string
|
||||
}{
|
||||
"custom CA bundle PEM": {filename: caBundleFilename, field: &opts.CustomCABundle, errCode: ErrCodeLoadCustomCABundle},
|
||||
"custom client TLS cert": {filename: envCfg.ClientTLSCert, field: &opts.ClientTLSCert, errCode: ErrCodeLoadClientTLSCert},
|
||||
"custom client TLS key": {filename: envCfg.ClientTLSKey, field: &opts.ClientTLSKey, errCode: ErrCodeLoadClientTLSCert},
|
||||
}
|
||||
for name, v := range customTLSOptions {
|
||||
if len(v.filename) != 0 && *v.field == nil {
|
||||
f, err := os.Open(v.filename)
|
||||
if err != nil {
|
||||
return awserr.New(v.errCode, fmt.Sprintf("failed to open %s file", name), err)
|
||||
}
|
||||
defer f.Close()
|
||||
*v.field = f
|
||||
}
|
||||
}
|
||||
|
||||
// Setup HTTP client with custom cert bundle if enabled
|
||||
if opts.CustomCABundle != nil {
|
||||
if err := loadCustomCABundle(cfg.HTTPClient, opts.CustomCABundle); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Setup HTTP client TLS certificate and key for client TLS authentication.
|
||||
if opts.ClientTLSCert != nil && opts.ClientTLSKey != nil {
|
||||
if err := loadClientTLSCert(cfg.HTTPClient, opts.ClientTLSCert, opts.ClientTLSKey); err != nil {
|
||||
return err
|
||||
}
|
||||
} else if opts.ClientTLSCert == nil && opts.ClientTLSKey == nil {
|
||||
// Do nothing if neither values are available.
|
||||
|
||||
} else {
|
||||
return awserr.New(ErrCodeLoadClientTLSCert,
|
||||
fmt.Sprintf("client TLS cert(%t) and key(%t) must both be provided",
|
||||
opts.ClientTLSCert != nil, opts.ClientTLSKey != nil), nil)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func getHTTPTransport(client *http.Client) (*http.Transport, error) {
|
||||
var t *http.Transport
|
||||
switch v := s.Config.HTTPClient.Transport.(type) {
|
||||
switch v := client.Transport.(type) {
|
||||
case *http.Transport:
|
||||
t = v
|
||||
default:
|
||||
if s.Config.HTTPClient.Transport != nil {
|
||||
return awserr.New("LoadCustomCABundleError",
|
||||
"unable to load custom CA bundle, HTTPClient's transport unsupported type", nil)
|
||||
if client.Transport != nil {
|
||||
return nil, fmt.Errorf("unsupported transport, %T", client.Transport)
|
||||
}
|
||||
}
|
||||
if t == nil {
|
||||
// Nil transport implies `http.DefaultTransport` should be used. Since
|
||||
// the SDK cannot modify, nor copy the `DefaultTransport` specifying
|
||||
// the values the next closest behavior.
|
||||
t = getCABundleTransport()
|
||||
t = getCustomTransport()
|
||||
}
|
||||
|
||||
return t, nil
|
||||
}
|
||||
|
||||
func loadCustomCABundle(client *http.Client, bundle io.Reader) error {
|
||||
t, err := getHTTPTransport(client)
|
||||
if err != nil {
|
||||
return awserr.New(ErrCodeLoadCustomCABundle,
|
||||
"unable to load custom CA bundle, HTTPClient's transport unsupported type", err)
|
||||
}
|
||||
|
||||
p, err := loadCertPool(bundle)
|
||||
|
@ -510,7 +654,7 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
|
|||
}
|
||||
t.TLSClientConfig.RootCAs = p
|
||||
|
||||
s.Config.HTTPClient.Transport = t
|
||||
client.Transport = t
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -518,19 +662,57 @@ func loadCustomCABundle(s *Session, bundle io.Reader) error {
|
|||
func loadCertPool(r io.Reader) (*x509.CertPool, error) {
|
||||
b, err := ioutil.ReadAll(r)
|
||||
if err != nil {
|
||||
return nil, awserr.New("LoadCustomCABundleError",
|
||||
return nil, awserr.New(ErrCodeLoadCustomCABundle,
|
||||
"failed to read custom CA bundle PEM file", err)
|
||||
}
|
||||
|
||||
p := x509.NewCertPool()
|
||||
if !p.AppendCertsFromPEM(b) {
|
||||
return nil, awserr.New("LoadCustomCABundleError",
|
||||
return nil, awserr.New(ErrCodeLoadCustomCABundle,
|
||||
"failed to load custom CA bundle PEM file", err)
|
||||
}
|
||||
|
||||
return p, nil
|
||||
}
|
||||
|
||||
func loadClientTLSCert(client *http.Client, certFile, keyFile io.Reader) error {
|
||||
t, err := getHTTPTransport(client)
|
||||
if err != nil {
|
||||
return awserr.New(ErrCodeLoadClientTLSCert,
|
||||
"unable to get usable HTTP transport from client", err)
|
||||
}
|
||||
|
||||
cert, err := ioutil.ReadAll(certFile)
|
||||
if err != nil {
|
||||
return awserr.New(ErrCodeLoadClientTLSCert,
|
||||
"unable to get read client TLS cert file", err)
|
||||
}
|
||||
|
||||
key, err := ioutil.ReadAll(keyFile)
|
||||
if err != nil {
|
||||
return awserr.New(ErrCodeLoadClientTLSCert,
|
||||
"unable to get read client TLS key file", err)
|
||||
}
|
||||
|
||||
clientCert, err := tls.X509KeyPair(cert, key)
|
||||
if err != nil {
|
||||
return awserr.New(ErrCodeLoadClientTLSCert,
|
||||
"unable to load x509 key pair from client cert", err)
|
||||
}
|
||||
|
||||
tlsCfg := t.TLSClientConfig
|
||||
if tlsCfg == nil {
|
||||
tlsCfg = &tls.Config{}
|
||||
}
|
||||
|
||||
tlsCfg.Certificates = append(tlsCfg.Certificates, clientCert)
|
||||
|
||||
t.TLSClientConfig = tlsCfg
|
||||
client.Transport = t
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func mergeConfigSrcs(cfg, userCfg *aws.Config,
|
||||
envCfg envConfig, sharedCfg sharedConfig,
|
||||
handlers request.Handlers,
|
||||
|
@ -570,6 +752,34 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
|
|||
endpoints.LegacyS3UsEast1Endpoint,
|
||||
})
|
||||
|
||||
var ec2IMDSEndpoint string
|
||||
for _, v := range []string{
|
||||
sessOpts.EC2IMDSEndpoint,
|
||||
envCfg.EC2IMDSEndpoint,
|
||||
sharedCfg.EC2IMDSEndpoint,
|
||||
} {
|
||||
if len(v) != 0 {
|
||||
ec2IMDSEndpoint = v
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
var endpointMode endpoints.EC2IMDSEndpointModeState
|
||||
for _, v := range []endpoints.EC2IMDSEndpointModeState{
|
||||
sessOpts.EC2IMDSEndpointMode,
|
||||
envCfg.EC2IMDSEndpointMode,
|
||||
sharedCfg.EC2IMDSEndpointMode,
|
||||
} {
|
||||
if v != endpoints.EC2IMDSEndpointModeStateUnset {
|
||||
endpointMode = v
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if len(ec2IMDSEndpoint) != 0 || endpointMode != endpoints.EC2IMDSEndpointModeStateUnset {
|
||||
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
|
||||
}
|
||||
|
||||
// Configure credentials if not already set by the user when creating the
|
||||
// Session.
|
||||
if cfg.Credentials == credentials.AnonymousCredentials && userCfg.Credentials == nil {
|
||||
|
@ -588,6 +798,20 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
|
|||
cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
|
||||
}
|
||||
|
||||
for _, v := range []endpoints.DualStackEndpointState{userCfg.UseDualStackEndpoint, envCfg.UseDualStackEndpoint, sharedCfg.UseDualStackEndpoint} {
|
||||
if v != endpoints.DualStackEndpointStateUnset {
|
||||
cfg.UseDualStackEndpoint = v
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
for _, v := range []endpoints.FIPSEndpointState{userCfg.UseFIPSEndpoint, envCfg.UseFIPSEndpoint, sharedCfg.UseFIPSEndpoint} {
|
||||
if v != endpoints.FIPSEndpointStateUnset {
|
||||
cfg.UseFIPSEndpoint = v
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -627,6 +851,7 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
|
|||
newSession := &Session{
|
||||
Config: s.Config.Copy(cfgs...),
|
||||
Handlers: s.Handlers.Copy(),
|
||||
options: s.options,
|
||||
}
|
||||
|
||||
initHandlers(newSession)
|
||||
|
@ -640,8 +865,10 @@ func (s *Session) Copy(cfgs ...*aws.Config) *Session {
|
|||
func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Config {
|
||||
s = s.Copy(cfgs...)
|
||||
|
||||
resolvedRegion := normalizeRegion(s.Config)
|
||||
|
||||
region := aws.StringValue(s.Config.Region)
|
||||
resolved, err := s.resolveEndpoint(service, region, s.Config)
|
||||
resolved, err := s.resolveEndpoint(service, region, resolvedRegion, s.Config)
|
||||
if err != nil {
|
||||
s.Handlers.Validate.PushBack(func(r *request.Request) {
|
||||
if len(r.ClientInfo.Endpoint) != 0 {
|
||||
|
@ -662,10 +889,13 @@ func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Confi
|
|||
SigningRegion: resolved.SigningRegion,
|
||||
SigningNameDerived: resolved.SigningNameDerived,
|
||||
SigningName: resolved.SigningName,
|
||||
ResolvedRegion: resolvedRegion,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
|
||||
const ec2MetadataServiceID = "ec2metadata"
|
||||
|
||||
func (s *Session) resolveEndpoint(service, region, resolvedRegion string, cfg *aws.Config) (endpoints.ResolvedEndpoint, error) {
|
||||
|
||||
if ep := aws.StringValue(cfg.Endpoint); len(ep) != 0 {
|
||||
return endpoints.ResolvedEndpoint{
|
||||
|
@ -677,7 +907,12 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp
|
|||
resolved, err := cfg.EndpointResolver.EndpointFor(service, region,
|
||||
func(opt *endpoints.Options) {
|
||||
opt.DisableSSL = aws.BoolValue(cfg.DisableSSL)
|
||||
|
||||
opt.UseDualStack = aws.BoolValue(cfg.UseDualStack)
|
||||
opt.UseDualStackEndpoint = cfg.UseDualStackEndpoint
|
||||
|
||||
opt.UseFIPSEndpoint = cfg.UseFIPSEndpoint
|
||||
|
||||
// Support for STSRegionalEndpoint where the STSRegionalEndpoint is
|
||||
// provided in envConfig or sharedConfig with envConfig getting
|
||||
// precedence.
|
||||
|
@ -691,6 +926,11 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp
|
|||
// Support the condition where the service is modeled but its
|
||||
// endpoint metadata is not available.
|
||||
opt.ResolveUnknownService = true
|
||||
|
||||
opt.ResolvedRegion = resolvedRegion
|
||||
|
||||
opt.Logger = cfg.Logger
|
||||
opt.LogDeprecated = cfg.LogLevel.Matches(aws.LogDebugWithDeprecated)
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
|
@ -706,6 +946,8 @@ func (s *Session) resolveEndpoint(service, region string, cfg *aws.Config) (endp
|
|||
func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Config {
|
||||
s = s.Copy(cfgs...)
|
||||
|
||||
resolvedRegion := normalizeRegion(s.Config)
|
||||
|
||||
var resolved endpoints.ResolvedEndpoint
|
||||
if ep := aws.StringValue(s.Config.Endpoint); len(ep) > 0 {
|
||||
resolved.URL = endpoints.AddScheme(ep, aws.BoolValue(s.Config.DisableSSL))
|
||||
|
@ -719,6 +961,7 @@ func (s *Session) ClientConfigNoResolveEndpoint(cfgs ...*aws.Config) client.Conf
|
|||
SigningRegion: resolved.SigningRegion,
|
||||
SigningNameDerived: resolved.SigningNameDerived,
|
||||
SigningName: resolved.SigningName,
|
||||
ResolvedRegion: resolvedRegion,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -732,3 +975,23 @@ func (s *Session) logDeprecatedNewSessionError(msg string, err error, cfgs []*aw
|
|||
r.Error = err
|
||||
})
|
||||
}
|
||||
|
||||
// normalizeRegion resolves / normalizes the configured region (converts pseudo fips regions), and modifies the provided
|
||||
// config to have the equivalent options for resolution and returns the resolved region name.
|
||||
func normalizeRegion(cfg *aws.Config) (resolved string) {
|
||||
const fipsInfix = "-fips-"
|
||||
const fipsPrefix = "-fips"
|
||||
const fipsSuffix = "fips-"
|
||||
|
||||
region := aws.StringValue(cfg.Region)
|
||||
|
||||
if strings.Contains(region, fipsInfix) ||
|
||||
strings.Contains(region, fipsPrefix) ||
|
||||
strings.Contains(region, fipsSuffix) {
|
||||
resolved = strings.Replace(strings.Replace(strings.Replace(
|
||||
region, fipsInfix, "-", -1), fipsPrefix, "", -1), fipsSuffix, "", -1)
|
||||
cfg.UseFIPSEndpoint = endpoints.FIPSEndpointStateEnabled
|
||||
}
|
||||
|
||||
return resolved
|
||||
}
|
||||
|
|
180
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
generated
vendored
180
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go
generated
vendored
|
@ -2,6 +2,7 @@ package session
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
|
@ -25,6 +26,12 @@ const (
|
|||
roleSessionNameKey = `role_session_name` // optional
|
||||
roleDurationSecondsKey = "duration_seconds" // optional
|
||||
|
||||
// AWS Single Sign-On (AWS SSO) group
|
||||
ssoAccountIDKey = "sso_account_id"
|
||||
ssoRegionKey = "sso_region"
|
||||
ssoRoleNameKey = "sso_role_name"
|
||||
ssoStartURL = "sso_start_url"
|
||||
|
||||
// CSM options
|
||||
csmEnabledKey = `csm_enabled`
|
||||
csmHostKey = `csm_host`
|
||||
|
@ -34,6 +41,9 @@ const (
|
|||
// Additional Config fields
|
||||
regionKey = `region`
|
||||
|
||||
// custom CA Bundle filename
|
||||
customCABundleKey = `ca_bundle`
|
||||
|
||||
// endpoint discovery group
|
||||
enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional
|
||||
|
||||
|
@ -56,10 +66,24 @@ const (
|
|||
|
||||
// S3 ARN Region Usage
|
||||
s3UseARNRegionKey = "s3_use_arn_region"
|
||||
|
||||
// EC2 IMDS Endpoint Mode
|
||||
ec2MetadataServiceEndpointModeKey = "ec2_metadata_service_endpoint_mode"
|
||||
|
||||
// EC2 IMDS Endpoint
|
||||
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
|
||||
|
||||
// Use DualStack Endpoint Resolution
|
||||
useDualStackEndpoint = "use_dualstack_endpoint"
|
||||
|
||||
// Use FIPS Endpoint Resolution
|
||||
useFIPSEndpointKey = "use_fips_endpoint"
|
||||
)
|
||||
|
||||
// sharedConfig represents the configuration fields of the SDK config files.
|
||||
type sharedConfig struct {
|
||||
Profile string
|
||||
|
||||
// Credentials values from the config file. Both aws_access_key_id and
|
||||
// aws_secret_access_key must be provided together in the same file to be
|
||||
// considered valid. The values will be ignored if not a complete group.
|
||||
|
@ -75,6 +99,11 @@ type sharedConfig struct {
|
|||
CredentialProcess string
|
||||
WebIdentityTokenFile string
|
||||
|
||||
SSOAccountID string
|
||||
SSORegion string
|
||||
SSORoleName string
|
||||
SSOStartURL string
|
||||
|
||||
RoleARN string
|
||||
RoleSessionName string
|
||||
ExternalID string
|
||||
|
@ -90,6 +119,15 @@ type sharedConfig struct {
|
|||
// region
|
||||
Region string
|
||||
|
||||
// CustomCABundle is the file path to a PEM file the SDK will read and
|
||||
// use to configure the HTTP transport with additional CA certs that are
|
||||
// not present in the platforms default CA store.
|
||||
//
|
||||
// This value will be ignored if the file does not exist.
|
||||
//
|
||||
// ca_bundle
|
||||
CustomCABundle string
|
||||
|
||||
// EnableEndpointDiscovery can be enabled in the shared config by setting
|
||||
// endpoint_discovery_enabled to true
|
||||
//
|
||||
|
@ -119,6 +157,28 @@ type sharedConfig struct {
|
|||
//
|
||||
// s3_use_arn_region=true
|
||||
S3UseARNRegion bool
|
||||
|
||||
// Specifies the EC2 Instance Metadata Service default endpoint selection mode (IPv4 or IPv6)
|
||||
//
|
||||
// ec2_metadata_service_endpoint_mode=IPv6
|
||||
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
|
||||
|
||||
// Specifies the EC2 Instance Metadata Service endpoint to use. If specified it overrides EC2IMDSEndpointMode.
|
||||
//
|
||||
// ec2_metadata_service_endpoint=http://fd00:ec2::254
|
||||
EC2IMDSEndpoint string
|
||||
|
||||
// Specifies that SDK clients must resolve a dual-stack endpoint for
|
||||
// services.
|
||||
//
|
||||
// use_dualstack_endpoint=true
|
||||
UseDualStackEndpoint endpoints.DualStackEndpointState
|
||||
|
||||
// Specifies that SDK clients must resolve a FIPS endpoint for
|
||||
// services.
|
||||
//
|
||||
// use_fips_endpoint=true
|
||||
UseFIPSEndpoint endpoints.FIPSEndpointState
|
||||
}
|
||||
|
||||
type sharedConfigFile struct {
|
||||
|
@ -177,6 +237,8 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) {
|
|||
}
|
||||
|
||||
func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error {
|
||||
cfg.Profile = profile
|
||||
|
||||
// Trim files from the list that don't exist.
|
||||
var skippedFiles int
|
||||
var profileNotFoundErr error
|
||||
|
@ -205,9 +267,9 @@ func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile s
|
|||
cfg.clearAssumeRoleOptions()
|
||||
} else {
|
||||
// First time a profile has been seen, It must either be a assume role
|
||||
// or credentials. Assert if the credential type requires a role ARN,
|
||||
// the ARN is also set.
|
||||
if err := cfg.validateCredentialsRequireARN(profile); err != nil {
|
||||
// credentials, or SSO. Assert if the credential type requires a role ARN,
|
||||
// the ARN is also set, or validate that the SSO configuration is complete.
|
||||
if err := cfg.validateCredentialsConfig(profile); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -276,6 +338,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
|
|||
updateString(&cfg.SourceProfileName, section, sourceProfileKey)
|
||||
updateString(&cfg.CredentialSource, section, credentialSourceKey)
|
||||
updateString(&cfg.Region, section, regionKey)
|
||||
updateString(&cfg.CustomCABundle, section, customCABundleKey)
|
||||
|
||||
if section.Has(roleDurationSecondsKey) {
|
||||
d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
|
||||
|
@ -299,6 +362,22 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
|
|||
}
|
||||
cfg.S3UsEast1RegionalEndpoint = sre
|
||||
}
|
||||
|
||||
// AWS Single Sign-On (AWS SSO)
|
||||
updateString(&cfg.SSOAccountID, section, ssoAccountIDKey)
|
||||
updateString(&cfg.SSORegion, section, ssoRegionKey)
|
||||
updateString(&cfg.SSORoleName, section, ssoRoleNameKey)
|
||||
updateString(&cfg.SSOStartURL, section, ssoStartURL)
|
||||
|
||||
if err := updateEC2MetadataServiceEndpointMode(&cfg.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil {
|
||||
return fmt.Errorf("failed to load %s from shared config, %s, %v",
|
||||
ec2MetadataServiceEndpointModeKey, file.Filename, err)
|
||||
}
|
||||
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
|
||||
|
||||
updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
|
||||
|
||||
updateUseFIPSEndpoint(&cfg.UseFIPSEndpoint, section, useFIPSEndpointKey)
|
||||
}
|
||||
|
||||
updateString(&cfg.CredentialProcess, section, credentialProcessKey)
|
||||
|
@ -329,6 +408,22 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
|
|||
return nil
|
||||
}
|
||||
|
||||
func updateEC2MetadataServiceEndpointMode(endpointMode *endpoints.EC2IMDSEndpointModeState, section ini.Section, key string) error {
|
||||
if !section.Has(key) {
|
||||
return nil
|
||||
}
|
||||
value := section.String(key)
|
||||
return endpointMode.SetFromString(value)
|
||||
}
|
||||
|
||||
func (cfg *sharedConfig) validateCredentialsConfig(profile string) error {
|
||||
if err := cfg.validateCredentialsRequireARN(profile); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error {
|
||||
var credSource string
|
||||
|
||||
|
@ -365,12 +460,43 @@ func (cfg *sharedConfig) validateCredentialType() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (cfg *sharedConfig) validateSSOConfiguration() error {
|
||||
if !cfg.hasSSOConfiguration() {
|
||||
return nil
|
||||
}
|
||||
|
||||
var missing []string
|
||||
if len(cfg.SSOAccountID) == 0 {
|
||||
missing = append(missing, ssoAccountIDKey)
|
||||
}
|
||||
|
||||
if len(cfg.SSORegion) == 0 {
|
||||
missing = append(missing, ssoRegionKey)
|
||||
}
|
||||
|
||||
if len(cfg.SSORoleName) == 0 {
|
||||
missing = append(missing, ssoRoleNameKey)
|
||||
}
|
||||
|
||||
if len(cfg.SSOStartURL) == 0 {
|
||||
missing = append(missing, ssoStartURL)
|
||||
}
|
||||
|
||||
if len(missing) > 0 {
|
||||
return fmt.Errorf("profile %q is configured to use SSO but is missing required configuration: %s",
|
||||
cfg.Profile, strings.Join(missing, ", "))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (cfg *sharedConfig) hasCredentials() bool {
|
||||
switch {
|
||||
case len(cfg.SourceProfileName) != 0:
|
||||
case len(cfg.CredentialSource) != 0:
|
||||
case len(cfg.CredentialProcess) != 0:
|
||||
case len(cfg.WebIdentityTokenFile) != 0:
|
||||
case cfg.hasSSOConfiguration():
|
||||
case cfg.Creds.HasKeys():
|
||||
default:
|
||||
return false
|
||||
|
@ -384,6 +510,10 @@ func (cfg *sharedConfig) clearCredentialOptions() {
|
|||
cfg.CredentialProcess = ""
|
||||
cfg.WebIdentityTokenFile = ""
|
||||
cfg.Creds = credentials.Value{}
|
||||
cfg.SSOAccountID = ""
|
||||
cfg.SSORegion = ""
|
||||
cfg.SSORoleName = ""
|
||||
cfg.SSOStartURL = ""
|
||||
}
|
||||
|
||||
func (cfg *sharedConfig) clearAssumeRoleOptions() {
|
||||
|
@ -394,6 +524,18 @@ func (cfg *sharedConfig) clearAssumeRoleOptions() {
|
|||
cfg.SourceProfileName = ""
|
||||
}
|
||||
|
||||
func (cfg *sharedConfig) hasSSOConfiguration() bool {
|
||||
switch {
|
||||
case len(cfg.SSOAccountID) != 0:
|
||||
case len(cfg.SSORegion) != 0:
|
||||
case len(cfg.SSORoleName) != 0:
|
||||
case len(cfg.SSOStartURL) != 0:
|
||||
default:
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func oneOrNone(bs ...bool) bool {
|
||||
var count int
|
||||
|
||||
|
@ -553,3 +695,35 @@ func (e CredentialRequiresARNError) OrigErr() error {
|
|||
func (e CredentialRequiresARNError) Error() string {
|
||||
return awserr.SprintError(e.Code(), e.Message(), "", nil)
|
||||
}
|
||||
|
||||
// updateEndpointDiscoveryType will only update the dst with the value in the section, if
|
||||
// a valid key and corresponding EndpointDiscoveryType is found.
|
||||
func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section ini.Section, key string) {
|
||||
if !section.Has(key) {
|
||||
return
|
||||
}
|
||||
|
||||
if section.Bool(key) {
|
||||
*dst = endpoints.DualStackEndpointStateEnabled
|
||||
} else {
|
||||
*dst = endpoints.DualStackEndpointStateDisabled
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// updateEndpointDiscoveryType will only update the dst with the value in the section, if
|
||||
// a valid key and corresponding EndpointDiscoveryType is found.
|
||||
func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section, key string) {
|
||||
if !section.Has(key) {
|
||||
return
|
||||
}
|
||||
|
||||
if section.Bool(key) {
|
||||
*dst = endpoints.FIPSEndpointStateEnabled
|
||||
} else {
|
||||
*dst = endpoints.FIPSEndpointStateDisabled
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
|
16
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
generated
vendored
16
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/header_rules.go
generated
vendored
|
@ -34,23 +34,23 @@ func (m mapRule) IsValid(value string) bool {
|
|||
return ok
|
||||
}
|
||||
|
||||
// whitelist is a generic rule for whitelisting
|
||||
type whitelist struct {
|
||||
// allowList is a generic rule for allow listing
|
||||
type allowList struct {
|
||||
rule
|
||||
}
|
||||
|
||||
// IsValid for whitelist checks if the value is within the whitelist
|
||||
func (w whitelist) IsValid(value string) bool {
|
||||
// IsValid for allow list checks if the value is within the allow list
|
||||
func (w allowList) IsValid(value string) bool {
|
||||
return w.rule.IsValid(value)
|
||||
}
|
||||
|
||||
// blacklist is a generic rule for blacklisting
|
||||
type blacklist struct {
|
||||
// excludeList is a generic rule for exclude listing
|
||||
type excludeList struct {
|
||||
rule
|
||||
}
|
||||
|
||||
// IsValid for whitelist checks if the value is within the whitelist
|
||||
func (b blacklist) IsValid(value string) bool {
|
||||
// IsValid for exclude list checks if the value is within the exclude list
|
||||
func (b excludeList) IsValid(value string) bool {
|
||||
return !b.rule.IsValid(value)
|
||||
}
|
||||
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package v4
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/request_context_go1.7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.7
|
||||
// +build go1.7
|
||||
|
||||
package v4
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/uri_path.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.5
|
||||
// +build go1.5
|
||||
|
||||
package v4
|
||||
|
|
36
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
generated
vendored
36
vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go
generated
vendored
|
@ -90,7 +90,7 @@ const (
|
|||
)
|
||||
|
||||
var ignoredHeaders = rules{
|
||||
blacklist{
|
||||
excludeList{
|
||||
mapRule{
|
||||
authorizationHeader: struct{}{},
|
||||
"User-Agent": struct{}{},
|
||||
|
@ -99,9 +99,9 @@ var ignoredHeaders = rules{
|
|||
},
|
||||
}
|
||||
|
||||
// requiredSignedHeaders is a whitelist for build canonical headers.
|
||||
// requiredSignedHeaders is a allow list for build canonical headers.
|
||||
var requiredSignedHeaders = rules{
|
||||
whitelist{
|
||||
allowList{
|
||||
mapRule{
|
||||
"Cache-Control": struct{}{},
|
||||
"Content-Disposition": struct{}{},
|
||||
|
@ -145,12 +145,13 @@ var requiredSignedHeaders = rules{
|
|||
},
|
||||
},
|
||||
patterns{"X-Amz-Meta-"},
|
||||
patterns{"X-Amz-Object-Lock-"},
|
||||
}
|
||||
|
||||
// allowedHoisting is a whitelist for build query headers. The boolean value
|
||||
// allowedHoisting is a allow list for build query headers. The boolean value
|
||||
// represents whether or not it is a pattern.
|
||||
var allowedQueryHoisting = inclusiveRules{
|
||||
blacklist{requiredSignedHeaders},
|
||||
excludeList{requiredSignedHeaders},
|
||||
patterns{"X-Amz-"},
|
||||
}
|
||||
|
||||
|
@ -417,7 +418,7 @@ var SignRequestHandler = request.NamedHandler{
|
|||
// request handler should only be used with the SDK's built in service client's
|
||||
// API operation requests.
|
||||
//
|
||||
// This function should not be used on its on its own, but in conjunction with
|
||||
// This function should not be used on its own, but in conjunction with
|
||||
// an AWS service client's API operation call. To sign a standalone request
|
||||
// not created by a service client's API operation method use the "Sign" or
|
||||
// "Presign" functions of the "Signer" type.
|
||||
|
@ -633,21 +634,25 @@ func (ctx *signingCtx) buildCanonicalHeaders(r rule, header http.Header) {
|
|||
ctx.Query.Set("X-Amz-SignedHeaders", ctx.signedHeaders)
|
||||
}
|
||||
|
||||
headerValues := make([]string, len(headers))
|
||||
headerItems := make([]string, len(headers))
|
||||
for i, k := range headers {
|
||||
if k == "host" {
|
||||
if ctx.Request.Host != "" {
|
||||
headerValues[i] = "host:" + ctx.Request.Host
|
||||
headerItems[i] = "host:" + ctx.Request.Host
|
||||
} else {
|
||||
headerValues[i] = "host:" + ctx.Request.URL.Host
|
||||
headerItems[i] = "host:" + ctx.Request.URL.Host
|
||||
}
|
||||
} else {
|
||||
headerValues[i] = k + ":" +
|
||||
strings.Join(ctx.SignedHeaderVals[k], ",")
|
||||
headerValues := make([]string, len(ctx.SignedHeaderVals[k]))
|
||||
for i, v := range ctx.SignedHeaderVals[k] {
|
||||
headerValues[i] = strings.TrimSpace(v)
|
||||
}
|
||||
headerItems[i] = k + ":" +
|
||||
strings.Join(headerValues, ",")
|
||||
}
|
||||
}
|
||||
stripExcessSpaces(headerValues)
|
||||
ctx.canonicalHeaders = strings.Join(headerValues, "\n")
|
||||
stripExcessSpaces(headerItems)
|
||||
ctx.canonicalHeaders = strings.Join(headerItems, "\n")
|
||||
}
|
||||
|
||||
func (ctx *signingCtx) buildCanonicalString() {
|
||||
|
@ -689,9 +694,12 @@ func (ctx *signingCtx) buildBodyDigest() error {
|
|||
if hash == "" {
|
||||
includeSHA256Header := ctx.unsignedPayload ||
|
||||
ctx.ServiceName == "s3" ||
|
||||
ctx.ServiceName == "s3-object-lambda" ||
|
||||
ctx.ServiceName == "glacier"
|
||||
|
||||
s3Presign := ctx.isPresign && ctx.ServiceName == "s3"
|
||||
s3Presign := ctx.isPresign &&
|
||||
(ctx.ServiceName == "s3" ||
|
||||
ctx.ServiceName == "s3-object-lambda")
|
||||
|
||||
if ctx.unsignedPayload || s3Presign {
|
||||
hash = "UNSIGNED-PAYLOAD"
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/url.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/url.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.8
|
||||
// +build go1.8
|
||||
|
||||
package aws
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/aws/url_1_7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.8
|
||||
// +build !go1.8
|
||||
|
||||
package aws
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/aws/version.go
generated
vendored
|
@ -5,4 +5,4 @@ package aws
|
|||
const SDKName = "aws-sdk-go"
|
||||
|
||||
// SDKVersion is the version of this SDK
|
||||
const SDKVersion = "1.34.9"
|
||||
const SDKVersion = "1.42.27"
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/context/background_go1.5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package context
|
||||
|
|
33
vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
generated
vendored
33
vendor/github.com/aws/aws-sdk-go/internal/ini/doc.go
generated
vendored
|
@ -13,17 +13,30 @@
|
|||
// }
|
||||
//
|
||||
// Below is the BNF that describes this parser
|
||||
// Grammar:
|
||||
// stmt -> value stmt'
|
||||
// stmt' -> epsilon | op stmt
|
||||
// value -> number | string | boolean | quoted_string
|
||||
// Grammar:
|
||||
// stmt -> section | stmt'
|
||||
// stmt' -> epsilon | expr
|
||||
// expr -> value (stmt)* | equal_expr (stmt)*
|
||||
// equal_expr -> value ( ':' | '=' ) equal_expr'
|
||||
// equal_expr' -> number | string | quoted_string
|
||||
// quoted_string -> " quoted_string'
|
||||
// quoted_string' -> string quoted_string_end
|
||||
// quoted_string_end -> "
|
||||
//
|
||||
// section -> [ section'
|
||||
// section' -> value section_close
|
||||
// section_close -> ]
|
||||
// section -> [ section'
|
||||
// section' -> section_value section_close
|
||||
// section_value -> number | string_subset | boolean | quoted_string_subset
|
||||
// quoted_string_subset -> " quoted_string_subset'
|
||||
// quoted_string_subset' -> string_subset quoted_string_end
|
||||
// quoted_string_subset -> "
|
||||
// section_close -> ]
|
||||
//
|
||||
// SkipState will skip (NL WS)+
|
||||
// value -> number | string_subset | boolean
|
||||
// string -> ? UTF-8 Code-Points except '\n' (U+000A) and '\r\n' (U+000D U+000A) ?
|
||||
// string_subset -> ? Code-points excepted by <string> grammar except ':' (U+003A), '=' (U+003D), '[' (U+005B), and ']' (U+005D) ?
|
||||
//
|
||||
// comment -> # comment' | ; comment'
|
||||
// comment' -> epsilon | value
|
||||
// SkipState will skip (NL WS)+
|
||||
//
|
||||
// comment -> # comment' | ; comment'
|
||||
// comment' -> epsilon | value
|
||||
package ini
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/ini/fuzz.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build gofuzz
|
||||
// +build gofuzz
|
||||
|
||||
package ini
|
||||
|
|
50
vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
generated
vendored
50
vendor/github.com/aws/aws-sdk-go/internal/ini/ini_parser.go
generated
vendored
|
@ -5,9 +5,12 @@ import (
|
|||
"io"
|
||||
)
|
||||
|
||||
// ParseState represents the current state of the parser.
|
||||
type ParseState uint
|
||||
|
||||
// State enums for the parse table
|
||||
const (
|
||||
InvalidState = iota
|
||||
InvalidState ParseState = iota
|
||||
// stmt -> value stmt'
|
||||
StatementState
|
||||
// stmt' -> MarkComplete | op stmt
|
||||
|
@ -36,8 +39,8 @@ const (
|
|||
)
|
||||
|
||||
// parseTable is a state machine to dictate the grammar above.
|
||||
var parseTable = map[ASTKind]map[TokenType]int{
|
||||
ASTKindStart: map[TokenType]int{
|
||||
var parseTable = map[ASTKind]map[TokenType]ParseState{
|
||||
ASTKindStart: {
|
||||
TokenLit: StatementState,
|
||||
TokenSep: OpenScopeState,
|
||||
TokenWS: SkipTokenState,
|
||||
|
@ -45,7 +48,7 @@ var parseTable = map[ASTKind]map[TokenType]int{
|
|||
TokenComment: CommentState,
|
||||
TokenNone: TerminalState,
|
||||
},
|
||||
ASTKindCommentStatement: map[TokenType]int{
|
||||
ASTKindCommentStatement: {
|
||||
TokenLit: StatementState,
|
||||
TokenSep: OpenScopeState,
|
||||
TokenWS: SkipTokenState,
|
||||
|
@ -53,7 +56,7 @@ var parseTable = map[ASTKind]map[TokenType]int{
|
|||
TokenComment: CommentState,
|
||||
TokenNone: MarkCompleteState,
|
||||
},
|
||||
ASTKindExpr: map[TokenType]int{
|
||||
ASTKindExpr: {
|
||||
TokenOp: StatementPrimeState,
|
||||
TokenLit: ValueState,
|
||||
TokenSep: OpenScopeState,
|
||||
|
@ -62,12 +65,15 @@ var parseTable = map[ASTKind]map[TokenType]int{
|
|||
TokenComment: CommentState,
|
||||
TokenNone: MarkCompleteState,
|
||||
},
|
||||
ASTKindEqualExpr: map[TokenType]int{
|
||||
TokenLit: ValueState,
|
||||
TokenWS: SkipTokenState,
|
||||
TokenNL: SkipState,
|
||||
ASTKindEqualExpr: {
|
||||
TokenLit: ValueState,
|
||||
TokenSep: ValueState,
|
||||
TokenOp: ValueState,
|
||||
TokenWS: SkipTokenState,
|
||||
TokenNL: SkipState,
|
||||
TokenNone: SkipState,
|
||||
},
|
||||
ASTKindStatement: map[TokenType]int{
|
||||
ASTKindStatement: {
|
||||
TokenLit: SectionState,
|
||||
TokenSep: CloseScopeState,
|
||||
TokenWS: SkipTokenState,
|
||||
|
@ -75,9 +81,9 @@ var parseTable = map[ASTKind]map[TokenType]int{
|
|||
TokenComment: CommentState,
|
||||
TokenNone: MarkCompleteState,
|
||||
},
|
||||
ASTKindExprStatement: map[TokenType]int{
|
||||
ASTKindExprStatement: {
|
||||
TokenLit: ValueState,
|
||||
TokenSep: OpenScopeState,
|
||||
TokenSep: ValueState,
|
||||
TokenOp: ValueState,
|
||||
TokenWS: ValueState,
|
||||
TokenNL: MarkCompleteState,
|
||||
|
@ -85,14 +91,14 @@ var parseTable = map[ASTKind]map[TokenType]int{
|
|||
TokenNone: TerminalState,
|
||||
TokenComma: SkipState,
|
||||
},
|
||||
ASTKindSectionStatement: map[TokenType]int{
|
||||
ASTKindSectionStatement: {
|
||||
TokenLit: SectionState,
|
||||
TokenOp: SectionState,
|
||||
TokenSep: CloseScopeState,
|
||||
TokenWS: SectionState,
|
||||
TokenNL: SkipTokenState,
|
||||
},
|
||||
ASTKindCompletedSectionStatement: map[TokenType]int{
|
||||
ASTKindCompletedSectionStatement: {
|
||||
TokenWS: SkipTokenState,
|
||||
TokenNL: SkipTokenState,
|
||||
TokenLit: StatementState,
|
||||
|
@ -100,7 +106,7 @@ var parseTable = map[ASTKind]map[TokenType]int{
|
|||
TokenComment: CommentState,
|
||||
TokenNone: MarkCompleteState,
|
||||
},
|
||||
ASTKindSkipStatement: map[TokenType]int{
|
||||
ASTKindSkipStatement: {
|
||||
TokenLit: StatementState,
|
||||
TokenSep: OpenScopeState,
|
||||
TokenWS: SkipTokenState,
|
||||
|
@ -204,18 +210,6 @@ loop:
|
|||
case ValueState:
|
||||
// ValueState requires the previous state to either be an equal expression
|
||||
// or an expression statement.
|
||||
//
|
||||
// This grammar occurs when the RHS is a number, word, or quoted string.
|
||||
// equal_expr -> lit op equal_expr'
|
||||
// equal_expr' -> number | string | quoted_string
|
||||
// quoted_string -> " quoted_string'
|
||||
// quoted_string' -> string quoted_string_end
|
||||
// quoted_string_end -> "
|
||||
//
|
||||
// otherwise
|
||||
// expr_stmt -> equal_expr (expr_stmt')*
|
||||
// expr_stmt' -> ws S | op S | MarkComplete
|
||||
// S -> equal_expr' expr_stmt'
|
||||
switch k.Kind {
|
||||
case ASTKindEqualExpr:
|
||||
// assigning a value to some key
|
||||
|
@ -242,7 +236,7 @@ loop:
|
|||
}
|
||||
|
||||
children[len(children)-1] = rhs
|
||||
k.SetChildren(children)
|
||||
root.SetChildren(children)
|
||||
|
||||
stack.Push(k)
|
||||
}
|
||||
|
|
20
vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
generated
vendored
20
vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go
generated
vendored
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
"unicode"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -18,7 +19,7 @@ var literalValues = [][]rune{
|
|||
|
||||
func isBoolValue(b []rune) bool {
|
||||
for _, lv := range literalValues {
|
||||
if isLitValue(lv, b) {
|
||||
if isCaselessLitValue(lv, b) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
@ -39,6 +40,21 @@ func isLitValue(want, have []rune) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
|
||||
func isCaselessLitValue(want, have []rune) bool {
|
||||
if len(have) < len(want) {
|
||||
return false
|
||||
}
|
||||
|
||||
for i := 0; i < len(want); i++ {
|
||||
if want[i] != unicode.ToLower(have[i]) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// isNumberValue will return whether not the leading characters in
|
||||
// a byte slice is a number. A number is delimited by whitespace or
|
||||
// the newline token.
|
||||
|
@ -177,7 +193,7 @@ func newValue(t ValueType, base int, raw []rune) (Value, error) {
|
|||
case QuotedStringType:
|
||||
v.str = string(raw[1 : len(raw)-1])
|
||||
case BoolType:
|
||||
v.boolean = runeCompare(v.raw, runesTrue)
|
||||
v.boolean = isCaselessLitValue(runesTrue, v.raw)
|
||||
}
|
||||
|
||||
// issue 2253
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/internal/ini/value_util.go
generated
vendored
|
@ -57,7 +57,7 @@ func getBoolValue(b []rune) (int, error) {
|
|||
continue
|
||||
}
|
||||
|
||||
if isLitValue(lv, b) {
|
||||
if isCaselessLitValue(lv, b) {
|
||||
n = len(lv)
|
||||
}
|
||||
}
|
||||
|
|
5
vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
generated
vendored
5
vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go
generated
vendored
|
@ -50,7 +50,10 @@ func (v *DefaultVisitor) VisitExpr(expr AST) error {
|
|||
|
||||
rhs := children[1]
|
||||
|
||||
if rhs.Root.Type() != TokenLit {
|
||||
// The right-hand value side the equality expression is allowed to contain '[', ']', ':', '=' in the values.
|
||||
// If the token is not either a literal or one of the token types that identifies those four additional
|
||||
// tokens then error.
|
||||
if !(rhs.Root.Type() == TokenLit || rhs.Root.Type() == TokenOp || rhs.Root.Type() == TokenSep) {
|
||||
return NewParseError("unexpected token type")
|
||||
}
|
||||
|
||||
|
|
|
@ -19,23 +19,28 @@ func (a AccessPointARN) GetARN() arn.ARN {
|
|||
|
||||
// ParseAccessPointResource attempts to parse the ARN's resource as an
|
||||
// AccessPoint resource.
|
||||
//
|
||||
// Supported Access point resource format:
|
||||
// - Access point format: arn:{partition}:s3:{region}:{accountId}:accesspoint/{accesspointName}
|
||||
// - example: arn.aws.s3.us-west-2.012345678901:accesspoint/myaccesspoint
|
||||
//
|
||||
func ParseAccessPointResource(a arn.ARN, resParts []string) (AccessPointARN, error) {
|
||||
if len(a.Region) == 0 {
|
||||
return AccessPointARN{}, InvalidARNError{a, "region not set"}
|
||||
return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "region not set"}
|
||||
}
|
||||
if len(a.AccountID) == 0 {
|
||||
return AccessPointARN{}, InvalidARNError{a, "account-id not set"}
|
||||
return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "account-id not set"}
|
||||
}
|
||||
if len(resParts) == 0 {
|
||||
return AccessPointARN{}, InvalidARNError{a, "resource-id not set"}
|
||||
return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "resource-id not set"}
|
||||
}
|
||||
if len(resParts) > 1 {
|
||||
return AccessPointARN{}, InvalidARNError{a, "sub resource not supported"}
|
||||
return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "sub resource not supported"}
|
||||
}
|
||||
|
||||
resID := resParts[0]
|
||||
if len(strings.TrimSpace(resID)) == 0 {
|
||||
return AccessPointARN{}, InvalidARNError{a, "resource-id not set"}
|
||||
return AccessPointARN{}, InvalidARNError{ARN: a, Reason: "resource-id not set"}
|
||||
}
|
||||
|
||||
return AccessPointARN{
|
|
@ -1,11 +1,27 @@
|
|||
package arn
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/arn"
|
||||
)
|
||||
|
||||
var supportedServiceARN = []string{
|
||||
"s3",
|
||||
"s3-outposts",
|
||||
"s3-object-lambda",
|
||||
}
|
||||
|
||||
func isSupportedServiceARN(service string) bool {
|
||||
for _, name := range supportedServiceARN {
|
||||
if name == service {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Resource provides the interfaces abstracting ARNs of specific resource
|
||||
// types.
|
||||
type Resource interface {
|
||||
|
@ -25,13 +41,19 @@ func ParseResource(s string, resParser ResourceParser) (resARN Resource, err err
|
|||
}
|
||||
|
||||
if len(a.Partition) == 0 {
|
||||
return nil, InvalidARNError{a, "partition not set"}
|
||||
return nil, InvalidARNError{ARN: a, Reason: "partition not set"}
|
||||
}
|
||||
if a.Service != "s3" {
|
||||
return nil, InvalidARNError{a, "service is not S3"}
|
||||
|
||||
if !isSupportedServiceARN(a.Service) {
|
||||
return nil, InvalidARNError{ARN: a, Reason: "service is not supported"}
|
||||
}
|
||||
|
||||
if strings.HasPrefix(a.Region, "fips-") || strings.HasSuffix(a.Region, "-fips") {
|
||||
return nil, InvalidARNError{ARN: a, Reason: "FIPS region not allowed in ARN"}
|
||||
}
|
||||
|
||||
if len(a.Resource) == 0 {
|
||||
return nil, InvalidARNError{a, "resource not set"}
|
||||
return nil, InvalidARNError{ARN: a, Reason: "resource not set"}
|
||||
}
|
||||
|
||||
return resParser(a)
|
||||
|
@ -66,6 +88,7 @@ type InvalidARNError struct {
|
|||
Reason string
|
||||
}
|
||||
|
||||
// Error returns a string denoting the occurred InvalidARNError
|
||||
func (e InvalidARNError) Error() string {
|
||||
return "invalid Amazon S3 ARN, " + e.Reason + ", " + e.ARN.String()
|
||||
return fmt.Sprintf("invalid Amazon %s ARN, %s, %s", e.ARN.Service, e.Reason, e.ARN.String())
|
||||
}
|
126
vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
generated
vendored
Normal file
126
vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/outpost_arn.go
generated
vendored
Normal file
|
@ -0,0 +1,126 @@
|
|||
package arn
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/arn"
|
||||
)
|
||||
|
||||
// OutpostARN interface that should be satisfied by outpost ARNs
|
||||
type OutpostARN interface {
|
||||
Resource
|
||||
GetOutpostID() string
|
||||
}
|
||||
|
||||
// ParseOutpostARNResource will parse a provided ARNs resource using the appropriate ARN format
|
||||
// and return a specific OutpostARN type
|
||||
//
|
||||
// Currently supported outpost ARN formats:
|
||||
// * Outpost AccessPoint ARN format:
|
||||
// - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
|
||||
// - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
|
||||
//
|
||||
// * Outpost Bucket ARN format:
|
||||
// - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/bucket/{bucketName}
|
||||
// - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/bucket/mybucket
|
||||
//
|
||||
// Other outpost ARN formats may be supported and added in the future.
|
||||
//
|
||||
func ParseOutpostARNResource(a arn.ARN, resParts []string) (OutpostARN, error) {
|
||||
if len(a.Region) == 0 {
|
||||
return nil, InvalidARNError{ARN: a, Reason: "region not set"}
|
||||
}
|
||||
|
||||
if len(a.AccountID) == 0 {
|
||||
return nil, InvalidARNError{ARN: a, Reason: "account-id not set"}
|
||||
}
|
||||
|
||||
// verify if outpost id is present and valid
|
||||
if len(resParts) == 0 || len(strings.TrimSpace(resParts[0])) == 0 {
|
||||
return nil, InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
|
||||
}
|
||||
|
||||
// verify possible resource type exists
|
||||
if len(resParts) < 3 {
|
||||
return nil, InvalidARNError{
|
||||
ARN: a, Reason: "incomplete outpost resource type. Expected bucket or access-point resource to be present",
|
||||
}
|
||||
}
|
||||
|
||||
// Since we know this is a OutpostARN fetch outpostID
|
||||
outpostID := strings.TrimSpace(resParts[0])
|
||||
|
||||
switch resParts[1] {
|
||||
case "accesspoint":
|
||||
accesspointARN, err := ParseAccessPointResource(a, resParts[2:])
|
||||
if err != nil {
|
||||
return OutpostAccessPointARN{}, err
|
||||
}
|
||||
return OutpostAccessPointARN{
|
||||
AccessPointARN: accesspointARN,
|
||||
OutpostID: outpostID,
|
||||
}, nil
|
||||
|
||||
case "bucket":
|
||||
bucketName, err := parseBucketResource(a, resParts[2:])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return OutpostBucketARN{
|
||||
ARN: a,
|
||||
BucketName: bucketName,
|
||||
OutpostID: outpostID,
|
||||
}, nil
|
||||
|
||||
default:
|
||||
return nil, InvalidARNError{ARN: a, Reason: "unknown resource set for outpost ARN"}
|
||||
}
|
||||
}
|
||||
|
||||
// OutpostAccessPointARN represents outpost access point ARN.
|
||||
type OutpostAccessPointARN struct {
|
||||
AccessPointARN
|
||||
OutpostID string
|
||||
}
|
||||
|
||||
// GetOutpostID returns the outpost id of outpost access point arn
|
||||
func (o OutpostAccessPointARN) GetOutpostID() string {
|
||||
return o.OutpostID
|
||||
}
|
||||
|
||||
// OutpostBucketARN represents the outpost bucket ARN.
|
||||
type OutpostBucketARN struct {
|
||||
arn.ARN
|
||||
BucketName string
|
||||
OutpostID string
|
||||
}
|
||||
|
||||
// GetOutpostID returns the outpost id of outpost bucket arn
|
||||
func (o OutpostBucketARN) GetOutpostID() string {
|
||||
return o.OutpostID
|
||||
}
|
||||
|
||||
// GetARN retrives the base ARN from outpost bucket ARN resource
|
||||
func (o OutpostBucketARN) GetARN() arn.ARN {
|
||||
return o.ARN
|
||||
}
|
||||
|
||||
// parseBucketResource attempts to parse the ARN's bucket resource and retrieve the
|
||||
// bucket resource id.
|
||||
//
|
||||
// parseBucketResource only parses the bucket resource id.
|
||||
//
|
||||
func parseBucketResource(a arn.ARN, resParts []string) (bucketName string, err error) {
|
||||
if len(resParts) == 0 {
|
||||
return bucketName, InvalidARNError{ARN: a, Reason: "bucket resource-id not set"}
|
||||
}
|
||||
if len(resParts) > 1 {
|
||||
return bucketName, InvalidARNError{ARN: a, Reason: "sub resource not supported"}
|
||||
}
|
||||
|
||||
bucketName = strings.TrimSpace(resParts[0])
|
||||
if len(bucketName) == 0 {
|
||||
return bucketName, InvalidARNError{ARN: a, Reason: "bucket resource-id not set"}
|
||||
}
|
||||
return bucketName, err
|
||||
}
|
15
vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
generated
vendored
Normal file
15
vendor/github.com/aws/aws-sdk-go/internal/s3shared/arn/s3_object_lambda_arn.go
generated
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
package arn
|
||||
|
||||
// S3ObjectLambdaARN represents an ARN for the s3-object-lambda service
|
||||
type S3ObjectLambdaARN interface {
|
||||
Resource
|
||||
|
||||
isS3ObjectLambdasARN()
|
||||
}
|
||||
|
||||
// S3ObjectLambdaAccessPointARN is an S3ObjectLambdaARN for the Access Point resource type
|
||||
type S3ObjectLambdaAccessPointARN struct {
|
||||
AccessPointARN
|
||||
}
|
||||
|
||||
func (s S3ObjectLambdaAccessPointARN) isS3ObjectLambdasARN() {}
|
202
vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
generated
vendored
Normal file
202
vendor/github.com/aws/aws-sdk-go/internal/s3shared/endpoint_errors.go
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
|||
package s3shared
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared/arn"
|
||||
)
|
||||
|
||||
const (
|
||||
invalidARNErrorErrCode = "InvalidARNError"
|
||||
configurationErrorErrCode = "ConfigurationError"
|
||||
)
|
||||
|
||||
// InvalidARNError denotes the error for Invalid ARN
|
||||
type InvalidARNError struct {
|
||||
message string
|
||||
resource arn.Resource
|
||||
origErr error
|
||||
}
|
||||
|
||||
// Error returns the InvalidARNError
|
||||
func (e InvalidARNError) Error() string {
|
||||
var extra string
|
||||
if e.resource != nil {
|
||||
extra = "ARN: " + e.resource.String()
|
||||
}
|
||||
return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
|
||||
}
|
||||
|
||||
// Code returns the invalid ARN error code
|
||||
func (e InvalidARNError) Code() string {
|
||||
return invalidARNErrorErrCode
|
||||
}
|
||||
|
||||
// Message returns the message for Invalid ARN error
|
||||
func (e InvalidARNError) Message() string {
|
||||
return e.message
|
||||
}
|
||||
|
||||
// OrigErr is the original error wrapped by Invalid ARN Error
|
||||
func (e InvalidARNError) OrigErr() error {
|
||||
return e.origErr
|
||||
}
|
||||
|
||||
// NewInvalidARNError denotes invalid arn error
|
||||
func NewInvalidARNError(resource arn.Resource, err error) InvalidARNError {
|
||||
return InvalidARNError{
|
||||
message: "invalid ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
}
|
||||
}
|
||||
|
||||
// NewInvalidARNWithCustomEndpointError ARN not supported for custom clients endpoints
|
||||
func NewInvalidARNWithCustomEndpointError(resource arn.Resource, err error) InvalidARNError {
|
||||
return InvalidARNError{
|
||||
message: "resource ARN not supported with custom client endpoints",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
}
|
||||
}
|
||||
|
||||
// NewInvalidARNWithUnsupportedPartitionError ARN not supported for the target partition
|
||||
func NewInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) InvalidARNError {
|
||||
return InvalidARNError{
|
||||
message: "resource ARN not supported for the target ARN partition",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
}
|
||||
}
|
||||
|
||||
// NewInvalidARNWithFIPSError ARN not supported for FIPS region
|
||||
//
|
||||
// Deprecated: FIPS will not appear in the ARN region component.
|
||||
func NewInvalidARNWithFIPSError(resource arn.Resource, err error) InvalidARNError {
|
||||
return InvalidARNError{
|
||||
message: "resource ARN not supported for FIPS region",
|
||||
resource: resource,
|
||||
origErr: err,
|
||||
}
|
||||
}
|
||||
|
||||
// ConfigurationError is used to denote a client configuration error
|
||||
type ConfigurationError struct {
|
||||
message string
|
||||
resource arn.Resource
|
||||
clientPartitionID string
|
||||
clientRegion string
|
||||
origErr error
|
||||
}
|
||||
|
||||
// Error returns the Configuration error string
|
||||
func (e ConfigurationError) Error() string {
|
||||
extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s",
|
||||
e.resource, e.clientPartitionID, e.clientRegion)
|
||||
|
||||
return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
|
||||
}
|
||||
|
||||
// Code returns configuration error's error-code
|
||||
func (e ConfigurationError) Code() string {
|
||||
return configurationErrorErrCode
|
||||
}
|
||||
|
||||
// Message returns the configuration error message
|
||||
func (e ConfigurationError) Message() string {
|
||||
return e.message
|
||||
}
|
||||
|
||||
// OrigErr is the original error wrapped by Configuration Error
|
||||
func (e ConfigurationError) OrigErr() error {
|
||||
return e.origErr
|
||||
}
|
||||
|
||||
// NewClientPartitionMismatchError stub
|
||||
func NewClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "client partition does not match provided ARN partition",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewClientRegionMismatchError denotes cross region access error
|
||||
func NewClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "client region does not match provided ARN region",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewFailedToResolveEndpointError denotes endpoint resolving error
|
||||
func NewFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "endpoint resolver failed to find an endpoint for the provided ARN region",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewClientConfiguredForFIPSError denotes client config error for unsupported cross region FIPS access
|
||||
func NewClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "client configured for fips but cross-region resource ARN provided",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewFIPSConfigurationError denotes a configuration error when a client or request is configured for FIPS
|
||||
func NewFIPSConfigurationError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "use of ARN is not supported when client or request is configured for FIPS",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewClientConfiguredForAccelerateError denotes client config error for unsupported S3 accelerate
|
||||
func NewClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "client configured for S3 Accelerate but is not supported with resource ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewClientConfiguredForCrossRegionFIPSError denotes client config error for unsupported cross region FIPS request
|
||||
func NewClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
// NewClientConfiguredForDualStackError denotes client config error for unsupported S3 Dual-stack
|
||||
func NewClientConfiguredForDualStackError(resource arn.Resource, clientPartitionID, clientRegion string, err error) ConfigurationError {
|
||||
return ConfigurationError{
|
||||
message: "client configured for S3 Dual-stack but is not supported with resource ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
45
vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
generated
vendored
Normal file
45
vendor/github.com/aws/aws-sdk-go/internal/s3shared/resource_request.go
generated
vendored
Normal file
|
@ -0,0 +1,45 @@
|
|||
package s3shared
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
awsarn "github.com/aws/aws-sdk-go/aws/arn"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared/arn"
|
||||
)
|
||||
|
||||
// ResourceRequest represents the request and arn resource
|
||||
type ResourceRequest struct {
|
||||
Resource arn.Resource
|
||||
Request *request.Request
|
||||
}
|
||||
|
||||
// ARN returns the resource ARN
|
||||
func (r ResourceRequest) ARN() awsarn.ARN {
|
||||
return r.Resource.GetARN()
|
||||
}
|
||||
|
||||
// AllowCrossRegion returns a bool value to denote if S3UseARNRegion flag is set
|
||||
func (r ResourceRequest) AllowCrossRegion() bool {
|
||||
return aws.BoolValue(r.Request.Config.S3UseARNRegion)
|
||||
}
|
||||
|
||||
// IsCrossPartition returns true if client is configured for another partition, than
|
||||
// the partition that resource ARN region resolves to.
|
||||
func (r ResourceRequest) IsCrossPartition() bool {
|
||||
return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition
|
||||
}
|
||||
|
||||
// IsCrossRegion returns true if ARN region is different than client configured region
|
||||
func (r ResourceRequest) IsCrossRegion() bool {
|
||||
return IsCrossRegion(r.Request, r.Resource.GetARN().Region)
|
||||
}
|
||||
|
||||
// HasCustomEndpoint returns true if custom client endpoint is provided
|
||||
func (r ResourceRequest) HasCustomEndpoint() bool {
|
||||
return len(aws.StringValue(r.Request.Config.Endpoint)) > 0
|
||||
}
|
||||
|
||||
// IsCrossRegion returns true if request signing region is not same as configured region
|
||||
func IsCrossRegion(req *request.Request, otherRegion string) bool {
|
||||
return req.ClientInfo.SigningRegion != otherRegion
|
||||
}
|
1
vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.6.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package sdkio
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/sdkio/io_go1.7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.7
|
||||
// +build go1.7
|
||||
|
||||
package sdkio
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.10
|
||||
// +build go1.10
|
||||
|
||||
package sdkmath
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/sdkmath/floor_go1.9.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.10
|
||||
// +build !go1.10
|
||||
|
||||
package sdkmath
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.6
|
||||
// +build go1.6
|
||||
|
||||
package sdkrand
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/internal/sdkrand/read_1_5.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.6
|
||||
// +build !go1.6
|
||||
|
||||
package sdkrand
|
||||
|
|
|
@ -5,6 +5,10 @@ import (
|
|||
"sync"
|
||||
)
|
||||
|
||||
// InputWriterCloseErrorCode is used to denote an error occurred
|
||||
// while closing the event stream input writer.
|
||||
const InputWriterCloseErrorCode = "EventStreamInputWriterCloseError"
|
||||
|
||||
type messageError struct {
|
||||
code string
|
||||
msg string
|
||||
|
|
46
vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
generated
vendored
46
vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/writer.go
generated
vendored
|
@ -61,49 +61,3 @@ func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) {
|
|||
msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
|
||||
return msg, nil
|
||||
}
|
||||
|
||||
//type EventEncoder struct {
|
||||
// encoder Encoder
|
||||
// ppayloadMarshaler protocol.PayloadMarshaler
|
||||
// eventTypeFor func(Marshaler) (string, error)
|
||||
//}
|
||||
//
|
||||
//func (e EventEncoder) Encode(event Marshaler) error {
|
||||
// msg, err := e.marshal(event)
|
||||
// if err != nil {
|
||||
// return err
|
||||
// }
|
||||
//
|
||||
// return w.encoder.Encode(msg)
|
||||
//}
|
||||
//
|
||||
//func (e EventEncoder) marshal(event Marshaler) (eventstream.Message, error) {
|
||||
// eventType, err := w.eventTypeFor(event)
|
||||
// if err != nil {
|
||||
// return eventstream.Message{}, err
|
||||
// }
|
||||
//
|
||||
// msg, err := event.MarshalEvent(w.payloadMarshaler)
|
||||
// if err != nil {
|
||||
// return eventstream.Message{}, err
|
||||
// }
|
||||
//
|
||||
// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
|
||||
// return msg, nil
|
||||
//}
|
||||
//
|
||||
//func (w *EventWriter) marshal(event Marshaler) (eventstream.Message, error) {
|
||||
// eventType, err := w.eventTypeFor(event)
|
||||
// if err != nil {
|
||||
// return eventstream.Message{}, err
|
||||
// }
|
||||
//
|
||||
// msg, err := event.MarshalEvent(w.payloadMarshaler)
|
||||
// if err != nil {
|
||||
// return eventstream.Message{}, err
|
||||
// }
|
||||
//
|
||||
// msg.Headers.Set(EventTypeHeader, eventstream.StringValue(eventType))
|
||||
// return msg, nil
|
||||
//}
|
||||
//
|
||||
|
|
44
vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
generated
vendored
44
vendor/github.com/aws/aws-sdk-go/private/protocol/host.go
generated
vendored
|
@ -1,9 +1,10 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"net"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// ValidateEndpointHostHandler is a request handler that will validate the
|
||||
|
@ -22,8 +23,26 @@ var ValidateEndpointHostHandler = request.NamedHandler{
|
|||
// 3986 host. Returns error if the host is not valid.
|
||||
func ValidateEndpointHost(opName, host string) error {
|
||||
paramErrs := request.ErrInvalidParams{Context: opName}
|
||||
labels := strings.Split(host, ".")
|
||||
|
||||
var hostname string
|
||||
var port string
|
||||
var err error
|
||||
|
||||
if strings.Contains(host, ":") {
|
||||
hostname, port, err = net.SplitHostPort(host)
|
||||
|
||||
if err != nil {
|
||||
paramErrs.Add(request.NewErrParamFormat("endpoint", err.Error(), host))
|
||||
}
|
||||
|
||||
if !ValidPortNumber(port) {
|
||||
paramErrs.Add(request.NewErrParamFormat("endpoint port number", "[0-65535]", port))
|
||||
}
|
||||
} else {
|
||||
hostname = host
|
||||
}
|
||||
|
||||
labels := strings.Split(hostname, ".")
|
||||
for i, label := range labels {
|
||||
if i == len(labels)-1 && len(label) == 0 {
|
||||
// Allow trailing dot for FQDN hosts.
|
||||
|
@ -36,7 +55,11 @@ func ValidateEndpointHost(opName, host string) error {
|
|||
}
|
||||
}
|
||||
|
||||
if len(host) > 255 {
|
||||
if len(hostname) == 0 {
|
||||
paramErrs.Add(request.NewErrParamMinLen("endpoint host", 1))
|
||||
}
|
||||
|
||||
if len(hostname) > 255 {
|
||||
paramErrs.Add(request.NewErrParamMaxLen(
|
||||
"endpoint host", 255, host,
|
||||
))
|
||||
|
@ -66,3 +89,16 @@ func ValidHostLabel(label string) bool {
|
|||
|
||||
return true
|
||||
}
|
||||
|
||||
// ValidPortNumber return if the port is valid RFC 3986 port
|
||||
func ValidPortNumber(port string) bool {
|
||||
i, err := strconv.Atoi(port)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if i < 0 || i > 65535 {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
10
vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
generated
vendored
10
vendor/github.com/aws/aws-sdk-go/private/protocol/json/jsonutil/build.go
generated
vendored
|
@ -82,13 +82,17 @@ func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag)
|
|||
field, _ := value.Type().FieldByName(payload)
|
||||
tag = field.Tag
|
||||
value = elemOf(value.FieldByName(payload))
|
||||
|
||||
if !value.IsValid() {
|
||||
if !value.IsValid() && tag.Get("type") != "structure" {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
buf.WriteByte('{')
|
||||
defer buf.WriteString("}")
|
||||
|
||||
if !value.IsValid() {
|
||||
return nil
|
||||
}
|
||||
|
||||
t := value.Type()
|
||||
first := true
|
||||
|
@ -144,8 +148,6 @@ func buildStruct(value reflect.Value, buf *bytes.Buffer, tag reflect.StructTag)
|
|||
|
||||
}
|
||||
|
||||
buf.WriteString("}")
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
87
vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
generated
vendored
Normal file
87
vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/jsonrpc.go
generated
vendored
Normal file
|
@ -0,0 +1,87 @@
|
|||
// Package jsonrpc provides JSON RPC utilities for serialization of AWS
|
||||
// requests and responses.
|
||||
package jsonrpc
|
||||
|
||||
//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/json.json build_test.go
|
||||
//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/json.json unmarshal_test.go
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/rest"
|
||||
)
|
||||
|
||||
var emptyJSON = []byte("{}")
|
||||
|
||||
// BuildHandler is a named request handler for building jsonrpc protocol
|
||||
// requests
|
||||
var BuildHandler = request.NamedHandler{
|
||||
Name: "awssdk.jsonrpc.Build",
|
||||
Fn: Build,
|
||||
}
|
||||
|
||||
// UnmarshalHandler is a named request handler for unmarshaling jsonrpc
|
||||
// protocol requests
|
||||
var UnmarshalHandler = request.NamedHandler{
|
||||
Name: "awssdk.jsonrpc.Unmarshal",
|
||||
Fn: Unmarshal,
|
||||
}
|
||||
|
||||
// UnmarshalMetaHandler is a named request handler for unmarshaling jsonrpc
|
||||
// protocol request metadata
|
||||
var UnmarshalMetaHandler = request.NamedHandler{
|
||||
Name: "awssdk.jsonrpc.UnmarshalMeta",
|
||||
Fn: UnmarshalMeta,
|
||||
}
|
||||
|
||||
// Build builds a JSON payload for a JSON RPC request.
|
||||
func Build(req *request.Request) {
|
||||
var buf []byte
|
||||
var err error
|
||||
if req.ParamsFilled() {
|
||||
buf, err = jsonutil.BuildJSON(req.Params)
|
||||
if err != nil {
|
||||
req.Error = awserr.New(request.ErrCodeSerialization, "failed encoding JSON RPC request", err)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
buf = emptyJSON
|
||||
}
|
||||
|
||||
// Always serialize the body, don't suppress it.
|
||||
req.SetBufferBody(buf)
|
||||
|
||||
if req.ClientInfo.TargetPrefix != "" {
|
||||
target := req.ClientInfo.TargetPrefix + "." + req.Operation.Name
|
||||
req.HTTPRequest.Header.Add("X-Amz-Target", target)
|
||||
}
|
||||
|
||||
// Only set the content type if one is not already specified and an
|
||||
// JSONVersion is specified.
|
||||
if ct, v := req.HTTPRequest.Header.Get("Content-Type"), req.ClientInfo.JSONVersion; len(ct) == 0 && len(v) != 0 {
|
||||
jsonVersion := req.ClientInfo.JSONVersion
|
||||
req.HTTPRequest.Header.Set("Content-Type", "application/x-amz-json-"+jsonVersion)
|
||||
}
|
||||
}
|
||||
|
||||
// Unmarshal unmarshals a response for a JSON RPC service.
|
||||
func Unmarshal(req *request.Request) {
|
||||
defer req.HTTPResponse.Body.Close()
|
||||
if req.DataFilled() {
|
||||
err := jsonutil.UnmarshalJSON(req.Data, req.HTTPResponse.Body)
|
||||
if err != nil {
|
||||
req.Error = awserr.NewRequestFailure(
|
||||
awserr.New(request.ErrCodeSerialization, "failed decoding JSON RPC response", err),
|
||||
req.HTTPResponse.StatusCode,
|
||||
req.RequestID,
|
||||
)
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// UnmarshalMeta unmarshals headers from a response for a JSON RPC service.
|
||||
func UnmarshalMeta(req *request.Request) {
|
||||
rest.UnmarshalMeta(req)
|
||||
}
|
107
vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
generated
vendored
Normal file
107
vendor/github.com/aws/aws-sdk-go/private/protocol/jsonrpc/unmarshal_error.go
generated
vendored
Normal file
|
@ -0,0 +1,107 @@
|
|||
package jsonrpc
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/private/protocol"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
|
||||
)
|
||||
|
||||
// UnmarshalTypedError provides unmarshaling errors API response errors
|
||||
// for both typed and untyped errors.
|
||||
type UnmarshalTypedError struct {
|
||||
exceptions map[string]func(protocol.ResponseMetadata) error
|
||||
}
|
||||
|
||||
// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
|
||||
// set of exception names to the error unmarshalers
|
||||
func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
|
||||
return &UnmarshalTypedError{
|
||||
exceptions: exceptions,
|
||||
}
|
||||
}
|
||||
|
||||
// UnmarshalError attempts to unmarshal the HTTP response error as a known
|
||||
// error type. If unable to unmarshal the error type, the generic SDK error
|
||||
// type will be used.
|
||||
func (u *UnmarshalTypedError) UnmarshalError(
|
||||
resp *http.Response,
|
||||
respMeta protocol.ResponseMetadata,
|
||||
) (error, error) {
|
||||
|
||||
var buf bytes.Buffer
|
||||
var jsonErr jsonErrorResponse
|
||||
teeReader := io.TeeReader(resp.Body, &buf)
|
||||
err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
body := ioutil.NopCloser(&buf)
|
||||
|
||||
// Code may be separated by hash(#), with the last element being the code
|
||||
// used by the SDK.
|
||||
codeParts := strings.SplitN(jsonErr.Code, "#", 2)
|
||||
code := codeParts[len(codeParts)-1]
|
||||
msg := jsonErr.Message
|
||||
|
||||
if fn, ok := u.exceptions[code]; ok {
|
||||
// If exception code is know, use associated constructor to get a value
|
||||
// for the exception that the JSON body can be unmarshaled into.
|
||||
v := fn(respMeta)
|
||||
err := jsonutil.UnmarshalJSONCaseInsensitive(v, body)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return v, nil
|
||||
}
|
||||
|
||||
// fallback to unmodeled generic exceptions
|
||||
return awserr.NewRequestFailure(
|
||||
awserr.New(code, msg, nil),
|
||||
respMeta.StatusCode,
|
||||
respMeta.RequestID,
|
||||
), nil
|
||||
}
|
||||
|
||||
// UnmarshalErrorHandler is a named request handler for unmarshaling jsonrpc
|
||||
// protocol request errors
|
||||
var UnmarshalErrorHandler = request.NamedHandler{
|
||||
Name: "awssdk.jsonrpc.UnmarshalError",
|
||||
Fn: UnmarshalError,
|
||||
}
|
||||
|
||||
// UnmarshalError unmarshals an error response for a JSON RPC service.
|
||||
func UnmarshalError(req *request.Request) {
|
||||
defer req.HTTPResponse.Body.Close()
|
||||
|
||||
var jsonErr jsonErrorResponse
|
||||
err := jsonutil.UnmarshalJSONError(&jsonErr, req.HTTPResponse.Body)
|
||||
if err != nil {
|
||||
req.Error = awserr.NewRequestFailure(
|
||||
awserr.New(request.ErrCodeSerialization,
|
||||
"failed to unmarshal error message", err),
|
||||
req.HTTPResponse.StatusCode,
|
||||
req.RequestID,
|
||||
)
|
||||
return
|
||||
}
|
||||
|
||||
codes := strings.SplitN(jsonErr.Code, "#", 2)
|
||||
req.Error = awserr.NewRequestFailure(
|
||||
awserr.New(codes[len(codes)-1], jsonErr.Message, nil),
|
||||
req.HTTPResponse.StatusCode,
|
||||
req.RequestID,
|
||||
)
|
||||
}
|
||||
|
||||
type jsonErrorResponse struct {
|
||||
Code string `json:"__type"`
|
||||
Message string `json:"message"`
|
||||
}
|
2
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
generated
vendored
|
@ -98,7 +98,7 @@ func buildLocationElements(r *request.Request, v reflect.Value, buildGETQuery bo
|
|||
|
||||
// Support the ability to customize values to be marshaled as a
|
||||
// blob even though they were modeled as a string. Required for S3
|
||||
// API operations like SSECustomerKey is modeled as stirng but
|
||||
// API operations like SSECustomerKey is modeled as string but
|
||||
// required to be base64 encoded in request.
|
||||
if field.Tag.Get("marshal-as") == "blob" {
|
||||
m = m.Convert(byteSliceType)
|
||||
|
|
11
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
generated
vendored
11
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/payload.go
generated
vendored
|
@ -28,18 +28,27 @@ func PayloadMember(i interface{}) interface{} {
|
|||
return nil
|
||||
}
|
||||
|
||||
// PayloadType returns the type of a payload field member of i if there is one, or "".
|
||||
const nopayloadPayloadType = "nopayload"
|
||||
|
||||
// PayloadType returns the type of a payload field member of i if there is one,
|
||||
// or "".
|
||||
func PayloadType(i interface{}) string {
|
||||
v := reflect.Indirect(reflect.ValueOf(i))
|
||||
if !v.IsValid() {
|
||||
return ""
|
||||
}
|
||||
|
||||
if field, ok := v.Type().FieldByName("_"); ok {
|
||||
if noPayload := field.Tag.Get(nopayloadPayloadType); noPayload != "" {
|
||||
return nopayloadPayloadType
|
||||
}
|
||||
|
||||
if payloadName := field.Tag.Get("payload"); payloadName != "" {
|
||||
if member, ok := v.Type().FieldByName(payloadName); ok {
|
||||
return member.Tag.Get("type")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/private/protocol/rest/unmarshal.go
generated
vendored
|
@ -140,7 +140,7 @@ func unmarshalLocationElements(resp *http.Response, v reflect.Value, lowerCaseHe
|
|||
prefix := field.Tag.Get("locationName")
|
||||
err := unmarshalHeaderMap(m, resp.Header, prefix, lowerCaseHeaderMaps)
|
||||
if err != nil {
|
||||
awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
|
||||
return awserr.New(request.ErrCodeSerialization, "failed to decode REST response", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
59
vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
generated
vendored
Normal file
59
vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/restjson.go
generated
vendored
Normal file
|
@ -0,0 +1,59 @@
|
|||
// Package restjson provides RESTful JSON serialization of AWS
|
||||
// requests and responses.
|
||||
package restjson
|
||||
|
||||
//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/input/rest-json.json build_test.go
|
||||
//go:generate go run -tags codegen ../../../private/model/cli/gen-protocol-tests ../../../models/protocol_tests/output/rest-json.json unmarshal_test.go
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/rest"
|
||||
)
|
||||
|
||||
// BuildHandler is a named request handler for building restjson protocol
|
||||
// requests
|
||||
var BuildHandler = request.NamedHandler{
|
||||
Name: "awssdk.restjson.Build",
|
||||
Fn: Build,
|
||||
}
|
||||
|
||||
// UnmarshalHandler is a named request handler for unmarshaling restjson
|
||||
// protocol requests
|
||||
var UnmarshalHandler = request.NamedHandler{
|
||||
Name: "awssdk.restjson.Unmarshal",
|
||||
Fn: Unmarshal,
|
||||
}
|
||||
|
||||
// UnmarshalMetaHandler is a named request handler for unmarshaling restjson
|
||||
// protocol request metadata
|
||||
var UnmarshalMetaHandler = request.NamedHandler{
|
||||
Name: "awssdk.restjson.UnmarshalMeta",
|
||||
Fn: UnmarshalMeta,
|
||||
}
|
||||
|
||||
// Build builds a request for the REST JSON protocol.
|
||||
func Build(r *request.Request) {
|
||||
rest.Build(r)
|
||||
|
||||
if t := rest.PayloadType(r.Params); t == "structure" || t == "" {
|
||||
if v := r.HTTPRequest.Header.Get("Content-Type"); len(v) == 0 {
|
||||
r.HTTPRequest.Header.Set("Content-Type", "application/json")
|
||||
}
|
||||
jsonrpc.Build(r)
|
||||
}
|
||||
}
|
||||
|
||||
// Unmarshal unmarshals a response body for the REST JSON protocol.
|
||||
func Unmarshal(r *request.Request) {
|
||||
if t := rest.PayloadType(r.Data); t == "structure" || t == "" {
|
||||
jsonrpc.Unmarshal(r)
|
||||
} else {
|
||||
rest.Unmarshal(r)
|
||||
}
|
||||
}
|
||||
|
||||
// UnmarshalMeta unmarshals response headers for the REST JSON protocol.
|
||||
func UnmarshalMeta(r *request.Request) {
|
||||
rest.UnmarshalMeta(r)
|
||||
}
|
134
vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
generated
vendored
Normal file
134
vendor/github.com/aws/aws-sdk-go/private/protocol/restjson/unmarshal_error.go
generated
vendored
Normal file
|
@ -0,0 +1,134 @@
|
|||
package restjson
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/private/protocol"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/json/jsonutil"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/rest"
|
||||
)
|
||||
|
||||
const (
|
||||
errorTypeHeader = "X-Amzn-Errortype"
|
||||
errorMessageHeader = "X-Amzn-Errormessage"
|
||||
)
|
||||
|
||||
// UnmarshalTypedError provides unmarshaling errors API response errors
|
||||
// for both typed and untyped errors.
|
||||
type UnmarshalTypedError struct {
|
||||
exceptions map[string]func(protocol.ResponseMetadata) error
|
||||
}
|
||||
|
||||
// NewUnmarshalTypedError returns an UnmarshalTypedError initialized for the
|
||||
// set of exception names to the error unmarshalers
|
||||
func NewUnmarshalTypedError(exceptions map[string]func(protocol.ResponseMetadata) error) *UnmarshalTypedError {
|
||||
return &UnmarshalTypedError{
|
||||
exceptions: exceptions,
|
||||
}
|
||||
}
|
||||
|
||||
// UnmarshalError attempts to unmarshal the HTTP response error as a known
|
||||
// error type. If unable to unmarshal the error type, the generic SDK error
|
||||
// type will be used.
|
||||
func (u *UnmarshalTypedError) UnmarshalError(
|
||||
resp *http.Response,
|
||||
respMeta protocol.ResponseMetadata,
|
||||
) (error, error) {
|
||||
|
||||
code := resp.Header.Get(errorTypeHeader)
|
||||
msg := resp.Header.Get(errorMessageHeader)
|
||||
|
||||
body := resp.Body
|
||||
if len(code) == 0 {
|
||||
// If unable to get code from HTTP headers have to parse JSON message
|
||||
// to determine what kind of exception this will be.
|
||||
var buf bytes.Buffer
|
||||
var jsonErr jsonErrorResponse
|
||||
teeReader := io.TeeReader(resp.Body, &buf)
|
||||
err := jsonutil.UnmarshalJSONError(&jsonErr, teeReader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
body = ioutil.NopCloser(&buf)
|
||||
code = jsonErr.Code
|
||||
msg = jsonErr.Message
|
||||
}
|
||||
|
||||
// If code has colon separators remove them so can compare against modeled
|
||||
// exception names.
|
||||
code = strings.SplitN(code, ":", 2)[0]
|
||||
|
||||
if fn, ok := u.exceptions[code]; ok {
|
||||
// If exception code is know, use associated constructor to get a value
|
||||
// for the exception that the JSON body can be unmarshaled into.
|
||||
v := fn(respMeta)
|
||||
if err := jsonutil.UnmarshalJSONCaseInsensitive(v, body); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := rest.UnmarshalResponse(resp, v, true); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return v, nil
|
||||
}
|
||||
|
||||
// fallback to unmodeled generic exceptions
|
||||
return awserr.NewRequestFailure(
|
||||
awserr.New(code, msg, nil),
|
||||
respMeta.StatusCode,
|
||||
respMeta.RequestID,
|
||||
), nil
|
||||
}
|
||||
|
||||
// UnmarshalErrorHandler is a named request handler for unmarshaling restjson
|
||||
// protocol request errors
|
||||
var UnmarshalErrorHandler = request.NamedHandler{
|
||||
Name: "awssdk.restjson.UnmarshalError",
|
||||
Fn: UnmarshalError,
|
||||
}
|
||||
|
||||
// UnmarshalError unmarshals a response error for the REST JSON protocol.
|
||||
func UnmarshalError(r *request.Request) {
|
||||
defer r.HTTPResponse.Body.Close()
|
||||
|
||||
var jsonErr jsonErrorResponse
|
||||
err := jsonutil.UnmarshalJSONError(&jsonErr, r.HTTPResponse.Body)
|
||||
if err != nil {
|
||||
r.Error = awserr.NewRequestFailure(
|
||||
awserr.New(request.ErrCodeSerialization,
|
||||
"failed to unmarshal response error", err),
|
||||
r.HTTPResponse.StatusCode,
|
||||
r.RequestID,
|
||||
)
|
||||
return
|
||||
}
|
||||
|
||||
code := r.HTTPResponse.Header.Get(errorTypeHeader)
|
||||
if code == "" {
|
||||
code = jsonErr.Code
|
||||
}
|
||||
msg := r.HTTPResponse.Header.Get(errorMessageHeader)
|
||||
if msg == "" {
|
||||
msg = jsonErr.Message
|
||||
}
|
||||
|
||||
code = strings.SplitN(code, ":", 2)[0]
|
||||
r.Error = awserr.NewRequestFailure(
|
||||
awserr.New(code, jsonErr.Message, nil),
|
||||
r.HTTPResponse.StatusCode,
|
||||
r.RequestID,
|
||||
)
|
||||
}
|
||||
|
||||
type jsonErrorResponse struct {
|
||||
Code string `json:"code"`
|
||||
Message string `json:"message"`
|
||||
}
|
65
vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
generated
vendored
65
vendor/github.com/aws/aws-sdk-go/private/protocol/timestamp.go
generated
vendored
|
@ -1,6 +1,8 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"math"
|
||||
"strconv"
|
||||
"time"
|
||||
|
@ -19,15 +21,18 @@ const (
|
|||
// Output time is intended to not contain decimals
|
||||
const (
|
||||
// RFC 7231#section-7.1.1.1 timetamp format. e.g Tue, 29 Apr 2014 18:30:38 GMT
|
||||
RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT"
|
||||
RFC822TimeFormat = "Mon, 2 Jan 2006 15:04:05 GMT"
|
||||
rfc822TimeFormatSingleDigitDay = "Mon, _2 Jan 2006 15:04:05 GMT"
|
||||
rfc822TimeFormatSingleDigitDayTwoDigitYear = "Mon, _2 Jan 06 15:04:05 GMT"
|
||||
|
||||
// This format is used for output time without seconds precision
|
||||
RFC822OutputTimeFormat = "Mon, 02 Jan 2006 15:04:05 GMT"
|
||||
|
||||
// RFC3339 a subset of the ISO8601 timestamp format. e.g 2014-04-29T18:30:38Z
|
||||
ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z"
|
||||
ISO8601TimeFormat = "2006-01-02T15:04:05.999999999Z"
|
||||
iso8601TimeFormatNoZ = "2006-01-02T15:04:05.999999999"
|
||||
|
||||
// This format is used for output time without seconds precision
|
||||
// This format is used for output time with fractional second precision up to milliseconds
|
||||
ISO8601OutputTimeFormat = "2006-01-02T15:04:05.999999999Z"
|
||||
)
|
||||
|
||||
|
@ -48,7 +53,7 @@ func IsKnownTimestampFormat(name string) bool {
|
|||
|
||||
// FormatTime returns a string value of the time.
|
||||
func FormatTime(name string, t time.Time) string {
|
||||
t = t.UTC()
|
||||
t = t.UTC().Truncate(time.Millisecond)
|
||||
|
||||
switch name {
|
||||
case RFC822TimeFormatName:
|
||||
|
@ -67,10 +72,21 @@ func FormatTime(name string, t time.Time) string {
|
|||
// the time if it was able to be parsed, and fails otherwise.
|
||||
func ParseTime(formatName, value string) (time.Time, error) {
|
||||
switch formatName {
|
||||
case RFC822TimeFormatName:
|
||||
return time.Parse(RFC822TimeFormat, value)
|
||||
case ISO8601TimeFormatName:
|
||||
return time.Parse(ISO8601TimeFormat, value)
|
||||
case RFC822TimeFormatName: // Smithy HTTPDate format
|
||||
return tryParse(value,
|
||||
RFC822TimeFormat,
|
||||
rfc822TimeFormatSingleDigitDay,
|
||||
rfc822TimeFormatSingleDigitDayTwoDigitYear,
|
||||
time.RFC850,
|
||||
time.ANSIC,
|
||||
)
|
||||
case ISO8601TimeFormatName: // Smithy DateTime format
|
||||
return tryParse(value,
|
||||
ISO8601TimeFormat,
|
||||
iso8601TimeFormatNoZ,
|
||||
time.RFC3339Nano,
|
||||
time.RFC3339,
|
||||
)
|
||||
case UnixTimeFormatName:
|
||||
v, err := strconv.ParseFloat(value, 64)
|
||||
_, dec := math.Modf(v)
|
||||
|
@ -83,3 +99,36 @@ func ParseTime(formatName, value string) (time.Time, error) {
|
|||
panic("unknown timestamp format name, " + formatName)
|
||||
}
|
||||
}
|
||||
|
||||
func tryParse(v string, formats ...string) (time.Time, error) {
|
||||
var errs parseErrors
|
||||
for _, f := range formats {
|
||||
t, err := time.Parse(f, v)
|
||||
if err != nil {
|
||||
errs = append(errs, parseError{
|
||||
Format: f,
|
||||
Err: err,
|
||||
})
|
||||
continue
|
||||
}
|
||||
return t, nil
|
||||
}
|
||||
|
||||
return time.Time{}, fmt.Errorf("unable to parse time string, %v", errs)
|
||||
}
|
||||
|
||||
type parseErrors []parseError
|
||||
|
||||
func (es parseErrors) Error() string {
|
||||
var s bytes.Buffer
|
||||
for _, e := range es {
|
||||
fmt.Fprintf(&s, "\n * %q: %v", e.Format, e.Err)
|
||||
}
|
||||
|
||||
return "parse errors:" + s.String()
|
||||
}
|
||||
|
||||
type parseError struct {
|
||||
Format string
|
||||
Err error
|
||||
}
|
||||
|
|
2
vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
generated
vendored
2
vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go
generated
vendored
|
@ -308,6 +308,8 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl
|
|||
if tag.Get("xmlAttribute") != "" { // put into current node's attribute list
|
||||
attr := xml.Attr{Name: xname, Value: str}
|
||||
current.Attr = append(current.Attr, attr)
|
||||
} else if len(xname.Local) == 0 {
|
||||
current.Text = str
|
||||
} else { // regular text node
|
||||
current.AddChild(&XMLNode{Name: xname, Text: str})
|
||||
}
|
||||
|
|
22
vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
generated
vendored
22
vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go
generated
vendored
|
@ -18,6 +18,14 @@ type XMLNode struct {
|
|||
parent *XMLNode
|
||||
}
|
||||
|
||||
// textEncoder is a string type alias that implemnts the TextMarshaler interface.
|
||||
// This alias type is used to ensure that the line feed (\n) (U+000A) is escaped.
|
||||
type textEncoder string
|
||||
|
||||
func (t textEncoder) MarshalText() ([]byte, error) {
|
||||
return []byte(t), nil
|
||||
}
|
||||
|
||||
// NewXMLElement returns a pointer to a new XMLNode initialized to default values.
|
||||
func NewXMLElement(name xml.Name) *XMLNode {
|
||||
return &XMLNode{
|
||||
|
@ -130,11 +138,16 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
|
|||
attrs = sortedAttrs
|
||||
}
|
||||
|
||||
e.EncodeToken(xml.StartElement{Name: node.Name, Attr: attrs})
|
||||
startElement := xml.StartElement{Name: node.Name, Attr: attrs}
|
||||
|
||||
if node.Text != "" {
|
||||
e.EncodeToken(xml.CharData([]byte(node.Text)))
|
||||
} else if sorted {
|
||||
e.EncodeElement(textEncoder(node.Text), startElement)
|
||||
return e.Flush()
|
||||
}
|
||||
|
||||
e.EncodeToken(startElement)
|
||||
|
||||
if sorted {
|
||||
sortedNames := []string{}
|
||||
for k := range node.Children {
|
||||
sortedNames = append(sortedNames, k)
|
||||
|
@ -154,6 +167,7 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error {
|
|||
}
|
||||
}
|
||||
|
||||
e.EncodeToken(xml.EndElement{Name: node.Name})
|
||||
e.EncodeToken(startElement.End())
|
||||
|
||||
return e.Flush()
|
||||
}
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_6.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build !go1.7
|
||||
// +build !go1.7
|
||||
|
||||
package sign
|
||||
|
|
1
vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
generated
vendored
1
vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/policy_json_1_7.go
generated
vendored
|
@ -1,3 +1,4 @@
|
|||
//go:build go1.7
|
||||
// +build go1.7
|
||||
|
||||
package sign
|
||||
|
|
12345
vendor/github.com/aws/aws-sdk-go/service/s3/api.go
generated
vendored
12345
vendor/github.com/aws/aws-sdk-go/service/s3/api.go
generated
vendored
File diff suppressed because it is too large
Load diff
20
vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
generated
vendored
20
vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
generated
vendored
|
@ -1,10 +1,12 @@
|
|||
package s3
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/client"
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/internal/s3err"
|
||||
"github.com/aws/aws-sdk-go/service/s3/internal/arn"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared/arn"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared/s3err"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
@ -13,6 +15,14 @@ func init() {
|
|||
}
|
||||
|
||||
func defaultInitClientFn(c *client.Client) {
|
||||
if c.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateUnset {
|
||||
if aws.BoolValue(c.Config.UseDualStack) {
|
||||
c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled
|
||||
} else {
|
||||
c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateDisabled
|
||||
}
|
||||
}
|
||||
|
||||
// Support building custom endpoints based on config
|
||||
c.Handlers.Build.PushFront(endpointHandler)
|
||||
|
||||
|
@ -40,7 +50,7 @@ func defaultInitRequestFn(r *request.Request) {
|
|||
// Auto-populate LocationConstraint with current region
|
||||
r.Handlers.Validate.PushFront(populateLocationConstraint)
|
||||
case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload:
|
||||
r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarhsalError)
|
||||
r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarshalError)
|
||||
r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler())
|
||||
case opPutObject, opUploadPart:
|
||||
r.Handlers.Build.PushBack(computeBodyHashes)
|
||||
|
@ -48,6 +58,8 @@ func defaultInitRequestFn(r *request.Request) {
|
|||
// case opGetObject:
|
||||
// r.Handlers.Build.PushBack(askForTxEncodingAppendMD5)
|
||||
// r.Handlers.Unmarshal.PushBack(useMD5ValidationReader)
|
||||
case opWriteGetObjectResponse:
|
||||
r.Handlers.Build.PushFront(buildWriteGetObjectResponseEndpoint)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -69,6 +81,8 @@ type copySourceSSECustomerKeyGetter interface {
|
|||
getCopySourceSSECustomerKey() string
|
||||
}
|
||||
|
||||
// endpointARNGetter is an accessor interface to grab the
|
||||
// the field corresponding to an endpoint ARN input.
|
||||
type endpointARNGetter interface {
|
||||
getEndpointARN() (arn.Resource, error)
|
||||
hasEndpointARN() bool
|
||||
|
|
324
vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
generated
vendored
324
vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
generated
vendored
|
@ -1,16 +1,24 @@
|
|||
package s3
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
awsarn "github.com/aws/aws-sdk-go/aws/arn"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/private/protocol"
|
||||
"github.com/aws/aws-sdk-go/service/s3/internal/arn"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared/arn"
|
||||
)
|
||||
|
||||
const (
|
||||
s3Namespace = "s3"
|
||||
s3AccessPointNamespace = "s3-accesspoint"
|
||||
s3ObjectsLambdaNamespace = "s3-object-lambda"
|
||||
s3OutpostsNamespace = "s3-outposts"
|
||||
)
|
||||
|
||||
// Used by shapes with members decorated as endpoint ARN.
|
||||
|
@ -22,12 +30,89 @@ func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
|
|||
resParts := arn.SplitResource(a.Resource)
|
||||
switch resParts[0] {
|
||||
case "accesspoint":
|
||||
return arn.ParseAccessPointResource(a, resParts[1:])
|
||||
switch a.Service {
|
||||
case s3Namespace:
|
||||
return arn.ParseAccessPointResource(a, resParts[1:])
|
||||
case s3ObjectsLambdaNamespace:
|
||||
return parseS3ObjectLambdaAccessPointResource(a, resParts)
|
||||
default:
|
||||
return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s or %s", s3Namespace, s3ObjectsLambdaNamespace)}
|
||||
}
|
||||
case "outpost":
|
||||
if a.Service != "s3-outposts" {
|
||||
return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
|
||||
}
|
||||
return parseOutpostAccessPointResource(a, resParts[1:])
|
||||
default:
|
||||
return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
|
||||
}
|
||||
}
|
||||
|
||||
// parseOutpostAccessPointResource attempts to parse the ARNs resource as an
|
||||
// outpost access-point resource.
|
||||
//
|
||||
// Supported Outpost AccessPoint ARN format:
|
||||
// - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
|
||||
// - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
|
||||
//
|
||||
func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
|
||||
// outpost accesspoint arn is only valid if service is s3-outposts
|
||||
if a.Service != "s3-outposts" {
|
||||
return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
|
||||
}
|
||||
|
||||
if len(resParts) == 0 {
|
||||
return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
|
||||
}
|
||||
|
||||
if len(resParts) < 3 {
|
||||
return arn.OutpostAccessPointARN{}, arn.InvalidARNError{
|
||||
ARN: a, Reason: "access-point resource not set in Outpost ARN",
|
||||
}
|
||||
}
|
||||
|
||||
resID := strings.TrimSpace(resParts[0])
|
||||
if len(resID) == 0 {
|
||||
return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
|
||||
}
|
||||
|
||||
var outpostAccessPointARN = arn.OutpostAccessPointARN{}
|
||||
switch resParts[1] {
|
||||
case "accesspoint":
|
||||
accessPointARN, err := arn.ParseAccessPointResource(a, resParts[2:])
|
||||
if err != nil {
|
||||
return arn.OutpostAccessPointARN{}, err
|
||||
}
|
||||
// set access-point arn
|
||||
outpostAccessPointARN.AccessPointARN = accessPointARN
|
||||
default:
|
||||
return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "access-point resource not set in Outpost ARN"}
|
||||
}
|
||||
|
||||
// set outpost id
|
||||
outpostAccessPointARN.OutpostID = resID
|
||||
return outpostAccessPointARN, nil
|
||||
}
|
||||
|
||||
func parseS3ObjectLambdaAccessPointResource(a awsarn.ARN, resParts []string) (arn.S3ObjectLambdaAccessPointARN, error) {
|
||||
if a.Service != s3ObjectsLambdaNamespace {
|
||||
return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s", s3ObjectsLambdaNamespace)}
|
||||
}
|
||||
|
||||
accessPointARN, err := arn.ParseAccessPointResource(a, resParts[1:])
|
||||
if err != nil {
|
||||
return arn.S3ObjectLambdaAccessPointARN{}, err
|
||||
}
|
||||
|
||||
if len(accessPointARN.Region) == 0 {
|
||||
return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("%s region not set", s3ObjectsLambdaNamespace)}
|
||||
}
|
||||
|
||||
return arn.S3ObjectLambdaAccessPointARN{
|
||||
AccessPointARN: accessPointARN,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func endpointHandler(req *request.Request) {
|
||||
endpoint, ok := req.Params.(endpointARNGetter)
|
||||
if !ok || !endpoint.hasEndpointARN() {
|
||||
|
@ -37,79 +122,55 @@ func endpointHandler(req *request.Request) {
|
|||
|
||||
resource, err := endpoint.getEndpointARN()
|
||||
if err != nil {
|
||||
req.Error = newInvalidARNError(nil, err)
|
||||
req.Error = s3shared.NewInvalidARNError(nil, err)
|
||||
return
|
||||
}
|
||||
|
||||
resReq := resourceRequest{
|
||||
resReq := s3shared.ResourceRequest{
|
||||
Resource: resource,
|
||||
Request: req,
|
||||
}
|
||||
|
||||
if resReq.IsCrossPartition() {
|
||||
req.Error = newClientPartitionMismatchError(resource,
|
||||
if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() {
|
||||
req.Error = s3shared.NewClientPartitionMismatchError(resource,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
return
|
||||
}
|
||||
|
||||
if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
|
||||
req.Error = newClientRegionMismatchError(resource,
|
||||
req.Error = s3shared.NewClientRegionMismatchError(resource,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
return
|
||||
}
|
||||
|
||||
if resReq.HasCustomEndpoint() {
|
||||
req.Error = newInvalidARNWithCustomEndpointError(resource, nil)
|
||||
return
|
||||
}
|
||||
|
||||
switch tv := resource.(type) {
|
||||
case arn.AccessPointARN:
|
||||
err = updateRequestAccessPointEndpoint(req, tv)
|
||||
if err != nil {
|
||||
req.Error = err
|
||||
}
|
||||
case arn.S3ObjectLambdaAccessPointARN:
|
||||
err = updateRequestS3ObjectLambdaAccessPointEndpoint(req, tv)
|
||||
if err != nil {
|
||||
req.Error = err
|
||||
}
|
||||
case arn.OutpostAccessPointARN:
|
||||
// outposts does not support FIPS regions
|
||||
if req.Config.UseFIPSEndpoint == endpoints.FIPSEndpointStateEnabled {
|
||||
req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID,
|
||||
aws.StringValue(req.Config.Region), nil)
|
||||
return
|
||||
}
|
||||
|
||||
err = updateRequestOutpostAccessPointEndpoint(req, tv)
|
||||
if err != nil {
|
||||
req.Error = err
|
||||
}
|
||||
default:
|
||||
req.Error = newInvalidARNError(resource, nil)
|
||||
req.Error = s3shared.NewInvalidARNError(resource, nil)
|
||||
}
|
||||
}
|
||||
|
||||
type resourceRequest struct {
|
||||
Resource arn.Resource
|
||||
Request *request.Request
|
||||
}
|
||||
|
||||
func (r resourceRequest) ARN() awsarn.ARN {
|
||||
return r.Resource.GetARN()
|
||||
}
|
||||
|
||||
func (r resourceRequest) AllowCrossRegion() bool {
|
||||
return aws.BoolValue(r.Request.Config.S3UseARNRegion)
|
||||
}
|
||||
|
||||
func (r resourceRequest) UseFIPS() bool {
|
||||
return isFIPS(aws.StringValue(r.Request.Config.Region))
|
||||
}
|
||||
|
||||
func (r resourceRequest) IsCrossPartition() bool {
|
||||
return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition
|
||||
}
|
||||
|
||||
func (r resourceRequest) IsCrossRegion() bool {
|
||||
return isCrossRegion(r.Request, r.Resource.GetARN().Region)
|
||||
}
|
||||
|
||||
func (r resourceRequest) HasCustomEndpoint() bool {
|
||||
return len(aws.StringValue(r.Request.Config.Endpoint)) > 0
|
||||
}
|
||||
|
||||
func isFIPS(clientRegion string) bool {
|
||||
return strings.HasPrefix(clientRegion, "fips-") || strings.HasSuffix(clientRegion, "-fips")
|
||||
}
|
||||
func isCrossRegion(req *request.Request, otherRegion string) bool {
|
||||
return req.ClientInfo.SigningRegion != otherRegion
|
||||
}
|
||||
|
||||
func updateBucketEndpointFromParams(r *request.Request) {
|
||||
bucket, ok := bucketNameFromReqParams(r.Params)
|
||||
if !ok {
|
||||
|
@ -124,15 +185,14 @@ func updateBucketEndpointFromParams(r *request.Request) {
|
|||
func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
|
||||
// Accelerate not supported
|
||||
if aws.BoolValue(req.Config.S3UseAccelerate) {
|
||||
return newClientConfiguredForAccelerateError(accessPoint,
|
||||
return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
}
|
||||
|
||||
// Ignore the disable host prefix for access points since custom endpoints
|
||||
// are not supported.
|
||||
// Ignore the disable host prefix for access points
|
||||
req.Config.DisableEndpointHostPrefix = aws.Bool(false)
|
||||
|
||||
if err := accessPointEndpointBuilder(accessPoint).Build(req); err != nil {
|
||||
if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -141,6 +201,55 @@ func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.Acce
|
|||
return nil
|
||||
}
|
||||
|
||||
func updateRequestS3ObjectLambdaAccessPointEndpoint(req *request.Request, accessPoint arn.S3ObjectLambdaAccessPointARN) error {
|
||||
// DualStack not supported
|
||||
if isUseDualStackEndpoint(req) {
|
||||
return s3shared.NewClientConfiguredForDualStackError(accessPoint,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
}
|
||||
|
||||
// Accelerate not supported
|
||||
if aws.BoolValue(req.Config.S3UseAccelerate) {
|
||||
return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
}
|
||||
|
||||
// Ignore the disable host prefix for access points
|
||||
req.Config.DisableEndpointHostPrefix = aws.Bool(false)
|
||||
|
||||
if err := s3ObjectLambdaAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
removeBucketFromPath(req.HTTPRequest.URL)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint arn.OutpostAccessPointARN) error {
|
||||
// Accelerate not supported
|
||||
if aws.BoolValue(req.Config.S3UseAccelerate) {
|
||||
return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
}
|
||||
|
||||
// Dualstack not supported
|
||||
if isUseDualStackEndpoint(req) {
|
||||
return s3shared.NewClientConfiguredForDualStackError(accessPoint,
|
||||
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
|
||||
}
|
||||
|
||||
// Ignore the disable host prefix for access points
|
||||
req.Config.DisableEndpointHostPrefix = aws.Bool(false)
|
||||
|
||||
if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
removeBucketFromPath(req.HTTPRequest.URL)
|
||||
return nil
|
||||
}
|
||||
|
||||
func removeBucketFromPath(u *url.URL) {
|
||||
u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
|
||||
if u.Path == "" {
|
||||
|
@ -148,86 +257,43 @@ func removeBucketFromPath(u *url.URL) {
|
|||
}
|
||||
}
|
||||
|
||||
type accessPointEndpointBuilder arn.AccessPointARN
|
||||
func buildWriteGetObjectResponseEndpoint(req *request.Request) {
|
||||
// DualStack not supported
|
||||
if isUseDualStackEndpoint(req) {
|
||||
req.Error = awserr.New("ConfigurationError", "client configured for dualstack but not supported for operation", nil)
|
||||
return
|
||||
}
|
||||
|
||||
const (
|
||||
accessPointPrefixLabel = "accesspoint"
|
||||
accountIDPrefixLabel = "accountID"
|
||||
accesPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
|
||||
)
|
||||
// Accelerate not supported
|
||||
if aws.BoolValue(req.Config.S3UseAccelerate) {
|
||||
req.Error = awserr.New("ConfigurationError", "client configured for accelerate but not supported for operation", nil)
|
||||
return
|
||||
}
|
||||
|
||||
func (a accessPointEndpointBuilder) Build(req *request.Request) error {
|
||||
resolveRegion := arn.AccessPointARN(a).Region
|
||||
cfgRegion := aws.StringValue(req.Config.Region)
|
||||
signingName := s3ObjectsLambdaNamespace
|
||||
signingRegion := req.ClientInfo.SigningRegion
|
||||
|
||||
if isFIPS(cfgRegion) {
|
||||
if aws.BoolValue(req.Config.S3UseARNRegion) && isCrossRegion(req, resolveRegion) {
|
||||
// FIPS with cross region is not supported, the SDK must fail
|
||||
// because there is no well defined method for SDK to construct a
|
||||
// correct FIPS endpoint.
|
||||
return newClientConfiguredForCrossRegionFIPSError(arn.AccessPointARN(a),
|
||||
req.ClientInfo.PartitionID, cfgRegion, nil)
|
||||
if !hasCustomEndpoint(req) {
|
||||
endpoint, err := resolveRegionalEndpoint(req, aws.StringValue(req.Config.Region), req.ClientInfo.ResolvedRegion, EndpointsID)
|
||||
if err != nil {
|
||||
req.Error = awserr.New(request.ErrCodeSerialization, "failed to resolve endpoint", err)
|
||||
return
|
||||
}
|
||||
resolveRegion = cfgRegion
|
||||
signingRegion = endpoint.SigningRegion
|
||||
|
||||
if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
|
||||
req.Error = err
|
||||
return
|
||||
}
|
||||
updateS3HostPrefixForS3ObjectLambda(req)
|
||||
}
|
||||
|
||||
endpoint, err := resolveRegionalEndpoint(req, resolveRegion)
|
||||
if err != nil {
|
||||
return newFailedToResolveEndpointError(arn.AccessPointARN(a),
|
||||
req.ClientInfo.PartitionID, cfgRegion, err)
|
||||
}
|
||||
|
||||
if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
const serviceEndpointLabel = "s3-accesspoint"
|
||||
|
||||
// dualstack provided by endpoint resolver
|
||||
cfgHost := req.HTTPRequest.URL.Host
|
||||
if strings.HasPrefix(cfgHost, "s3") {
|
||||
req.HTTPRequest.URL.Host = serviceEndpointLabel + cfgHost[2:]
|
||||
}
|
||||
|
||||
protocol.HostPrefixBuilder{
|
||||
Prefix: accesPointPrefixTemplate,
|
||||
LabelsFn: a.hostPrefixLabelValues,
|
||||
}.Build(req)
|
||||
|
||||
req.ClientInfo.SigningName = endpoint.SigningName
|
||||
req.ClientInfo.SigningRegion = endpoint.SigningRegion
|
||||
|
||||
err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
|
||||
if err != nil {
|
||||
return newInvalidARNError(arn.AccessPointARN(a), err)
|
||||
}
|
||||
|
||||
return nil
|
||||
redirectSigner(req, signingName, signingRegion)
|
||||
}
|
||||
|
||||
func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
|
||||
return map[string]string{
|
||||
accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
|
||||
accountIDPrefixLabel: arn.AccessPointARN(a).AccountID,
|
||||
func isUseDualStackEndpoint(req *request.Request) bool {
|
||||
if req.Config.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
|
||||
return req.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateEnabled
|
||||
}
|
||||
}
|
||||
|
||||
func resolveRegionalEndpoint(r *request.Request, region string) (endpoints.ResolvedEndpoint, error) {
|
||||
return r.Config.EndpointResolver.EndpointFor(EndpointsID, region, func(opts *endpoints.Options) {
|
||||
opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
|
||||
opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
|
||||
opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
|
||||
})
|
||||
}
|
||||
|
||||
func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
|
||||
endpoint = endpoints.AddScheme(endpoint, aws.BoolValue(r.Config.DisableSSL))
|
||||
|
||||
r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
|
||||
if err != nil {
|
||||
return awserr.New(request.ErrCodeSerialization,
|
||||
"failed to parse endpoint URL", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
return aws.BoolValue(req.Config.UseDualStack)
|
||||
}
|
||||
|
|
242
vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
generated
vendored
Normal file
242
vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
generated
vendored
Normal file
|
@ -0,0 +1,242 @@
|
|||
package s3
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/endpoints"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared"
|
||||
"github.com/aws/aws-sdk-go/internal/s3shared/arn"
|
||||
"github.com/aws/aws-sdk-go/private/protocol"
|
||||
)
|
||||
|
||||
const (
|
||||
accessPointPrefixLabel = "accesspoint"
|
||||
accountIDPrefixLabel = "accountID"
|
||||
accessPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
|
||||
|
||||
outpostPrefixLabel = "outpost"
|
||||
outpostAccessPointPrefixTemplate = accessPointPrefixTemplate + "{" + outpostPrefixLabel + "}."
|
||||
)
|
||||
|
||||
// hasCustomEndpoint returns true if endpoint is a custom endpoint
|
||||
func hasCustomEndpoint(r *request.Request) bool {
|
||||
return len(aws.StringValue(r.Config.Endpoint)) > 0
|
||||
}
|
||||
|
||||
// accessPointEndpointBuilder represents the endpoint builder for access point arn
|
||||
type accessPointEndpointBuilder arn.AccessPointARN
|
||||
|
||||
// build builds the endpoint for corresponding access point arn
|
||||
//
|
||||
// For building an endpoint from access point arn, format used is:
|
||||
// - Access point endpoint format : {accesspointName}-{accountId}.s3-accesspoint.{region}.{dnsSuffix}
|
||||
// - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com
|
||||
//
|
||||
// Access Point Endpoint requests are signed using "s3" as signing name.
|
||||
//
|
||||
func (a accessPointEndpointBuilder) build(req *request.Request) error {
|
||||
resolveService := arn.AccessPointARN(a).Service
|
||||
resolveRegion := arn.AccessPointARN(a).Region
|
||||
|
||||
endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", resolveService)
|
||||
if err != nil {
|
||||
return s3shared.NewFailedToResolveEndpointError(arn.AccessPointARN(a),
|
||||
req.ClientInfo.PartitionID, resolveRegion, err)
|
||||
}
|
||||
|
||||
endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
|
||||
|
||||
if !hasCustomEndpoint(req) {
|
||||
if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// dual stack provided by endpoint resolver
|
||||
updateS3HostForS3AccessPoint(req)
|
||||
}
|
||||
|
||||
protocol.HostPrefixBuilder{
|
||||
Prefix: accessPointPrefixTemplate,
|
||||
LabelsFn: a.hostPrefixLabelValues,
|
||||
}.Build(req)
|
||||
|
||||
// signer redirection
|
||||
redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
|
||||
|
||||
err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
|
||||
if err != nil {
|
||||
return s3shared.NewInvalidARNError(arn.AccessPointARN(a), err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
|
||||
return map[string]string{
|
||||
accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
|
||||
accountIDPrefixLabel: arn.AccessPointARN(a).AccountID,
|
||||
}
|
||||
}
|
||||
|
||||
// s3ObjectLambdaAccessPointEndpointBuilder represents the endpoint builder for an s3 object lambda access point arn
|
||||
type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN
|
||||
|
||||
// build builds the endpoint for corresponding access point arn
|
||||
//
|
||||
// For building an endpoint from access point arn, format used is:
|
||||
// - Access point endpoint format : {accesspointName}-{accountId}.s3-object-lambda.{region}.{dnsSuffix}
|
||||
// - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com
|
||||
//
|
||||
// Access Point Endpoint requests are signed using "s3-object-lambda" as signing name.
|
||||
//
|
||||
func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error {
|
||||
resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region
|
||||
|
||||
endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", EndpointsID)
|
||||
if err != nil {
|
||||
return s3shared.NewFailedToResolveEndpointError(arn.S3ObjectLambdaAccessPointARN(a),
|
||||
req.ClientInfo.PartitionID, resolveRegion, err)
|
||||
}
|
||||
|
||||
endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
|
||||
|
||||
endpoint.SigningName = s3ObjectsLambdaNamespace
|
||||
|
||||
if !hasCustomEndpoint(req) {
|
||||
if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
updateS3HostPrefixForS3ObjectLambda(req)
|
||||
}
|
||||
|
||||
protocol.HostPrefixBuilder{
|
||||
Prefix: accessPointPrefixTemplate,
|
||||
LabelsFn: a.hostPrefixLabelValues,
|
||||
}.Build(req)
|
||||
|
||||
// signer redirection
|
||||
redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
|
||||
|
||||
err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
|
||||
if err != nil {
|
||||
return s3shared.NewInvalidARNError(arn.S3ObjectLambdaAccessPointARN(a), err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a s3ObjectLambdaAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
|
||||
return map[string]string{
|
||||
accessPointPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccessPointName,
|
||||
accountIDPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccountID,
|
||||
}
|
||||
}
|
||||
|
||||
// outpostAccessPointEndpointBuilder represents the Endpoint builder for outpost access point arn.
|
||||
type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN
|
||||
|
||||
// build builds an endpoint corresponding to the outpost access point arn.
|
||||
//
|
||||
// For building an endpoint from outpost access point arn, format used is:
|
||||
// - Outpost access point endpoint format : {accesspointName}-{accountId}.{outpostId}.s3-outposts.{region}.{dnsSuffix}
|
||||
// - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com
|
||||
//
|
||||
// Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name.
|
||||
//
|
||||
func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
|
||||
resolveRegion := o.Region
|
||||
resolveService := o.Service
|
||||
|
||||
endpointsID := resolveService
|
||||
if resolveService == s3OutpostsNamespace {
|
||||
endpointsID = "s3"
|
||||
}
|
||||
|
||||
endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", endpointsID)
|
||||
if err != nil {
|
||||
return s3shared.NewFailedToResolveEndpointError(o,
|
||||
req.ClientInfo.PartitionID, resolveRegion, err)
|
||||
}
|
||||
|
||||
endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
|
||||
|
||||
if !hasCustomEndpoint(req) {
|
||||
if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
|
||||
return err
|
||||
}
|
||||
updateHostPrefix(req, endpointsID, resolveService)
|
||||
}
|
||||
|
||||
protocol.HostPrefixBuilder{
|
||||
Prefix: outpostAccessPointPrefixTemplate,
|
||||
LabelsFn: o.hostPrefixLabelValues,
|
||||
}.Build(req)
|
||||
|
||||
// set the signing region, name to resolved names from ARN
|
||||
redirectSigner(req, resolveService, resolveRegion)
|
||||
|
||||
err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
|
||||
if err != nil {
|
||||
return s3shared.NewInvalidARNError(o, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o outpostAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
|
||||
return map[string]string{
|
||||
accessPointPrefixLabel: o.AccessPointName,
|
||||
accountIDPrefixLabel: o.AccountID,
|
||||
outpostPrefixLabel: o.OutpostID,
|
||||
}
|
||||
}
|
||||
|
||||
func resolveRegionalEndpoint(r *request.Request, region, resolvedRegion, endpointsID string) (endpoints.ResolvedEndpoint, error) {
|
||||
return r.Config.EndpointResolver.EndpointFor(endpointsID, region, func(opts *endpoints.Options) {
|
||||
opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
|
||||
opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
|
||||
opts.UseDualStackEndpoint = r.Config.UseDualStackEndpoint
|
||||
opts.UseFIPSEndpoint = r.Config.UseFIPSEndpoint
|
||||
opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
|
||||
opts.ResolvedRegion = resolvedRegion
|
||||
opts.Logger = r.Config.Logger
|
||||
opts.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated)
|
||||
})
|
||||
}
|
||||
|
||||
func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
|
||||
r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
|
||||
if err != nil {
|
||||
return awserr.New(request.ErrCodeSerialization,
|
||||
"failed to parse endpoint URL", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// redirectSigner sets signing name, signing region for a request
|
||||
func redirectSigner(req *request.Request, signingName string, signingRegion string) {
|
||||
req.ClientInfo.SigningName = signingName
|
||||
req.ClientInfo.SigningRegion = signingRegion
|
||||
}
|
||||
|
||||
func updateS3HostForS3AccessPoint(req *request.Request) {
|
||||
updateHostPrefix(req, "s3", s3AccessPointNamespace)
|
||||
}
|
||||
|
||||
func updateS3HostPrefixForS3ObjectLambda(req *request.Request) {
|
||||
updateHostPrefix(req, "s3", s3ObjectsLambdaNamespace)
|
||||
}
|
||||
|
||||
func updateHostPrefix(req *request.Request, oldEndpointPrefix, newEndpointPrefix string) {
|
||||
host := req.HTTPRequest.URL.Host
|
||||
if strings.HasPrefix(host, oldEndpointPrefix) {
|
||||
// replace service hostlabel oldEndpointPrefix to newEndpointPrefix
|
||||
req.HTTPRequest.URL.Host = newEndpointPrefix + host[len(oldEndpointPrefix):]
|
||||
}
|
||||
}
|
151
vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go
generated
vendored
151
vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_errors.go
generated
vendored
|
@ -1,151 +0,0 @@
|
|||
package s3
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/s3/internal/arn"
|
||||
)
|
||||
|
||||
const (
|
||||
invalidARNErrorErrCode = "InvalidARNError"
|
||||
configurationErrorErrCode = "ConfigurationError"
|
||||
)
|
||||
|
||||
type invalidARNError struct {
|
||||
message string
|
||||
resource arn.Resource
|
||||
origErr error
|
||||
}
|
||||
|
||||
func (e invalidARNError) Error() string {
|
||||
var extra string
|
||||
if e.resource != nil {
|
||||
extra = "ARN: " + e.resource.String()
|
||||
}
|
||||
return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
|
||||
}
|
||||
|
||||
func (e invalidARNError) Code() string {
|
||||
return invalidARNErrorErrCode
|
||||
}
|
||||
|
||||
func (e invalidARNError) Message() string {
|
||||
return e.message
|
||||
}
|
||||
|
||||
func (e invalidARNError) OrigErr() error {
|
||||
return e.origErr
|
||||
}
|
||||
|
||||
func newInvalidARNError(resource arn.Resource, err error) invalidARNError {
|
||||
return invalidARNError{
|
||||
message: "invalid ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
}
|
||||
}
|
||||
|
||||
func newInvalidARNWithCustomEndpointError(resource arn.Resource, err error) invalidARNError {
|
||||
return invalidARNError{
|
||||
message: "resource ARN not supported with custom client endpoints",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
}
|
||||
}
|
||||
|
||||
// ARN not supported for the target partition
|
||||
func newInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) invalidARNError {
|
||||
return invalidARNError{
|
||||
message: "resource ARN not supported for the target ARN partition",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
}
|
||||
}
|
||||
|
||||
type configurationError struct {
|
||||
message string
|
||||
resource arn.Resource
|
||||
clientPartitionID string
|
||||
clientRegion string
|
||||
origErr error
|
||||
}
|
||||
|
||||
func (e configurationError) Error() string {
|
||||
extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s",
|
||||
e.resource, e.clientPartitionID, e.clientRegion)
|
||||
|
||||
return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
|
||||
}
|
||||
|
||||
func (e configurationError) Code() string {
|
||||
return configurationErrorErrCode
|
||||
}
|
||||
|
||||
func (e configurationError) Message() string {
|
||||
return e.message
|
||||
}
|
||||
|
||||
func (e configurationError) OrigErr() error {
|
||||
return e.origErr
|
||||
}
|
||||
|
||||
func newClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
|
||||
return configurationError{
|
||||
message: "client partition does not match provided ARN partition",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
func newClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
|
||||
return configurationError{
|
||||
message: "client region does not match provided ARN region",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
func newFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
|
||||
return configurationError{
|
||||
message: "endpoint resolver failed to find an endpoint for the provided ARN region",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
func newClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
|
||||
return configurationError{
|
||||
message: "client configured for fips but cross-region resource ARN provided",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
func newClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
|
||||
return configurationError{
|
||||
message: "client configured for S3 Accelerate but is supported with resource ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
||||
|
||||
func newClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
|
||||
return configurationError{
|
||||
message: "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN",
|
||||
origErr: err,
|
||||
resource: resource,
|
||||
clientPartitionID: clientPartitionID,
|
||||
clientRegion: clientRegion,
|
||||
}
|
||||
}
|
22
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
generated
vendored
22
vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
generated
vendored
|
@ -8,19 +8,25 @@ const (
|
|||
// "BucketAlreadyExists".
|
||||
//
|
||||
// The requested bucket name is not available. The bucket namespace is shared
|
||||
// by all users of the system. Please select a different name and try again.
|
||||
// by all users of the system. Select a different name and try again.
|
||||
ErrCodeBucketAlreadyExists = "BucketAlreadyExists"
|
||||
|
||||
// ErrCodeBucketAlreadyOwnedByYou for service response error code
|
||||
// "BucketAlreadyOwnedByYou".
|
||||
//
|
||||
// The bucket you tried to create already exists, and you own it. Amazon S3
|
||||
// returns this error in all AWS Regions except in the North Virginia Region.
|
||||
// For legacy compatibility, if you re-create an existing bucket that you already
|
||||
// own in the North Virginia Region, Amazon S3 returns 200 OK and resets the
|
||||
// bucket access control lists (ACLs).
|
||||
// returns this error in all Amazon Web Services Regions except in the North
|
||||
// Virginia Region. For legacy compatibility, if you re-create an existing bucket
|
||||
// that you already own in the North Virginia Region, Amazon S3 returns 200
|
||||
// OK and resets the bucket access control lists (ACLs).
|
||||
ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
|
||||
|
||||
// ErrCodeInvalidObjectState for service response error code
|
||||
// "InvalidObjectState".
|
||||
//
|
||||
// Object is archived and inaccessible until restored.
|
||||
ErrCodeInvalidObjectState = "InvalidObjectState"
|
||||
|
||||
// ErrCodeNoSuchBucket for service response error code
|
||||
// "NoSuchBucket".
|
||||
//
|
||||
|
@ -42,13 +48,13 @@ const (
|
|||
// ErrCodeObjectAlreadyInActiveTierError for service response error code
|
||||
// "ObjectAlreadyInActiveTierError".
|
||||
//
|
||||
// This operation is not allowed against this storage tier.
|
||||
// This action is not allowed against this storage tier.
|
||||
ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
|
||||
|
||||
// ErrCodeObjectNotInActiveTierError for service response error code
|
||||
// "ObjectNotInActiveTierError".
|
||||
//
|
||||
// The source object of the COPY operation is not in the active tier and is
|
||||
// only stored in Amazon S3 Glacier.
|
||||
// The source object of the COPY action is not in the active tier and is only
|
||||
// stored in Amazon S3 Glacier.
|
||||
ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
|
||||
)
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue