update: AWS Go SDK bump to the latest release

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
This commit is contained in:
Milos Gajdos 2023-12-01 08:51:16 +00:00
parent a2613975a1
commit 6f84e87803
No known key found for this signature in database
23 changed files with 8582 additions and 2321 deletions

2
go.mod
View file

@ -8,7 +8,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
github.com/aws/aws-sdk-go v1.44.325 github.com/aws/aws-sdk-go v1.48.10
github.com/bshuster-repo/logrus-logstash-hook v1.0.0 github.com/bshuster-repo/logrus-logstash-hook v1.0.0
github.com/coreos/go-systemd/v22 v22.5.0 github.com/coreos/go-systemd/v22 v22.5.0
github.com/distribution/reference v0.5.0 github.com/distribution/reference v0.5.0

20
go.sum
View file

@ -61,8 +61,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/aws/aws-sdk-go v1.44.325 h1:jF/L99fJSq/BfiLmUOflO/aM+LwcqBm0Fe/qTK5xxuI= github.com/aws/aws-sdk-go v1.48.10 h1:0LIFG3wp2Dt6PsxKWCg1Y1xRrn2vZnW5/gWdgaBalKg=
github.com/aws/aws-sdk-go v1.44.325/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.48.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -319,7 +319,6 @@ github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gt
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@ -341,7 +340,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -374,7 +372,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -404,10 +401,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -427,7 +421,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -466,27 +459,19 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -532,7 +517,6 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

View file

@ -0,0 +1,4 @@
// DO NOT EDIT
package corehandlers
const isAwsInternal = ""

View file

@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{
request.AddToUserAgent(r, execEnvUAKey+"/"+v) request.AddToUserAgent(r, execEnvUAKey+"/"+v)
}, },
} }
var AddAwsInternal = request.NamedHandler{
Name: "core.AddAwsInternal",
Fn: func(r *request.Request) {
if len(isAwsInternal) == 0 {
return
}
request.AddToUserAgent(r, isAwsInternal)
},
}

View file

@ -31,6 +31,8 @@ package endpointcreds
import ( import (
"encoding/json" "encoding/json"
"fmt"
"strings"
"time" "time"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
@ -69,7 +71,37 @@ type Provider struct {
// Optional authorization token value if set will be used as the value of // Optional authorization token value if set will be used as the value of
// the Authorization header of the endpoint credential request. // the Authorization header of the endpoint credential request.
//
// When constructed from environment, the provider will use the value of
// AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token
//
// Will be overridden if AuthorizationTokenProvider is configured
AuthorizationToken string AuthorizationToken string
// Optional auth provider func to dynamically load the auth token from a file
// everytime a credential is retrieved
//
// When constructed from environment, the provider will read and use the content
// of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable
// as the auth token everytime credentials are retrieved
//
// Will override AuthorizationToken if configured
AuthorizationTokenProvider AuthTokenProvider
}
// AuthTokenProvider defines an interface to dynamically load a value to be passed
// for the Authorization header of a credentials request.
type AuthTokenProvider interface {
GetToken() (string, error)
}
// TokenProviderFunc is a func type implementing AuthTokenProvider interface
// and enables customizing token provider behavior
type TokenProviderFunc func() (string, error)
// GetToken func retrieves auth token according to TokenProviderFunc implementation
func (p TokenProviderFunc) GetToken() (string, error) {
return p()
} }
// NewProviderClient returns a credentials Provider for retrieving AWS credentials // NewProviderClient returns a credentials Provider for retrieving AWS credentials
@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error
req := p.Client.NewRequest(op, nil, out) req := p.Client.NewRequest(op, nil, out)
req.SetContext(ctx) req.SetContext(ctx)
req.HTTPRequest.Header.Set("Accept", "application/json") req.HTTPRequest.Header.Set("Accept", "application/json")
if authToken := p.AuthorizationToken; len(authToken) != 0 {
authToken := p.AuthorizationToken
var err error
if p.AuthorizationTokenProvider != nil {
authToken, err = p.AuthorizationTokenProvider.GetToken()
if err != nil {
return nil, fmt.Errorf("get authorization token: %v", err)
}
}
if strings.ContainsAny(authToken, "\r\n") {
return nil, fmt.Errorf("authorization token contains invalid newline sequence")
}
if len(authToken) != 0 {
req.HTTPRequest.Header.Set("Authorization", authToken) req.HTTPRequest.Header.Set("Authorization", authToken)
} }

View file

@ -111,6 +111,15 @@ func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error)
if err != nil { if err != nil {
return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err) return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err)
} }
if createResult.ExpiresIn == nil {
return cachedToken{}, fmt.Errorf("missing required field ExpiresIn")
}
if createResult.AccessToken == nil {
return cachedToken{}, fmt.Errorf("missing required field AccessToken")
}
if createResult.RefreshToken == nil {
return cachedToken{}, fmt.Errorf("missing required field RefreshToken")
}
expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second) expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second)

View file

@ -9,6 +9,7 @@ package defaults
import ( import (
"fmt" "fmt"
"io/ioutil"
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
@ -74,6 +75,7 @@ func Handlers() request.Handlers {
handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler) handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler)
handlers.Validate.AfterEachFn = request.HandlerListStopOnError handlers.Validate.AfterEachFn = request.HandlerListStopOnError
handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler) handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)
handlers.Build.PushBackNamed(corehandlers.AddAwsInternal)
handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander) handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander)
handlers.Build.AfterEachFn = request.HandlerListStopOnError handlers.Build.AfterEachFn = request.HandlerListStopOnError
handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler) handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler)
@ -114,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro
const ( const (
httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE"
httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
) )
// direct representation of the IPv4 address for the ECS container
// "169.254.170.2"
var ecsContainerIPv4 net.IP = []byte{
169, 254, 170, 2,
}
// direct representation of the IPv4 address for the EKS container
// "169.254.170.23"
var eksContainerIPv4 net.IP = []byte{
169, 254, 170, 23,
}
// direct representation of the IPv6 address for the EKS container
// "fd00:ec2::23"
var eksContainerIPv6 net.IP = []byte{
0xFD, 0, 0xE, 0xC2,
0, 0, 0, 0,
0, 0, 0, 0,
0, 0, 0, 0x23,
}
// RemoteCredProvider returns a credentials provider for the default remote // RemoteCredProvider returns a credentials provider for the default remote
// endpoints such as EC2 or ECS Roles. // endpoints such as EC2 or ECS Roles.
func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider { func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider {
@ -134,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P
var lookupHostFn = net.LookupHost var lookupHostFn = net.LookupHost
func isLoopbackHost(host string) (bool, error) { // isAllowedHost allows host to be loopback or known ECS/EKS container IPs
ip := net.ParseIP(host) //
if ip != nil { // host can either be an IP address OR an unresolved hostname - resolution will
return ip.IsLoopback(), nil // be automatically performed in the latter case
func isAllowedHost(host string) (bool, error) {
if ip := net.ParseIP(host); ip != nil {
return isIPAllowed(ip), nil
} }
// Host is not an ip, perform lookup
addrs, err := lookupHostFn(host) addrs, err := lookupHostFn(host)
if err != nil { if err != nil {
return false, err return false, err
} }
for _, addr := range addrs { for _, addr := range addrs {
if !net.ParseIP(addr).IsLoopback() { if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) {
return false, nil return false, nil
} }
} }
@ -154,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) {
return true, nil return true, nil
} }
func isIPAllowed(ip net.IP) bool {
return ip.IsLoopback() ||
ip.Equal(ecsContainerIPv4) ||
ip.Equal(eksContainerIPv4) ||
ip.Equal(eksContainerIPv6)
}
func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider { func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider {
var errMsg string var errMsg string
@ -164,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string)
host := aws.URLHostname(parsed) host := aws.URLHostname(parsed)
if len(host) == 0 { if len(host) == 0 {
errMsg = "unable to parse host from local HTTP cred provider URL" errMsg = "unable to parse host from local HTTP cred provider URL"
} else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil { } else if parsed.Scheme == "http" {
errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr) if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil {
} else if !isLoopback { errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr)
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host) } else if !isAllowedHost {
errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host)
}
} }
} }
@ -189,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede
func(p *endpointcreds.Provider) { func(p *endpointcreds.Provider) {
p.ExpiryWindow = 5 * time.Minute p.ExpiryWindow = 5 * time.Minute
p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar) p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar)
if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" {
p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) {
if contents, err := ioutil.ReadFile(authFilePath); err != nil {
return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err)
} else {
return string(contents), nil
}
})
}
}, },
) )
} }

File diff suppressed because it is too large Load diff

View file

@ -171,6 +171,12 @@ type envConfig struct {
// AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6
EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState
// Specifies that IMDS clients should not fallback to IMDSv1 if token
// requests fail.
//
// AWS_EC2_METADATA_V1_DISABLED=true
EC2IMDSv1Disabled *bool
// Specifies that SDK clients must resolve a dual-stack endpoint for // Specifies that SDK clients must resolve a dual-stack endpoint for
// services. // services.
// //
@ -251,6 +257,9 @@ var (
ec2IMDSEndpointModeEnvKey = []string{ ec2IMDSEndpointModeEnvKey = []string{
"AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE",
} }
ec2MetadataV1DisabledEnvKey = []string{
"AWS_EC2_METADATA_V1_DISABLED",
}
useCABundleKey = []string{ useCABundleKey = []string{
"AWS_CA_BUNDLE", "AWS_CA_BUNDLE",
} }
@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil {
return envConfig{}, err return envConfig{}, err
} }
setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey)
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil { if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil {
return cfg, err return cfg, err
@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) {
} }
} }
func setBoolPtrFromEnvVal(dst **bool, keys []string) {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch {
case strings.EqualFold(value, "false"):
*dst = new(bool)
**dst = false
case strings.EqualFold(value, "true"):
*dst = new(bool)
**dst = true
}
}
}
func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error {
for _, k := range keys { for _, k := range keys {
value := os.Getenv(k) value := os.Getenv(k)

View file

@ -779,6 +779,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode)
} }
cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback
if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil {
cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled)
}
if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil {
cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled)
}
cfg.S3UseARNRegion = userCfg.S3UseARNRegion cfg.S3UseARNRegion = userCfg.S3UseARNRegion
if cfg.S3UseARNRegion == nil { if cfg.S3UseARNRegion == nil {
cfg.S3UseARNRegion = &envCfg.S3UseARNRegion cfg.S3UseARNRegion = &envCfg.S3UseARNRegion

View file

@ -80,6 +80,9 @@ const (
// EC2 IMDS Endpoint // EC2 IMDS Endpoint
ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint"
// ECS IMDSv1 disable fallback
ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled"
// Use DualStack Endpoint Resolution // Use DualStack Endpoint Resolution
useDualStackEndpoint = "use_dualstack_endpoint" useDualStackEndpoint = "use_dualstack_endpoint"
@ -179,6 +182,12 @@ type sharedConfig struct {
// ec2_metadata_service_endpoint=http://fd00:ec2::254 // ec2_metadata_service_endpoint=http://fd00:ec2::254
EC2IMDSEndpoint string EC2IMDSEndpoint string
// Specifies that IMDS clients should not fallback to IMDSv1 if token
// requests fail.
//
// ec2_metadata_v1_disabled=true
EC2IMDSv1Disabled *bool
// Specifies that SDK clients must resolve a dual-stack endpoint for // Specifies that SDK clients must resolve a dual-stack endpoint for
// services. // services.
// //
@ -389,8 +398,15 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
updateString(&cfg.Region, section, regionKey) updateString(&cfg.Region, section, regionKey)
updateString(&cfg.CustomCABundle, section, customCABundleKey) updateString(&cfg.CustomCABundle, section, customCABundleKey)
// we're retaining a behavioral quirk with this field that existed before
// the removal of literal parsing for (aws-sdk-go-v2/#2276):
// - if the key is missing, the config field will not be set
// - if the key is set to a non-numeric, the config field will be set to 0
if section.Has(roleDurationSecondsKey) { if section.Has(roleDurationSecondsKey) {
d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second var d time.Duration
if v, ok := section.Int(roleDurationSecondsKey); ok {
d = time.Duration(v) * time.Second
}
cfg.AssumeRoleDuration = &d cfg.AssumeRoleDuration = &d
} }
@ -427,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
ec2MetadataServiceEndpointModeKey, file.Filename, err) ec2MetadataServiceEndpointModeKey, file.Filename, err)
} }
updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey)
updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey)
updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint) updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint)
@ -668,7 +685,10 @@ func updateBool(dst *bool, section ini.Section, key string) {
if !section.Has(key) { if !section.Has(key) {
return return
} }
*dst = section.Bool(key)
// retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false
v, _ := section.Bool(key)
*dst = v
} }
// updateBoolPtr will only update the dst with the value in the section key, // updateBoolPtr will only update the dst with the value in the section key,
@ -677,8 +697,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) {
if !section.Has(key) { if !section.Has(key) {
return return
} }
// retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false
v, _ := section.Bool(key)
*dst = new(bool) *dst = new(bool)
**dst = section.Bool(key) **dst = v
} }
// SharedConfigLoadError is an error for the shared config file failed to load. // SharedConfigLoadError is an error for the shared config file failed to load.
@ -805,7 +828,8 @@ func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section i
return return
} }
if section.Bool(key) { // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false
if v, _ := section.Bool(key); v {
*dst = endpoints.DualStackEndpointStateEnabled *dst = endpoints.DualStackEndpointStateEnabled
} else { } else {
*dst = endpoints.DualStackEndpointStateDisabled *dst = endpoints.DualStackEndpointStateDisabled
@ -821,7 +845,8 @@ func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section
return return
} }
if section.Bool(key) { // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false
if v, _ := section.Bool(key); v {
*dst = endpoints.FIPSEndpointStateEnabled *dst = endpoints.FIPSEndpointStateEnabled
} else { } else {
*dst = endpoints.FIPSEndpointStateDisabled *dst = endpoints.FIPSEndpointStateDisabled

View file

@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{},
"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{},
"X-Amz-Expected-Bucket-Owner": struct{}{},
"X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Full-control": struct{}{},
"X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read": struct{}{},
"X-Amz-Grant-Read-Acp": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{},
@ -135,6 +136,7 @@ var requiredSignedHeaders = rules{
"X-Amz-Request-Payer": struct{}{}, "X-Amz-Request-Payer": struct{}{},
"X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{},
"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{},
"X-Amz-Server-Side-Encryption-Context": struct{}{},
"X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{},
"X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{},
"X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{},

View file

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go" const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK // SDKVersion is the version of this SDK
const SDKVersion = "1.44.325" const SDKVersion = "1.48.10"

View file

@ -154,11 +154,11 @@ func (v ValueType) String() string {
// ValueType enums // ValueType enums
const ( const (
NoneType = ValueType(iota) NoneType = ValueType(iota)
DecimalType DecimalType // deprecated
IntegerType IntegerType // deprecated
StringType StringType
QuotedStringType QuotedStringType
BoolType BoolType // deprecated
) )
// Value is a union container // Value is a union container
@ -166,9 +166,9 @@ type Value struct {
Type ValueType Type ValueType
raw []rune raw []rune
integer int64 integer int64 // deprecated
decimal float64 decimal float64 // deprecated
boolean bool boolean bool // deprecated
str string str string
} }
@ -253,24 +253,6 @@ func newLitToken(b []rune) (Token, int, error) {
} }
token = newToken(TokenLit, b[:n], QuotedStringType) token = newToken(TokenLit, b[:n], QuotedStringType)
} else if isNumberValue(b) {
var base int
base, n, err = getNumericalValue(b)
if err != nil {
return token, 0, err
}
value := b[:n]
vType := IntegerType
if contains(value, '.') || hasExponent(value) {
vType = DecimalType
}
token = newToken(TokenLit, value, vType)
token.base = base
} else if isBoolValue(b) {
n, err = getBoolValue(b)
token = newToken(TokenLit, b[:n], BoolType)
} else { } else {
n, err = getValue(b) n, err = getValue(b)
token = newToken(TokenLit, b[:n], StringType) token = newToken(TokenLit, b[:n], StringType)
@ -280,18 +262,33 @@ func newLitToken(b []rune) (Token, int, error) {
} }
// IntValue returns an integer value // IntValue returns an integer value
func (v Value) IntValue() int64 { func (v Value) IntValue() (int64, bool) {
return v.integer i, err := strconv.ParseInt(string(v.raw), 0, 64)
if err != nil {
return 0, false
}
return i, true
} }
// FloatValue returns a float value // FloatValue returns a float value
func (v Value) FloatValue() float64 { func (v Value) FloatValue() (float64, bool) {
return v.decimal f, err := strconv.ParseFloat(string(v.raw), 64)
if err != nil {
return 0, false
}
return f, true
} }
// BoolValue returns a bool value // BoolValue returns a bool value
func (v Value) BoolValue() bool { func (v Value) BoolValue() (bool, bool) {
return v.boolean // we don't use ParseBool as it recognizes more than what we've
// historically supported
if isCaselessLitValue(runesTrue, v.raw) {
return true, true
} else if isCaselessLitValue(runesFalse, v.raw) {
return false, true
}
return false, false
} }
func isTrimmable(r rune) bool { func isTrimmable(r rune) bool {

View file

@ -145,17 +145,17 @@ func (t Section) ValueType(k string) (ValueType, bool) {
} }
// Bool returns a bool value at k // Bool returns a bool value at k
func (t Section) Bool(k string) bool { func (t Section) Bool(k string) (bool, bool) {
return t.values[k].BoolValue() return t.values[k].BoolValue()
} }
// Int returns an integer value at k // Int returns an integer value at k
func (t Section) Int(k string) int64 { func (t Section) Int(k string) (int64, bool) {
return t.values[k].IntValue() return t.values[k].IntValue()
} }
// Float64 returns a float value at k // Float64 returns a float value at k
func (t Section) Float64(k string) float64 { func (t Section) Float64(k string) (float64, bool) {
return t.values[k].FloatValue() return t.values[k].FloatValue()
} }

File diff suppressed because it is too large Load diff

View file

@ -25,6 +25,15 @@ const (
// "InvalidObjectState". // "InvalidObjectState".
// //
// Object is archived and inaccessible until restored. // Object is archived and inaccessible until restored.
//
// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering
// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier,
// before you can retrieve the object you must first restore a copy using RestoreObject
// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
// Otherwise, this operation returns an InvalidObjectState error. For information
// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
// in the Amazon S3 User Guide.
ErrCodeInvalidObjectState = "InvalidObjectState" ErrCodeInvalidObjectState = "InvalidObjectState"
// ErrCodeNoSuchBucket for service response error code // ErrCodeNoSuchBucket for service response error code

View file

@ -56,9 +56,10 @@ func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Requ
// CreateToken API operation for AWS SSO OIDC. // CreateToken API operation for AWS SSO OIDC.
// //
// Creates and returns an access token for the authorized client. The access // Creates and returns access and refresh tokens for clients that are authenticated
// token issued will be used to fetch short-term credentials for the assigned // using client secrets. The access token can be used to fetch short-term credentials
// roles in the AWS account. // for the assigned AWS accounts or to access application APIs using bearer
// authentication.
// //
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about // with awserr.Error's Code and Message methods to get detailed information about
@ -133,6 +134,131 @@ func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInpu
return out, req.Send() return out, req.Send()
} }
const opCreateTokenWithIAM = "CreateTokenWithIAM"
// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the
// client's request for the CreateTokenWithIAM operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateTokenWithIAMRequest method.
// req, resp := client.CreateTokenWithIAMRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) {
op := &request.Operation{
Name: opCreateTokenWithIAM,
HTTPMethod: "POST",
HTTPPath: "/token?aws_iam=t",
}
if input == nil {
input = &CreateTokenWithIAMInput{}
}
output = &CreateTokenWithIAMOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateTokenWithIAM API operation for AWS SSO OIDC.
//
// Creates and returns access and refresh tokens for clients and applications
// that are authenticated using IAM entities. The access token can be used to
// fetch short-term credentials for the assigned AWS accounts or to access application
// APIs using bearer authentication.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS SSO OIDC's
// API operation CreateTokenWithIAM for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// Indicates that something is wrong with the input to the request. For example,
// a required parameter might be missing or out of range.
//
// - InvalidClientException
// Indicates that the clientId or clientSecret in the request is invalid. For
// example, this can occur when a client sends an incorrect clientId or an expired
// clientSecret.
//
// - InvalidGrantException
// Indicates that a request contains an invalid grant. This can occur if a client
// makes a CreateToken request with an invalid grant type.
//
// - UnauthorizedClientException
// Indicates that the client is not currently authorized to make the request.
// This can happen when a clientId is not issued for a public client.
//
// - UnsupportedGrantTypeException
// Indicates that the grant type in the request is not supported by the service.
//
// - InvalidScopeException
// Indicates that the scope provided in the request is invalid.
//
// - AuthorizationPendingException
// Indicates that a request to authorize a client with an access user session
// token is pending.
//
// - SlowDownException
// Indicates that the client is making the request too frequently and is more
// than the service can handle.
//
// - AccessDeniedException
// You do not have sufficient access to perform this action.
//
// - ExpiredTokenException
// Indicates that the token issued by the service is expired and is no longer
// valid.
//
// - InternalServerException
// Indicates that an error from the service occurred while trying to process
// a request.
//
// - InvalidRequestRegionException
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) {
req, out := c.CreateTokenWithIAMRequest(input)
return out, req.Send()
}
// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of
// the ability to pass a context and additional request options.
//
// See CreateTokenWithIAM for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) {
req, out := c.CreateTokenWithIAMRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opRegisterClient = "RegisterClient" const opRegisterClient = "RegisterClient"
// RegisterClientRequest generates a "aws/request.Request" representing the // RegisterClientRequest generates a "aws/request.Request" representing the
@ -331,8 +457,11 @@ type AccessDeniedException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be access_denied.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -400,8 +529,11 @@ type AuthorizationPendingException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be authorization_pending.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -466,8 +598,8 @@ func (s *AuthorizationPendingException) RequestID() string {
type CreateTokenInput struct { type CreateTokenInput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The unique identifier string for each client. This value should come from // The unique identifier string for the client or application. This value comes
// the persisted result of the RegisterClient API. // from the result of the RegisterClient API.
// //
// ClientId is a required field // ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"` ClientId *string `locationName:"clientId" type:"string" required:"true"`
@ -475,23 +607,30 @@ type CreateTokenInput struct {
// A secret string generated for the client. This value should come from the // A secret string generated for the client. This value should come from the
// persisted result of the RegisterClient API. // persisted result of the RegisterClient API.
// //
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenInput's
// String and GoString methods.
//
// ClientSecret is a required field // ClientSecret is a required field
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
// The authorization code received from the authorization service. This parameter // Used only when calling this API for the Authorization Code grant type. The
// is required to perform an authorization grant request to get access to a // short-term code is used to identify this authorization request. This grant
// token. // type is currently unsupported for the CreateToken API.
Code *string `locationName:"code" type:"string"` Code *string `locationName:"code" type:"string"`
// Used only when calling this API for the device code grant type. This short-term // Used only when calling this API for the Device Code grant type. This short-term
// code is used to identify this authentication attempt. This should come from // code is used to identify this authorization request. This comes from the
// an in-memory reference to the result of the StartDeviceAuthorization API. // result of the StartDeviceAuthorization API.
DeviceCode *string `locationName:"deviceCode" type:"string"` DeviceCode *string `locationName:"deviceCode" type:"string"`
// Supports grant types for the authorization code, refresh token, and device // Supports the following OAuth grant types: Device Code and Refresh Token.
// code request. For device code requests, specify the following value: // Specify either of the following values, depending on the grant type that
// you want:
// //
// urn:ietf:params:oauth:grant-type:device_code // * Device Code - urn:ietf:params:oauth:grant-type:device_code
//
// * Refresh Token - refresh_token
// //
// For information about how to obtain the device code, see the StartDeviceAuthorization // For information about how to obtain the device code, see the StartDeviceAuthorization
// topic. // topic.
@ -499,21 +638,28 @@ type CreateTokenInput struct {
// GrantType is a required field // GrantType is a required field
GrantType *string `locationName:"grantType" type:"string" required:"true"` GrantType *string `locationName:"grantType" type:"string" required:"true"`
// The location of the application that will receive the authorization code. // Used only when calling this API for the Authorization Code grant type. This
// Users authorize the service to send the request to this location. // value specifies the location of the client or application that has registered
// to receive the authorization code.
RedirectUri *string `locationName:"redirectUri" type:"string"` RedirectUri *string `locationName:"redirectUri" type:"string"`
// Currently, refreshToken is not yet implemented and is not supported. For // Used only when calling this API for the Refresh Token grant type. This token
// more information about the features and limitations of the current IAM Identity // is used to refresh short-term tokens, such as the access token, that might
// Center OIDC implementation, see Considerations for Using this Guide in the // expire.
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
// //
// The token used to obtain an access token in the event that the access token // For more information about the features and limitations of the current IAM
// is invalid or expired. // Identity Center OIDC implementation, see Considerations for Using this Guide
RefreshToken *string `locationName:"refreshToken" type:"string"` // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenInput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// The list of scopes that is defined by the client. Upon authorization, this // The list of scopes for which authorization is requested. The access token
// list is used to restrict permissions when granting an access token. // that is issued is limited to the scopes that are granted. If this value is
// not specified, IAM Identity Center authorizes all scopes that are configured
// for the client during the call to RegisterClient.
Scope []*string `locationName:"scope" type:"list"` Scope []*string `locationName:"scope" type:"list"`
} }
@ -605,31 +751,43 @@ func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput {
type CreateTokenOutput struct { type CreateTokenOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// An opaque token to access IAM Identity Center resources assigned to a user. // A bearer token to access AWS accounts and applications assigned to a user.
AccessToken *string `locationName:"accessToken" type:"string"` //
// AccessToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
// Indicates the time in seconds when an access token will expire. // Indicates the time in seconds when an access token will expire.
ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
// Currently, idToken is not yet implemented and is not supported. For more // The idToken is not implemented or supported. For more information about the
// information about the features and limitations of the current IAM Identity // features and limitations of the current IAM Identity Center OIDC implementation,
// Center OIDC implementation, see Considerations for Using this Guide in the // see Considerations for Using this Guide in the IAM Identity Center OIDC API
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
// //
// The identifier of the user that associated with the access token, if present. // A JSON Web Token (JWT) that identifies who is associated with the issued
IdToken *string `locationName:"idToken" type:"string"` // access token.
//
// IdToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
// Currently, refreshToken is not yet implemented and is not supported. For
// more information about the features and limitations of the current IAM Identity
// Center OIDC implementation, see Considerations for Using this Guide in the
// IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// A token that, if present, can be used to refresh a previously issued access // A token that, if present, can be used to refresh a previously issued access
// token that might have expired. // token that might have expired.
RefreshToken *string `locationName:"refreshToken" type:"string"` //
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenOutput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// Used to notify the client that the returned token is an access token. The // Used to notify the client that the returned token is an access token. The
// supported type is BearerToken. // supported token type is Bearer.
TokenType *string `locationName:"tokenType" type:"string"` TokenType *string `locationName:"tokenType" type:"string"`
} }
@ -681,14 +839,312 @@ func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput {
return s return s
} }
type CreateTokenWithIAMInput struct {
_ struct{} `type:"structure"`
// Used only when calling this API for the JWT Bearer grant type. This value
// specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize
// a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
//
// Assertion is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
Assertion *string `locationName:"assertion" type:"string" sensitive:"true"`
// The unique identifier string for the client or application. This value is
// an application ARN that has OAuth grants configured.
//
// ClientId is a required field
ClientId *string `locationName:"clientId" type:"string" required:"true"`
// Used only when calling this API for the Authorization Code grant type. This
// short-term code is used to identify this authorization request. The code
// is obtained through a redirect from IAM Identity Center to a redirect URI
// persisted in the Authorization Code GrantOptions for the application.
Code *string `locationName:"code" type:"string"`
// Supports the following OAuth grant types: Authorization Code, Refresh Token,
// JWT Bearer, and Token Exchange. Specify one of the following values, depending
// on the grant type that you want:
//
// * Authorization Code - authorization_code
//
// * Refresh Token - refresh_token
//
// * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
//
// * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
//
// GrantType is a required field
GrantType *string `locationName:"grantType" type:"string" required:"true"`
// Used only when calling this API for the Authorization Code grant type. This
// value specifies the location of the client or application that has registered
// to receive the authorization code.
RedirectUri *string `locationName:"redirectUri" type:"string"`
// Used only when calling this API for the Refresh Token grant type. This token
// is used to refresh short-term tokens, such as the access token, that might
// expire.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that the requester can receive. The following
// values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
RequestedTokenType *string `locationName:"requestedTokenType" type:"string"`
// The list of scopes for which authorization is requested. The access token
// that is issued is limited to the scopes that are granted. If the value is
// not specified, IAM Identity Center authorizes all scopes configured for the
// application, including the following default scopes: openid, aws, sts:identity_context.
Scope []*string `locationName:"scope" type:"list"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the subject of the exchange. The value of the subject token must
// be an access token issued by IAM Identity Center to a different client or
// application. The access token must have authorized scopes that indicate the
// requested application as a target audience.
//
// SubjectToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
// String and GoString methods.
SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"`
// Used only when calling this API for the Token Exchange grant type. This value
// specifies the type of token that is passed as the subject of the exchange.
// The following value is supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
SubjectTokenType *string `locationName:"subjectTokenType" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateTokenWithIAMInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"}
if s.ClientId == nil {
invalidParams.Add(request.NewErrParamRequired("ClientId"))
}
if s.GrantType == nil {
invalidParams.Add(request.NewErrParamRequired("GrantType"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAssertion sets the Assertion field's value.
func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput {
s.Assertion = &v
return s
}
// SetClientId sets the ClientId field's value.
func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput {
s.ClientId = &v
return s
}
// SetCode sets the Code field's value.
func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput {
s.Code = &v
return s
}
// SetGrantType sets the GrantType field's value.
func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput {
s.GrantType = &v
return s
}
// SetRedirectUri sets the RedirectUri field's value.
func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput {
s.RedirectUri = &v
return s
}
// SetRefreshToken sets the RefreshToken field's value.
func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput {
s.RefreshToken = &v
return s
}
// SetRequestedTokenType sets the RequestedTokenType field's value.
func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput {
s.RequestedTokenType = &v
return s
}
// SetScope sets the Scope field's value.
func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput {
s.Scope = v
return s
}
// SetSubjectToken sets the SubjectToken field's value.
func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput {
s.SubjectToken = &v
return s
}
// SetSubjectTokenType sets the SubjectTokenType field's value.
func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput {
s.SubjectTokenType = &v
return s
}
type CreateTokenWithIAMOutput struct {
_ struct{} `type:"structure"`
// A bearer token to access AWS accounts and applications assigned to a user.
//
// AccessToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
// Indicates the time in seconds when an access token will expire.
ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
// A JSON Web Token (JWT) that identifies the user associated with the issued
// access token.
//
// IdToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
// Indicates the type of tokens that are issued by IAM Identity Center. The
// following values are supported:
//
// * Access Token - urn:ietf:params:oauth:token-type:access_token
//
// * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
IssuedTokenType *string `locationName:"issuedTokenType" type:"string"`
// A token that, if present, can be used to refresh a previously issued access
// token that might have expired.
//
// For more information about the features and limitations of the current IAM
// Identity Center OIDC implementation, see Considerations for Using this Guide
// in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
//
// RefreshToken is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
// String and GoString methods.
RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
// The list of scopes for which authorization is granted. The access token that
// is issued is limited to the scopes that are granted.
Scope []*string `locationName:"scope" type:"list"`
// Used to notify the requester that the returned token is an access token.
// The supported token type is Bearer.
TokenType *string `locationName:"tokenType" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTokenWithIAMOutput) GoString() string {
return s.String()
}
// SetAccessToken sets the AccessToken field's value.
func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput {
s.AccessToken = &v
return s
}
// SetExpiresIn sets the ExpiresIn field's value.
func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput {
s.ExpiresIn = &v
return s
}
// SetIdToken sets the IdToken field's value.
func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput {
s.IdToken = &v
return s
}
// SetIssuedTokenType sets the IssuedTokenType field's value.
func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput {
s.IssuedTokenType = &v
return s
}
// SetRefreshToken sets the RefreshToken field's value.
func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput {
s.RefreshToken = &v
return s
}
// SetScope sets the Scope field's value.
func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput {
s.Scope = v
return s
}
// SetTokenType sets the TokenType field's value.
func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput {
s.TokenType = &v
return s
}
// Indicates that the token issued by the service is expired and is no longer // Indicates that the token issued by the service is expired and is no longer
// valid. // valid.
type ExpiredTokenException struct { type ExpiredTokenException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be expired_token.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -756,8 +1212,11 @@ type InternalServerException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be server_error.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -826,8 +1285,11 @@ type InvalidClientException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_client.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -895,8 +1357,11 @@ type InvalidClientMetadataException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_client_metadata.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -964,8 +1429,11 @@ type InvalidGrantException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_grant.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -1033,8 +1501,11 @@ type InvalidRequestException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_request.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -1096,13 +1567,95 @@ func (s *InvalidRequestException) RequestID() string {
return s.RespMetadata.RequestID return s.RespMetadata.RequestID
} }
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
type InvalidRequestRegionException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Indicates the IAM Identity Center endpoint which the requester may call with
// this token.
Endpoint *string `locationName:"endpoint" type:"string"`
// Single error code. For this exception the value will be invalid_request.
Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"`
// Indicates the region which the requester may call with this token.
Region *string `locationName:"region" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestRegionException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestRegionException) GoString() string {
return s.String()
}
func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error {
return &InvalidRequestRegionException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidRequestRegionException) Code() string {
return "InvalidRequestRegionException"
}
// Message returns the exception's message.
func (s *InvalidRequestRegionException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidRequestRegionException) OrigErr() error {
return nil
}
func (s *InvalidRequestRegionException) Error() string {
return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidRequestRegionException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidRequestRegionException) RequestID() string {
return s.RespMetadata.RequestID
}
// Indicates that the scope provided in the request is invalid. // Indicates that the scope provided in the request is invalid.
type InvalidScopeException struct { type InvalidScopeException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be invalid_scope.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -1238,7 +1791,7 @@ func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput {
type RegisterClientOutput struct { type RegisterClientOutput struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// The endpoint where the client can request authorization. // An endpoint that the client can use to request authorization.
AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`
// The unique identifier string for each client. This client uses this identifier // The unique identifier string for each client. This client uses this identifier
@ -1250,12 +1803,16 @@ type RegisterClientOutput struct {
// A secret string generated for the client. The client will use this string // A secret string generated for the client. The client will use this string
// to get authenticated by the service in subsequent calls. // to get authenticated by the service in subsequent calls.
ClientSecret *string `locationName:"clientSecret" type:"string"` //
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by RegisterClientOutput's
// String and GoString methods.
ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"`
// Indicates the time at which the clientId and clientSecret will become invalid. // Indicates the time at which the clientId and clientSecret will become invalid.
ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`
// The endpoint where the client can get an access token. // An endpoint that the client can use to create tokens.
TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
} }
@ -1319,8 +1876,11 @@ type SlowDownException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be slow_down.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -1395,11 +1955,15 @@ type StartDeviceAuthorizationInput struct {
// A secret string that is generated for the client. This value should come // A secret string that is generated for the client. This value should come
// from the persisted result of the RegisterClient API operation. // from the persisted result of the RegisterClient API operation.
// //
// ClientSecret is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's
// String and GoString methods.
//
// ClientSecret is a required field // ClientSecret is a required field
ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
// The URL for the AWS access portal. For more information, see Using the AWS // The URL for the Amazon Web Services access portal. For more information,
// access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
// in the IAM Identity Center User Guide. // in the IAM Identity Center User Guide.
// //
// StartUrl is a required field // StartUrl is a required field
@ -1550,8 +2114,11 @@ type UnauthorizedClientException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be unauthorized_client.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`
@ -1618,8 +2185,11 @@ type UnsupportedGrantTypeException struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
// Single error code. For this exception the value will be unsupported_grant_type.
Error_ *string `locationName:"error" type:"string"` Error_ *string `locationName:"error" type:"string"`
// Human-readable text providing additional information, used to assist the
// client developer in understanding the error that occurred.
Error_description *string `locationName:"error_description" type:"string"` Error_description *string `locationName:"error_description" type:"string"`
Message_ *string `locationName:"message" type:"string"` Message_ *string `locationName:"message" type:"string"`

View file

@ -3,15 +3,13 @@
// Package ssooidc provides the client and types for making API // Package ssooidc provides the client and types for making API
// requests to AWS SSO OIDC. // requests to AWS SSO OIDC.
// //
// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect // IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
// (OIDC) is a web service that enables a client (such as AWS CLI or a native // client (such as CLI or a native application) to register with IAM Identity
// application) to register with IAM Identity Center. The service also enables // Center. The service also enables the client to fetch the users access
// the client to fetch the users access token upon successful authentication // token upon successful authentication and authorization with IAM Identity
// and authorization with IAM Identity Center. // Center.
// //
// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces // IAM Identity Center uses the sso and identitystore API namespaces.
// will continue to retain their original name for backward compatibility purposes.
// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
// //
// # Considerations for Using This Guide // # Considerations for Using This Guide
// //
@ -22,21 +20,24 @@
// - The IAM Identity Center OIDC service currently implements only the portions // - The IAM Identity Center OIDC service currently implements only the portions
// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 // of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single // (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
// sign-on authentication with the AWS CLI. Support for other OIDC flows // sign-on authentication with the CLI.
// frequently needed for native applications, such as Authorization Code
// Flow (+ PKCE), will be addressed in future releases.
// //
// - The service emits only OIDC access tokens, such that obtaining a new // - With older versions of the CLI, the service only emits OIDC access tokens,
// token (For example, token refresh) requires explicit user re-authentication. // so to obtain a new token, users must explicitly re-authenticate. To access
// the OIDC flow that supports token refresh and doesnt require re-authentication,
// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI
// V2) with support for OIDC token refresh and configurable IAM Identity
// Center session durations. For more information, see Configure Amazon Web
// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
// //
// - The access tokens provided by this service grant access to all AWS account // - The access tokens provided by this service grant access to all Amazon
// entitlements assigned to an IAM Identity Center user, not just a particular // Web Services account entitlements assigned to an IAM Identity Center user,
// application. // not just a particular application.
// //
// - The documentation in this guide does not describe the mechanism to convert // - The documentation in this guide does not describe the mechanism to convert
// the access token into AWS Auth (“sigv4”) credentials for use with // the access token into Amazon Web Services Auth (“sigv4”) credentials
// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials // for use with IAM-protected Amazon Web Services service endpoints. For
// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) // more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
// in the IAM Identity Center Portal API Reference Guide. // in the IAM Identity Center Portal API Reference Guide.
// //
// For general information about IAM Identity Center, see What is IAM Identity // For general information about IAM Identity Center, see What is IAM Identity

View file

@ -64,6 +64,13 @@ const (
// a required parameter might be missing or out of range. // a required parameter might be missing or out of range.
ErrCodeInvalidRequestException = "InvalidRequestException" ErrCodeInvalidRequestException = "InvalidRequestException"
// ErrCodeInvalidRequestRegionException for service response error code
// "InvalidRequestRegionException".
//
// Indicates that a token provided as input to the request was issued by and
// is only usable by calling IAM Identity Center endpoints in another region.
ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"
// ErrCodeInvalidScopeException for service response error code // ErrCodeInvalidScopeException for service response error code
// "InvalidScopeException". // "InvalidScopeException".
// //
@ -100,6 +107,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
"InvalidClientMetadataException": newErrorInvalidClientMetadataException, "InvalidClientMetadataException": newErrorInvalidClientMetadataException,
"InvalidGrantException": newErrorInvalidGrantException, "InvalidGrantException": newErrorInvalidGrantException,
"InvalidRequestException": newErrorInvalidRequestException, "InvalidRequestException": newErrorInvalidRequestException,
"InvalidRequestRegionException": newErrorInvalidRequestRegionException,
"InvalidScopeException": newErrorInvalidScopeException, "InvalidScopeException": newErrorInvalidScopeException,
"SlowDownException": newErrorSlowDownException, "SlowDownException": newErrorSlowDownException,
"UnauthorizedClientException": newErrorUnauthorizedClientException, "UnauthorizedClientException": newErrorUnauthorizedClientException,

View file

@ -51,7 +51,7 @@ const (
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC { func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
c := p.ClientConfig(EndpointsID, cfgs...) c := p.ClientConfig(EndpointsID, cfgs...)
if c.SigningNameDerived || len(c.SigningName) == 0 { if c.SigningNameDerived || len(c.SigningName) == 0 {
c.SigningName = "awsssooidc" c.SigningName = "sso-oauth"
} }
return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
} }

View file

@ -1460,7 +1460,15 @@ type AssumeRoleInput struct {
// in the IAM User Guide. // in the IAM User Guide.
PolicyArns []*PolicyDescriptorType `type:"list"` PolicyArns []*PolicyDescriptorType `type:"list"`
// Reserved for future use. // A list of previously acquired trusted context assertions in the format of
// a JSON array. The trusted context assertion is signed and encrypted by Amazon
// Web Services STS.
//
// The following is an example of a ProvidedContext value that includes a single
// trusted context assertion and the ARN of the context provider from which
// the trusted context assertion was generated.
//
// [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
ProvidedContexts []*ProvidedContext `type:"list"` ProvidedContexts []*ProvidedContext `type:"list"`
// The Amazon Resource Name (ARN) of the role to assume. // The Amazon Resource Name (ARN) of the role to assume.
@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
return s return s
} }
// Reserved for future use. // Contains information about the provided context. This includes the signed
// and encrypted trusted context assertion and the context provider ARN from
// which the trusted context assertion was generated.
type ProvidedContext struct { type ProvidedContext struct {
_ struct{} `type:"structure"` _ struct{} `type:"structure"`
// Reserved for future use. // The signed and encrypted trusted context assertion generated by the context
// provider. The trusted context assertion is signed and encrypted by Amazon
// Web Services STS.
ContextAssertion *string `min:"4" type:"string"` ContextAssertion *string `min:"4" type:"string"`
// Reserved for future use. // The context provider ARN from which the trusted context assertion was generated.
ProviderArn *string `min:"20" type:"string"` ProviderArn *string `min:"20" type:"string"`
} }

4
vendor/modules.txt vendored
View file

@ -91,8 +91,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/options
github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/shared github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/shared
github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version
github.com/AzureAD/microsoft-authentication-library-for-go/apps/public github.com/AzureAD/microsoft-authentication-library-for-go/apps/public
# github.com/aws/aws-sdk-go v1.44.325 # github.com/aws/aws-sdk-go v1.48.10
## explicit; go 1.11 ## explicit; go 1.19
github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/arn github.com/aws/aws-sdk-go/aws/arn
github.com/aws/aws-sdk-go/aws/auth/bearer github.com/aws/aws-sdk-go/aws/auth/bearer