deps: downgrade AWS dependencies

Pin AWS libraries to version before 2025-01-15 (see
https://github.com/aws/aws-sdk-go-v2/releases/tag/release-2025-01-15).

This version enabled request and response checksum verification by
default which breaks compatibility with non-AWS S3-compatible storage
providers.

See: https://github.com/victoriaMetrics/victoriaMetrics/issues/8622

Supersedes https://github.com/VictoriaMetrics/VictoriaMetrics/pull/8630

---------

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>
This commit is contained in:
Zakhar Bessarab 2025-04-03 18:05:07 +04:00 committed by GitHub
parent aff1580a1d
commit 298f862fc0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
202 changed files with 1125 additions and 3672 deletions
docs/victoriametrics/changelog
go.modgo.sum
vendor/github.com/aws/aws-sdk-go-v2
aws
config
credentials
feature
internal
service
internal
s3

View file

@ -67,7 +67,8 @@ Released at 2025-03-21
* BUGFIX: [vmalert](https://docs.victoriametrics.com/vmalert/): properly compare rules `group.checksum` and statically define `group.id` at creation time. See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/8540) for details.
* BUGFIX: [vmalert](https://docs.victoriametrics.com/vmalert/): fix memory leak during rule group updates on reload. Bug was introduced in [v1.112.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.112.0). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/8532).
* BUGFIX: [vmgateway](https://docs.victoriametrics.com/vmgateway): fix the `vmgateway_ratelimit_refresh_duration_seconds` value, before it did not account for the actual time spent refreshing limits.
* BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup/), [vmrestore](https://docs.victoriametrics.com/vmrestore/), [vmbackupmanager](https://docs.victoriametrics.com/vmbackupmanager/): fix compatibility with S3-compatible storages which do not support data integrity checks. See [this issue](https://github.com/victoriaMetrics/victoriaMetrics/issues/8622).
## [v1.113.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.113.0)
Released at 2025-03-07

42
go.mod
View file

@ -11,6 +11,18 @@ replace cloud.google.com/go/storage => cloud.google.com/go/storage v1.43.0
// version is not released yet.
replace github.com/prometheus/common => github.com/prometheus/common v0.62.0
// Pin AWS libraries to version before 2025-01-15
// Release notes: https://github.com/aws/aws-sdk-go-v2/releases/tag/release-2025-01-15
// This version enabled request and response checksum verification by default which
// breaks compatibility with non-AWS S3-compatible storage providers.
// See: https://github.com/victoriaMetrics/victoriaMetrics/issues/8622
replace (
github.com/aws/aws-sdk-go-v2 => github.com/aws/aws-sdk-go-v2 v1.32.8
github.com/aws/aws-sdk-go-v2/config => github.com/aws/aws-sdk-go-v2/config v1.28.11
github.com/aws/aws-sdk-go-v2/feature/s3/manager => github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
github.com/aws/aws-sdk-go-v2/service/s3 => github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3
)
require (
cloud.google.com/go/storage v1.51.0
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1
@ -20,10 +32,10 @@ require (
github.com/VictoriaMetrics/fastcache v1.12.2
github.com/VictoriaMetrics/metrics v1.35.2
github.com/VictoriaMetrics/metricsql v0.84.3
github.com/aws/aws-sdk-go-v2 v1.36.3
github.com/aws/aws-sdk-go-v2/config v1.29.12
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.69
github.com/aws/aws-sdk-go-v2/service/s3 v1.78.2
github.com/aws/aws-sdk-go-v2 v1.32.8
github.com/aws/aws-sdk-go-v2/config v1.28.11
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3
github.com/bmatcuk/doublestar/v4 v4.8.1
github.com/cespare/xxhash/v2 v2.3.0
github.com/cheggaaa/pb/v3 v3.1.7
@ -62,19 +74,19 @@ require (
github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
github.com/aws/aws-sdk-go v1.55.6 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.65 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.52 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.27 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.8 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.33.7 // indirect
github.com/aws/smithy-go v1.22.3 // indirect
github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3 // indirect
github.com/beorn7/perks v1.0.1 // indirect

60
go.sum
View file

@ -55,42 +55,42 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ
github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk=
github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo=
github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 h1:zAybnyUQXIZ5mok5Jqwlf58/TFE7uvd3IAsa1aF9cXs=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10/go.mod h1:qqvMj6gHLR/EXWZw4ZbqlPbQUyenf4h82UQUlKc+l14=
github.com/aws/aws-sdk-go-v2/config v1.29.12 h1:Y/2a+jLPrPbHpFkpAAYkVEtJmxORlXoo5k2g1fa2sUo=
github.com/aws/aws-sdk-go-v2/config v1.29.12/go.mod h1:xse1YTjmORlb/6fhkWi8qJh3cvZi4JoVNhc+NbJt4kI=
github.com/aws/aws-sdk-go-v2/credentials v1.17.65 h1:q+nV2yYegofO/SUXruT+pn4KxkxmaQ++1B/QedcKBFM=
github.com/aws/aws-sdk-go-v2/credentials v1.17.65/go.mod h1:4zyjAuGOdikpNYiSGpsGz8hLGmUzlY8pc8r9QQ/RXYQ=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.69 h1:6VFPH/Zi9xYFMJKPQOX5URYkQoXRWeJ7V/7Y6ZDYoms=
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.69/go.mod h1:GJj8mmO6YT6EqgduWocwhMoxTLFitkhIrK+owzrYL2I=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
github.com/aws/aws-sdk-go-v2/config v1.28.11 h1:7Ekru0IkRHRnSRWGQLnLN6i0o1Jncd0rHo2T130+tEQ=
github.com/aws/aws-sdk-go-v2/config v1.28.11/go.mod h1:x78TpPvBfHH16hi5tE3OCWQ0pzNfyXA349p5/Wp82Yo=
github.com/aws/aws-sdk-go-v2/credentials v1.17.52 h1:I4ymSk35LHogx2Re2Wu6LOHNTRaRWkLVoJgWS5Wd40M=
github.com/aws/aws-sdk-go-v2/credentials v1.17.52/go.mod h1:vAkqKbMNUcher8fDXP2Ge2qFXKMkcD74qvk1lJRMemM=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA=
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48 h1:XnXVe2zRyPf0+fAW5L05esmngvBpC6DQZK7oZB/z/Co=
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48/go.mod h1:S3wey90OrS4f7kYxH6PT175YyEcHTORY07++HurMaRM=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 h1:ZNTqv4nIdE/DiBfUUfXcLZ/Spcuz+RjeziUtNJackkM=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34/go.mod h1:zf7Vcd1ViW7cPqYWEHLHJkS50X0JS2IKz9Cgaj6ugrs=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.27 h1:AmB5QxnD+fBFrg9LcqzkgF/CaYvMyU/BTlejG4t1S7Q=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.27/go.mod h1:Sai7P3xTiyv9ZUYO3IFxMnmiIP759/67iQbU4kdmkyU=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 h1:lguz0bmOoGzozP9XfRJR1QIayEYo+2vP/No3OfLF0pU=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0/go.mod h1:iu6FSzgt+M2/x3Dk8zhycdIcHjEFb36IS8HVUVFoMg0=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 h1:moLQUoVq91LiqT1nbvzDukyqAlCv89ZmwaHw/ZFlFZg=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15/go.mod h1:ZH34PJUc8ApjBIfgQCFvkWcUDBtl/WTD+uiYHjd8igA=
github.com/aws/aws-sdk-go-v2/service/s3 v1.78.2 h1:jIiopHEV22b4yQP2q36Y0OmwLbsxNWdWwfZRR5QRRO4=
github.com/aws/aws-sdk-go-v2/service/s3 v1.78.2/go.mod h1:U5SNqwhXB3Xe6F47kXvWihPl/ilGaEDe8HD/50Z9wxc=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.2 h1:pdgODsAhGo4dvzC3JAG5Ce0PX8kWXrTZGx+jxADD+5E=
github.com/aws/aws-sdk-go-v2/service/sso v1.25.2/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.0 h1:90uX0veLKcdHVfvxhkWUQSCi5VabtwMLFutYiRke4oo=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.0/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8 h1:iwYS40JnrBeA9e9aI5S6KKN4EB2zR4iUVYN0nwVivz4=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8/go.mod h1:Fm9Mi+ApqmFiknZtGpohVcBGvpTu542VC4XO9YudRi0=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 h1:cWno7lefSH6Pp+mSznagKCgfDGeZRin66UvYUqAkyeA=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8/go.mod h1:tPD+VjU3ABTBoEJ3nctu5Nyg4P4yjqSH5bJGGkY4+XE=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.8 h1:/Mn7gTedG86nbpjT4QEKsN1D/fThiYe1qvq7WsBGNHg=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.8/go.mod h1:Ae3va9LPmvjj231ukHB6UeT8nS7wTPfC3tMZSZMwNYg=
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3 h1:WZOmJfCDV+4tYacLxpiojoAdT5sxTfB3nTqQNtZu+J4=
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3/go.mod h1:xMekrnhmJ5aqmyxtmALs7mlvXw5xRh+eYjOjvrIIFJ4=
github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg95gpC2AyDq4hFE8=
github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.7 h1:qwGa9MA8G7mBq2YphHFaygdPe5t9OA7SvaJdwWTlEds=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.7/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc=
github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3 h1:6df1vn4bBlDDo4tARvBm7l6KA9iVMnE3NWizDeWSrps=

View file

@ -1,33 +0,0 @@
package aws
// RequestChecksumCalculation controls request checksum calculation workflow
type RequestChecksumCalculation int
const (
// RequestChecksumCalculationUnset is the unset value for RequestChecksumCalculation
RequestChecksumCalculationUnset RequestChecksumCalculation = iota
// RequestChecksumCalculationWhenSupported indicates request checksum will be calculated
// if the operation supports input checksums
RequestChecksumCalculationWhenSupported
// RequestChecksumCalculationWhenRequired indicates request checksum will be calculated
// if required by the operation or if user elects to set a checksum algorithm in request
RequestChecksumCalculationWhenRequired
)
// ResponseChecksumValidation controls response checksum validation workflow
type ResponseChecksumValidation int
const (
// ResponseChecksumValidationUnset is the unset value for ResponseChecksumValidation
ResponseChecksumValidationUnset ResponseChecksumValidation = iota
// ResponseChecksumValidationWhenSupported indicates response checksum will be validated
// if the operation supports output checksums
ResponseChecksumValidationWhenSupported
// ResponseChecksumValidationWhenRequired indicates response checksum will only
// be validated if the operation requires output checksum validation
ResponseChecksumValidationWhenRequired
)

View file

@ -165,33 +165,6 @@ type Config struct {
// Controls how a resolved AWS account ID is handled for endpoint routing.
AccountIDEndpointMode AccountIDEndpointMode
// RequestChecksumCalculation determines when request checksum calculation is performed.
//
// There are two possible values for this setting:
//
// 1. RequestChecksumCalculationWhenSupported (default): The checksum is always calculated
// if the operation supports it, regardless of whether the user sets an algorithm in the request.
//
// 2. RequestChecksumCalculationWhenRequired: The checksum is only calculated if the user
// explicitly sets a checksum algorithm in the request.
//
// This setting is sourced from the environment variable AWS_REQUEST_CHECKSUM_CALCULATION
// or the shared config profile attribute "request_checksum_calculation".
RequestChecksumCalculation RequestChecksumCalculation
// ResponseChecksumValidation determines when response checksum validation is performed
//
// There are two possible values for this setting:
//
// 1. ResponseChecksumValidationWhenSupported (default): The checksum is always validated
// if the operation supports it, regardless of whether the user sets the validation mode to ENABLED in request.
//
// 2. ResponseChecksumValidationWhenRequired: The checksum is only validated if the user
// explicitly sets the validation mode to ENABLED in the request
// This variable is sourced from environment variable AWS_RESPONSE_CHECKSUM_VALIDATION or
// the shared config profile attribute "response_checksum_validation".
ResponseChecksumValidation ResponseChecksumValidation
}
// NewConfig returns a new Config pointer that can be chained with builder

View file

@ -172,17 +172,6 @@ func (p *CredentialsCache) getCreds() (Credentials, bool) {
return *c, true
}
// ProviderSources returns a list of where the underlying credential provider
// has been sourced, if available. Returns empty if the provider doesn't implement
// the interface
func (p *CredentialsCache) ProviderSources() []CredentialSource {
asSource, ok := p.provider.(CredentialProviderSource)
if !ok {
return []CredentialSource{}
}
return asSource.ProviderSources()
}
// Invalidate will invalidate the cached credentials. The next call to Retrieve
// will cause the provider's Retrieve method to be called.
func (p *CredentialsCache) Invalidate() {

View file

@ -70,56 +70,6 @@ func (AnonymousCredentials) Retrieve(context.Context) (Credentials, error) {
fmt.Errorf("the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests with")
}
// CredentialSource is the source of the credential provider.
// A provider can have multiple credential sources: For example, a provider that reads a profile, calls ECS to
// get credentials and then assumes a role using STS will have all these as part of its provider chain.
type CredentialSource int
const (
// CredentialSourceUndefined is the sentinel zero value
CredentialSourceUndefined CredentialSource = iota
// CredentialSourceCode credentials resolved from code, cli parameters, session object, or client instance
CredentialSourceCode
// CredentialSourceEnvVars credentials resolved from environment variables
CredentialSourceEnvVars
// CredentialSourceEnvVarsSTSWebIDToken credentials resolved from environment variables for assuming a role with STS using a web identity token
CredentialSourceEnvVarsSTSWebIDToken
// CredentialSourceSTSAssumeRole credentials resolved from STS using AssumeRole
CredentialSourceSTSAssumeRole
// CredentialSourceSTSAssumeRoleSaml credentials resolved from STS using assume role with SAML
CredentialSourceSTSAssumeRoleSaml
// CredentialSourceSTSAssumeRoleWebID credentials resolved from STS using assume role with web identity
CredentialSourceSTSAssumeRoleWebID
// CredentialSourceSTSFederationToken credentials resolved from STS using a federation token
CredentialSourceSTSFederationToken
// CredentialSourceSTSSessionToken credentials resolved from STS using a session token S
CredentialSourceSTSSessionToken
// CredentialSourceProfile credentials resolved from a config file(s) profile with static credentials
CredentialSourceProfile
// CredentialSourceProfileSourceProfile credentials resolved from a source profile in a config file(s) profile
CredentialSourceProfileSourceProfile
// CredentialSourceProfileNamedProvider credentials resolved from a named provider in a config file(s) profile (like EcsContainer)
CredentialSourceProfileNamedProvider
// CredentialSourceProfileSTSWebIDToken credentials resolved from configuration for assuming a role with STS using web identity token in a config file(s) profile
CredentialSourceProfileSTSWebIDToken
// CredentialSourceProfileSSO credentials resolved from an SSO session in a config file(s) profile
CredentialSourceProfileSSO
// CredentialSourceSSO credentials resolved from an SSO session
CredentialSourceSSO
// CredentialSourceProfileSSOLegacy credentials resolved from an SSO session in a config file(s) profile using legacy format
CredentialSourceProfileSSOLegacy
// CredentialSourceSSOLegacy credentials resolved from an SSO session using legacy format
CredentialSourceSSOLegacy
// CredentialSourceProfileProcess credentials resolved from a process in a config file(s) profile
CredentialSourceProfileProcess
// CredentialSourceProcess credentials resolved from a process
CredentialSourceProcess
// CredentialSourceHTTP credentials resolved from an HTTP endpoint
CredentialSourceHTTP
// CredentialSourceIMDS credentials resolved from the instance metadata service (IMDS)
CredentialSourceIMDS
)
// A Credentials is the AWS credentials value for individual credential fields.
type Credentials struct {
// AWS Access key ID
@ -175,13 +125,6 @@ type CredentialsProvider interface {
Retrieve(ctx context.Context) (Credentials, error)
}
// CredentialProviderSource allows any credential provider to track
// all providers where a credential provider were sourced. For example, if the credentials came from a
// call to a role specified in the profile, this method will give the whole breadcrumb trail
type CredentialProviderSource interface {
ProviderSources() []CredentialSource
}
// CredentialsProviderFunc provides a helper wrapping a function value to
// satisfy the CredentialsProvider interface.
type CredentialsProviderFunc func(context.Context) (Credentials, error)

View file

@ -3,4 +3,4 @@
package aws
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.36.3"
const goModuleVersion = "1.32.8"

View file

@ -76,90 +76,21 @@ type UserAgentFeature string
// Enumerates UserAgentFeature.
const (
UserAgentFeatureResourceModel UserAgentFeature = "A" // n/a (we don't generate separate resource types)
UserAgentFeatureWaiter = "B"
UserAgentFeaturePaginator = "C"
UserAgentFeatureRetryModeLegacy = "D" // n/a (equivalent to standard)
UserAgentFeatureRetryModeStandard = "E"
UserAgentFeatureRetryModeAdaptive = "F"
UserAgentFeatureS3Transfer = "G"
UserAgentFeatureS3CryptoV1N = "H" // n/a (crypto client is external)
UserAgentFeatureS3CryptoV2 = "I" // n/a
UserAgentFeatureS3ExpressBucket = "J"
UserAgentFeatureS3AccessGrants = "K" // not yet implemented
UserAgentFeatureGZIPRequestCompression = "L"
UserAgentFeatureProtocolRPCV2CBOR = "M"
UserAgentFeatureAccountIDEndpoint = "O" // DO NOT IMPLEMENT: rules output is not currently defined. SDKs should not parse endpoints for feature information.
UserAgentFeatureAccountIDModePreferred = "P"
UserAgentFeatureAccountIDModeDisabled = "Q"
UserAgentFeatureAccountIDModeRequired = "R"
UserAgentFeatureRequestChecksumCRC32 = "U"
UserAgentFeatureRequestChecksumCRC32C = "V"
UserAgentFeatureRequestChecksumCRC64 = "W"
UserAgentFeatureRequestChecksumSHA1 = "X"
UserAgentFeatureRequestChecksumSHA256 = "Y"
UserAgentFeatureRequestChecksumWhenSupported = "Z"
UserAgentFeatureRequestChecksumWhenRequired = "a"
UserAgentFeatureResponseChecksumWhenSupported = "b"
UserAgentFeatureResponseChecksumWhenRequired = "c"
UserAgentFeatureDynamoDBUserAgent = "d" // not yet implemented
UserAgentFeatureCredentialsCode = "e"
UserAgentFeatureCredentialsJvmSystemProperties = "f" // n/a (this is not a JVM sdk)
UserAgentFeatureCredentialsEnvVars = "g"
UserAgentFeatureCredentialsEnvVarsStsWebIDToken = "h"
UserAgentFeatureCredentialsStsAssumeRole = "i"
UserAgentFeatureCredentialsStsAssumeRoleSaml = "j" // not yet implemented
UserAgentFeatureCredentialsStsAssumeRoleWebID = "k"
UserAgentFeatureCredentialsStsFederationToken = "l" // not yet implemented
UserAgentFeatureCredentialsStsSessionToken = "m" // not yet implemented
UserAgentFeatureCredentialsProfile = "n"
UserAgentFeatureCredentialsProfileSourceProfile = "o"
UserAgentFeatureCredentialsProfileNamedProvider = "p"
UserAgentFeatureCredentialsProfileStsWebIDToken = "q"
UserAgentFeatureCredentialsProfileSso = "r"
UserAgentFeatureCredentialsSso = "s"
UserAgentFeatureCredentialsProfileSsoLegacy = "t"
UserAgentFeatureCredentialsSsoLegacy = "u"
UserAgentFeatureCredentialsProfileProcess = "v"
UserAgentFeatureCredentialsProcess = "w"
UserAgentFeatureCredentialsBoto2ConfigFile = "x" // n/a (this is not boto/Python)
UserAgentFeatureCredentialsAwsSdkStore = "y" // n/a (this is used by .NET based sdk)
UserAgentFeatureCredentialsHTTP = "z"
UserAgentFeatureCredentialsIMDS = "0"
UserAgentFeatureResourceModel UserAgentFeature = "A" // n/a (we don't generate separate resource types)
UserAgentFeatureWaiter = "B"
UserAgentFeaturePaginator = "C"
UserAgentFeatureRetryModeLegacy = "D" // n/a (equivalent to standard)
UserAgentFeatureRetryModeStandard = "E"
UserAgentFeatureRetryModeAdaptive = "F"
UserAgentFeatureS3Transfer = "G"
UserAgentFeatureS3CryptoV1N = "H" // n/a (crypto client is external)
UserAgentFeatureS3CryptoV2 = "I" // n/a
UserAgentFeatureS3ExpressBucket = "J"
UserAgentFeatureS3AccessGrants = "K" // not yet implemented
UserAgentFeatureGZIPRequestCompression = "L"
UserAgentFeatureProtocolRPCV2CBOR = "M"
)
var credentialSourceToFeature = map[aws.CredentialSource]UserAgentFeature{
aws.CredentialSourceCode: UserAgentFeatureCredentialsCode,
aws.CredentialSourceEnvVars: UserAgentFeatureCredentialsEnvVars,
aws.CredentialSourceEnvVarsSTSWebIDToken: UserAgentFeatureCredentialsEnvVarsStsWebIDToken,
aws.CredentialSourceSTSAssumeRole: UserAgentFeatureCredentialsStsAssumeRole,
aws.CredentialSourceSTSAssumeRoleSaml: UserAgentFeatureCredentialsStsAssumeRoleSaml,
aws.CredentialSourceSTSAssumeRoleWebID: UserAgentFeatureCredentialsStsAssumeRoleWebID,
aws.CredentialSourceSTSFederationToken: UserAgentFeatureCredentialsStsFederationToken,
aws.CredentialSourceSTSSessionToken: UserAgentFeatureCredentialsStsSessionToken,
aws.CredentialSourceProfile: UserAgentFeatureCredentialsProfile,
aws.CredentialSourceProfileSourceProfile: UserAgentFeatureCredentialsProfileSourceProfile,
aws.CredentialSourceProfileNamedProvider: UserAgentFeatureCredentialsProfileNamedProvider,
aws.CredentialSourceProfileSTSWebIDToken: UserAgentFeatureCredentialsProfileStsWebIDToken,
aws.CredentialSourceProfileSSO: UserAgentFeatureCredentialsProfileSso,
aws.CredentialSourceSSO: UserAgentFeatureCredentialsSso,
aws.CredentialSourceProfileSSOLegacy: UserAgentFeatureCredentialsProfileSsoLegacy,
aws.CredentialSourceSSOLegacy: UserAgentFeatureCredentialsSsoLegacy,
aws.CredentialSourceProfileProcess: UserAgentFeatureCredentialsProfileProcess,
aws.CredentialSourceProcess: UserAgentFeatureCredentialsProcess,
aws.CredentialSourceHTTP: UserAgentFeatureCredentialsHTTP,
aws.CredentialSourceIMDS: UserAgentFeatureCredentialsIMDS,
}
// RequestUserAgent is a build middleware that set the User-Agent for the request.
type RequestUserAgent struct {
sdkAgent, userAgent *smithyhttp.UserAgentBuilder
@ -312,14 +243,6 @@ func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, val
u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
}
// AddCredentialsSource adds the credential source as a feature on the User-Agent string
func (u *RequestUserAgent) AddCredentialsSource(source aws.CredentialSource) {
x, ok := credentialSourceToFeature[source]
if ok {
u.AddUserAgentFeature(x)
}
}
// ID the name of the middleware.
func (u *RequestUserAgent) ID() string {
return "UserAgent"

View file

@ -1,8 +1,8 @@
package query
import (
"fmt"
"net/url"
"strconv"
)
// Array represents the encoding of Query lists and sets. A Query array is a
@ -21,8 +21,19 @@ type Array struct {
// keys for each element in the list. For example, an entry might have the
// key "ParentStructure.ListName.member.MemberName.1".
//
// When the array is not flat the prefix will contain the memberName otherwise the memberName is ignored
// While this is currently represented as a string that gets added to, it
// could also be represented as a stack that only gets condensed into a
// string when a finalized key is created. This could potentially reduce
// allocations.
prefix string
// Whether the list is flat or not. A list that is not flat will produce the
// following entry to the url.Values for a given entry:
// ListName.MemberName.1=value
// A list that is flat will produce the following:
// ListName.1=value
flat bool
// The location name of the member. In most cases this should be "member".
memberName string
// Elements are stored in values, so we keep track of the list size here.
size int32
// Empty lists are encoded as "<prefix>=", if we add a value later we will
@ -34,14 +45,11 @@ func newArray(values url.Values, prefix string, flat bool, memberName string) *A
emptyValue := newValue(values, prefix, flat)
emptyValue.String("")
if !flat {
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
prefix = prefix + keySeparator + memberName
}
return &Array{
values: values,
prefix: prefix,
flat: flat,
memberName: memberName,
emptyValue: emptyValue,
}
}
@ -55,7 +63,10 @@ func (a *Array) Value() Value {
// Query lists start a 1, so adjust the size first
a.size++
prefix := a.prefix
if !a.flat {
prefix = fmt.Sprintf("%s.%s", prefix, a.memberName)
}
// Lists can't have flat members
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
return newValue(a.values, a.prefix+keySeparator+strconv.FormatInt(int64(a.size), 10), false)
return newValue(a.values, fmt.Sprintf("%s.%d", prefix, a.size), false)
}

View file

@ -1,6 +1,9 @@
package query
import "net/url"
import (
"fmt"
"net/url"
)
// Object represents the encoding of Query structures and unions. A Query
// object is a representation of a mapping of string keys to arbitrary
@ -53,16 +56,14 @@ func (o *Object) FlatKey(name string) Value {
func (o *Object) key(name string, flatValue bool) Value {
if o.prefix != "" {
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
return newValue(o.values, o.prefix+keySeparator+name, flatValue)
return newValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
}
return newValue(o.values, name, flatValue)
}
func (o *Object) keyWithValues(name string, flatValue bool) Value {
if o.prefix != "" {
// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
return newAppendValue(o.values, o.prefix+keySeparator+name, flatValue)
return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
}
return newAppendValue(o.values, name, flatValue)
}

View file

@ -7,8 +7,6 @@ import (
"github.com/aws/smithy-go/encoding/httpbinding"
)
const keySeparator = "."
// Value represents a Query Value type.
type Value struct {
// The query values to add the value to.

View file

@ -4,11 +4,10 @@ package v4
var IgnoredHeaders = Rules{
ExcludeList{
MapRule{
"Authorization": struct{}{},
"User-Agent": struct{}{},
"X-Amzn-Trace-Id": struct{}{},
"Expect": struct{}{},
"Transfer-Encoding": struct{}{},
"Authorization": struct{}{},
"User-Agent": struct{}{},
"X-Amzn-Trace-Id": struct{}{},
"Expect": struct{}{},
},
},
}

View file

@ -1,59 +1,3 @@
# v1.29.12 (2025-03-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.11 (2025-03-25)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.10 (2025-03-24)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.9 (2025-03-04.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.8 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.7 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.6 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.5 (2025-02-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.4 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.3 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.2 (2025-01-24)
* **Bug Fix**: Fix env config naming and usage of deprecated ioutil
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.29.1 (2025-01-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.29.0 (2025-01-15)
* **Feature**: S3 client behavior is updated to always calculate a checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). The checksum algorithm used by default now becomes CRC32. Checksum behavior can be configured using `when_supported` and `when_required` options - in code using RequestChecksumCalculation, in shared config using request_checksum_calculation, or as env variable using AWS_REQUEST_CHECKSUM_CALCULATION. The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using `when_supported` and `when_required` options - in code using ResponseChecksumValidation, in shared config using response_checksum_validation, or as env variable using AWS_RESPONSE_CHECKSUM_VALIDATION.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.28.11 (2025-01-14)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -83,12 +83,6 @@ var defaultAWSConfigResolvers = []awsConfigResolver{
// Sets the AccountIDEndpointMode if present in env var or shared config profile
resolveAccountIDEndpointMode,
// Sets the RequestChecksumCalculation if present in env var or shared config profile
resolveRequestChecksumCalculation,
// Sets the ResponseChecksumValidation if present in env var or shared config profile
resolveResponseChecksumValidation,
}
// A Config represents a generic configuration value or set of values. This type
@ -218,7 +212,7 @@ func resolveConfigLoaders(options *LoadOptions) []loader {
loaders[0] = loadEnvConfig
// specification of a profile should cause a load failure if it doesn't exist
if os.Getenv(awsProfileEnv) != "" || options.SharedConfigProfile != "" {
if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" {
loaders[1] = loadSharedConfig
} else {
loaders[1] = loadSharedConfigIgnoreNotExist

View file

@ -5,6 +5,7 @@ import (
"context"
"fmt"
"io"
"io/ioutil"
"os"
"strconv"
"strings"
@ -20,89 +21,86 @@ const CredentialsSourceName = "EnvConfigCredentials"
// Environment variables that will be read for configuration values.
const (
awsAccessKeyIDEnv = "AWS_ACCESS_KEY_ID"
awsAccessKeyEnv = "AWS_ACCESS_KEY"
awsAccessKeyIDEnvVar = "AWS_ACCESS_KEY_ID"
awsAccessKeyEnvVar = "AWS_ACCESS_KEY"
awsSecretAccessKeyEnv = "AWS_SECRET_ACCESS_KEY"
awsSecretKeyEnv = "AWS_SECRET_KEY"
awsSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY"
awsSecretKeyEnvVar = "AWS_SECRET_KEY"
awsSessionTokenEnv = "AWS_SESSION_TOKEN"
awsSessionTokenEnvVar = "AWS_SESSION_TOKEN"
awsContainerCredentialsFullURIEnv = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
awsContainerCredentialsRelativeURIEnv = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
awsContainerAuthorizationTokenEnv = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
awsContainerCredentialsEndpointEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
awsContainerCredentialsRelativePathEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
awsContainerPProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
awsRegionEnv = "AWS_REGION"
awsDefaultRegionEnv = "AWS_DEFAULT_REGION"
awsRegionEnvVar = "AWS_REGION"
awsDefaultRegionEnvVar = "AWS_DEFAULT_REGION"
awsProfileEnv = "AWS_PROFILE"
awsDefaultProfileEnv = "AWS_DEFAULT_PROFILE"
awsProfileEnvVar = "AWS_PROFILE"
awsDefaultProfileEnvVar = "AWS_DEFAULT_PROFILE"
awsSharedCredentialsFileEnv = "AWS_SHARED_CREDENTIALS_FILE"
awsSharedCredentialsFileEnvVar = "AWS_SHARED_CREDENTIALS_FILE"
awsConfigFileEnv = "AWS_CONFIG_FILE"
awsConfigFileEnvVar = "AWS_CONFIG_FILE"
awsCABundleEnv = "AWS_CA_BUNDLE"
awsCustomCABundleEnvVar = "AWS_CA_BUNDLE"
awsWebIdentityTokenFileEnv = "AWS_WEB_IDENTITY_TOKEN_FILE"
awsWebIdentityTokenFilePathEnvVar = "AWS_WEB_IDENTITY_TOKEN_FILE"
awsRoleARNEnv = "AWS_ROLE_ARN"
awsRoleSessionNameEnv = "AWS_ROLE_SESSION_NAME"
awsRoleARNEnvVar = "AWS_ROLE_ARN"
awsRoleSessionNameEnvVar = "AWS_ROLE_SESSION_NAME"
awsEnableEndpointDiscoveryEnv = "AWS_ENABLE_ENDPOINT_DISCOVERY"
awsEnableEndpointDiscoveryEnvVar = "AWS_ENABLE_ENDPOINT_DISCOVERY"
awsS3UseARNRegionEnv = "AWS_S3_USE_ARN_REGION"
awsS3UseARNRegionEnvVar = "AWS_S3_USE_ARN_REGION"
awsEc2MetadataServiceEndpointModeEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
awsEc2MetadataServiceEndpointModeEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE"
awsEc2MetadataServiceEndpointEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
awsEc2MetadataServiceEndpointEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT"
awsEc2MetadataDisabledEnv = "AWS_EC2_METADATA_DISABLED"
awsEc2MetadataV1DisabledEnv = "AWS_EC2_METADATA_V1_DISABLED"
awsEc2MetadataDisabled = "AWS_EC2_METADATA_DISABLED"
awsEc2MetadataV1DisabledEnvVar = "AWS_EC2_METADATA_V1_DISABLED"
awsS3DisableMultiRegionAccessPointsEnv = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
awsS3DisableMultiRegionAccessPointEnvVar = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS"
awsUseDualStackEndpointEnv = "AWS_USE_DUALSTACK_ENDPOINT"
awsUseDualStackEndpoint = "AWS_USE_DUALSTACK_ENDPOINT"
awsUseFIPSEndpointEnv = "AWS_USE_FIPS_ENDPOINT"
awsUseFIPSEndpoint = "AWS_USE_FIPS_ENDPOINT"
awsDefaultsModeEnv = "AWS_DEFAULTS_MODE"
awsDefaultMode = "AWS_DEFAULTS_MODE"
awsMaxAttemptsEnv = "AWS_MAX_ATTEMPTS"
awsRetryModeEnv = "AWS_RETRY_MODE"
awsSdkUaAppIDEnv = "AWS_SDK_UA_APP_ID"
awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS"
awsRetryMode = "AWS_RETRY_MODE"
awsSdkAppID = "AWS_SDK_UA_APP_ID"
awsIgnoreConfiguredEndpointURLEnv = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS"
awsEndpointURLEnv = "AWS_ENDPOINT_URL"
awsIgnoreConfiguredEndpoints = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS"
awsEndpointURL = "AWS_ENDPOINT_URL"
awsDisableRequestCompressionEnv = "AWS_DISABLE_REQUEST_COMPRESSION"
awsRequestMinCompressionSizeBytesEnv = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
awsDisableRequestCompression = "AWS_DISABLE_REQUEST_COMPRESSION"
awsRequestMinCompressionSizeBytes = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES"
awsS3DisableExpressSessionAuthEnv = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH"
awsAccountIDEnv = "AWS_ACCOUNT_ID"
awsAccountIDEndpointModeEnv = "AWS_ACCOUNT_ID_ENDPOINT_MODE"
awsRequestChecksumCalculation = "AWS_REQUEST_CHECKSUM_CALCULATION"
awsResponseChecksumValidation = "AWS_RESPONSE_CHECKSUM_VALIDATION"
)
var (
credAccessEnvKeys = []string{
awsAccessKeyIDEnv,
awsAccessKeyEnv,
awsAccessKeyIDEnvVar,
awsAccessKeyEnvVar,
}
credSecretEnvKeys = []string{
awsSecretAccessKeyEnv,
awsSecretKeyEnv,
awsSecretAccessKeyEnvVar,
awsSecretKeyEnvVar,
}
regionEnvKeys = []string{
awsRegionEnv,
awsDefaultRegionEnv,
awsRegionEnvVar,
awsDefaultRegionEnvVar,
}
profileEnvKeys = []string{
awsProfileEnv,
awsDefaultProfileEnv,
awsProfileEnvVar,
awsDefaultProfileEnvVar,
}
)
@ -298,12 +296,6 @@ type EnvConfig struct {
// Indicates whether account ID will be required/ignored in endpoint2.0 routing
AccountIDEndpointMode aws.AccountIDEndpointMode
// Indicates whether request checksum should be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// Indicates whether response checksum should be validated
ResponseChecksumValidation aws.ResponseChecksumValidation
}
// loadEnvConfig reads configuration values from the OS's environment variables.
@ -324,79 +316,79 @@ func NewEnvConfig() (EnvConfig, error) {
setStringFromEnvVal(&creds.SecretAccessKey, credSecretEnvKeys)
if creds.HasKeys() {
creds.AccountID = os.Getenv(awsAccountIDEnv)
creds.SessionToken = os.Getenv(awsSessionTokenEnv)
creds.SessionToken = os.Getenv(awsSessionTokenEnvVar)
cfg.Credentials = creds
}
cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsFullURIEnv)
cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativeURIEnv)
cfg.ContainerAuthorizationToken = os.Getenv(awsContainerAuthorizationTokenEnv)
cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsEndpointEnvVar)
cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativePathEnvVar)
cfg.ContainerAuthorizationToken = os.Getenv(awsContainerPProviderAuthorizationEnvVar)
setStringFromEnvVal(&cfg.Region, regionEnvKeys)
setStringFromEnvVal(&cfg.SharedConfigProfile, profileEnvKeys)
cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnv)
cfg.SharedConfigFile = os.Getenv(awsConfigFileEnv)
cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnvVar)
cfg.SharedConfigFile = os.Getenv(awsConfigFileEnvVar)
cfg.CustomCABundle = os.Getenv(awsCABundleEnv)
cfg.CustomCABundle = os.Getenv(awsCustomCABundleEnvVar)
cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFileEnv)
cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFilePathEnvVar)
cfg.RoleARN = os.Getenv(awsRoleARNEnv)
cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnv)
cfg.RoleARN = os.Getenv(awsRoleARNEnvVar)
cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar)
cfg.AppID = os.Getenv(awsSdkUaAppIDEnv)
cfg.AppID = os.Getenv(awsSdkAppID)
if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompressionEnv}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompression}); err != nil {
return cfg, err
}
if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytesEnv}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil {
if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytes}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil {
return cfg, err
}
if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnv}); err != nil {
if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil {
return cfg, err
}
if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnv}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnvVar}); err != nil {
return cfg, err
}
setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabledEnv})
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnv}); err != nil {
setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabled})
if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnvVar}); err != nil {
return cfg, err
}
cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnv)
if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnv}); err != nil {
cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnvVar)
if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnvVar}); err != nil {
return cfg, err
}
if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointsEnv}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointEnvVar}); err != nil {
return cfg, err
}
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpointEnv}); err != nil {
if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpoint}); err != nil {
return cfg, err
}
if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpointEnv}); err != nil {
if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpoint}); err != nil {
return cfg, err
}
if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultsModeEnv}); err != nil {
if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultMode}); err != nil {
return cfg, err
}
if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsMaxAttemptsEnv}); err != nil {
if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsRetryMaxAttempts}); err != nil {
return cfg, err
}
if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryModeEnv}); err != nil {
if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryMode}); err != nil {
return cfg, err
}
setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURLEnv})
setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURL})
if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpointURLEnv}); err != nil {
if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpoints}); err != nil {
return cfg, err
}
@ -408,13 +400,6 @@ func NewEnvConfig() (EnvConfig, error) {
return cfg, err
}
if err := setRequestChecksumCalculationFromEnvVal(&cfg.RequestChecksumCalculation, []string{awsRequestChecksumCalculation}); err != nil {
return cfg, err
}
if err := setResponseChecksumValidationFromEnvVal(&cfg.ResponseChecksumValidation, []string{awsResponseChecksumValidation}); err != nil {
return cfg, err
}
return cfg, nil
}
@ -447,14 +432,6 @@ func (c EnvConfig) getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpo
return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
}
func (c EnvConfig) getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error) {
return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil
}
func (c EnvConfig) getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error) {
return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil
}
// GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
// and not 0.
func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
@ -551,45 +528,6 @@ func setAIDEndPointModeFromEnvVal(m *aws.AccountIDEndpointMode, keys []string) e
return nil
}
func setRequestChecksumCalculationFromEnvVal(m *aws.RequestChecksumCalculation, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch strings.ToLower(value) {
case checksumWhenSupported:
*m = aws.RequestChecksumCalculationWhenSupported
case checksumWhenRequired:
*m = aws.RequestChecksumCalculationWhenRequired
default:
return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value)
}
}
return nil
}
func setResponseChecksumValidationFromEnvVal(m *aws.ResponseChecksumValidation, keys []string) error {
for _, k := range keys {
value := os.Getenv(k)
if len(value) == 0 {
continue
}
switch strings.ToLower(value) {
case checksumWhenSupported:
*m = aws.ResponseChecksumValidationWhenSupported
case checksumWhenRequired:
*m = aws.ResponseChecksumValidationWhenRequired
default:
return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value)
}
}
return nil
}
// GetRegion returns the AWS Region if set in the environment. Returns an empty
// string if not set.
func (c EnvConfig) getRegion(ctx context.Context) (string, bool, error) {
@ -646,7 +584,7 @@ func (c EnvConfig) getCustomCABundle(context.Context) (io.Reader, bool, error) {
return nil, false, nil
}
b, err := os.ReadFile(c.CustomCABundle)
b, err := ioutil.ReadFile(c.CustomCABundle)
if err != nil {
return nil, false, err
}
@ -670,7 +608,7 @@ func (c EnvConfig) getBaseEndpoint(context.Context) (string, bool, error) {
// GetServiceBaseEndpoint is used to retrieve a normalized SDK ID for use
// with configured endpoints.
func (c EnvConfig) GetServiceBaseEndpoint(ctx context.Context, sdkID string) (string, bool, error) {
if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURLEnv, normalizeEnv(sdkID))); endpt != "" {
if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURL, normalizeEnv(sdkID))); endpt != "" {
return endpt, true, nil
}
return "", false, nil

View file

@ -3,4 +3,4 @@
package config
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.29.12"
const goModuleVersion = "1.28.11"

View file

@ -216,15 +216,8 @@ type LoadOptions struct {
// Whether S3 Express auth is disabled.
S3DisableExpressAuth *bool
// Whether account id should be built into endpoint resolution
AccountIDEndpointMode aws.AccountIDEndpointMode
// Specify if request checksum should be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// Specifies if response checksum should be validated
ResponseChecksumValidation aws.ResponseChecksumValidation
// Service endpoint override. This value is not necessarily final and is
// passed to the service's EndpointResolverV2 for further delegation.
BaseEndpoint string
@ -295,14 +288,6 @@ func (o LoadOptions) getAccountIDEndpointMode(ctx context.Context) (aws.AccountI
return o.AccountIDEndpointMode, len(o.AccountIDEndpointMode) > 0, nil
}
func (o LoadOptions) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) {
return o.RequestChecksumCalculation, o.RequestChecksumCalculation > 0, nil
}
func (o LoadOptions) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) {
return o.ResponseChecksumValidation, o.ResponseChecksumValidation > 0, nil
}
func (o LoadOptions) getBaseEndpoint(context.Context) (string, bool, error) {
return o.BaseEndpoint, o.BaseEndpoint != "", nil
}
@ -372,26 +357,6 @@ func WithAccountIDEndpointMode(m aws.AccountIDEndpointMode) LoadOptionsFunc {
}
}
// WithRequestChecksumCalculation is a helper function to construct functional options
// that sets RequestChecksumCalculation on config's LoadOptions
func WithRequestChecksumCalculation(c aws.RequestChecksumCalculation) LoadOptionsFunc {
return func(o *LoadOptions) error {
if c > 0 {
o.RequestChecksumCalculation = c
}
return nil
}
}
// WithResponseChecksumValidation is a helper function to construct functional options
// that sets ResponseChecksumValidation on config's LoadOptions
func WithResponseChecksumValidation(v aws.ResponseChecksumValidation) LoadOptionsFunc {
return func(o *LoadOptions) error {
o.ResponseChecksumValidation = v
return nil
}
}
// getDefaultRegion returns DefaultRegion from config's LoadOptions
func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) {
if len(o.DefaultRegion) == 0 {

View file

@ -242,40 +242,6 @@ func getAccountIDEndpointMode(ctx context.Context, configs configs) (value aws.A
return
}
// requestChecksumCalculationProvider provides access to the RequestChecksumCalculation
type requestChecksumCalculationProvider interface {
getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error)
}
func getRequestChecksumCalculation(ctx context.Context, configs configs) (value aws.RequestChecksumCalculation, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(requestChecksumCalculationProvider); ok {
value, found, err = p.getRequestChecksumCalculation(ctx)
if err != nil || found {
break
}
}
}
return
}
// responseChecksumValidationProvider provides access to the ResponseChecksumValidation
type responseChecksumValidationProvider interface {
getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error)
}
func getResponseChecksumValidation(ctx context.Context, configs configs) (value aws.ResponseChecksumValidation, found bool, err error) {
for _, cfg := range configs {
if p, ok := cfg.(responseChecksumValidationProvider); ok {
value, found, err = p.getResponseChecksumValidation(ctx)
if err != nil || found {
break
}
}
}
return
}
// ec2IMDSRegionProvider provides access to the ec2 imds region
// configuration value
type ec2IMDSRegionProvider interface {

View file

@ -182,36 +182,6 @@ func resolveAccountIDEndpointMode(ctx context.Context, cfg *aws.Config, configs
return nil
}
// resolveRequestChecksumCalculation extracts the RequestChecksumCalculation from the configs slice's
// SharedConfig or EnvConfig
func resolveRequestChecksumCalculation(ctx context.Context, cfg *aws.Config, configs configs) error {
c, found, err := getRequestChecksumCalculation(ctx, configs)
if err != nil {
return err
}
if !found {
c = aws.RequestChecksumCalculationWhenSupported
}
cfg.RequestChecksumCalculation = c
return nil
}
// resolveResponseValidation extracts the ResponseChecksumValidation from the configs slice's
// SharedConfig or EnvConfig
func resolveResponseChecksumValidation(ctx context.Context, cfg *aws.Config, configs configs) error {
c, found, err := getResponseChecksumValidation(ctx, configs)
if err != nil {
return err
}
if !found {
c = aws.ResponseChecksumValidationWhenSupported
}
cfg.ResponseChecksumValidation = c
return nil
}
// resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default
// region if region had not been resolved from other sources.
func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error {

View file

@ -112,15 +112,13 @@ func resolveCredentialChain(ctx context.Context, cfg *aws.Config, configs config
switch {
case sharedProfileSet:
ctx, err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other)
err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other)
case envConfig.Credentials.HasKeys():
ctx = addCredentialSource(ctx, aws.CredentialSourceEnvVars)
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials, Source: getCredentialSources(ctx)}
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials}
case len(envConfig.WebIdentityTokenFilePath) > 0:
ctx = addCredentialSource(ctx, aws.CredentialSourceEnvVarsSTSWebIDToken)
err = assumeWebIdentity(ctx, cfg, envConfig.WebIdentityTokenFilePath, envConfig.RoleARN, envConfig.RoleSessionName, configs)
default:
ctx, err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other)
err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other)
}
if err != nil {
return err
@ -135,71 +133,53 @@ func resolveCredentialChain(ctx context.Context, cfg *aws.Config, configs config
return nil
}
func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedConfig *SharedConfig, configs configs) (ctx2 context.Context, err error) {
func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedConfig *SharedConfig, configs configs) (err error) {
switch {
case sharedConfig.Source != nil:
ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSourceProfile)
// Assume IAM role with credentials source from a different profile.
ctx, err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig.Source, configs)
err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig.Source, configs)
case sharedConfig.Credentials.HasKeys():
// Static Credentials from Shared Config/Credentials file.
ctx = addCredentialSource(ctx, aws.CredentialSourceProfile)
cfg.Credentials = credentials.StaticCredentialsProvider{
Value: sharedConfig.Credentials,
Source: getCredentialSources(ctx),
Value: sharedConfig.Credentials,
}
case len(sharedConfig.CredentialSource) != 0:
ctx = addCredentialSource(ctx, aws.CredentialSourceProfileNamedProvider)
ctx, err = resolveCredsFromSource(ctx, cfg, envConfig, sharedConfig, configs)
err = resolveCredsFromSource(ctx, cfg, envConfig, sharedConfig, configs)
case len(sharedConfig.WebIdentityTokenFile) != 0:
// Credentials from Assume Web Identity token require an IAM Role, and
// that roll will be assumed. May be wrapped with another assume role
// via SourceProfile.
ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSTSWebIDToken)
return ctx, assumeWebIdentity(ctx, cfg, sharedConfig.WebIdentityTokenFile, sharedConfig.RoleARN, sharedConfig.RoleSessionName, configs)
return assumeWebIdentity(ctx, cfg, sharedConfig.WebIdentityTokenFile, sharedConfig.RoleARN, sharedConfig.RoleSessionName, configs)
case sharedConfig.hasSSOConfiguration():
if sharedConfig.hasLegacySSOConfiguration() {
ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSSOLegacy)
ctx = addCredentialSource(ctx, aws.CredentialSourceSSOLegacy)
} else {
ctx = addCredentialSource(ctx, aws.CredentialSourceSSO)
}
if sharedConfig.SSOSession != nil {
ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSSO)
}
err = resolveSSOCredentials(ctx, cfg, sharedConfig, configs)
case len(sharedConfig.CredentialProcess) != 0:
// Get credentials from CredentialProcess
ctx = addCredentialSource(ctx, aws.CredentialSourceProfileProcess)
ctx = addCredentialSource(ctx, aws.CredentialSourceProcess)
err = processCredentials(ctx, cfg, sharedConfig, configs)
case len(envConfig.ContainerCredentialsRelativePath) != 0:
ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP)
err = resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
case len(envConfig.ContainerCredentialsEndpoint) != 0:
ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP)
err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
default:
ctx = addCredentialSource(ctx, aws.CredentialSourceIMDS)
err = resolveEC2RoleCredentials(ctx, cfg, configs)
}
if err != nil {
return ctx, err
return err
}
if len(sharedConfig.RoleARN) > 0 {
return ctx, credsFromAssumeRole(ctx, cfg, sharedConfig, configs)
return credsFromAssumeRole(ctx, cfg, sharedConfig, configs)
}
return ctx, nil
return nil
}
func resolveSSOCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *SharedConfig, configs configs) error {
@ -218,10 +198,6 @@ func resolveSSOCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *S
cfgCopy := cfg.Copy()
options = append(options, func(o *ssocreds.Options) {
o.CredentialSources = getCredentialSources(ctx)
})
if sharedConfig.SSOSession != nil {
ssoTokenProviderOptionsFn, found, err := getSSOTokenProviderOptions(ctx, configs)
if err != nil {
@ -266,10 +242,6 @@ func processCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *Shar
opts = append(opts, options)
}
opts = append(opts, func(o *processcreds.Options) {
o.CredentialSources = getCredentialSources(ctx)
})
cfg.Credentials = processcreds.NewProvider(sharedConfig.CredentialProcess, opts...)
return nil
@ -351,7 +323,6 @@ func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToke
if cfg.Retryer != nil {
options.Retryer = cfg.Retryer()
}
options.CredentialSources = getCredentialSources(ctx)
},
}
@ -375,31 +346,28 @@ func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToke
return nil
}
func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedCfg *SharedConfig, configs configs) (context.Context, error) {
func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedCfg *SharedConfig, configs configs) (err error) {
switch sharedCfg.CredentialSource {
case credSourceEc2Metadata:
ctx = addCredentialSource(ctx, aws.CredentialSourceIMDS)
return ctx, resolveEC2RoleCredentials(ctx, cfg, configs)
return resolveEC2RoleCredentials(ctx, cfg, configs)
case credSourceEnvironment:
ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP)
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials, Source: getCredentialSources(ctx)}
cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials}
case credSourceECSContainer:
ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP)
if len(envConfig.ContainerCredentialsRelativePath) != 0 {
return ctx, resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
return resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs)
}
if len(envConfig.ContainerCredentialsEndpoint) != 0 {
return ctx, resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
return resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs)
}
return ctx, fmt.Errorf("EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was set")
return fmt.Errorf("EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was set")
default:
return ctx, fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment")
return fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment")
}
return ctx, nil
return nil
}
func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs configs) error {
@ -418,7 +386,6 @@ func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs con
if o.Client == nil {
o.Client = imds.NewFromConfig(*cfg)
}
o.CredentialSources = getCredentialSources(ctx)
})
provider := ec2rolecreds.New(optFns...)
@ -427,6 +394,7 @@ func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs con
if err != nil {
return err
}
return nil
}
@ -505,10 +473,6 @@ func assumeWebIdentity(ctx context.Context, cfg *aws.Config, filepath string, ro
RoleARN: roleARN,
}
optFns = append(optFns, func(options *stscreds.WebIdentityRoleOptions) {
options.CredentialSources = getCredentialSources(ctx)
})
for _, fn := range optFns {
fn(&opts)
}
@ -530,8 +494,6 @@ func assumeWebIdentity(ctx context.Context, cfg *aws.Config, filepath string, ro
}
func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *SharedConfig, configs configs) (err error) {
// resolve credentials early
credentialSources := getCredentialSources(ctx)
optFns := []func(*stscreds.AssumeRoleOptions){
func(options *stscreds.AssumeRoleOptions) {
options.RoleSessionName = sharedCfg.RoleSessionName
@ -549,9 +511,6 @@ func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *Shared
if len(sharedCfg.MFASerial) != 0 {
options.SerialNumber = aws.String(sharedCfg.MFASerial)
}
// add existing credential chain
options.CredentialSources = credentialSources
},
}
@ -574,6 +533,7 @@ func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *Shared
return AssumeRoleTokenProviderNotSetError{}
}
}
cfg.Credentials = stscreds.NewAssumeRoleProvider(sts.NewFromConfig(*cfg), sharedCfg.RoleARN, optFns...)
return nil
@ -607,21 +567,3 @@ func wrapWithCredentialsCache(
return aws.NewCredentialsCache(provider, optFns...), nil
}
// credentialSource stores the chain of providers that was used to create an instance of
// a credentials provider on the context
type credentialSource struct{}
func addCredentialSource(ctx context.Context, source aws.CredentialSource) context.Context {
existing, ok := ctx.Value(credentialSource{}).([]aws.CredentialSource)
if !ok {
existing = []aws.CredentialSource{source}
} else {
existing = append(existing, source)
}
return context.WithValue(ctx, credentialSource{}, existing)
}
func getCredentialSources(ctx context.Context) []aws.CredentialSource {
return ctx.Value(credentialSource{}).([]aws.CredentialSource)
}

View file

@ -118,11 +118,6 @@ const (
accountIDKey = "aws_account_id"
accountIDEndpointMode = "account_id_endpoint_mode"
requestChecksumCalculationKey = "request_checksum_calculation"
responseChecksumValidationKey = "response_checksum_validation"
checksumWhenSupported = "when_supported"
checksumWhenRequired = "when_required"
)
// defaultSharedConfigProfile allows for swapping the default profile for testing
@ -351,12 +346,6 @@ type SharedConfig struct {
S3DisableExpressAuth *bool
AccountIDEndpointMode aws.AccountIDEndpointMode
// RequestChecksumCalculation indicates if the request checksum should be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// ResponseChecksumValidation indicates if the response checksum should be validated
ResponseChecksumValidation aws.ResponseChecksumValidation
}
func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) {
@ -1144,13 +1133,6 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
return fmt.Errorf("failed to load %s from shared config, %w", accountIDEndpointMode, err)
}
if err := updateRequestChecksumCalculation(&c.RequestChecksumCalculation, section, requestChecksumCalculationKey); err != nil {
return fmt.Errorf("failed to load %s from shared config, %w", requestChecksumCalculationKey, err)
}
if err := updateResponseChecksumValidation(&c.ResponseChecksumValidation, section, responseChecksumValidationKey); err != nil {
return fmt.Errorf("failed to load %s from shared config, %w", responseChecksumValidationKey, err)
}
// Shared Credentials
creds := aws.Credentials{
AccessKeyID: section.String(accessKeyIDKey),
@ -1225,42 +1207,6 @@ func updateAIDEndpointMode(m *aws.AccountIDEndpointMode, sec ini.Section, key st
return nil
}
func updateRequestChecksumCalculation(m *aws.RequestChecksumCalculation, sec ini.Section, key string) error {
if !sec.Has(key) {
return nil
}
v := sec.String(key)
switch strings.ToLower(v) {
case checksumWhenSupported:
*m = aws.RequestChecksumCalculationWhenSupported
case checksumWhenRequired:
*m = aws.RequestChecksumCalculationWhenRequired
default:
return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v)
}
return nil
}
func updateResponseChecksumValidation(m *aws.ResponseChecksumValidation, sec ini.Section, key string) error {
if !sec.Has(key) {
return nil
}
v := sec.String(key)
switch strings.ToLower(v) {
case checksumWhenSupported:
*m = aws.ResponseChecksumValidationWhenSupported
case checksumWhenRequired:
*m = aws.ResponseChecksumValidationWhenRequired
default:
return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v)
}
return nil
}
func (c SharedConfig) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) {
if c.RequestMinCompressSizeBytes == nil {
return 0, false, nil
@ -1279,14 +1225,6 @@ func (c SharedConfig) getAccountIDEndpointMode(ctx context.Context) (aws.Account
return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil
}
func (c SharedConfig) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) {
return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil
}
func (c SharedConfig) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) {
return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil
}
func updateDefaultsMode(mode *aws.DefaultsMode, section ini.Section, key string) error {
if !section.Has(key) {
return nil

View file

@ -1,57 +1,3 @@
# v1.17.65 (2025-03-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.64 (2025-03-25)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.63 (2025-03-24)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.62 (2025-03-04.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.61 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.60 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.59 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.58 (2025-02-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.57 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.56 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.55 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.17.54 (2025-01-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.53 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.52 (2025-01-14)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -47,10 +47,6 @@ type Options struct {
//
// If nil, the provider will default to the EC2 IMDS client.
Client GetMetadataAPIClient
// The chain of providers that was used to create this provider
// These values are for reporting purposes and are not meant to be set up directly
CredentialSources []aws.CredentialSource
}
// New returns an initialized Provider value configured to retrieve
@ -231,11 +227,3 @@ func requestCred(ctx context.Context, client GetMetadataAPIClient, credsName str
return respCreds, nil
}
// ProviderSources returns the credential chain that was used to construct this provider
func (p *Provider) ProviderSources() []aws.CredentialSource {
if p.options.CredentialSources == nil {
return []aws.CredentialSource{aws.CredentialSourceIMDS}
} // If no source has been set, assume this is used directly which means just call to assume role
return p.options.CredentialSources
}

View file

@ -98,10 +98,6 @@ type Options struct {
//
// Will override AuthorizationToken if configured
AuthorizationTokenProvider AuthTokenProvider
// The chain of providers that was used to create this provider
// These values are for reporting purposes and are not meant to be set up directly
CredentialSources []aws.CredentialSource
}
// AuthTokenProvider defines an interface to dynamically load a value to be passed
@ -195,13 +191,3 @@ func (p *Provider) resolveAuthToken() (string, error) {
return authToken, nil
}
var _ aws.CredentialProviderSource = (*Provider)(nil)
// ProviderSources returns the credential chain that was used to construct this provider
func (p *Provider) ProviderSources() []aws.CredentialSource {
if p.options.CredentialSources == nil {
return []aws.CredentialSource{aws.CredentialSourceHTTP}
}
return p.options.CredentialSources
}

View file

@ -3,4 +3,4 @@
package credentials
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.17.65"
const goModuleVersion = "1.17.52"

View file

@ -57,9 +57,6 @@ type Provider struct {
type Options struct {
// Timeout limits the time a process can run.
Timeout time.Duration
// The chain of providers that was used to create this provider
// These values are for reporting purposes and are not meant to be set up directly
CredentialSources []aws.CredentialSource
}
// NewCommandBuilder provides the interface for specifying how command will be
@ -277,14 +274,6 @@ func (p *Provider) executeCredentialProcess(ctx context.Context) ([]byte, error)
return out, nil
}
// ProviderSources returns the credential chain that was used to construct this provider
func (p *Provider) ProviderSources() []aws.CredentialSource {
if p.options.CredentialSources == nil {
return []aws.CredentialSource{aws.CredentialSourceProcess}
}
return p.options.CredentialSources
}
func executeCommand(cmd *exec.Cmd, exec chan error) {
// Start the command
err := cmd.Start()

View file

@ -49,10 +49,6 @@ type Options struct {
// Used by the SSOCredentialProvider if a token configuration
// profile is used in the shared config
SSOTokenProvider *SSOTokenProvider
// The chain of providers that was used to create this provider.
// These values are for reporting purposes and are not meant to be set up directly
CredentialSources []aws.CredentialSource
}
// Provider is an AWS credential provider that retrieves temporary AWS
@ -137,14 +133,6 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) {
}, nil
}
// ProviderSources returns the credential chain that was used to construct this provider
func (p *Provider) ProviderSources() []aws.CredentialSource {
if p.options.CredentialSources == nil {
return []aws.CredentialSource{aws.CredentialSourceSSO}
}
return p.options.CredentialSources
}
// InvalidTokenError is the error type that is returned if loaded token has
// expired or is otherwise invalid. To refresh the SSO session run AWS SSO
// login with the corresponding profile.

View file

@ -22,16 +22,6 @@ func (*StaticCredentialsEmptyError) Error() string {
// never expire.
type StaticCredentialsProvider struct {
Value aws.Credentials
// These values are for reporting purposes and are not meant to be set up directly
Source []aws.CredentialSource
}
// ProviderSources returns the credential chain that was used to construct this provider
func (s StaticCredentialsProvider) ProviderSources() []aws.CredentialSource {
if s.Source == nil {
return []aws.CredentialSource{aws.CredentialSourceCode} // If no source has been set, assume this is used directly which means hardcoded creds
}
return s.Source
}
// NewStaticCredentialsProvider return a StaticCredentialsProvider initialized with the AWS

View file

@ -247,10 +247,6 @@ type AssumeRoleOptions struct {
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
// in the IAM User Guide. This parameter is optional.
TransitiveTagKeys []string
// The chain of providers that was used to create this provider
// These values are for reporting purposes and are not meant to be set up directly
CredentialSources []aws.CredentialSource
}
// NewAssumeRoleProvider constructs and returns a credentials provider that
@ -328,11 +324,3 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err
AccountID: accountID,
}, nil
}
// ProviderSources returns the credential chain that was used to construct this provider
func (p *AssumeRoleProvider) ProviderSources() []aws.CredentialSource {
if p.options.CredentialSources == nil {
return []aws.CredentialSource{aws.CredentialSourceSTSAssumeRole}
} // If no source has been set, assume this is used directly which means just call to assume role
return append(p.options.CredentialSources, aws.CredentialSourceSTSAssumeRole)
}

View file

@ -64,10 +64,6 @@ type WebIdentityRoleOptions struct {
// want to use as managed session policies. The policies must exist in the
// same account as the role.
PolicyARNs []types.PolicyDescriptorType
// The chain of providers that was used to create this provider
// These values are for reporting purposes and are not meant to be set up directly
CredentialSources []aws.CredentialSource
}
// IdentityTokenRetriever is an interface for retrieving a JWT
@ -171,11 +167,3 @@ func getAccountID(u *types.AssumedRoleUser) string {
}
return parts[4]
}
// ProviderSources returns the credential chain that was used to construct this provider
func (p *WebIdentityRoleProvider) ProviderSources() []aws.CredentialSource {
if p.options.CredentialSources == nil {
return []aws.CredentialSource{aws.CredentialSourceSTSAssumeRoleWebID}
}
return p.options.CredentialSources
}

View file

@ -1,33 +1,3 @@
# v1.16.30 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.29 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.28 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.27 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.26 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.25 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.16.24 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.16.23 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -3,4 +3,4 @@
package imds
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.16.30"
const goModuleVersion = "1.16.23"

View file

@ -1,93 +1,3 @@
# v1.17.69 (2025-03-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.68 (2025-03-25)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.67 (2025-03-24)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.66 (2025-03-11)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.65 (2025-03-04.2)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.64 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.63 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.62 (2025-02-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.61 (2025-02-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.60 (2025-02-06)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.59 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.58 (2025-02-04)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.57 (2025-01-31)
* **Bug Fix**: Fix incorrect reference to old s3manager in comments.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.56 (2025-01-30)
* **Bug Fix**: Fix incorrect reference to old s3manager in comments.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.55 (2025-01-29)
* **Bug Fix**: Fix incorrect reference to old s3manager in comments.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.54 (2025-01-24)
* **Bug Fix**: Fix incorrect reference to old s3manager in comments.
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.17.53 (2025-01-22)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.52 (2025-01-17)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.51 (2025-01-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.50 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.49 (2025-01-14)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.17.48 (2025-01-10)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -158,7 +158,7 @@ func NewDownloader(c DownloadAPIClient, options ...func(*Downloader)) *Downloade
// // pre-allocate in memory buffer, where headObject type is *s3.HeadObjectOutput
// buf := make([]byte, int(headObject.ContentLength))
// // wrap with aws.WriteAtBuffer
// w := manager.NewWriteAtBuffer(buf)
// w := s3manager.NewWriteAtBuffer(buf)
// // download file into the memory
// numBytesDownloaded, err := downloader.Download(ctx, w, &s3.GetObjectInput{
// Bucket: aws.String(bucket),

View file

@ -3,4 +3,4 @@
package manager
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.17.69"
const goModuleVersion = "1.17.48"

View file

@ -15,7 +15,7 @@ import (
// requires payload signing.
//
// Note: If using with S3 PutObject to stream an object upload. The SDK's S3
// Upload Manager(manager.Uploader) provides support for streaming
// Upload Manager(s3manager.Uploader) provides support for streaming
// with the ability to retry network errors.
func ReadSeekCloser(r io.Reader) *ReaderSeekerCloser {
return &ReaderSeekerCloser{r}
@ -137,7 +137,7 @@ func (r *ReaderSeekerCloser) Close() error {
}
// A WriteAtBuffer provides a in memory buffer supporting the io.WriterAt interface
// Can be used with the manager.Downloader to download content to a buffer
// Can be used with the s3manager.Downloader to download content to a buffer
// in memory. Safe to use concurrently.
type WriteAtBuffer struct {
buf []byte

View file

@ -121,9 +121,6 @@ type UploadOutput struct {
// The base64-encoded, 32-bit CRC32C checksum of the object.
ChecksumCRC32C *string
// The base64-encoded, 64-bit CRC64NVME checksum of the object.
ChecksumCRC64NVME *string
// The base64-encoded, 160-bit SHA-1 digest of the object.
ChecksumSHA1 *string
@ -514,7 +511,6 @@ func (u *uploader) singlePart(r io.ReadSeeker, cleanup func()) (*UploadOutput, e
BucketKeyEnabled: aws.ToBool(out.BucketKeyEnabled),
ChecksumCRC32: out.ChecksumCRC32,
ChecksumCRC32C: out.ChecksumCRC32C,
ChecksumCRC64NVME: out.ChecksumCRC64NVME,
ChecksumSHA1: out.ChecksumSHA1,
ChecksumSHA256: out.ChecksumSHA256,
ETag: out.ETag,
@ -588,8 +584,6 @@ func (a completedParts) Less(i, j int) bool {
// upload will perform a multipart upload using the firstBuf buffer containing
// the first chunk of data.
func (u *multiuploader) upload(firstBuf io.ReadSeeker, cleanup func()) (*UploadOutput, error) {
u.initChecksumAlgorithm()
var params s3.CreateMultipartUploadInput
awsutil.Copy(&params, u.in)
@ -657,7 +651,6 @@ func (u *multiuploader) upload(firstBuf io.ReadSeeker, cleanup func()) (*UploadO
BucketKeyEnabled: aws.ToBool(completeOut.BucketKeyEnabled),
ChecksumCRC32: completeOut.ChecksumCRC32,
ChecksumCRC32C: completeOut.ChecksumCRC32C,
ChecksumCRC64NVME: completeOut.ChecksumCRC64NVME,
ChecksumSHA1: completeOut.ChecksumSHA1,
ChecksumSHA256: completeOut.ChecksumSHA256,
ETag: completeOut.ETag,
@ -759,27 +752,6 @@ func (u *multiuploader) send(c chunk) error {
return nil
}
func (u *multiuploader) initChecksumAlgorithm() {
if u.in.ChecksumAlgorithm != "" {
return
}
switch {
case u.in.ChecksumCRC32 != nil:
u.in.ChecksumAlgorithm = types.ChecksumAlgorithmCrc32
case u.in.ChecksumCRC32C != nil:
u.in.ChecksumAlgorithm = types.ChecksumAlgorithmCrc32c
case u.in.ChecksumCRC64NVME != nil:
u.in.ChecksumAlgorithm = types.ChecksumAlgorithmCrc64nvme
case u.in.ChecksumSHA1 != nil:
u.in.ChecksumAlgorithm = types.ChecksumAlgorithmSha1
case u.in.ChecksumSHA256 != nil:
u.in.ChecksumAlgorithm = types.ChecksumAlgorithmSha256
default:
u.in.ChecksumAlgorithm = types.ChecksumAlgorithmCrc32
}
}
// geterr is a thread-safe getter for the error object
func (u *multiuploader) geterr() error {
u.m.Lock()

View file

@ -1,33 +1,3 @@
# v1.3.34 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.33 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.32 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.31 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.30 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.29 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.3.28 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.27 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -3,4 +3,4 @@
package configsources
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.3.34"
const goModuleVersion = "1.3.27"

View file

@ -92,9 +92,6 @@
"me-south-1" : {
"description" : "Middle East (Bahrain)"
},
"mx-central-1" : {
"description" : "Mexico (Central)"
},
"sa-east-1" : {
"description" : "South America (Sao Paulo)"
},
@ -223,17 +220,7 @@
"supportsFIPS" : true
},
"regionRegex" : "^us\\-isof\\-\\w+\\-\\d+$",
"regions" : {
"aws-iso-f-global" : {
"description" : "AWS ISOF global region"
},
"us-isof-east-1" : {
"description" : "US ISOF EAST"
},
"us-isof-south-1" : {
"description" : "US ISOF SOUTH"
}
}
"regions" : { }
} ],
"version" : "1.1"
}

View file

@ -1,33 +1,3 @@
# v2.6.34 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.33 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.32 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.31 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.30 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.29 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v2.6.28 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v2.6.27 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -3,4 +3,4 @@
package endpoints
// goModuleVersion is the tagged release for this module
const goModuleVersion = "2.6.34"
const goModuleVersion = "2.6.27"

View file

@ -1,34 +1,3 @@
# v1.3.34 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.33 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.32 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.31 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.30 (2025-01-30)
* **Bug Fix**: Do not sign Transfer-Encoding header in Sigv4[a]. Fixes a signer mismatch issue with S3 Accelerate.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.29 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.3.28 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.3.27 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -3,4 +3,4 @@
package v4a
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.3.34"
const goModuleVersion = "1.3.27"

View file

@ -4,10 +4,9 @@ package v4
var IgnoredHeaders = Rules{
DenyList{
MapRule{
"Authorization": struct{}{},
"User-Agent": struct{}{},
"X-Amzn-Trace-Id": struct{}{},
"Transfer-Encoding": struct{}{},
"Authorization": struct{}{},
"User-Agent": struct{}{},
"X-Amzn-Trace-Id": struct{}{},
},
},
}

View file

@ -1,51 +1,3 @@
# v1.7.0 (2025-03-11)
* **Feature**: Add extra check during output checksum validation so the validation skip warning would not be logged if object is not fetched from s3
# v1.6.2 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.6.1 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.6.0 (2025-02-10)
* **Feature**: Support CRC64NVME flex checksums.
# v1.5.6 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.5.5 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.5.4 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.5.3 (2025-01-24)
* **Bug Fix**: Enable request checksum validation mode by default
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.5.2 (2025-01-17)
* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
# v1.5.1 (2025-01-16)
* **Bug Fix**: Fix nil dereference panic for operations that require checksums, but do not have an input setting for which algorithm to use.
# v1.5.0 (2025-01-15)
* **Feature**: S3 client behavior is updated to always calculate a checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). The checksum algorithm used by default now becomes CRC32. Checksum behavior can be configured using `when_supported` and `when_required` options - in code using RequestChecksumCalculation, in shared config using request_checksum_calculation, or as env variable using AWS_REQUEST_CHECKSUM_CALCULATION. The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using `when_supported` and `when_required` options - in code using ResponseChecksumValidation, in shared config using response_checksum_validation, or as env variable using AWS_RESPONSE_CHECKSUM_VALIDATION.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.4.8 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -9,7 +9,6 @@ import (
"fmt"
"hash"
"hash/crc32"
"hash/crc64"
"io"
"strings"
"sync"
@ -31,20 +30,13 @@ const (
// AlgorithmSHA256 represents SHA256 hash algorithm
AlgorithmSHA256 Algorithm = "SHA256"
// AlgorithmCRC64NVME represents CRC64NVME hash algorithm
AlgorithmCRC64NVME Algorithm = "CRC64NVME"
)
// inverted NVME polynomial as required by crc64.MakeTable
const crc64NVME = 0x9a6c_9329_ac4b_c9b5
var supportedAlgorithms = []Algorithm{
AlgorithmCRC32C,
AlgorithmCRC32,
AlgorithmSHA1,
AlgorithmSHA256,
AlgorithmCRC64NVME,
}
func (a Algorithm) String() string { return string(a) }
@ -97,8 +89,6 @@ func NewAlgorithmHash(v Algorithm) (hash.Hash, error) {
return crc32.NewIEEE(), nil
case AlgorithmCRC32C:
return crc32.New(crc32.MakeTable(crc32.Castagnoli)), nil
case AlgorithmCRC64NVME:
return crc64.New(crc64.MakeTable(crc64NVME)), nil
default:
return nil, fmt.Errorf("unknown checksum algorithm, %v", v)
}
@ -116,8 +106,6 @@ func AlgorithmChecksumLength(v Algorithm) (int, error) {
return crc32.Size, nil
case AlgorithmCRC32C:
return crc32.Size, nil
case AlgorithmCRC64NVME:
return crc64.Size, nil
default:
return 0, fmt.Errorf("unknown checksum algorithm, %v", v)
}

View file

@ -3,4 +3,4 @@
package checksum
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.7.0"
const goModuleVersion = "1.4.8"

View file

@ -1,7 +1,6 @@
package checksum
import (
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/smithy-go/middleware"
)
@ -15,16 +14,11 @@ type InputMiddlewareOptions struct {
// and true, or false if no algorithm is specified.
GetAlgorithm func(interface{}) (string, bool)
// RequireChecksum indicates whether operation model forces middleware to compute the input payload's checksum.
// If RequireChecksum is set to true, checksum will be calculated and RequestChecksumCalculation will be ignored,
// otherwise RequestChecksumCalculation will be used to indicate if checksum will be calculated
// Forces the middleware to compute the input payload's checksum. The
// request will fail if the algorithm is not specified or unable to compute
// the checksum.
RequireChecksum bool
// RequestChecksumCalculation is the user config to opt-in/out request checksum calculation. If RequireChecksum is
// set to true, checksum will be calculated and this field will be ignored, otherwise
// RequestChecksumCalculation will be used to indicate if checksum will be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
// Enables support for wrapping the serialized input payload with a
// content-encoding: aws-check wrapper, and including a trailer for the
// algorithm's checksum value.
@ -52,16 +46,33 @@ type InputMiddlewareOptions struct {
// AddInputMiddleware adds the middleware for performing checksum computing
// of request payloads, and checksum validation of response payloads.
//
// Deprecated: This internal-only runtime API is frozen. Do not call or modify
// it in new code. Checksum-enabled service operations now generate this
// middleware setup code inline per #2507.
func AddInputMiddleware(stack *middleware.Stack, options InputMiddlewareOptions) (err error) {
// TODO ensure this works correctly with presigned URLs
// Middleware stack:
// * (OK)(Initialize) --none--
// * (OK)(Serialize) EndpointResolver
// * (OK)(Build) ComputeContentLength
// * (AD)(Build) Header ComputeInputPayloadChecksum
// * SIGNED Payload - If HTTP && not support trailing checksum
// * UNSIGNED Payload - If HTTPS && not support trailing checksum
// * (RM)(Build) ContentChecksum - OK to remove
// * (OK)(Build) ComputePayloadHash
// * v4.dynamicPayloadSigningMiddleware
// * v4.computePayloadSHA256
// * v4.unsignedPayload
// (OK)(Build) Set computedPayloadHash header
// * (OK)(Finalize) Retry
// * (AD)(Finalize) Trailer ComputeInputPayloadChecksum,
// * Requires HTTPS && support trailing checksum
// * UNSIGNED Payload
// * Finalize run if HTTPS && support trailing checksum
// * (OK)(Finalize) Signing
// * (OK)(Deserialize) --none--
// Initial checksum configuration look up middleware
err = stack.Initialize.Add(&SetupInputContext{
GetAlgorithm: options.GetAlgorithm,
RequireChecksum: options.RequireChecksum,
RequestChecksumCalculation: options.RequestChecksumCalculation,
err = stack.Initialize.Add(&setupInputContext{
GetAlgorithm: options.GetAlgorithm,
}, middleware.Before)
if err != nil {
return err
@ -69,7 +80,8 @@ func AddInputMiddleware(stack *middleware.Stack, options InputMiddlewareOptions)
stack.Build.Remove("ContentChecksum")
inputChecksum := &ComputeInputPayloadChecksum{
inputChecksum := &computeInputPayloadChecksum{
RequireChecksum: options.RequireChecksum,
EnableTrailingChecksum: options.EnableTrailingChecksum,
EnableComputePayloadHash: options.EnableComputeSHA256PayloadHash,
EnableDecodedContentLengthHeader: options.EnableDecodedContentLengthHeader,
@ -80,8 +92,9 @@ func AddInputMiddleware(stack *middleware.Stack, options InputMiddlewareOptions)
// If trailing checksum is not supported no need for finalize handler to be added.
if options.EnableTrailingChecksum {
trailerMiddleware := &AddInputChecksumTrailer{
trailerMiddleware := &addInputChecksumTrailer{
EnableTrailingChecksum: inputChecksum.EnableTrailingChecksum,
RequireChecksum: inputChecksum.RequireChecksum,
EnableComputePayloadHash: inputChecksum.EnableComputePayloadHash,
EnableDecodedContentLengthHeader: inputChecksum.EnableDecodedContentLengthHeader,
}
@ -96,10 +109,10 @@ func AddInputMiddleware(stack *middleware.Stack, options InputMiddlewareOptions)
// RemoveInputMiddleware Removes the compute input payload checksum middleware
// handlers from the stack.
func RemoveInputMiddleware(stack *middleware.Stack) {
id := (*SetupInputContext)(nil).ID()
id := (*setupInputContext)(nil).ID()
stack.Initialize.Remove(id)
id = (*ComputeInputPayloadChecksum)(nil).ID()
id = (*computeInputPayloadChecksum)(nil).ID()
stack.Finalize.Remove(id)
}
@ -113,12 +126,6 @@ type OutputMiddlewareOptions struct {
// mode and true, or false if no mode is specified.
GetValidationMode func(interface{}) (string, bool)
// SetValidationMode is a function to set the checksum validation mode of input parameters
SetValidationMode func(interface{}, string)
// ResponseChecksumValidation is the user config to opt-in/out response checksum validation
ResponseChecksumValidation aws.ResponseChecksumValidation
// The set of checksum algorithms that should be used for response payload
// checksum validation. The algorithm(s) used will be a union of the
// output's returned algorithms and this set.
@ -127,7 +134,7 @@ type OutputMiddlewareOptions struct {
ValidationAlgorithms []string
// If set the middleware will ignore output multipart checksums. Otherwise
// a checksum format error will be returned by the middleware.
// an checksum format error will be returned by the middleware.
IgnoreMultipartValidation bool
// When set the middleware will log when output does not have checksum or
@ -143,9 +150,7 @@ type OutputMiddlewareOptions struct {
// checksum.
func AddOutputMiddleware(stack *middleware.Stack, options OutputMiddlewareOptions) error {
err := stack.Initialize.Add(&setupOutputContext{
GetValidationMode: options.GetValidationMode,
SetValidationMode: options.SetValidationMode,
ResponseChecksumValidation: options.ResponseChecksumValidation,
GetValidationMode: options.GetValidationMode,
}, middleware.Before)
if err != nil {
return err

View file

@ -1,90 +0,0 @@
package checksum
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
var supportedChecksumFeatures = map[Algorithm]awsmiddleware.UserAgentFeature{
AlgorithmCRC32: awsmiddleware.UserAgentFeatureRequestChecksumCRC32,
AlgorithmCRC32C: awsmiddleware.UserAgentFeatureRequestChecksumCRC32C,
AlgorithmSHA1: awsmiddleware.UserAgentFeatureRequestChecksumSHA1,
AlgorithmSHA256: awsmiddleware.UserAgentFeatureRequestChecksumSHA256,
AlgorithmCRC64NVME: awsmiddleware.UserAgentFeatureRequestChecksumCRC64,
}
// RequestChecksumMetricsTracking is the middleware to track operation request's checksum usage
type RequestChecksumMetricsTracking struct {
RequestChecksumCalculation aws.RequestChecksumCalculation
UserAgent *awsmiddleware.RequestUserAgent
}
// ID provides the middleware identifier
func (m *RequestChecksumMetricsTracking) ID() string {
return "AWSChecksum:RequestMetricsTracking"
}
// HandleBuild checks request checksum config and checksum value sent
// and sends corresponding feature id to user agent
func (m *RequestChecksumMetricsTracking) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
) {
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown request type %T", req)
}
switch m.RequestChecksumCalculation {
case aws.RequestChecksumCalculationWhenSupported:
m.UserAgent.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRequestChecksumWhenSupported)
case aws.RequestChecksumCalculationWhenRequired:
m.UserAgent.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRequestChecksumWhenRequired)
}
for algo, feat := range supportedChecksumFeatures {
checksumHeader := AlgorithmHTTPHeader(algo)
if checksum := req.Header.Get(checksumHeader); checksum != "" {
m.UserAgent.AddUserAgentFeature(feat)
}
}
return next.HandleBuild(ctx, in)
}
// ResponseChecksumMetricsTracking is the middleware to track operation response's checksum usage
type ResponseChecksumMetricsTracking struct {
ResponseChecksumValidation aws.ResponseChecksumValidation
UserAgent *awsmiddleware.RequestUserAgent
}
// ID provides the middleware identifier
func (m *ResponseChecksumMetricsTracking) ID() string {
return "AWSChecksum:ResponseMetricsTracking"
}
// HandleBuild checks the response checksum config and sends corresponding feature id to user agent
func (m *ResponseChecksumMetricsTracking) HandleBuild(
ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler,
) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
) {
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, fmt.Errorf("unknown request type %T", req)
}
switch m.ResponseChecksumValidation {
case aws.ResponseChecksumValidationWhenSupported:
m.UserAgent.AddUserAgentFeature(awsmiddleware.UserAgentFeatureResponseChecksumWhenSupported)
case aws.ResponseChecksumValidationWhenRequired:
m.UserAgent.AddUserAgentFeature(awsmiddleware.UserAgentFeatureResponseChecksumWhenRequired)
}
return next.HandleBuild(ctx, in)
}

View file

@ -7,7 +7,6 @@ import (
"hash"
"io"
"strconv"
"strings"
v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
@ -17,6 +16,7 @@ import (
)
const (
contentMD5Header = "Content-Md5"
streamingUnsignedPayloadTrailerPayloadHash = "STREAMING-UNSIGNED-PAYLOAD-TRAILER"
)
@ -39,8 +39,8 @@ func SetComputedInputChecksums(m *middleware.Metadata, vs map[string]string) {
m.Set(computedInputChecksumsKey{}, vs)
}
// ComputeInputPayloadChecksum middleware computes payload checksum
type ComputeInputPayloadChecksum struct {
// computeInputPayloadChecksum middleware computes payload checksum
type computeInputPayloadChecksum struct {
// Enables support for wrapping the serialized input payload with a
// content-encoding: aws-check wrapper, and including a trailer for the
// algorithm's checksum value.
@ -49,6 +49,13 @@ type ComputeInputPayloadChecksum struct {
// the Algorithm's header is already set on the request.
EnableTrailingChecksum bool
// States that a checksum is required to be included for the operation. If
// Input does not specify a checksum, fallback to built in MD5 checksum is
// used.
//
// Replaces smithy-go's ContentChecksum middleware.
RequireChecksum bool
// Enables support for computing the SHA256 checksum of input payloads
// along with the algorithm specified checksum. Prevents downstream
// middleware handlers (computePayloadSHA256) re-reading the payload.
@ -71,7 +78,7 @@ type ComputeInputPayloadChecksum struct {
type useTrailer struct{}
// ID provides the middleware's identifier.
func (m *ComputeInputPayloadChecksum) ID() string {
func (m *computeInputPayloadChecksum) ID() string {
return "AWSChecksum:ComputeInputPayloadChecksum"
}
@ -91,27 +98,18 @@ func (e computeInputHeaderChecksumError) Error() string {
}
func (e computeInputHeaderChecksumError) Unwrap() error { return e.Err }
// HandleFinalize handles computing the payload's checksum, in the following cases:
// HandleBuild handles computing the payload's checksum, in the following cases:
// - Is HTTP, not HTTPS
// - RequireChecksum is true, and no checksums were specified via the Input
// - Trailing checksums are not supported
//
// The build handler must be inserted in the stack before ContentPayloadHash
// and after ComputeContentLength.
func (m *ComputeInputPayloadChecksum) HandleFinalize(
func (m *computeInputPayloadChecksum) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
var checksum string
algorithm, ok, err := getInputAlgorithm(ctx)
if err != nil {
return out, metadata, err
}
if !ok {
return next.HandleFinalize(ctx, in)
}
req, ok := in.Request.(*smithyhttp.Request)
if !ok {
return out, metadata, computeInputHeaderChecksumError{
@ -119,6 +117,8 @@ func (m *ComputeInputPayloadChecksum) HandleFinalize(
}
}
var algorithm Algorithm
var checksum string
defer func() {
if algorithm == "" || checksum == "" || err != nil {
return
@ -130,14 +130,29 @@ func (m *ComputeInputPayloadChecksum) HandleFinalize(
})
}()
// If any checksum header is already set nothing to do.
for header := range req.Header {
h := strings.ToUpper(header)
if strings.HasPrefix(h, "X-AMZ-CHECKSUM-") {
algorithm = Algorithm(strings.TrimPrefix(h, "X-AMZ-CHECKSUM-"))
checksum = req.Header.Get(header)
return next.HandleFinalize(ctx, in)
// If no algorithm was specified, and the operation requires a checksum,
// fallback to the legacy content MD5 checksum.
algorithm, ok, err = getInputAlgorithm(ctx)
if err != nil {
return out, metadata, err
} else if !ok {
if m.RequireChecksum {
checksum, err = setMD5Checksum(ctx, req)
if err != nil {
return out, metadata, computeInputHeaderChecksumError{
Msg: "failed to compute stream's MD5 checksum",
Err: err,
}
}
algorithm = Algorithm("MD5")
}
return next.HandleFinalize(ctx, in)
}
// If the checksum header is already set nothing to do.
checksumHeader := AlgorithmHTTPHeader(algorithm)
if checksum = req.Header.Get(checksumHeader); checksum != "" {
return next.HandleFinalize(ctx, in)
}
computePayloadHash := m.EnableComputePayloadHash
@ -202,7 +217,6 @@ func (m *ComputeInputPayloadChecksum) HandleFinalize(
}
}
checksumHeader := AlgorithmHTTPHeader(algorithm)
req.Header.Set(checksumHeader, checksum)
if computePayloadHash {
@ -228,37 +242,28 @@ func (e computeInputTrailingChecksumError) Error() string {
}
func (e computeInputTrailingChecksumError) Unwrap() error { return e.Err }
// AddInputChecksumTrailer adds HTTP checksum when
// addInputChecksumTrailer
// - Is HTTPS, not HTTP
// - A checksum was specified via the Input
// - Trailing checksums are supported.
type AddInputChecksumTrailer struct {
type addInputChecksumTrailer struct {
EnableTrailingChecksum bool
RequireChecksum bool
EnableComputePayloadHash bool
EnableDecodedContentLengthHeader bool
}
// ID identifies this middleware.
func (*AddInputChecksumTrailer) ID() string {
func (*addInputChecksumTrailer) ID() string {
return "addInputChecksumTrailer"
}
// HandleFinalize wraps the request body to write the trailing checksum.
func (m *AddInputChecksumTrailer) HandleFinalize(
func (m *addInputChecksumTrailer) HandleFinalize(
ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler,
) (
out middleware.FinalizeOutput, metadata middleware.Metadata, err error,
) {
algorithm, ok, err := getInputAlgorithm(ctx)
if err != nil {
return out, metadata, computeInputTrailingChecksumError{
Msg: "failed to get algorithm",
Err: err,
}
} else if !ok {
return next.HandleFinalize(ctx, in)
}
if enabled, _ := middleware.GetStackValue(ctx, useTrailer{}).(bool); !enabled {
return next.HandleFinalize(ctx, in)
}
@ -276,11 +281,24 @@ func (m *AddInputChecksumTrailer) HandleFinalize(
}
}
// If any checksum header is already set nothing to do.
for header := range req.Header {
if strings.HasPrefix(strings.ToLower(header), "x-amz-checksum-") {
return next.HandleFinalize(ctx, in)
// If no algorithm was specified, there is nothing to do.
algorithm, ok, err := getInputAlgorithm(ctx)
if err != nil {
return out, metadata, computeInputTrailingChecksumError{
Msg: "failed to get algorithm",
Err: err,
}
} else if !ok {
return out, metadata, computeInputTrailingChecksumError{
Msg: "no algorithm specified",
}
}
// If the checksum header is already set before finalize could run, there
// is nothing to do.
checksumHeader := AlgorithmHTTPHeader(algorithm)
if req.Header.Get(checksumHeader) != "" {
return next.HandleFinalize(ctx, in)
}
stream := req.GetStream()
@ -426,3 +444,39 @@ func getRequestStreamLength(req *smithyhttp.Request) (int64, error) {
return -1, nil
}
// setMD5Checksum computes the MD5 of the request payload and sets it to the
// Content-MD5 header. Returning the MD5 base64 encoded string or error.
//
// If the MD5 is already set as the Content-MD5 header, that value will be
// returned, and nothing else will be done.
//
// If the payload is empty, no MD5 will be computed. No error will be returned.
// Empty payloads do not have an MD5 value.
//
// Replaces the smithy-go middleware for httpChecksum trait.
func setMD5Checksum(ctx context.Context, req *smithyhttp.Request) (string, error) {
if v := req.Header.Get(contentMD5Header); len(v) != 0 {
return v, nil
}
stream := req.GetStream()
if stream == nil {
return "", nil
}
if !req.IsStreamSeekable() {
return "", fmt.Errorf(
"unseekable stream is not supported for computing md5 checksum")
}
v, err := computeMD5Checksum(stream)
if err != nil {
return "", err
}
if err := req.RewindStream(); err != nil {
return "", fmt.Errorf("failed to rewind stream after computing MD5 checksum, %w", err)
}
// set the 'Content-MD5' header
req.Header.Set(contentMD5Header, string(v))
return string(v), nil
}

View file

@ -3,62 +3,43 @@ package checksum
import (
"context"
"github.com/aws/aws-sdk-go-v2/aws"
internalcontext "github.com/aws/aws-sdk-go-v2/internal/context"
"github.com/aws/smithy-go/middleware"
)
const (
checksumValidationModeEnabled = "ENABLED"
)
// SetupInputContext is the initial middleware that looks up the input
// setupChecksumContext is the initial middleware that looks up the input
// used to configure checksum behavior. This middleware must be executed before
// input validation step or any other checksum middleware.
type SetupInputContext struct {
type setupInputContext struct {
// GetAlgorithm is a function to get the checksum algorithm of the
// input payload from the input parameters.
//
// Given the input parameter value, the function must return the algorithm
// and true, or false if no algorithm is specified.
GetAlgorithm func(interface{}) (string, bool)
// RequireChecksum indicates whether operation model forces middleware to compute the input payload's checksum.
// If RequireChecksum is set to true, checksum will be calculated and RequestChecksumCalculation will be ignored,
// otherwise RequestChecksumCalculation will be used to indicate if checksum will be calculated
RequireChecksum bool
// RequestChecksumCalculation is the user config to opt-in/out request checksum calculation. If RequireChecksum is
// set to true, checksum will be calculated and this field will be ignored, otherwise
// RequestChecksumCalculation will be used to indicate if checksum will be calculated
RequestChecksumCalculation aws.RequestChecksumCalculation
}
// ID for the middleware
func (m *SetupInputContext) ID() string {
func (m *setupInputContext) ID() string {
return "AWSChecksum:SetupInputContext"
}
// HandleInitialize initialization middleware that setups up the checksum
// context based on the input parameters provided in the stack.
func (m *SetupInputContext) HandleInitialize(
func (m *setupInputContext) HandleInitialize(
ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler,
) (
out middleware.InitializeOutput, metadata middleware.Metadata, err error,
) {
// nil check here is for operations that require checksum but do not have input algorithm setting
// Check if validation algorithm is specified.
if m.GetAlgorithm != nil {
if algorithm, ok := m.GetAlgorithm(in.Parameters); ok {
// check is input resource has a checksum algorithm
algorithm, ok := m.GetAlgorithm(in.Parameters)
if ok && len(algorithm) != 0 {
ctx = internalcontext.SetChecksumInputAlgorithm(ctx, algorithm)
return next.HandleInitialize(ctx, in)
}
}
if m.RequireChecksum || m.RequestChecksumCalculation == aws.RequestChecksumCalculationWhenSupported {
ctx = internalcontext.SetChecksumInputAlgorithm(ctx, string(AlgorithmCRC32))
}
return next.HandleInitialize(ctx, in)
}
@ -69,12 +50,6 @@ type setupOutputContext struct {
// Given the input parameter value, the function must return the validation
// mode and true, or false if no mode is specified.
GetValidationMode func(interface{}) (string, bool)
// SetValidationMode is a function to set the checksum validation mode of input parameters
SetValidationMode func(interface{}, string)
// ResponseChecksumValidation states user config to opt-in/out checksum validation
ResponseChecksumValidation aws.ResponseChecksumValidation
}
// ID for the middleware
@ -89,12 +64,13 @@ func (m *setupOutputContext) HandleInitialize(
) (
out middleware.InitializeOutput, metadata middleware.Metadata, err error,
) {
mode, _ := m.GetValidationMode(in.Parameters)
if m.ResponseChecksumValidation == aws.ResponseChecksumValidationWhenSupported || mode == checksumValidationModeEnabled {
m.SetValidationMode(in.Parameters, checksumValidationModeEnabled)
ctx = setContextOutputValidationMode(ctx, checksumValidationModeEnabled)
// Check if validation mode is specified.
if m.GetValidationMode != nil {
// check is input resource has a checksum algorithm
mode, ok := m.GetValidationMode(in.Parameters)
if ok && len(mode) != 0 {
ctx = setContextOutputValidationMode(ctx, mode)
}
}
return next.HandleInitialize(ctx, in)

View file

@ -3,7 +3,6 @@ package checksum
import (
"context"
"fmt"
"net/http"
"strings"
"github.com/aws/smithy-go"
@ -56,7 +55,7 @@ func (m *validateOutputPayloadChecksum) ID() string {
}
// HandleDeserialize is a Deserialize middleware that wraps the HTTP response
// body with an io.ReadCloser that will validate its checksum.
// body with an io.ReadCloser that will validate the its checksum.
func (m *validateOutputPayloadChecksum) HandleDeserialize(
ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler,
) (
@ -67,7 +66,8 @@ func (m *validateOutputPayloadChecksum) HandleDeserialize(
return out, metadata, err
}
if mode := getContextOutputValidationMode(ctx); mode != checksumValidationModeEnabled {
// If there is no validation mode specified nothing is supported.
if mode := getContextOutputValidationMode(ctx); mode != "ENABLED" {
return out, metadata, err
}
@ -90,11 +90,13 @@ func (m *validateOutputPayloadChecksum) HandleDeserialize(
algorithmToUse = algorithm
}
// TODO this must validate the validation mode is set to enabled.
logger := middleware.GetLogger(ctx)
// Skip validation if no checksum algorithm or checksum is available.
if len(expectedChecksum) == 0 || len(algorithmToUse) == 0 {
if response.StatusCode != 404 && response.Body != http.NoBody && m.LogValidationSkipped {
if m.LogValidationSkipped {
// TODO this probably should have more information about the
// operation output that won't be validated.
logger.Logf(logging.Warn,

View file

@ -1,33 +1,3 @@
# v1.12.15 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.14 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.13 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.12 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.11 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.10 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.12.9 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.12.8 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -3,4 +3,4 @@
package presignedurl
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.12.15"
const goModuleVersion = "1.12.8"

View file

@ -1,33 +1,3 @@
# v1.18.15 (2025-02-27)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.14 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.13 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.12 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.11 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.10 (2025-01-24)
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.18.9 (2025-01-15)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.18.8 (2025-01-09)
* **Dependency Update**: Updated to the latest SDK module versions

View file

@ -3,4 +3,4 @@
package s3shared
// goModuleVersion is the tagged release for this module
const goModuleVersion = "1.18.15"
const goModuleVersion = "1.18.8"

View file

@ -1,79 +1,3 @@
# v1.78.2 (2025-03-11)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.78.1 (2025-03-04.2)
* **Bug Fix**: Add assurance test for operation order.
# v1.78.0 (2025-02-27)
* **Feature**: Track credential providers via User-Agent Feature ids
* **Dependency Update**: Updated to the latest SDK module versions
# v1.77.1 (2025-02-18)
* **Bug Fix**: Bump go version to 1.22
* **Dependency Update**: Updated to the latest SDK module versions
# v1.77.0 (2025-02-14)
* **Feature**: Added support for Content-Range header in HeadObject response.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.76.1 (2025-02-10)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.76.0 (2025-02-06)
* **Feature**: Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets.
# v1.75.4 (2025-02-05)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.75.3 (2025-02-04)
* No change notes available for this release.
# v1.75.2 (2025-01-31)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.75.1 (2025-01-30)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.75.0 (2025-01-29)
* **Feature**: Change the type of MpuObjectSize in CompleteMultipartUploadRequest from int to long.
# v1.74.1 (2025-01-24)
* **Bug Fix**: Enable request checksum validation mode by default
* **Dependency Update**: Updated to the latest SDK module versions
* **Dependency Update**: Upgrade to smithy-go v1.22.2.
# v1.74.0 (2025-01-22)
* **Feature**: Add a client config option to disable logging when output checksum validation is skipped due to an unsupported algorithm.
# v1.73.2 (2025-01-17)
* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.73.1 (2025-01-16)
* **Dependency Update**: Updated to the latest SDK module versions
# v1.73.0 (2025-01-15)
* **Feature**: S3 client behavior is updated to always calculate a checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). The checksum algorithm used by default now becomes CRC32. Checksum behavior can be configured using `when_supported` and `when_required` options - in code using RequestChecksumCalculation, in shared config using request_checksum_calculation, or as env variable using AWS_REQUEST_CHECKSUM_CALCULATION. The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using `when_supported` and `when_required` options - in code using ResponseChecksumValidation, in shared config using response_checksum_validation, or as env variable using AWS_RESPONSE_CHECKSUM_VALIDATION.
* **Feature**: This change enhances integrity protections for new SDK requests to S3. S3 SDKs now support the CRC64NVME checksum algorithm, full object checksums for multipart S3 objects, and new default integrity protections for S3 requests.
* **Dependency Update**: Updated to the latest SDK module versions
# v1.72.3 (2025-01-14)
* **Bug Fix**: Fix issue where waiters were not failing on unmatched errors as they should. This may have breaking behavioral changes for users in fringe cases. See [this announcement](https://github.com/aws/aws-sdk-go-v2/discussions/2954) for more information.

View file

@ -449,17 +449,15 @@ func setResolvedDefaultsMode(o *Options) {
// NewFromConfig returns a new client from the provided config.
func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
opts := Options{
Region: cfg.Region,
DefaultsMode: cfg.DefaultsMode,
RuntimeEnvironment: cfg.RuntimeEnvironment,
HTTPClient: cfg.HTTPClient,
Credentials: cfg.Credentials,
APIOptions: cfg.APIOptions,
Logger: cfg.Logger,
ClientLogMode: cfg.ClientLogMode,
AppID: cfg.AppID,
RequestChecksumCalculation: cfg.RequestChecksumCalculation,
ResponseChecksumValidation: cfg.ResponseChecksumValidation,
Region: cfg.Region,
DefaultsMode: cfg.DefaultsMode,
RuntimeEnvironment: cfg.RuntimeEnvironment,
HTTPClient: cfg.HTTPClient,
Credentials: cfg.Credentials,
APIOptions: cfg.APIOptions,
Logger: cfg.Logger,
ClientLogMode: cfg.ClientLogMode,
AppID: cfg.AppID,
}
resolveAWSRetryerProvider(cfg, &opts)
resolveAWSRetryMaxAttempts(cfg, &opts)
@ -720,7 +718,7 @@ func addRetry(stack *middleware.Stack, o Options) error {
m.LogAttempts = o.ClientLogMode.IsRetries()
m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/s3")
})
if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil {
if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil {
return err
}
if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil {
@ -847,61 +845,6 @@ func addUserAgentRetryMode(stack *middleware.Stack, options Options) error {
return nil
}
func addRequestChecksumMetricsTracking(stack *middleware.Stack, options Options) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
return stack.Build.Insert(&internalChecksum.RequestChecksumMetricsTracking{
RequestChecksumCalculation: options.RequestChecksumCalculation,
UserAgent: ua,
}, "UserAgent", middleware.Before)
}
func addResponseChecksumMetricsTracking(stack *middleware.Stack, options Options) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
return stack.Build.Insert(&internalChecksum.ResponseChecksumMetricsTracking{
ResponseChecksumValidation: options.ResponseChecksumValidation,
UserAgent: ua,
}, "UserAgent", middleware.Before)
}
type setCredentialSourceMiddleware struct {
ua *awsmiddleware.RequestUserAgent
options Options
}
func (m setCredentialSourceMiddleware) ID() string { return "SetCredentialSourceMiddleware" }
func (m setCredentialSourceMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
out middleware.BuildOutput, metadata middleware.Metadata, err error,
) {
asProviderSource, ok := m.options.Credentials.(aws.CredentialProviderSource)
if !ok {
return next.HandleBuild(ctx, in)
}
providerSources := asProviderSource.ProviderSources()
for _, source := range providerSources {
m.ua.AddCredentialsSource(source)
}
return next.HandleBuild(ctx, in)
}
func addCredentialSource(stack *middleware.Stack, options Options) error {
ua, err := getOrAddRequestUserAgent(stack)
if err != nil {
return err
}
mw := setCredentialSourceMiddleware{ua: ua, options: options}
return stack.Build.Insert(&mw, "UserAgent", middleware.Before)
}
func resolveTracerProvider(options *Options) {
if options.TracerProvider == nil {
options.TracerProvider = &tracing.NopTracerProvider{}
@ -947,41 +890,6 @@ func GetComputedInputChecksumsMetadata(m middleware.Metadata) (ComputedInputChec
}
func addInputChecksumMiddleware(stack *middleware.Stack, options internalChecksum.InputMiddlewareOptions) (err error) {
err = stack.Initialize.Add(&internalChecksum.SetupInputContext{
GetAlgorithm: options.GetAlgorithm,
RequireChecksum: options.RequireChecksum,
RequestChecksumCalculation: options.RequestChecksumCalculation,
}, middleware.Before)
if err != nil {
return err
}
stack.Build.Remove("ContentChecksum")
inputChecksum := &internalChecksum.ComputeInputPayloadChecksum{
EnableTrailingChecksum: options.EnableTrailingChecksum,
EnableComputePayloadHash: options.EnableComputeSHA256PayloadHash,
EnableDecodedContentLengthHeader: options.EnableDecodedContentLengthHeader,
}
if err := stack.Finalize.Insert(inputChecksum, "ResolveEndpointV2", middleware.After); err != nil {
return err
}
if options.EnableTrailingChecksum {
trailerMiddleware := &internalChecksum.AddInputChecksumTrailer{
EnableTrailingChecksum: inputChecksum.EnableTrailingChecksum,
EnableComputePayloadHash: inputChecksum.EnableComputePayloadHash,
EnableDecodedContentLengthHeader: inputChecksum.EnableDecodedContentLengthHeader,
}
if err := stack.Finalize.Insert(trailerMiddleware, inputChecksum.ID(), middleware.After); err != nil {
return err
}
}
return nil
}
// ChecksumValidationMetadata contains metadata such as the checksum algorithm
// used for data integrity validation.
type ChecksumValidationMetadata struct {
@ -1240,10 +1148,6 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op
return nil
}
func withNoDefaultChecksumAPIOption(options *Options) {
options.RequestChecksumCalculation = aws.RequestChecksumCalculationWhenRequired
}
func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
return stack.Deserialize.Add(&smithyhttp.RequestResponseLogger{
LogRequest: o.ClientLogMode.IsRequest(),

View file

@ -35,9 +35,9 @@ import (
// - Directory buckets - For directory buckets, you must make requests for this
// API operation to the Zonal endpoint. These endpoints support
// virtual-hosted-style requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name .
// Path-style requests are not supported. For more information about endpoints in
// Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// Permissions
@ -106,7 +106,7 @@ type AbortMultipartUploadInput struct {
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Access points - When you use this action with an access point, you must provide
@ -121,12 +121,13 @@ type AbortMultipartUploadInput struct {
// Access points and Object Lambda access points are not supported by directory
// buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
@ -266,9 +267,6 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpAbortMultipartUploadValidationMiddleware(stack); err != nil {
return err
}

View file

@ -54,10 +54,10 @@ import (
// Directory buckets - For directory buckets, you must make requests for this API
// operation to the Zonal endpoint. These endpoints support virtual-hosted-style
// requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
// https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name .
// Path-style requests are not supported. For more information about endpoints in
// Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information about
// endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// Permissions
// - General purpose bucket permissions - For information about permissions
@ -170,7 +170,7 @@ type CompleteMultipartUploadInput struct {
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Access points - When you use this action with an access point, you must provide
@ -185,12 +185,13 @@ type CompleteMultipartUploadInput struct {
// Access points and Object Lambda access points are not supported by directory
// buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
@ -211,7 +212,7 @@ type CompleteMultipartUploadInput struct {
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 32-bit CRC32 checksum of the object. For more information, see [Checking object integrity]
// base64-encoded, 32-bit CRC-32 checksum of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
@ -219,23 +220,15 @@ type CompleteMultipartUploadInput struct {
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 32-bit CRC32C checksum of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
// base64-encoded, 32-bit CRC-32C checksum of the object. For more information, see
// [Checking object integrity]in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC32C *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum
// is always a full object checksum. For more information, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC64NVME *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 160-bit SHA1 digest of the object. For more information, see [Checking object integrity]
// base64-encoded, 160-bit SHA-1 digest of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
@ -243,22 +236,12 @@ type CompleteMultipartUploadInput struct {
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 256-bit SHA256 digest of the object. For more information, see [Checking object integrity]
// base64-encoded, 256-bit SHA-256 digest of the object. For more information, see [Checking object integrity]
// in the Amazon S3 User Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumSHA256 *string
// This header specifies the checksum type of the object, which determines how
// part-level checksums are combined to create an object-level checksum for
// multipart objects. You can use this header as a data integrity check to verify
// that the checksum type that is received is the same checksum that was specified.
// If the checksum type doesnt match the checksum type that was specified for the
// object during the CreateMultipartUpload request, itll result in a BadDigest
// error. For more information, see Checking object integrity in the Amazon S3 User
// Guide.
ChecksumType types.ChecksumType
// The account ID of the expected bucket owner. If the account ID that you provide
// does not match the actual owner of the bucket, the request fails with the HTTP
// status code 403 Forbidden (access denied).
@ -298,11 +281,6 @@ type CompleteMultipartUploadInput struct {
// [RFC 7232]: https://tools.ietf.org/html/rfc7232
IfNoneMatch *string
// The expected total object size of the multipart upload request. If theres a
// mismatch between the specified object size value and the actual object size
// value, it results in an HTTP 400 InvalidRequest error.
MpuObjectSize *int64
// The container for the multipart upload request information.
MultipartUpload *types.CompletedMultipartUpload
@ -368,67 +346,50 @@ type CompleteMultipartUploadOutput struct {
// encryption with Key Management Service (KMS) keys (SSE-KMS).
BucketKeyEnabled *bool
// The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only
// be present if the checksum was uploaded with the object. When you use an API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// The base64-encoded, 32-bit CRC-32 checksum of the object. This will only be
// present if it was uploaded with the object. When you use an API operation on an
// object that was uploaded using multipart uploads, this value may not be a direct
// checksum value of the full object. Instead, it's a calculation based on the
// checksum values of each individual part. For more information about how
// checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumCRC32 *string
// The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only
// present if the checksum was uploaded with the object. When you use an API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// The base64-encoded, 32-bit CRC-32C checksum of the object. This will only be
// present if it was uploaded with the object. When you use an API operation on an
// object that was uploaded using multipart uploads, this value may not be a direct
// checksum value of the full object. Instead, it's a calculation based on the
// checksum values of each individual part. For more information about how
// checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumCRC32C *string
// This header can be used as a data integrity check to verify that the data
// received is the same data that was originally sent. This header specifies the
// Base64 encoded, 64-bit CRC64NVME checksum of the object. The CRC64NVME checksum
// is always a full object checksum. For more information, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumCRC64NVME *string
// The Base64 encoded, 160-bit SHA1 digest of the object. This will only be
// present if the object was uploaded with the object. When you use the API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// The base64-encoded, 160-bit SHA-1 digest of the object. This will only be
// present if it was uploaded with the object. When you use the API operation on an
// object that was uploaded using multipart uploads, this value may not be a direct
// checksum value of the full object. Instead, it's a calculation based on the
// checksum values of each individual part. For more information about how
// checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumSHA1 *string
// The Base64 encoded, 256-bit SHA256 digest of the object. This will only be
// present if the object was uploaded with the object. When you use an API
// operation on an object that was uploaded using multipart uploads, this value may
// not be a direct checksum value of the full object. Instead, it's a calculation
// based on the checksum values of each individual part. For more information about
// how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// The base64-encoded, 256-bit SHA-256 digest of the object. This will only be
// present if it was uploaded with the object. When you use an API operation on an
// object that was uploaded using multipart uploads, this value may not be a direct
// checksum value of the full object. Instead, it's a calculation based on the
// checksum values of each individual part. For more information about how
// checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User
// Guide.
//
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums
ChecksumSHA256 *string
// The checksum type, which determines how part-level checksums are combined to
// create an object-level checksum for multipart objects. You can use this header
// as a data integrity check to verify that the checksum type that is received is
// the same checksum type that was specified during the CreateMultipartUpload
// request. For more information, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumType types.ChecksumType
// Entity tag that identifies the newly created object's data. Objects with
// different object data will have different entity tags. The entity tag is an
// opaque string. The entity tag may or may not be an MD5 digest of the object
@ -547,9 +508,6 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpCompleteMultipartUploadValidationMiddleware(stack); err != nil {
return err
}

View file

@ -31,9 +31,9 @@ import (
// - Directory buckets - For directory buckets, you must make requests for this
// API operation to the Zonal endpoint. These endpoints support
// virtual-hosted-style requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name .
// Path-style requests are not supported. For more information about endpoints in
// Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// - VPC endpoints don't support cross-Region requests (including copies). If
@ -135,16 +135,8 @@ import (
// retrieval. If the copy source is in a different region, the data transfer is
// billed to the copy source account. For pricing information, see [Amazon S3 pricing].
//
// HTTP Host header syntax
//
// - Directory buckets - The HTTP Host header syntax is
// Bucket-name.s3express-zone-id.region-code.amazonaws.com .
//
// - Amazon S3 on Outposts - When you use this action with S3 on Outposts
// through the REST API, you must direct requests to the S3 on Outposts hostname.
// The S3 on Outposts hostname takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . The
// hostname isn't required when you use the Amazon Web Services CLI or SDKs.
// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is
// Bucket-name.s3express-zone-id.region-code.amazonaws.com .
//
// The following operations are related to CopyObject :
//
@ -189,7 +181,7 @@ type CopyObjectInput struct {
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Copying objects across different Amazon Web Services Regions isn't supported
@ -210,18 +202,13 @@ type CopyObjectInput struct {
// Access points and Object Lambda access points are not supported by directory
// buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must use the
// Outpost bucket access point ARN or the access point alias for the destination
// bucket.
//
// You can only copy objects within the same Outpost bucket. It's not supported to
// copy objects across different Amazon Web Services Outposts, between buckets on
// the same Outposts, or between Outposts buckets and any other bucket types. For
// more information about S3 on Outposts, see [What is S3 on Outposts?]in the S3 on Outposts guide. When
// you use this action with S3 on Outposts through the REST API, you must direct
// requests to the S3 on Outposts hostname, in the format
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . The
// hostname isn't required when you use the Amazon Web Services CLI or SDKs.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
@ -609,16 +596,17 @@ type CopyObjectInput struct {
// of the officially supported Amazon Web Services SDKs and Amazon Web Services
// CLI, see [Specifying the Signature Version in Request Authentication]in the Amazon S3 User Guide.
//
// Directory buckets - To encrypt data using SSE-KMS, it's recommended to specify
// the x-amz-server-side-encryption header to aws:kms . Then, the
// x-amz-server-side-encryption-aws-kms-key-id header implicitly uses the bucket's
// default KMS customer managed key ID. If you want to explicitly set the
// x-amz-server-side-encryption-aws-kms-key-id header, it must match the bucket's
// default customer managed key (using key ID or ARN, not alias). Your SSE-KMS
// configuration can only support 1 [customer managed key]per directory bucket's lifetime. The [Amazon Web Services managed key] ( aws/s3
// ) isn't supported.
//
// Incorrect key specification results in an HTTP 400 Bad Request error.
// Directory buckets - If you specify x-amz-server-side-encryption with aws:kms ,
// the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned
// the ID of the KMS symmetric encryption customer managed key that's configured
// for your directory bucket's default encryption setting. If you want to specify
// the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only
// specify it with the ID (Key ID or Key ARN) of the KMS customer managed key
// that's configured for your directory bucket's default encryption setting.
// Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key
// ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS
// configuration can only support 1 [customer managed key]per directory bucket for the lifetime of the
// bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported.
//
// [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
// [Specifying the Signature Version in Request Authentication]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
@ -871,7 +859,7 @@ type CopyObjectOutput struct {
SSECustomerKeyMD5 *string
// If present, indicates the Amazon Web Services KMS Encryption Context to use for
// object encryption. The value of this header is a Base64 encoded UTF-8 string
// object encryption. The value of this header is a base64-encoded UTF-8 string
// holding JSON with the encryption context key-value pairs.
SSEKMSEncryptionContext *string
@ -963,9 +951,6 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpCopyObjectValidationMiddleware(stack); err != nil {
return err
}

View file

@ -324,9 +324,6 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpCreateBucketValidationMiddleware(stack); err != nil {
return err
}

View file

@ -170,12 +170,6 @@ func (c *Client) addOperationCreateBucketMetadataTableConfigurationMiddlewares(s
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addRequestChecksumMetricsTracking(stack, options); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpCreateBucketMetadataTableConfigurationValidationMiddleware(stack); err != nil {
return err
}
@ -256,10 +250,9 @@ func getCreateBucketMetadataTableConfigurationRequestAlgorithmMember(input inter
}
func addCreateBucketMetadataTableConfigurationInputChecksumMiddlewares(stack *middleware.Stack, options Options) error {
return addInputChecksumMiddleware(stack, internalChecksum.InputMiddlewareOptions{
return internalChecksum.AddInputMiddleware(stack, internalChecksum.InputMiddlewareOptions{
GetAlgorithm: getCreateBucketMetadataTableConfigurationRequestAlgorithmMember,
RequireChecksum: true,
RequestChecksumCalculation: options.RequestChecksumCalculation,
EnableTrailingChecksum: false,
EnableComputeSHA256PayloadHash: true,
EnableDecodedContentLengthHeader: true,

View file

@ -38,9 +38,9 @@ import (
// - Directory buckets - For directory buckets, you must make requests for this
// API operation to the Zonal endpoint. These endpoints support
// virtual-hosted-style requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name .
// Path-style requests are not supported. For more information about endpoints in
// Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// Request signing For request signing, multipart upload is just a series of
@ -249,7 +249,7 @@ type CreateMultipartUploadInput struct {
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Access points - When you use this action with an access point, you must provide
@ -264,12 +264,13 @@ type CreateMultipartUploadInput struct {
// Access points and Object Lambda access points are not supported by directory
// buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
@ -331,12 +332,6 @@ type CreateMultipartUploadInput struct {
// [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumAlgorithm types.ChecksumAlgorithm
// Indicates the checksum type that you want Amazon S3 to use to calculate the
// objects checksum value. For more information, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumType types.ChecksumType
// Specifies presentational information for the object.
ContentDisposition *string
@ -637,7 +632,7 @@ type CreateMultipartUploadInput struct {
SSECustomerKeyMD5 *string
// Specifies the Amazon Web Services KMS Encryption Context to use for object
// encryption. The value of this header is a Base64 encoded string of a UTF-8
// encryption. The value of this header is a Base64-encoded string of a UTF-8
// encoded JSON, which contains the encryption context as key-value pairs.
//
// Directory buckets - You can optionally provide an explicit encryption context
@ -657,16 +652,17 @@ type CreateMultipartUploadInput struct {
// x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web
// Services managed key ( aws/s3 ) to protect the data.
//
// Directory buckets - To encrypt data using SSE-KMS, it's recommended to specify
// the x-amz-server-side-encryption header to aws:kms . Then, the
// x-amz-server-side-encryption-aws-kms-key-id header implicitly uses the bucket's
// default KMS customer managed key ID. If you want to explicitly set the
// x-amz-server-side-encryption-aws-kms-key-id header, it must match the bucket's
// default customer managed key (using key ID or ARN, not alias). Your SSE-KMS
// configuration can only support 1 [customer managed key]per directory bucket's lifetime. The [Amazon Web Services managed key] ( aws/s3
// ) isn't supported.
//
// Incorrect key specification results in an HTTP 400 Bad Request error.
// Directory buckets - If you specify x-amz-server-side-encryption with aws:kms ,
// the x-amz-server-side-encryption-aws-kms-key-id header is implicitly assigned
// the ID of the KMS symmetric encryption customer managed key that's configured
// for your directory bucket's default encryption setting. If you want to specify
// the x-amz-server-side-encryption-aws-kms-key-id header explicitly, you can only
// specify it with the ID (Key ID or Key ARN) of the KMS customer managed key
// that's configured for your directory bucket's default encryption setting.
// Otherwise, you get an HTTP 400 Bad Request error. Only use the key ID or key
// ARN. The key alias format of the KMS key isn't supported. Your SSE-KMS
// configuration can only support 1 [customer managed key]per directory bucket for the lifetime of the
// bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported.
//
// [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
// [Amazon Web Services managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
@ -783,12 +779,6 @@ type CreateMultipartUploadOutput struct {
// The algorithm that was used to create a checksum of the object.
ChecksumAlgorithm types.ChecksumAlgorithm
// Indicates the checksum type that you want Amazon S3 to use to calculate the
// objects checksum value. For more information, see [Checking object integrity in the Amazon S3 User Guide].
//
// [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
ChecksumType types.ChecksumType
// Object key for which the multipart upload was initiated.
Key *string
@ -813,7 +803,7 @@ type CreateMultipartUploadOutput struct {
SSECustomerKeyMD5 *string
// If present, indicates the Amazon Web Services KMS Encryption Context to use for
// object encryption. The value of this header is a Base64 encoded string of a
// object encryption. The value of this header is a Base64-encoded string of a
// UTF-8 encoded JSON, which contains the encryption context as key-value pairs.
SSEKMSEncryptionContext *string
@ -903,9 +893,6 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware.
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpCreateMultipartUploadValidationMiddleware(stack); err != nil {
return err
}

View file

@ -179,7 +179,7 @@ type CreateSessionInput struct {
// Specifies the Amazon Web Services KMS Encryption Context as an additional
// encryption context to use for object encryption. The value of this header is a
// Base64 encoded string of a UTF-8 encoded JSON, which contains the encryption
// Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption
// context as key-value pairs. This value is stored as object metadata and
// automatically gets passed on to Amazon Web Services KMS for future GetObject
// operations on this object.
@ -203,8 +203,8 @@ type CreateSessionInput struct {
// in the same account that't issuing the command, you must use the full Key ARN
// not the Key ID.
//
// Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket's lifetime.
// The [Amazon Web Services managed key]( aws/s3 ) isn't supported.
// Your SSE-KMS configuration can only support 1 [customer managed key] per directory bucket for the
// lifetime of the bucket. The [Amazon Web Services managed key]( aws/s3 ) isn't supported.
//
// [customer managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
// [Amazon Web Services managed key]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
@ -219,7 +219,7 @@ type CreateSessionInput struct {
// Amazon S3 encrypts data with SSE-S3. For more information, see [Protecting data with server-side encryption]in the Amazon S3
// User Guide.
//
// [Protecting data with server-side encryption]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
// [Protecting data with server-side encryption]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
ServerSideEncryption types.ServerSideEncryption
// Specifies the mode of the session that will be created, either ReadWrite or
@ -251,7 +251,7 @@ type CreateSessionOutput struct {
BucketKeyEnabled *bool
// If present, indicates the Amazon Web Services KMS Encryption Context to use for
// object encryption. The value of this header is a Base64 encoded string of a
// object encryption. The value of this header is a Base64-encoded string of a
// UTF-8 encoded JSON, which contains the encryption context as key-value pairs.
// This value is stored as object metadata and automatically gets passed on to
// Amazon Web Services KMS for future GetObject operations on this object.
@ -342,9 +342,6 @@ func (c *Client) addOperationCreateSessionMiddlewares(stack *middleware.Stack, o
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpCreateSessionValidationMiddleware(stack); err != nil {
return err
}

View file

@ -182,9 +182,6 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketValidationMiddleware(stack); err != nil {
return err
}

View file

@ -157,9 +157,6 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -145,9 +145,6 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketCorsValidationMiddleware(stack); err != nil {
return err
}

View file

@ -182,9 +182,6 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketEncryptionValidationMiddleware(stack); err != nil {
return err
}

View file

@ -159,9 +159,6 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -157,9 +157,6 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketInventoryConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -184,9 +184,6 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware.
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketLifecycleValidationMiddleware(stack); err != nil {
return err
}

View file

@ -144,9 +144,6 @@ func (c *Client) addOperationDeleteBucketMetadataTableConfigurationMiddlewares(s
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketMetadataTableConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -161,9 +161,6 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack *
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketMetricsConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -142,9 +142,6 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketOwnershipControlsValidationMiddleware(stack); err != nil {
return err
}

View file

@ -194,9 +194,6 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketPolicyValidationMiddleware(stack); err != nil {
return err
}

View file

@ -152,9 +152,6 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketReplicationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -142,9 +142,6 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketTaggingValidationMiddleware(stack); err != nil {
return err
}

View file

@ -151,9 +151,6 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteBucketWebsiteValidationMiddleware(stack); err != nil {
return err
}

View file

@ -41,9 +41,9 @@ import (
// - Directory buckets - For directory buckets, you must make requests for this
// API operation to the Zonal endpoint. These endpoints support
// virtual-hosted-style requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name .
// Path-style requests are not supported. For more information about endpoints in
// Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// To remove a specific version, you must use the versionId query parameter. Using
@ -130,7 +130,7 @@ type DeleteObjectInput struct {
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Access points - When you use this action with an access point, you must provide
@ -145,12 +145,13 @@ type DeleteObjectInput struct {
// Access points and Object Lambda access points are not supported by directory
// buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
@ -185,7 +186,7 @@ type DeleteObjectInput struct {
//
// This functionality is only supported for directory buckets.
//
// [RFC 7232]: https://tools.ietf.org/html/rfc7232
// [RFC 7232]: https://docs.aws.amazon.com/https:/tools.ietf.org/html/rfc7232
IfMatch *string
// If present, the object is deleted only if its modification times matches the
@ -249,11 +250,9 @@ type DeleteObjectOutput struct {
// Indicates whether the specified object version that was permanently deleted was
// (true) or was not (false) a delete marker before deletion. In a simple DELETE,
// this header indicates whether (true) or not (false) the current version of the
// object is a delete marker. To learn more about delete markers, see [Working with delete markers].
// object is a delete marker.
//
// This functionality is not supported for directory buckets.
//
// [Working with delete markers]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/DeleteMarker.html
DeleteMarker *bool
// If present, indicates that the requester was successfully charged for the
@ -344,9 +343,6 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteObjectValidationMiddleware(stack); err != nil {
return err
}

View file

@ -61,12 +61,13 @@ type DeleteObjectTaggingInput struct {
// the access point ARN in place of the bucket name. For more information about
// access point ARNs, see [Using access points]in the Amazon S3 User Guide.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
// [Using access points]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html
@ -177,9 +178,6 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteObjectTaggingValidationMiddleware(stack); err != nil {
return err
}

View file

@ -19,13 +19,13 @@ import (
// this operation provides a suitable alternative to sending individual delete
// requests, reducing per-request overhead.
//
// The request can contain a list of up to 1,000 keys that you want to delete. In
// The request can contain a list of up to 1000 keys that you want to delete. In
// the XML, you provide the object key names, and optionally, version IDs if you
// want to delete a specific version of the object from a versioning-enabled
// bucket. For each key, Amazon S3 performs a delete operation and returns the
// result of that delete, success or failure, in the response. If the object
// specified in the request isn't found, Amazon S3 confirms the deletion by
// returning the result as deleted.
// result of that delete, success or failure, in the response. Note that if the
// object specified in the request is not found, Amazon S3 returns the result as
// deleted.
//
// - Directory buckets - S3 Versioning isn't enabled and supported for directory
// buckets.
@ -33,9 +33,9 @@ import (
// - Directory buckets - For directory buckets, you must make requests for this
// API operation to the Zonal endpoint. These endpoints support
// virtual-hosted-style requests in the format
// https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name
// . Path-style requests are not supported. For more information about endpoints
// in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// https://bucket-name.s3express-zone-id.region-code.amazonaws.com/key-name .
// Path-style requests are not supported. For more information about endpoints in
// Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more information
// about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide.
//
// The operation supports two modes for the response: verbose and quiet. By
@ -138,7 +138,7 @@ type DeleteObjectsInput struct {
// are not supported. Directory bucket names must be unique in the chosen Zone
// (Availability Zone or Local Zone). Bucket names must follow the format
// bucket-base-name--zone-id--x-s3 (for example,
// amzn-s3-demo-bucket--usw2-az1--x-s3 ). For information about bucket naming
// DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming
// restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide.
//
// Access points - When you use this action with an access point, you must provide
@ -153,12 +153,13 @@ type DeleteObjectsInput struct {
// Access points and Object Lambda access points are not supported by directory
// buckets.
//
// S3 on Outposts - When you use this action with S3 on Outposts, you must direct
// requests to the S3 on Outposts hostname. The S3 on Outposts hostname takes the
// form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When
// you use this action with S3 on Outposts, the destination bucket must be the
// Outposts access point ARN or the access point alias. For more information about
// S3 on Outposts, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
// S3 on Outposts - When you use this action with Amazon S3 on Outposts, you must
// direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname
// takes the form
// AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you
// use this action with S3 on Outposts through the Amazon Web Services SDKs, you
// provide the Outposts access point ARN in place of the bucket name. For more
// information about S3 on Outposts ARNs, see [What is S3 on Outposts?]in the Amazon S3 User Guide.
//
// [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
// [What is S3 on Outposts?]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
@ -192,8 +193,6 @@ type DeleteObjectsInput struct {
//
// - CRC32C
//
// - CRC64NVME
//
// - SHA1
//
// - SHA256
@ -202,8 +201,9 @@ type DeleteObjectsInput struct {
//
// If the individual checksum value you provide through x-amz-checksum-algorithm
// doesn't match the checksum algorithm you set through
// x-amz-sdk-checksum-algorithm , Amazon S3 fails the request with a BadDigest
// error.
// x-amz-sdk-checksum-algorithm , Amazon S3 ignores any provided ChecksumAlgorithm
// parameter and uses the checksum algorithm that matches the provided value in
// x-amz-checksum-algorithm .
//
// If you provide an individual checksum, Amazon S3 ignores any provided
// ChecksumAlgorithm parameter.
@ -347,12 +347,6 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addRequestChecksumMetricsTracking(stack, options); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeleteObjectsValidationMiddleware(stack); err != nil {
return err
}
@ -433,10 +427,9 @@ func getDeleteObjectsRequestAlgorithmMember(input interface{}) (string, bool) {
}
func addDeleteObjectsInputChecksumMiddlewares(stack *middleware.Stack, options Options) error {
return addInputChecksumMiddleware(stack, internalChecksum.InputMiddlewareOptions{
return internalChecksum.AddInputMiddleware(stack, internalChecksum.InputMiddlewareOptions{
GetAlgorithm: getDeleteObjectsRequestAlgorithmMember,
RequireChecksum: true,
RequestChecksumCalculation: options.RequestChecksumCalculation,
EnableTrailingChecksum: false,
EnableComputeSHA256PayloadHash: true,
EnableDecodedContentLengthHeader: true,

View file

@ -148,9 +148,6 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpDeletePublicAccessBlockValidationMiddleware(stack); err != nil {
return err
}

View file

@ -179,9 +179,6 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack *
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketAccelerateConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -174,9 +174,6 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketAclValidationMiddleware(stack); err != nil {
return err
}

View file

@ -163,9 +163,6 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -173,9 +173,6 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketCorsValidationMiddleware(stack); err != nil {
return err
}

View file

@ -188,9 +188,6 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketEncryptionValidationMiddleware(stack); err != nil {
return err
}

View file

@ -164,9 +164,6 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -162,9 +162,6 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketInventoryConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -136,7 +136,7 @@ type GetBucketLifecycleConfigurationOutput struct {
// Indicates which default minimum object size behavior is applied to the
// lifecycle configuration.
//
// This parameter applies to general purpose buckets only. It isn't supported for
// This parameter applies to general purpose buckets only. It is not supported for
// directory bucket lifecycle configurations.
//
// - all_storage_classes_128K - Objects smaller than 128 KB will not transition
@ -228,9 +228,6 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketLifecycleConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -98,10 +98,8 @@ func (in *GetBucketLocationInput) bindEndpointParams(p *EndpointParameters) {
type GetBucketLocationOutput struct {
// Specifies the Region where the bucket resides. For a list of all the Amazon S3
// supported location constraints by Region, see [Regions and Endpoints].
//
// Buckets in Region us-east-1 have a LocationConstraint of null . Buckets with a
// LocationConstraint of EU reside in eu-west-1 .
// supported location constraints by Region, see [Regions and Endpoints]. Buckets in Region us-east-1
// have a LocationConstraint of null .
//
// [Regions and Endpoints]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
LocationConstraint types.BucketLocationConstraint
@ -185,9 +183,6 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketLocationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -148,9 +148,6 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketLoggingValidationMiddleware(stack); err != nil {
return err
}

View file

@ -149,9 +149,6 @@ func (c *Client) addOperationGetBucketMetadataTableConfigurationMiddlewares(stac
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketMetadataTableConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -165,9 +165,6 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketMetricsConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -188,9 +188,6 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketNotificationConfigurationValidationMiddleware(stack); err != nil {
return err
}

View file

@ -148,9 +148,6 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketOwnershipControlsValidationMiddleware(stack); err != nil {
return err
}

View file

@ -215,9 +215,6 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack,
if err = addIsExpressUserAgent(stack); err != nil {
return err
}
if err = addCredentialSource(stack, options); err != nil {
return err
}
if err = addOpGetBucketPolicyValidationMiddleware(stack); err != nil {
return err
}

Some files were not shown because too many files have changed in this diff Show more