From 51df2248f030d5088d680e5a819779256634e939 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 11 Dec 2023 10:48:36 +0200 Subject: [PATCH] vendor: run `make vendor-update` --- go.mod | 84 +- go.sum | 173 +-- lib/backup/s3remote/s3.go | 2 +- .../go/internal/.repo-metadata-full.json | 40 + .../go/internal/trace/trace.go | 146 +- .../alecthomas/units/renovate.json5 | 11 + .../aws/aws-sdk-go-v2/aws/config.go | 12 + .../aws-sdk-go-v2/aws/go_module_metadata.go | 2 +- .../aws/middleware/private/metrics/metrics.go | 319 +++++ .../aws/protocol/eventstream/CHANGELOG.md | 12 + .../eventstream/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/aws/retry/middleware.go | 8 + .../aws-sdk-go-v2/aws/signer/v4/middleware.go | 55 +- .../aws/aws-sdk-go-v2/aws/signer/v4/v4.go | 16 +- .../aws/aws-sdk-go-v2/config/CHANGELOG.md | 54 + .../aws/aws-sdk-go-v2/config/config.go | 8 +- .../aws/aws-sdk-go-v2/config/env_config.go | 81 ++ .../config/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/config/load_options.go | 68 + .../aws/aws-sdk-go-v2/config/provider.go | 34 + .../aws/aws-sdk-go-v2/config/resolve.go | 27 + .../aws/aws-sdk-go-v2/config/shared_config.go | 114 +- .../aws-sdk-go-v2/credentials/CHANGELOG.md | 44 + .../endpointcreds/internal/client/client.go | 23 +- .../internal/client/middleware.go | 42 +- .../credentials/go_module_metadata.go | 2 +- .../feature/ec2/imds/CHANGELOG.md | 24 + .../feature/ec2/imds/go_module_metadata.go | 2 +- .../feature/s3/manager/CHANGELOG.md | 58 + .../feature/s3/manager/download.go | 4 +- .../feature/s3/manager/go_module_metadata.go | 2 +- .../feature/s3/manager/upload.go | 61 +- .../aws/aws-sdk-go-v2/internal/auth/scheme.go | 17 +- .../auth/smithy/bearer_token_adapter.go | 2 +- .../smithy/bearer_token_signer_adapter.go | 2 +- .../auth/smithy/credentials_adapter.go | 2 +- .../internal/auth/smithy/v4signer_adapter.go | 2 +- .../internal/configsources/CHANGELOG.md | 24 + .../configsources/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/internal/context/context.go | 39 + .../endpoints/awsrulesfn/partitions.go | 40 +- .../internal/endpoints/v2/CHANGELOG.md | 24 + .../endpoints/v2/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/internal/ini/CHANGELOG.md | 8 + .../internal/ini/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/internal/ini/parse.go | 2 +- .../aws/aws-sdk-go-v2/internal/ini/strings.go | 20 +- .../aws-sdk-go-v2/internal/ini/tokenize.go | 5 +- .../aws/aws-sdk-go-v2/internal/ini/value.go | 13 +- .../aws-sdk-go-v2/internal/v4a/CHANGELOG.md | 24 + .../internal/v4a/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/internal/v4a/smithy.go | 4 +- .../internal/accept-encoding/CHANGELOG.md | 12 + .../accept-encoding/go_module_metadata.go | 2 +- .../service/internal/checksum/CHANGELOG.md | 24 + .../internal/checksum/go_module_metadata.go | 2 +- .../middleware_compute_input_checksum.go | 3 +- .../checksum/middleware_setup_context.go | 23 +- .../internal/presigned-url/CHANGELOG.md | 24 + .../presigned-url/go_module_metadata.go | 2 +- .../service/internal/s3shared/CHANGELOG.md | 24 + .../internal/s3shared/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/service/s3/CHANGELOG.md | 57 + .../aws-sdk-go-v2/service/s3/api_client.go | 44 +- .../service/s3/api_op_AbortMultipartUpload.go | 89 +- .../s3/api_op_CompleteMultipartUpload.go | 233 +-- .../service/s3/api_op_CopyObject.go | 644 ++++++--- .../service/s3/api_op_CreateBucket.go | 172 ++- .../s3/api_op_CreateMultipartUpload.go | 541 ++++--- .../service/s3/api_op_CreateSession.go | 260 ++++ .../service/s3/api_op_DeleteBucket.go | 50 +- ...i_op_DeleteBucketAnalyticsConfiguration.go | 21 +- .../service/s3/api_op_DeleteBucketCors.go | 21 +- .../s3/api_op_DeleteBucketEncryption.go | 20 +- ...teBucketIntelligentTieringConfiguration.go | 11 +- ...i_op_DeleteBucketInventoryConfiguration.go | 24 +- .../s3/api_op_DeleteBucketLifecycle.go | 29 +- ...api_op_DeleteBucketMetricsConfiguration.go | 27 +- .../api_op_DeleteBucketOwnershipControls.go | 19 +- .../service/s3/api_op_DeleteBucketPolicy.go | 77 +- .../s3/api_op_DeleteBucketReplication.go | 22 +- .../service/s3/api_op_DeleteBucketTagging.go | 21 +- .../service/s3/api_op_DeleteBucketWebsite.go | 34 +- .../service/s3/api_op_DeleteObject.go | 142 +- .../service/s3/api_op_DeleteObjectTagging.go | 28 +- .../service/s3/api_op_DeleteObjects.go | 185 ++- .../s3/api_op_DeletePublicAccessBlock.go | 21 +- ...api_op_GetBucketAccelerateConfiguration.go | 38 +- .../service/s3/api_op_GetBucketAcl.go | 43 +- .../api_op_GetBucketAnalyticsConfiguration.go | 25 +- .../service/s3/api_op_GetBucketCors.go | 47 +- .../service/s3/api_op_GetBucketEncryption.go | 22 +- ...etBucketIntelligentTieringConfiguration.go | 9 +- .../api_op_GetBucketInventoryConfiguration.go | 21 +- .../api_op_GetBucketLifecycleConfiguration.go | 26 +- .../service/s3/api_op_GetBucketLocation.go | 41 +- .../service/s3/api_op_GetBucketLogging.go | 18 +- .../api_op_GetBucketMetricsConfiguration.go | 26 +- ...i_op_GetBucketNotificationConfiguration.go | 52 +- .../s3/api_op_GetBucketOwnershipControls.go | 19 +- .../service/s3/api_op_GetBucketPolicy.go | 103 +- .../s3/api_op_GetBucketPolicyStatus.go | 21 +- .../service/s3/api_op_GetBucketReplication.go | 21 +- .../s3/api_op_GetBucketRequestPayment.go | 18 +- .../service/s3/api_op_GetBucketTagging.go | 21 +- .../service/s3/api_op_GetBucketVersioning.go | 23 +- .../service/s3/api_op_GetBucketWebsite.go | 19 +- .../service/s3/api_op_GetObject.go | 446 +++--- .../service/s3/api_op_GetObjectAcl.go | 35 +- .../service/s3/api_op_GetObjectAttributes.go | 174 ++- .../service/s3/api_op_GetObjectLegalHold.go | 30 +- .../s3/api_op_GetObjectLockConfiguration.go | 22 +- .../service/s3/api_op_GetObjectRetention.go | 30 +- .../service/s3/api_op_GetObjectTagging.go | 45 +- .../service/s3/api_op_GetObjectTorrent.go | 31 +- .../service/s3/api_op_GetPublicAccessBlock.go | 20 +- .../service/s3/api_op_HeadBucket.go | 128 +- .../service/s3/api_op_HeadObject.go | 318 +++-- ...pi_op_ListBucketAnalyticsConfigurations.go | 33 +- ...tBucketIntelligentTieringConfigurations.go | 13 +- ...pi_op_ListBucketInventoryConfigurations.go | 25 +- .../api_op_ListBucketMetricsConfigurations.go | 24 +- .../service/s3/api_op_ListBuckets.go | 11 +- .../service/s3/api_op_ListDirectoryBuckets.go | 291 ++++ .../service/s3/api_op_ListMultipartUploads.go | 179 ++- .../service/s3/api_op_ListObjectVersions.go | 43 +- .../service/s3/api_op_ListObjects.go | 60 +- .../service/s3/api_op_ListObjectsV2.go | 195 ++- .../service/s3/api_op_ListParts.go | 145 +- ...api_op_PutBucketAccelerateConfiguration.go | 39 +- .../service/s3/api_op_PutBucketAcl.go | 36 +- .../api_op_PutBucketAnalyticsConfiguration.go | 34 +- .../service/s3/api_op_PutBucketCors.go | 52 +- .../service/s3/api_op_PutBucketEncryption.go | 44 +- ...utBucketIntelligentTieringConfiguration.go | 11 +- .../api_op_PutBucketInventoryConfiguration.go | 38 +- .../api_op_PutBucketLifecycleConfiguration.go | 38 +- .../service/s3/api_op_PutBucketLogging.go | 49 +- .../api_op_PutBucketMetricsConfiguration.go | 31 +- ...i_op_PutBucketNotificationConfiguration.go | 19 +- .../s3/api_op_PutBucketOwnershipControls.go | 22 +- .../service/s3/api_op_PutBucketPolicy.go | 111 +- .../service/s3/api_op_PutBucketReplication.go | 31 +- .../s3/api_op_PutBucketRequestPayment.go | 36 +- .../service/s3/api_op_PutBucketTagging.go | 44 +- .../service/s3/api_op_PutBucketVersioning.go | 40 +- .../service/s3/api_op_PutBucketWebsite.go | 37 +- .../service/s3/api_op_PutObject.go | 411 ++++-- .../service/s3/api_op_PutObjectAcl.go | 96 +- .../service/s3/api_op_PutObjectLegalHold.go | 43 +- .../s3/api_op_PutObjectLockConfiguration.go | 45 +- .../service/s3/api_op_PutObjectRetention.go | 47 +- .../service/s3/api_op_PutObjectTagging.go | 48 +- .../service/s3/api_op_PutPublicAccessBlock.go | 37 +- .../service/s3/api_op_RestoreObject.go | 48 +- .../service/s3/api_op_SelectObjectContent.go | 33 +- .../service/s3/api_op_UploadPart.go | 245 ++-- .../service/s3/api_op_UploadPartCopy.go | 292 ++-- .../s3/api_op_WriteGetObjectResponse.go | 26 +- .../aws/aws-sdk-go-v2/service/s3/auth.go | 34 +- .../service/s3/bucket_context.go | 47 + .../service/s3/create_mpu_checksum.go | 36 + .../aws-sdk-go-v2/service/s3/deserializers.go | 718 ++++++++-- .../service/s3/endpoint_auth_resolver.go | 13 +- .../aws/aws-sdk-go-v2/service/s3/endpoints.go | 851 ++++++++++- .../aws/aws-sdk-go-v2/service/s3/express.go | 9 + .../service/s3/express_default.go | 170 +++ .../service/s3/express_resolve.go | 44 + .../aws-sdk-go-v2/service/s3/generated.json | 2 + .../service/s3/go_module_metadata.go | 2 +- .../service/s3/handwritten_paginators.go | 26 +- .../s3/internal/customizations/context.go | 21 + .../s3/internal/customizations/express.go | 44 + .../internal/customizations/express_config.go | 18 + .../express_default_checksum.go | 42 + .../customizations/express_properties.go | 21 + .../internal/customizations/express_signer.go | 109 ++ .../customizations/express_signer_smithy.go | 61 + .../internal/customizations/signer_wrapper.go | 41 +- .../aws/aws-sdk-go-v2/service/s3/options.go | 28 +- .../s3/serialize_immutable_hostname_bucket.go | 15 +- .../aws-sdk-go-v2/service/s3/serializers.go | 504 +++++-- .../aws-sdk-go-v2/service/s3/types/enums.go | 96 +- .../aws-sdk-go-v2/service/s3/types/errors.go | 9 +- .../aws-sdk-go-v2/service/s3/types/types.go | 482 +++++-- .../aws-sdk-go-v2/service/s3/validators.go | 51 + .../aws-sdk-go-v2/service/sso/CHANGELOG.md | 39 + .../aws-sdk-go-v2/service/sso/api_client.go | 29 +- .../aws/aws-sdk-go-v2/service/sso/auth.go | 34 +- .../service/sso/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/service/sso/options.go | 10 +- .../service/ssooidc/CHANGELOG.md | 43 + .../service/ssooidc/api_client.go | 29 +- .../service/ssooidc/api_op_CreateToken.go | 81 +- .../ssooidc/api_op_CreateTokenWithIAM.go | 230 +++ .../service/ssooidc/api_op_RegisterClient.go | 4 +- .../api_op_StartDeviceAuthorization.go | 4 +- .../aws/aws-sdk-go-v2/service/ssooidc/auth.go | 36 +- .../service/ssooidc/deserializers.go | 377 +++++ .../aws/aws-sdk-go-v2/service/ssooidc/doc.go | 44 +- .../service/ssooidc/endpoints.go | 6 +- .../service/ssooidc/generated.json | 1 + .../service/ssooidc/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/service/ssooidc/options.go | 10 +- .../service/ssooidc/serializers.go | 122 ++ .../service/ssooidc/types/errors.go | 32 + .../service/ssooidc/validators.go | 42 + .../aws-sdk-go-v2/service/sts/CHANGELOG.md | 45 + .../aws-sdk-go-v2/service/sts/api_client.go | 31 +- .../service/sts/api_op_AssumeRole.go | 7 +- .../aws/aws-sdk-go-v2/service/sts/auth.go | 56 +- .../aws-sdk-go-v2/service/sts/endpoints.go | 4 +- .../service/sts/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/service/sts/options.go | 10 +- .../aws-sdk-go-v2/service/sts/types/types.go | 10 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 1264 +++++++++++++++-- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws/aws-sdk-go/service/ssooidc/api.go | 664 ++++++++- .../aws/aws-sdk-go/service/ssooidc/doc.go | 39 +- .../aws/aws-sdk-go/service/ssooidc/errors.go | 8 + .../aws/aws-sdk-go/service/ssooidc/service.go | 2 +- .../aws/aws-sdk-go/service/sts/api.go | 20 +- vendor/github.com/aws/smithy-go/CHANGELOG.md | 16 + .../container/private/cache/cache.go | 19 + .../container/private/cache/lru/lru.go | 63 + .../endpoints/private/rulesfn/strings.go | 1 - .../aws/smithy-go/go_module_metadata.go | 2 +- .../private/requestcompression/gzip.go | 30 + .../middleware_capture_request_compression.go | 52 + .../requestcompression/request_compression.go | 103 ++ .../golang-jwt/jwt/v5/MIGRATION_GUIDE.md | 14 +- vendor/github.com/golang-jwt/jwt/v5/ecdsa.go | 4 +- .../github.com/golang-jwt/jwt/v5/ed25519.go | 4 +- vendor/github.com/golang-jwt/jwt/v5/hmac.go | 4 +- vendor/github.com/golang-jwt/jwt/v5/parser.go | 6 +- vendor/github.com/golang-jwt/jwt/v5/rsa.go | 4 +- .../github.com/golang-jwt/jwt/v5/rsa_pss.go | 4 +- .../github.com/golang-jwt/jwt/v5/validator.go | 39 +- .../klauspost/compress/gzhttp/transport.go | 25 +- .../compress/gzhttp/writer/gzkp/gzkp.go | 6 + .../klauspost/compress/gzip/gunzip.go | 5 + .../klauspost/compress/huff0/bytereader.go | 44 - .../klauspost/compress/huff0/compress.go | 5 +- .../klauspost/compress/huff0/huff0.go | 4 +- .../klauspost/compress/zstd/README.md | 2 +- .../prometheus/tsdb/wlog/watcher.go | 28 +- vendor/github.com/urfave/cli/v2/.gitignore | 1 + vendor/github.com/urfave/cli/v2/app.go | 27 +- vendor/github.com/urfave/cli/v2/category.go | 2 +- vendor/github.com/urfave/cli/v2/command.go | 16 + vendor/github.com/urfave/cli/v2/flag_bool.go | 6 +- .../github.com/urfave/cli/v2/flag_duration.go | 6 +- .../github.com/urfave/cli/v2/flag_float64.go | 8 +- .../github.com/urfave/cli/v2/flag_generic.go | 11 +- vendor/github.com/urfave/cli/v2/flag_int.go | 6 +- vendor/github.com/urfave/cli/v2/flag_int64.go | 6 +- vendor/github.com/urfave/cli/v2/flag_path.go | 11 +- .../github.com/urfave/cli/v2/flag_string.go | 12 +- .../urfave/cli/v2/flag_timestamp.go | 10 +- vendor/github.com/urfave/cli/v2/flag_uint.go | 6 +- .../github.com/urfave/cli/v2/flag_uint64.go | 6 +- vendor/github.com/urfave/cli/v2/help.go | 54 +- ...kdocs-requirements.txt => mkdocs-reqs.txt} | 0 vendor/github.com/urfave/cli/v2/mkdocs.yml | 2 +- .../github.com/urfave/cli/v2/suggestions.go | 2 +- .../urfave/cli/v2/zz_generated.flags.go | 51 +- .../collector/pdata/pcommon/slice.go | 1 - .../pdata/pmetric/generated_exemplarslice.go | 1 - ...generated_exponentialhistogramdatapoint.go | 12 + ...ated_exponentialhistogramdatapointslice.go | 1 - .../generated_histogramdatapointslice.go | 1 - .../pdata/pmetric/generated_metricslice.go | 1 - .../pmetric/generated_numberdatapointslice.go | 1 - .../pmetric/generated_resourcemetricsslice.go | 1 - .../pmetric/generated_scopemetricsslice.go | 1 - .../generated_summarydatapointslice.go | 1 - ...ed_summarydatapointvalueatquantileslice.go | 1 - .../collector/pdata/pmetric/json.go | 4 + .../net/http/otelhttp/version.go | 2 +- vendor/go.opentelemetry.io/otel/.gitignore | 4 - vendor/go.opentelemetry.io/otel/CHANGELOG.md | 17 +- .../go.opentelemetry.io/otel/CONTRIBUTING.md | 4 + vendor/go.opentelemetry.io/otel/version.go | 2 +- vendor/go.opentelemetry.io/otel/versions.yaml | 7 +- vendor/golang.org/x/crypto/cryptobyte/asn1.go | 13 +- vendor/golang.org/x/time/rate/rate.go | 2 + vendor/golang.org/x/xerrors/LICENSE | 27 - vendor/golang.org/x/xerrors/PATENTS | 22 - vendor/golang.org/x/xerrors/README | 2 - vendor/golang.org/x/xerrors/adaptor.go | 193 --- vendor/golang.org/x/xerrors/codereview.cfg | 1 - vendor/golang.org/x/xerrors/doc.go | 23 - vendor/golang.org/x/xerrors/errors.go | 33 - vendor/golang.org/x/xerrors/fmt.go | 190 --- vendor/golang.org/x/xerrors/format.go | 34 - vendor/golang.org/x/xerrors/frame.go | 56 - .../golang.org/x/xerrors/internal/internal.go | 8 - vendor/golang.org/x/xerrors/wrap.go | 112 -- .../api/internal/settings.go | 2 + .../google.golang.org/api/internal/version.go | 2 +- .../option/internaloption/internaloption.go | 16 + vendor/google.golang.org/api/option/option.go | 13 + .../api/storage/v1/storage-api.json | 6 +- .../api/storage/v1/storage-gen.go | 4 +- vendor/modules.txt | 91 +- 305 files changed, 13590 insertions(+), 4556 deletions(-) create mode 100644 vendor/github.com/alecthomas/units/renovate.json5 create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/create_mpu_checksum.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/express.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_resolve.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/context.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_config.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_default_checksum.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_properties.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer_smithy.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go create mode 100644 vendor/github.com/aws/smithy-go/container/private/cache/cache.go create mode 100644 vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go create mode 100644 vendor/github.com/aws/smithy-go/private/requestcompression/gzip.go create mode 100644 vendor/github.com/aws/smithy-go/private/requestcompression/middleware_capture_request_compression.go create mode 100644 vendor/github.com/aws/smithy-go/private/requestcompression/request_compression.go delete mode 100644 vendor/github.com/klauspost/compress/huff0/bytereader.go rename vendor/github.com/urfave/cli/v2/{mkdocs-requirements.txt => mkdocs-reqs.txt} (100%) delete mode 100644 vendor/golang.org/x/xerrors/LICENSE delete mode 100644 vendor/golang.org/x/xerrors/PATENTS delete mode 100644 vendor/golang.org/x/xerrors/README delete mode 100644 vendor/golang.org/x/xerrors/adaptor.go delete mode 100644 vendor/golang.org/x/xerrors/codereview.cfg delete mode 100644 vendor/golang.org/x/xerrors/doc.go delete mode 100644 vendor/golang.org/x/xerrors/errors.go delete mode 100644 vendor/golang.org/x/xerrors/fmt.go delete mode 100644 vendor/golang.org/x/xerrors/format.go delete mode 100644 vendor/golang.org/x/xerrors/frame.go delete mode 100644 vendor/golang.org/x/xerrors/internal/internal.go delete mode 100644 vendor/golang.org/x/xerrors/wrap.go diff --git a/go.mod b/go.mod index c180d2f97..d6923898e 100644 --- a/go.mod +++ b/go.mod @@ -13,10 +13,10 @@ require ( github.com/VictoriaMetrics/fasthttp v1.2.0 github.com/VictoriaMetrics/metrics v1.25.3 github.com/VictoriaMetrics/metricsql v0.70.0 - github.com/aws/aws-sdk-go-v2 v1.23.0 - github.com/aws/aws-sdk-go-v2/config v1.25.1 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.13.8 - github.com/aws/aws-sdk-go-v2/service/s3 v1.42.2 + github.com/aws/aws-sdk-go-v2 v1.24.0 + github.com/aws/aws-sdk-go-v2/config v1.26.1 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7 + github.com/aws/aws-sdk-go-v2/service/s3 v1.47.5 github.com/bmatcuk/doublestar/v4 v4.6.1 github.com/cespare/xxhash/v2 v2.2.0 github.com/cheggaaa/pb/v3 v3.1.4 @@ -24,48 +24,48 @@ require ( github.com/golang/snappy v0.0.4 github.com/googleapis/gax-go/v2 v2.12.0 github.com/influxdata/influxdb v1.11.2 - github.com/klauspost/compress v1.17.3 - github.com/prometheus/prometheus v0.48.0 - github.com/urfave/cli/v2 v2.25.7 + github.com/klauspost/compress v1.17.4 + github.com/prometheus/prometheus v0.48.1 + github.com/urfave/cli/v2 v2.26.0 github.com/valyala/fastjson v1.6.4 github.com/valyala/fastrand v1.1.0 github.com/valyala/fasttemplate v1.2.2 github.com/valyala/gozstd v1.20.1 github.com/valyala/histogram v1.2.0 github.com/valyala/quicktemplate v1.7.0 - golang.org/x/net v0.18.0 - golang.org/x/oauth2 v0.14.0 + golang.org/x/net v0.19.0 + golang.org/x/oauth2 v0.15.0 golang.org/x/sys v0.15.0 - google.golang.org/api v0.150.0 + google.golang.org/api v0.153.0 gopkg.in/yaml.v2 v2.4.0 ) require ( - cloud.google.com/go v0.110.10 // indirect + cloud.google.com/go v0.111.0 // indirect cloud.google.com/go/compute v1.23.3 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v1.1.5 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect github.com/VividCortex/ewma v1.2.0 // indirect - github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect - github.com/aws/aws-sdk-go v1.47.12 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.16.1 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.7.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.25.2 // indirect - github.com/aws/smithy-go v1.17.0 // indirect + github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 // indirect + github.com/aws/aws-sdk-go v1.48.16 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.12 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect + github.com/aws/smithy-go v1.19.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -76,7 +76,7 @@ require ( github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang-jwt/jwt/v5 v5.1.0 // indirect + github.com/golang-jwt/jwt/v5 v5.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/s2a-go v0.1.7 // indirect @@ -109,25 +109,25 @@ require ( github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/collector/pdata v1.0.0-rcv0018 // indirect - go.opentelemetry.io/collector/semconv v0.89.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 // indirect - go.opentelemetry.io/otel v1.20.0 // indirect - go.opentelemetry.io/otel/metric v1.20.0 // indirect - go.opentelemetry.io/otel/trace v1.20.0 // indirect + go.opentelemetry.io/collector/pdata v1.0.0 // indirect + go.opentelemetry.io/collector/semconv v0.90.1 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect + go.opentelemetry.io/otel v1.21.0 // indirect + go.opentelemetry.io/otel/metric v1.21.0 // indirect + go.opentelemetry.io/otel/trace v1.21.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/goleak v1.3.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.15.0 // indirect - golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/crypto v0.16.0 // indirect + golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect golang.org/x/sync v0.5.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.4.0 // indirect + golang.org/x/time v0.5.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect + google.golang.org/genproto v0.0.0-20231127180814-3a041ad873d4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231127180814-3a041ad873d4 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 // indirect google.golang.org/grpc v1.59.0 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 9368e15df..2eae26b4a 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y= -cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic= +cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM= +cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -45,8 +45,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1 h1:UPeCRD+XY7QlaGQte2EVI2iOcWvUYA2XY8w5T/8v0NQ= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 h1:QM6sE5k2ZT/vI5BEe0r7mqjsUSnhVBFbOsVkEuaEfiA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v2 v2.2.1 h1:bWh0Z2rOEDfB/ywv/l0iHN1JgyazE6kW/aIA89+CEK0= @@ -74,54 +74,54 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc= -github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 h1:ez/4by2iGztzR4L0zgAOR8lTQK9VlyBVVd7G4omaOQs= +github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156 h1:eMwmnE/GDgah4HI848JfFxHt+iPb26b4zyfspmqY0/8= github.com/allegro/bigcache v1.2.1-0.20190218064605-e24eb225f156/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJA= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go v1.47.12 h1:1daICVijigVEXCzhg27A5d7hbkR4wODPGn9GHyBclKM= -github.com/aws/aws-sdk-go v1.47.12/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.23.0 h1:PiHAzmiQQr6JULBUdvR8fKlA+UPKLT/8KbiqpFBWiAo= -github.com/aws/aws-sdk-go-v2 v1.23.0/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlLilKlc03uAA= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1 h1:ZY3108YtBNq96jNZTICHxN1gSBSbnvIdYwwqnvCV4Mc= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1/go.mod h1:t8PYl/6LzdAqsU4/9tz28V/kU+asFePvpOMkdul0gEQ= -github.com/aws/aws-sdk-go-v2/config v1.25.1 h1:YsjngBOl2mx4l3egkVWndr6/6TqtkdsWJFZIsQ924Ek= -github.com/aws/aws-sdk-go-v2/config v1.25.1/go.mod h1:yV6h7TRVzhdIFmUk9WWDRpWwYGg1woEzKr0k1IYz2Tk= -github.com/aws/aws-sdk-go-v2/credentials v1.16.1 h1:WessyrdgyFN5TB+eLQdrFSlN/3oMnqukIFhDxK6z8h0= -github.com/aws/aws-sdk-go-v2/credentials v1.16.1/go.mod h1:RQJyPxKcr+m4ArlIG1LUhMOrjposVfzbX6H8oR6oCgE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 h1:9wKDWEjwSnXZre0/O3+ZwbBl1SmlgWYBbrTV10X/H1s= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4/go.mod h1:t4i+yGHMCcUNIX1x7YVYa6bH/Do7civ5I6cG/6PMfyA= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.13.8 h1:wuOjvalpd2CnXffks74Vq6n3yv9vunKCoy4R1sjStGk= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.13.8/go.mod h1:vywwjy6VnrR48Izg136JoSUXC4mH9QeUi3g0EH9DSrA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 h1:DUwbD79T8gyQ23qVXFUthjzVMTviSHi3y4z58KvghhM= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3/go.mod h1:7sGSz1JCKHWWBHq98m6sMtWQikmYPpxjqOydDemiVoM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 h1:AplLJCtIaUZDCbr6+gLYdsYNxne4iuaboJhVt9d+WXI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3/go.mod h1:ify42Rb7nKeDDPkFjKn7q1bPscVPu/+gmHH8d2c+anU= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.0 h1:usgqiJtamuGIBj+OvYmMq89+Z1hIKkMJToz1WpoeNUY= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.0/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.3 h1:lMwCXiWJlrtZot0NJTjbC8G9zl+V3i68gBTBBvDeEXA= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.3/go.mod h1:5yzAuE9i2RkVAttBl8yxZgQr5OCq4D5yDnG7j9x2L0U= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 h1:rpkF4n0CyFcrJUG/rNNohoTmhtWlFTRI4BsZOh9PvLs= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1:l9ymW25HOqymeU2m1gbUQ3rUIsTwKs8gYHXkqDQUhiI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.3 h1:xbwRyCy7kXrOj89iIKLB6NfE2WCpP9HoKyk8dMDvnIQ= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.3/go.mod h1:R+/S1O4TYpcktbVwddeOYg+uwUfLhADP2S/x4QwsCTM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.3 h1:KV0z2RDc7euMtg8aUT1czv5p29zcLlXALNFsd3jkkEc= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.3/go.mod h1:KZgs2ny8HsxRIRbDwgvJcHHBZPOzQr/+NtGwnP+w2ec= -github.com/aws/aws-sdk-go-v2/service/s3 v1.42.2 h1:NnduxUd9+Fq9DcCDdJK8v6l9lR1xDX4usvog+JuQAno= -github.com/aws/aws-sdk-go-v2/service/s3 v1.42.2/go.mod h1:NXRKkiRF+erX2hnybnVU660cYT5/KChRD4iUgJ97cI8= -github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 h1:V47N5eKgVZoRSvx2+RQ0EpAEit/pqOhqeSQFiS4OFEQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.17.2/go.mod h1:/pE21vno3q1h4bbhUOEi+6Zu/aT26UK2WKkDXd+TssQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2 h1:sMAcO7VHVw28HTAdZpTULDzFirHOsVm/x25CxhUH0jA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2/go.mod h1:dWqm5G767qwKPuayKfzm4rjzFmVjiBFbOJrpSPnAMDs= -github.com/aws/aws-sdk-go-v2/service/sts v1.25.2 h1:vwyiRTnXLqsak/6WAQ+uTRhVqKI6vxUQ0HJXjKij0zM= -github.com/aws/aws-sdk-go-v2/service/sts v1.25.2/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ= -github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI= -github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= +github.com/aws/aws-sdk-go v1.48.16 h1:mcj2/9J/MJ55Dov+ocMevhR8Jv6jW/fAxbrn4a1JFc8= +github.com/aws/aws-sdk-go v1.48.16/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= +github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 h1:OCs21ST2LrepDfD3lwlQiOqIGp6JiEUqG84GzTDoyJs= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4/go.mod h1:usURWEKSNNAcAZuzRn/9ZYPT8aZQkR7xcCtunK/LkJo= +github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o= +github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg= +github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU= +github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7 h1:FnLf60PtjXp8ZOzQfhJVsqF0OtYKQZWQfqOLshh8YXg= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7/go.mod h1:tDVvl8hyU6E9B8TrnNrZQEVkQlB8hjJwcgpPhgtlnNg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 h1:ugD6qzjYtB7zM5PN/ZIeaAIyefPaD82G8+SJopgvUpw= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9/go.mod h1:YD0aYBWCrPENpHolhKw2XDlTIWae2GKXT1T4o6N6hiM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 h1:/90OR2XbSYfXucBMJ4U14wrjlfleq/0SB6dZDPncgmo= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9/go.mod h1:dN/Of9/fNZet7UrQQ6kTDo/VSwKPIq94vjlU16bRARc= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 h1:iEAeF6YC3l4FzlJPP9H3Ko1TXpdjdqWffxXjp8SY6uk= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9/go.mod h1:kjsXoK23q9Z/tLBrckZLLyvjhZoS+AGrzqzUfEClvMM= +github.com/aws/aws-sdk-go-v2/service/s3 v1.47.5 h1:Keso8lIOS+IzI2MkPZyK6G0LYcK3My2LQ+T5bxghEAY= +github.com/aws/aws-sdk-go-v2/service/s3 v1.47.5/go.mod h1:vADO6Jn+Rq4nDtfwNjhgR84qkZwiC6FqCaXdw/kYwjA= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU= +github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= +github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -194,8 +194,8 @@ github.com/go-zookeeper/zk v1.0.3 h1:7M2kwOsc//9VeeFiPtf+uSJlVpU66x9Ba5+8XK7/TDg github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v5 v5.1.0 h1:UGKbA/IPjtS6zLcdB7i5TyACMgSbOTiR8qzXgw8HWQU= -github.com/golang-jwt/jwt/v5 v5.1.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= +github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -314,8 +314,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= -github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -393,8 +393,8 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/prometheus/prometheus v0.48.0 h1:yrBloImGQ7je4h8M10ujGh4R6oxYQJQKlMuETwNskGk= -github.com/prometheus/prometheus v0.48.0/go.mod h1:SRw624aMAxTfryAcP8rOjg4S/sHHaetx2lyJJ2nM83g= +github.com/prometheus/prometheus v0.48.1 h1:CTszphSNTXkuCG6O0IfpKdHcJkvvnAAE1GbELKS+NFk= +github.com/prometheus/prometheus v0.48.1/go.mod h1:SRw624aMAxTfryAcP8rOjg4S/sHHaetx2lyJJ2nM83g= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -421,8 +421,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs= -github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= +github.com/urfave/cli/v2 v2.26.0 h1:3f3AMg3HpThFNT4I++TKOejZO8yU55t3JnnSr4S4QEI= +github.com/urfave/cli/v2 v2.26.0/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus= @@ -454,18 +454,19 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/collector/pdata v1.0.0-rcv0018 h1:a2IHOZKphRzPagcvOHQHHUE0DlITFSKlIBwaWhPZpl4= -go.opentelemetry.io/collector/pdata v1.0.0-rcv0018/go.mod h1:oNIcTRyEJYIfMcRYyyh5lquDU0Vl+ktTL6ka+p+dYvg= -go.opentelemetry.io/collector/semconv v0.89.0 h1:Sw+MiI3/oiYIY+ebkanZsOaBxXMx3sqnH1/6NaD4rLQ= -go.opentelemetry.io/collector/semconv v0.89.0/go.mod h1:j/8THcqVxFna1FpvA2zYIsUperEtOaRaqoLYIN4doWw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 h1:1eHu3/pUSWaOgltNK3WJFaywKsTIr/PwvHyDmi0lQA0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0/go.mod h1:HyABWq60Uy1kjJSa2BVOxUVao8Cdick5AWSKPutqy6U= -go.opentelemetry.io/otel v1.20.0 h1:vsb/ggIY+hUjD/zCAQHpzTmndPqv/ml2ArbsbfBYTAc= -go.opentelemetry.io/otel v1.20.0/go.mod h1:oUIGj3D77RwJdM6PPZImDpSZGDvkD9fhesHny69JFrs= -go.opentelemetry.io/otel/metric v1.20.0 h1:ZlrO8Hu9+GAhnepmRGhSU7/VkpjrNowxRN9GyKR4wzA= -go.opentelemetry.io/otel/metric v1.20.0/go.mod h1:90DRw3nfK4D7Sm/75yQ00gTJxtkBxX+wu6YaNymbpVM= -go.opentelemetry.io/otel/trace v1.20.0 h1:+yxVAPZPbQhbC3OfAkeIVTky6iTFpcr4SiY9om7mXSQ= -go.opentelemetry.io/otel/trace v1.20.0/go.mod h1:HJSK7F/hA5RlzpZ0zKDCHCDHm556LCDtKaAo6JmBFUU= +go.opentelemetry.io/collector/pdata v1.0.0 h1:ECP2jnLztewsHmL1opL8BeMtWVc7/oSlKNhfY9jP8ec= +go.opentelemetry.io/collector/pdata v1.0.0/go.mod h1:TsDFgs4JLNG7t6x9D8kGswXUz4mme+MyNChHx8zSF6k= +go.opentelemetry.io/collector/semconv v0.90.1 h1:2fkQZbefQBbIcNb9Rk1mRcWlFZgQOk7CpST1e1BK8eg= +go.opentelemetry.io/collector/semconv v0.90.1/go.mod h1:j/8THcqVxFna1FpvA2zYIsUperEtOaRaqoLYIN4doWw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= +go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= +go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= +go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= +go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -480,8 +481,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -492,8 +493,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= -golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8= +golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -550,16 +551,16 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0= -golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -623,7 +624,7 @@ golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -637,8 +638,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY= -golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -682,7 +683,7 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -705,8 +706,8 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.150.0 h1:Z9k22qD289SZ8gCJrk4DrWXkNjtfvKAUo/l1ma8eBYE= -google.golang.org/api v0.150.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg= +google.golang.org/api v0.153.0 h1:N1AwGhielyKFaUqH07/ZSIQR3uNPcV7NVw0vj+j4iR4= +google.golang.org/api v0.153.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -744,12 +745,12 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= +google.golang.org/genproto v0.0.0-20231127180814-3a041ad873d4 h1:W12Pwm4urIbRdGhMEg2NM9O3TWKjNcxQhs46V0ypf/k= +google.golang.org/genproto v0.0.0-20231127180814-3a041ad873d4/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic= +google.golang.org/genproto/googleapis/api v0.0.0-20231127180814-3a041ad873d4 h1:ZcOkrmX74HbKFYnpPY8Qsw93fC29TbJXspYKaBkSXDQ= +google.golang.org/genproto/googleapis/api v0.0.0-20231127180814-3a041ad873d4/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 h1:DC7wcm+i+P1rN3Ff07vL+OndGg5OhNddHyTA+ocPqYE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= diff --git a/lib/backup/s3remote/s3.go b/lib/backup/s3remote/s3.go index fc37e86ed..120c9bcb1 100644 --- a/lib/backup/s3remote/s3.go +++ b/lib/backup/s3remote/s3.go @@ -183,7 +183,7 @@ func (fs *FS) ListParts() ([]common.Part, error) { continue } - p.ActualSize = uint64(o.Size) + p.ActualSize = uint64(*o.Size) parts = append(parts, p) } diff --git a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json index 31d172047..46c4094d3 100644 --- a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json +++ b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json @@ -619,6 +619,16 @@ "release_level": "stable", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/cloudprofiler/apiv2": { + "api_shortname": "cloudprofiler", + "distribution_name": "cloud.google.com/go/cloudprofiler/apiv2", + "description": "Cloud Profiler API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudprofiler/latest/apiv2", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/cloudtasks/apiv2": { "api_shortname": "cloudtasks", "distribution_name": "cloud.google.com/go/cloudtasks/apiv2", @@ -1019,6 +1029,16 @@ "release_level": "stable", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/edgenetwork/apiv1": { + "api_shortname": "edgenetwork", + "distribution_name": "cloud.google.com/go/edgenetwork/apiv1", + "description": "Distributed Cloud Edge Network API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/edgenetwork/latest/apiv1", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/errorreporting": { "api_shortname": "clouderrorreporting", "distribution_name": "cloud.google.com/go/errorreporting", @@ -1099,6 +1119,16 @@ "release_level": "stable", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/firestore/apiv1/admin": { + "api_shortname": "firestore", + "distribution_name": "cloud.google.com/go/firestore/apiv1/admin", + "description": "Cloud Firestore API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/firestore/latest/apiv1/admin", + "release_level": "stable", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/functions/apiv1": { "api_shortname": "cloudfunctions", "distribution_name": "cloud.google.com/go/functions/apiv1", @@ -2279,6 +2309,16 @@ "release_level": "preview", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/telcoautomation/apiv1": { + "api_shortname": "telcoautomation", + "distribution_name": "cloud.google.com/go/telcoautomation/apiv1", + "description": "Telco Automation API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/telcoautomation/latest/apiv1", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/texttospeech/apiv1": { "api_shortname": "texttospeech", "distribution_name": "cloud.google.com/go/texttospeech/apiv1", diff --git a/vendor/cloud.google.com/go/internal/trace/trace.go b/vendor/cloud.google.com/go/internal/trace/trace.go index c201d343e..f6b88253b 100644 --- a/vendor/cloud.google.com/go/internal/trace/trace.go +++ b/vendor/cloud.google.com/go/internal/trace/trace.go @@ -16,35 +16,94 @@ package trace import ( "context" + "errors" "fmt" + "os" + "strings" "go.opencensus.io/trace" - "golang.org/x/xerrors" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + ottrace "go.opentelemetry.io/otel/trace" "google.golang.org/api/googleapi" "google.golang.org/genproto/googleapis/rpc/code" "google.golang.org/grpc/status" ) -// StartSpan adds a span to the trace with the given name. +const ( + telemetryPlatformTracingOpenCensus = "opencensus" + telemetryPlatformTracingOpenTelemetry = "opentelemetry" + telemetryPlatformTracingVar = "GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING" +) + +var ( + // TODO(chrisdsmith): Should the name of the OpenTelemetry tracer be public and mutable? + openTelemetryTracerName string = "cloud.google.com/go" + openTelemetryTracingEnabled bool = strings.EqualFold(strings.TrimSpace( + os.Getenv(telemetryPlatformTracingVar)), telemetryPlatformTracingOpenTelemetry) +) + +// IsOpenCensusTracingEnabled returns true if the environment variable +// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING is NOT set to the +// case-insensitive value "opentelemetry". +func IsOpenCensusTracingEnabled() bool { + return !IsOpenTelemetryTracingEnabled() +} + +// IsOpenTelemetryTracingEnabled returns true if the environment variable +// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING is set to the +// case-insensitive value "opentelemetry". +func IsOpenTelemetryTracingEnabled() bool { + return openTelemetryTracingEnabled +} + +// StartSpan adds a span to the trace with the given name. If IsOpenCensusTracingEnabled +// returns true, the span will be an OpenCensus span. If IsOpenTelemetryTracingEnabled +// returns true, the span will be an OpenTelemetry span. Set the environment variable +// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive +// value "opentelemetry" before loading the package to use OpenTelemetry tracing. +// The default will remain OpenCensus until [TBD], at which time the default will +// switch to "opentelemetry" and explicitly setting the environment variable to +// "opencensus" will be required to continue using OpenCensus tracing. func StartSpan(ctx context.Context, name string) context.Context { - ctx, _ = trace.StartSpan(ctx, name) + if IsOpenTelemetryTracingEnabled() { + ctx, _ = otel.GetTracerProvider().Tracer(openTelemetryTracerName).Start(ctx, name) + } else { + ctx, _ = trace.StartSpan(ctx, name) + } return ctx } -// EndSpan ends a span with the given error. +// EndSpan ends a span with the given error. If IsOpenCensusTracingEnabled +// returns true, the span will be an OpenCensus span. If IsOpenTelemetryTracingEnabled +// returns true, the span will be an OpenTelemetry span. Set the environment variable +// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive +// value "opentelemetry" before loading the package to use OpenTelemetry tracing. +// The default will remain OpenCensus until [TBD], at which time the default will +// switch to "opentelemetry" and explicitly setting the environment variable to +// "opencensus" will be required to continue using OpenCensus tracing. func EndSpan(ctx context.Context, err error) { - span := trace.FromContext(ctx) - if err != nil { - span.SetStatus(toStatus(err)) + if IsOpenTelemetryTracingEnabled() { + span := ottrace.SpanFromContext(ctx) + if err != nil { + span.SetStatus(codes.Error, toOpenTelemetryStatusDescription(err)) + span.RecordError(err) + } + span.End() + } else { + span := trace.FromContext(ctx) + if err != nil { + span.SetStatus(toStatus(err)) + } + span.End() } - span.End() } -// toStatus interrogates an error and converts it to an appropriate -// OpenCensus status. +// toStatus converts an error to an equivalent OpenCensus status. func toStatus(err error) trace.Status { var err2 *googleapi.Error - if ok := xerrors.As(err, &err2); ok { + if ok := errors.As(err, &err2); ok { return trace.Status{Code: httpStatusCodeToOCCode(err2.Code), Message: err2.Message} } else if s, ok := status.FromError(err); ok { return trace.Status{Code: int32(s.Code()), Message: s.Message()} @@ -53,6 +112,18 @@ func toStatus(err error) trace.Status { } } +// toOpenTelemetryStatus converts an error to an equivalent OpenTelemetry status description. +func toOpenTelemetryStatusDescription(err error) string { + var err2 *googleapi.Error + if ok := errors.As(err, &err2); ok { + return err2.Message + } else if s, ok := status.FromError(err); ok { + return s.Message() + } else { + return err.Error() + } +} + // TODO(deklerk): switch to using OpenCensus function when it becomes available. // Reference: https://github.com/googleapis/googleapis/blob/26b634d2724ac5dd30ae0b0cbfb01f07f2e4050e/google/rpc/code.proto func httpStatusCodeToOCCode(httpStatusCode int) int32 { @@ -86,10 +157,33 @@ func httpStatusCodeToOCCode(httpStatusCode int) int32 { } } -// TODO: (odeke-em): perhaps just pass around spans due to the cost -// incurred from using trace.FromContext(ctx) yet we could avoid -// throwing away the work done by ctx, span := trace.StartSpan. +// TracePrintf retrieves the current OpenCensus or OpenTelemetry span from context, then: +// * calls Span.Annotatef if OpenCensus is enabled; or +// * calls Span.AddEvent if OpenTelemetry is enabled. +// +// If IsOpenCensusTracingEnabled returns true, the expected span must be an +// OpenCensus span. If IsOpenTelemetryTracingEnabled returns true, the expected +// span must be an OpenTelemetry span. Set the environment variable +// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive +// value "opentelemetry" before loading the package to use OpenTelemetry tracing. +// The default will remain OpenCensus until [TBD], at which time the default will +// switch to "opentelemetry" and explicitly setting the environment variable to +// "opencensus" will be required to continue using OpenCensus tracing. func TracePrintf(ctx context.Context, attrMap map[string]interface{}, format string, args ...interface{}) { + if IsOpenTelemetryTracingEnabled() { + attrs := otAttrs(attrMap) + ottrace.SpanFromContext(ctx).AddEvent(fmt.Sprintf(format, args...), ottrace.WithAttributes(attrs...)) + } else { + attrs := ocAttrs(attrMap) + // TODO: (odeke-em): perhaps just pass around spans due to the cost + // incurred from using trace.FromContext(ctx) yet we could avoid + // throwing away the work done by ctx, span := trace.StartSpan. + trace.FromContext(ctx).Annotatef(attrs, format, args...) + } +} + +// ocAttrs converts a generic map to OpenCensus attributes. +func ocAttrs(attrMap map[string]interface{}) []trace.Attribute { var attrs []trace.Attribute for k, v := range attrMap { var a trace.Attribute @@ -107,5 +201,27 @@ func TracePrintf(ctx context.Context, attrMap map[string]interface{}, format str } attrs = append(attrs, a) } - trace.FromContext(ctx).Annotatef(attrs, format, args...) + return attrs +} + +// otAttrs converts a generic map to OpenTelemetry attributes. +func otAttrs(attrMap map[string]interface{}) []attribute.KeyValue { + var attrs []attribute.KeyValue + for k, v := range attrMap { + var a attribute.KeyValue + switch v := v.(type) { + case string: + a = attribute.Key(k).String(v) + case bool: + a = attribute.Key(k).Bool(v) + case int: + a = attribute.Key(k).Int(v) + case int64: + a = attribute.Key(k).Int64(v) + default: + a = attribute.Key(k).String(fmt.Sprintf("%#v", v)) + } + attrs = append(attrs, a) + } + return attrs } diff --git a/vendor/github.com/alecthomas/units/renovate.json5 b/vendor/github.com/alecthomas/units/renovate.json5 new file mode 100644 index 000000000..897864b85 --- /dev/null +++ b/vendor/github.com/alecthomas/units/renovate.json5 @@ -0,0 +1,11 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + extends: [ + "config:recommended", + ":semanticCommits", + ":semanticCommitTypeAll(chore)", + ":semanticCommitScope(deps)", + "group:allNonMajor", + "schedule:earlyMondays", // Run once a week. + ], +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go index b361c1386..1ee54cfe0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go @@ -150,6 +150,18 @@ type Config struct { // BaseEndpoint is an intermediary transfer location to a service specific // BaseEndpoint on a service's Options. BaseEndpoint *string + + // DisableRequestCompression toggles if an operation request could be + // compressed or not. Will be set to false by default. This variable is sourced from + // environment variable AWS_DISABLE_REQUEST_COMPRESSION or the shared config profile attribute + // disable_request_compression + DisableRequestCompression bool + + // RequestMinCompressSizeBytes sets the inclusive min bytes of a request body that could be + // compressed. Will be set to 10240 by default and must be within 0 and 10485760 bytes inclusively. + // This variable is sourced from environment variable AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES or + // the shared config profile attribute request_min_compression_size_bytes + RequestMinCompressSizeBytes int64 } // NewConfig returns a new Config pointer that can be chained with builder diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go index d4384d4e6..9a844f30e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go @@ -3,4 +3,4 @@ package aws // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.23.0" +const goModuleVersion = "1.24.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go new file mode 100644 index 000000000..b0133f4c8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go @@ -0,0 +1,319 @@ +// Package metrics implements metrics gathering for SDK development purposes. +// +// This package is designated as private and is intended for use only by the +// AWS client runtime. The exported API therein is not considered stable and +// is subject to breaking changes without notice. +package metrics + +import ( + "context" + "encoding/json" + "fmt" + "sync" + "time" + + "github.com/aws/smithy-go/middleware" +) + +const ( + // ServiceIDKey is the key for the service ID metric. + ServiceIDKey = "ServiceId" + // OperationNameKey is the key for the operation name metric. + OperationNameKey = "OperationName" + // ClientRequestIDKey is the key for the client request ID metric. + ClientRequestIDKey = "ClientRequestId" + // APICallDurationKey is the key for the API call duration metric. + APICallDurationKey = "ApiCallDuration" + // APICallSuccessfulKey is the key for the API call successful metric. + APICallSuccessfulKey = "ApiCallSuccessful" + // MarshallingDurationKey is the key for the marshalling duration metric. + MarshallingDurationKey = "MarshallingDuration" + // InThroughputKey is the key for the input throughput metric. + InThroughputKey = "InThroughput" + // OutThroughputKey is the key for the output throughput metric. + OutThroughputKey = "OutThroughput" + // RetryCountKey is the key for the retry count metric. + RetryCountKey = "RetryCount" + // HTTPStatusCodeKey is the key for the HTTP status code metric. + HTTPStatusCodeKey = "HttpStatusCode" + // AWSExtendedRequestIDKey is the key for the AWS extended request ID metric. + AWSExtendedRequestIDKey = "AwsExtendedRequestId" + // AWSRequestIDKey is the key for the AWS request ID metric. + AWSRequestIDKey = "AwsRequestId" + // BackoffDelayDurationKey is the key for the backoff delay duration metric. + BackoffDelayDurationKey = "BackoffDelayDuration" + // StreamThroughputKey is the key for the stream throughput metric. + StreamThroughputKey = "Throughput" + // ConcurrencyAcquireDurationKey is the key for the concurrency acquire duration metric. + ConcurrencyAcquireDurationKey = "ConcurrencyAcquireDuration" + // PendingConcurrencyAcquiresKey is the key for the pending concurrency acquires metric. + PendingConcurrencyAcquiresKey = "PendingConcurrencyAcquires" + // SigningDurationKey is the key for the signing duration metric. + SigningDurationKey = "SigningDuration" + // UnmarshallingDurationKey is the key for the unmarshalling duration metric. + UnmarshallingDurationKey = "UnmarshallingDuration" + // TimeToFirstByteKey is the key for the time to first byte metric. + TimeToFirstByteKey = "TimeToFirstByte" + // ServiceCallDurationKey is the key for the service call duration metric. + ServiceCallDurationKey = "ServiceCallDuration" + // EndpointResolutionDurationKey is the key for the endpoint resolution duration metric. + EndpointResolutionDurationKey = "EndpointResolutionDuration" + // AttemptNumberKey is the key for the attempt number metric. + AttemptNumberKey = "AttemptNumber" + // MaxConcurrencyKey is the key for the max concurrency metric. + MaxConcurrencyKey = "MaxConcurrency" + // AvailableConcurrencyKey is the key for the available concurrency metric. + AvailableConcurrencyKey = "AvailableConcurrency" +) + +// MetricPublisher provides the interface to provide custom MetricPublishers. +// PostRequestMetrics will be invoked by the MetricCollection middleware to post request. +// PostStreamMetrics will be invoked by ReadCloserWithMetrics to post stream metrics. +type MetricPublisher interface { + PostRequestMetrics(*MetricData) error + PostStreamMetrics(*MetricData) error +} + +// Serializer provides the interface to provide custom Serializers. +// Serialize will transform any input object in its corresponding string representation. +type Serializer interface { + Serialize(obj interface{}) (string, error) +} + +// DefaultSerializer is an implementation of the Serializer interface. +type DefaultSerializer struct{} + +// Serialize uses the default JSON serializer to obtain the string representation of an object. +func (DefaultSerializer) Serialize(obj interface{}) (string, error) { + bytes, err := json.Marshal(obj) + if err != nil { + return "", err + } + return string(bytes), nil +} + +type metricContextKey struct{} + +// MetricContext contains fields to store metric-related information. +type MetricContext struct { + connectionCounter *SharedConnectionCounter + publisher MetricPublisher + data *MetricData +} + +// MetricData stores the collected metric data. +type MetricData struct { + RequestStartTime time.Time + RequestEndTime time.Time + APICallDuration time.Duration + SerializeStartTime time.Time + SerializeEndTime time.Time + MarshallingDuration time.Duration + ResolveEndpointStartTime time.Time + ResolveEndpointEndTime time.Time + EndpointResolutionDuration time.Duration + InThroughput float64 + OutThroughput float64 + RetryCount int + Success uint8 + StatusCode int + ClientRequestID string + ServiceID string + OperationName string + PartitionID string + Region string + RequestContentLength int64 + Stream StreamMetrics + Attempts []AttemptMetrics +} + +// StreamMetrics stores metrics related to streaming data. +type StreamMetrics struct { + ReadDuration time.Duration + ReadBytes int64 + Throughput float64 +} + +// AttemptMetrics stores metrics related to individual attempts. +type AttemptMetrics struct { + ServiceCallStart time.Time + ServiceCallEnd time.Time + ServiceCallDuration time.Duration + FirstByteTime time.Time + TimeToFirstByte time.Duration + ConnRequestedTime time.Time + ConnObtainedTime time.Time + ConcurrencyAcquireDuration time.Duration + CredentialFetchStartTime time.Time + CredentialFetchEndTime time.Time + SignStartTime time.Time + SignEndTime time.Time + SigningDuration time.Duration + DeserializeStartTime time.Time + DeserializeEndTime time.Time + UnMarshallingDuration time.Duration + RetryDelay time.Duration + ResponseContentLength int64 + StatusCode int + RequestID string + ExtendedRequestID string + HTTPClient string + MaxConcurrency int + PendingConnectionAcquires int + AvailableConcurrency int + ActiveRequests int + ReusedConnection bool +} + +// Data returns the MetricData associated with the MetricContext. +func (mc *MetricContext) Data() *MetricData { + return mc.data +} + +// ConnectionCounter returns the SharedConnectionCounter associated with the MetricContext. +func (mc *MetricContext) ConnectionCounter() *SharedConnectionCounter { + return mc.connectionCounter +} + +// Publisher returns the MetricPublisher associated with the MetricContext. +func (mc *MetricContext) Publisher() MetricPublisher { + return mc.publisher +} + +// ComputeRequestMetrics calculates and populates derived metrics based on the collected data. +func (md *MetricData) ComputeRequestMetrics() { + + for idx := range md.Attempts { + attempt := &md.Attempts[idx] + attempt.ConcurrencyAcquireDuration = attempt.ConnObtainedTime.Sub(attempt.ConnRequestedTime) + attempt.SigningDuration = attempt.SignEndTime.Sub(attempt.SignStartTime) + attempt.UnMarshallingDuration = attempt.DeserializeEndTime.Sub(attempt.DeserializeStartTime) + attempt.TimeToFirstByte = attempt.FirstByteTime.Sub(attempt.ServiceCallStart) + attempt.ServiceCallDuration = attempt.ServiceCallEnd.Sub(attempt.ServiceCallStart) + } + + md.APICallDuration = md.RequestEndTime.Sub(md.RequestStartTime) + md.MarshallingDuration = md.SerializeEndTime.Sub(md.SerializeStartTime) + md.EndpointResolutionDuration = md.ResolveEndpointEndTime.Sub(md.ResolveEndpointStartTime) + + md.RetryCount = len(md.Attempts) - 1 + + latestAttempt, err := md.LatestAttempt() + + if err != nil { + fmt.Printf("error retrieving attempts data due to: %s. Skipping Throughput metrics", err.Error()) + } else { + + md.StatusCode = latestAttempt.StatusCode + + if md.Success == 1 { + if latestAttempt.ResponseContentLength > 0 && latestAttempt.ServiceCallDuration > 0 { + md.InThroughput = float64(latestAttempt.ResponseContentLength) / latestAttempt.ServiceCallDuration.Seconds() + } + if md.RequestContentLength > 0 && latestAttempt.ServiceCallDuration > 0 { + md.OutThroughput = float64(md.RequestContentLength) / latestAttempt.ServiceCallDuration.Seconds() + } + } + } +} + +// LatestAttempt returns the latest attempt metrics. +// It returns an error if no attempts are initialized. +func (md *MetricData) LatestAttempt() (*AttemptMetrics, error) { + if md.Attempts == nil || len(md.Attempts) == 0 { + return nil, fmt.Errorf("no attempts initialized. NewAttempt() should be called first") + } + return &md.Attempts[len(md.Attempts)-1], nil +} + +// NewAttempt initializes new attempt metrics. +func (md *MetricData) NewAttempt() { + if md.Attempts == nil { + md.Attempts = []AttemptMetrics{} + } + md.Attempts = append(md.Attempts, AttemptMetrics{}) +} + +// SharedConnectionCounter is a counter shared across API calls. +type SharedConnectionCounter struct { + mu sync.Mutex + + activeRequests int + pendingConnectionAcquire int +} + +// ActiveRequests returns the count of active requests. +func (cc *SharedConnectionCounter) ActiveRequests() int { + cc.mu.Lock() + defer cc.mu.Unlock() + + return cc.activeRequests +} + +// PendingConnectionAcquire returns the count of pending connection acquires. +func (cc *SharedConnectionCounter) PendingConnectionAcquire() int { + cc.mu.Lock() + defer cc.mu.Unlock() + + return cc.pendingConnectionAcquire +} + +// AddActiveRequest increments the count of active requests. +func (cc *SharedConnectionCounter) AddActiveRequest() { + cc.mu.Lock() + defer cc.mu.Unlock() + + cc.activeRequests++ +} + +// RemoveActiveRequest decrements the count of active requests. +func (cc *SharedConnectionCounter) RemoveActiveRequest() { + cc.mu.Lock() + defer cc.mu.Unlock() + + cc.activeRequests-- +} + +// AddPendingConnectionAcquire increments the count of pending connection acquires. +func (cc *SharedConnectionCounter) AddPendingConnectionAcquire() { + cc.mu.Lock() + defer cc.mu.Unlock() + + cc.pendingConnectionAcquire++ +} + +// RemovePendingConnectionAcquire decrements the count of pending connection acquires. +func (cc *SharedConnectionCounter) RemovePendingConnectionAcquire() { + cc.mu.Lock() + defer cc.mu.Unlock() + + cc.pendingConnectionAcquire-- +} + +// InitMetricContext initializes the metric context with the provided counter and publisher. +// It returns the updated context. +func InitMetricContext( + ctx context.Context, counter *SharedConnectionCounter, publisher MetricPublisher, +) context.Context { + if middleware.GetStackValue(ctx, metricContextKey{}) == nil { + ctx = middleware.WithStackValue(ctx, metricContextKey{}, &MetricContext{ + connectionCounter: counter, + publisher: publisher, + data: &MetricData{ + Attempts: []AttemptMetrics{}, + Stream: StreamMetrics{}, + }, + }) + } + return ctx +} + +// Context returns the metric context from the given context. +// It returns nil if the metric context is not found. +func Context(ctx context.Context) *MetricContext { + mctx := middleware.GetStackValue(ctx, metricContextKey{}) + if mctx == nil { + return nil + } + return mctx.(*MetricContext) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md index f932b81b7..1e1da56b3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md @@ -1,3 +1,15 @@ +# v1.5.4 (2023-12-07) + +* No change notes available for this release. + +# v1.5.3 (2023-11-30) + +* No change notes available for this release. + +# v1.5.2 (2023-11-29) + +* No change notes available for this release. + # v1.5.1 (2023-11-15) * No change notes available for this release. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go index 4c0d5ac48..6759e90e9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go @@ -3,4 +3,4 @@ package eventstream // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.5.1" +const goModuleVersion = "1.5.4" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go index 822fc920a..722ca34c6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go @@ -3,6 +3,7 @@ package retry import ( "context" "fmt" + "github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics" "strconv" "strings" "time" @@ -225,6 +226,13 @@ func (r *Attempt) handleAttempt( // that time. Potentially early exist if the sleep is canceled via the // context. retryDelay, reqErr := r.retryer.RetryDelay(attemptNum, err) + mctx := metrics.Context(ctx) + if mctx != nil { + attempt, err := mctx.Data().LatestAttempt() + if err != nil { + attempt.RetryDelay = retryDelay + } + } if reqErr != nil { return out, attemptResult, releaseRetryToken, reqErr } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go index 4b19444b0..f39a369ad 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go @@ -11,6 +11,7 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics" v4Internal "github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4" internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" "github.com/aws/aws-sdk-go-v2/internal/sdk" @@ -237,21 +238,32 @@ func (m *contentSHA256Header) HandleFinalize( return next.HandleFinalize(ctx, in) } -// SignHTTPRequestMiddlewareOptions is the configuration options for the SignHTTPRequestMiddleware middleware. +// SignHTTPRequestMiddlewareOptions is the configuration options for +// [SignHTTPRequestMiddleware]. +// +// Deprecated: [SignHTTPRequestMiddleware] is deprecated. type SignHTTPRequestMiddlewareOptions struct { CredentialsProvider aws.CredentialsProvider Signer HTTPSigner LogSigning bool } -// SignHTTPRequestMiddleware is a `FinalizeMiddleware` implementation for SigV4 HTTP Signing +// SignHTTPRequestMiddleware is a `FinalizeMiddleware` implementation for SigV4 +// HTTP Signing. +// +// Deprecated: AWS service clients no longer use this middleware. Signing as an +// SDK operation is now performed through an internal per-service middleware +// which opaquely selects and uses the signer from the resolved auth scheme. type SignHTTPRequestMiddleware struct { credentialsProvider aws.CredentialsProvider signer HTTPSigner logSigning bool } -// NewSignHTTPRequestMiddleware constructs a SignHTTPRequestMiddleware using the given Signer for signing requests +// NewSignHTTPRequestMiddleware constructs a [SignHTTPRequestMiddleware] using +// the given [Signer] for signing requests. +// +// Deprecated: SignHTTPRequestMiddleware is deprecated. func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *SignHTTPRequestMiddleware { return &SignHTTPRequestMiddleware{ credentialsProvider: options.CredentialsProvider, @@ -260,12 +272,17 @@ func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *Sig } } -// ID is the SignHTTPRequestMiddleware identifier +// ID is the SignHTTPRequestMiddleware identifier. +// +// Deprecated: SignHTTPRequestMiddleware is deprecated. func (s *SignHTTPRequestMiddleware) ID() string { return "Signing" } -// HandleFinalize will take the provided input and sign the request using the SigV4 authentication scheme +// HandleFinalize will take the provided input and sign the request using the +// SigV4 authentication scheme. +// +// Deprecated: SignHTTPRequestMiddleware is deprecated. func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( out middleware.FinalizeOutput, metadata middleware.Metadata, err error, ) { @@ -284,7 +301,22 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")} } + mctx := metrics.Context(ctx) + + if mctx != nil { + if attempt, err := mctx.Data().LatestAttempt(); err == nil { + attempt.CredentialFetchStartTime = sdk.NowTime() + } + } + credentials, err := s.credentialsProvider.Retrieve(ctx) + + if mctx != nil { + if attempt, err := mctx.Data().LatestAttempt(); err == nil { + attempt.CredentialFetchEndTime = sdk.NowTime() + } + } + if err != nil { return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)} } @@ -305,7 +337,20 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl }) } + if mctx != nil { + if attempt, err := mctx.Data().LatestAttempt(); err == nil { + attempt.SignStartTime = sdk.NowTime() + } + } + err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, signingRegion, sdk.NowTime(), signerOptions...) + + if mctx != nil { + if attempt, err := mctx.Data().LatestAttempt(); err == nil { + attempt.SignEndTime = sdk.NowTime() + } + } + if err != nil { return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)} } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go index 4d162556b..bb61904e1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go @@ -68,6 +68,9 @@ import ( const ( signingAlgorithm = "AWS4-HMAC-SHA256" authorizationHeader = "Authorization" + + // Version of signing v4 + Version = "SigV4" ) // HTTPSigner is an interface to a SigV4 signer that can sign HTTP requests @@ -103,6 +106,11 @@ type SignerOptions struct { // This will enable logging of the canonical request, the string to sign, and for presigning the subsequent // presigned URL. LogSigning bool + + // Disables setting the session token on the request as part of signing + // through X-Amz-Security-Token. This is needed for variations of v4 that + // present the token elsewhere. + DisableSessionToken bool } // Signer applies AWS v4 signing to given request. Use this to sign requests @@ -136,6 +144,7 @@ type httpSigner struct { DisableHeaderHoisting bool DisableURIPathEscaping bool + DisableSessionToken bool } func (s *httpSigner) Build() (signedRequest, error) { @@ -284,6 +293,7 @@ func (s Signer) SignHTTP(ctx context.Context, credentials aws.Credentials, r *ht Time: v4Internal.NewSigningTime(signingTime.UTC()), DisableHeaderHoisting: options.DisableHeaderHoisting, DisableURIPathEscaping: options.DisableURIPathEscaping, + DisableSessionToken: options.DisableSessionToken, KeyDerivator: s.keyDerivator, } @@ -360,6 +370,7 @@ func (s *Signer) PresignHTTP( IsPreSign: true, DisableHeaderHoisting: options.DisableHeaderHoisting, DisableURIPathEscaping: options.DisableURIPathEscaping, + DisableSessionToken: options.DisableSessionToken, KeyDerivator: s.keyDerivator, } @@ -502,7 +513,8 @@ func (s *httpSigner) setRequiredSigningFields(headers http.Header, query url.Val if s.IsPreSign { query.Set(v4Internal.AmzAlgorithmKey, signingAlgorithm) - if sessionToken := s.Credentials.SessionToken; len(sessionToken) > 0 { + sessionToken := s.Credentials.SessionToken + if !s.DisableSessionToken && len(sessionToken) > 0 { query.Set("X-Amz-Security-Token", sessionToken) } @@ -512,7 +524,7 @@ func (s *httpSigner) setRequiredSigningFields(headers http.Header, query url.Val headers[v4Internal.AmzDateKey] = append(headers[v4Internal.AmzDateKey][:0], amzDate) - if len(s.Credentials.SessionToken) > 0 { + if !s.DisableSessionToken && len(s.Credentials.SessionToken) > 0 { headers[v4Internal.AmzSecurityTokenKey] = append(headers[v4Internal.AmzSecurityTokenKey][:0], s.Credentials.SessionToken) } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index b12f2dfd7..79eae3632 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,57 @@ +# v1.26.1 (2023-12-08) + +* **Bug Fix**: Correct loading of [services *] sections into shared config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.26.0 (2023-12-07) + +* **Feature**: Support modeled request compression. The only algorithm supported at this time is `gzip`. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.12 (2023-12-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.11 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.10 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.9 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.8 (2023-11-28.3) + +* **Bug Fix**: Correct resolution of S3Express auth disable toggle. + +# v1.25.7 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.6 (2023-11-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.5 (2023-11-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.3 (2023-11-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.2 (2023-11-16) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.25.1 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go index dfe629732..50582d89d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go @@ -70,10 +70,16 @@ var defaultAWSConfigResolvers = []awsConfigResolver{ // httpBearerAuth authentication scheme. resolveBearerAuthToken, - // Sets the sdk app ID if present in shared config profile + // Sets the sdk app ID if present in env var or shared config profile resolveAppID, resolveBaseEndpoint, + + // Sets the DisableRequestCompression if present in env var or shared config profile + resolveDisableRequestCompression, + + // Sets the RequestMinCompressSizeBytes if present in env var or shared config profile + resolveRequestMinCompressSizeBytes, } // A Config represents a generic configuration value or set of values. This type diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go index 78bc14933..88550198c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go @@ -12,6 +12,7 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + smithyrequestcompression "github.com/aws/smithy-go/private/requestcompression" ) // CredentialsSourceName provides a name of the provider when config is @@ -74,6 +75,11 @@ const ( awsIgnoreConfiguredEndpoints = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS" awsEndpointURL = "AWS_ENDPOINT_URL" + + awsDisableRequestCompression = "AWS_DISABLE_REQUEST_COMPRESSION" + awsRequestMinCompressionSizeBytes = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES" + + awsS3DisableExpressSessionAuthEnv = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH" ) var ( @@ -268,6 +274,22 @@ type EnvConfig struct { // Value to contain configured endpoints to be propagated to // corresponding endpoint resolution field. BaseEndpoint string + + // determine if request compression is allowed, default to false + // retrieved from env var AWS_DISABLE_REQUEST_COMPRESSION + DisableRequestCompression *bool + + // inclusive threshold request body size to trigger compression, + // default to 10240 and must be within 0 and 10485760 bytes inclusive + // retrieved from env var AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES + RequestMinCompressSizeBytes *int64 + + // Whether S3Express auth is disabled. + // + // This will NOT prevent requests from being made to S3Express buckets, it + // will only bypass the modified endpoint routing and signing behaviors + // associated with the feature. + S3DisableExpressAuth *bool } // loadEnvConfig reads configuration values from the OS's environment variables. @@ -310,6 +332,13 @@ func NewEnvConfig() (EnvConfig, error) { cfg.AppID = os.Getenv(awsSdkAppID) + if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompression}); err != nil { + return cfg, err + } + if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytes}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil { + return cfg, err + } + if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil { return cfg, err } @@ -356,6 +385,10 @@ func NewEnvConfig() (EnvConfig, error) { return cfg, err } + if err := setBoolPtrFromEnvVal(&cfg.S3DisableExpressAuth, []string{awsS3DisableExpressSessionAuthEnv}); err != nil { + return cfg, err + } + return cfg, nil } @@ -370,6 +403,20 @@ func (c EnvConfig) getAppID(context.Context) (string, bool, error) { return c.AppID, len(c.AppID) > 0, nil } +func (c EnvConfig) getDisableRequestCompression(context.Context) (bool, bool, error) { + if c.DisableRequestCompression == nil { + return false, false, nil + } + return *c.DisableRequestCompression, true, nil +} + +func (c EnvConfig) getRequestMinCompressSizeBytes(context.Context) (int64, bool, error) { + if c.RequestMinCompressSizeBytes == nil { + return 0, false, nil + } + return *c.RequestMinCompressSizeBytes, true, nil +} + // GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified, // and not 0. func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) { @@ -626,6 +673,30 @@ func setBoolPtrFromEnvVal(dst **bool, keys []string) error { return nil } +func setInt64PtrFromEnvVal(dst **int64, keys []string, max int64) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + v, err := strconv.ParseInt(value, 10, 64) + if err != nil { + return fmt.Errorf("invalid value for env var, %s=%s, need int64", k, value) + } else if v < 0 || v > max { + return fmt.Errorf("invalid range for env var min request compression size bytes %q, must be within 0 and 10485760 inclusively", v) + } + if *dst == nil { + *dst = new(int64) + } + + **dst = v + break + } + + return nil +} + func setEndpointDiscoveryTypeFromEnvVal(dst *aws.EndpointDiscoveryEnableState, keys []string) error { for _, k := range keys { value := os.Getenv(k) @@ -736,3 +807,13 @@ func (c EnvConfig) GetEC2IMDSV1FallbackDisabled() (bool, bool) { return *c.EC2IMDSv1Disabled, true } + +// GetS3DisableExpressAuth returns the configured value for +// [EnvConfig.S3DisableExpressAuth]. +func (c EnvConfig) GetS3DisableExpressAuth() (value, ok bool) { + if c.S3DisableExpressAuth == nil { + return false, false + } + + return *c.S3DisableExpressAuth, true +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index a140c8a4a..b7c325d3e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.25.1" +const goModuleVersion = "1.26.1" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go index 7480bb45e..06596c1b7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go @@ -206,6 +206,15 @@ type LoadOptions struct { // The sdk app ID retrieved from env var or shared config to be added to request user agent header AppID string + + // Specifies whether an operation request could be compressed + DisableRequestCompression *bool + + // The inclusive min bytes of a request body that could be compressed + RequestMinCompressSizeBytes *int64 + + // Whether S3 Express auth is disabled. + S3DisableExpressAuth *bool } func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) { @@ -253,6 +262,22 @@ func (o LoadOptions) getAppID(ctx context.Context) (string, bool, error) { return o.AppID, len(o.AppID) > 0, nil } +// getDisableRequestCompression returns DisableRequestCompression from config's LoadOptions +func (o LoadOptions) getDisableRequestCompression(ctx context.Context) (bool, bool, error) { + if o.DisableRequestCompression == nil { + return false, false, nil + } + return *o.DisableRequestCompression, true, nil +} + +// getRequestMinCompressSizeBytes returns RequestMinCompressSizeBytes from config's LoadOptions +func (o LoadOptions) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) { + if o.RequestMinCompressSizeBytes == nil { + return 0, false, nil + } + return *o.RequestMinCompressSizeBytes, true, nil +} + // WithRegion is a helper function to construct functional options // that sets Region on config's LoadOptions. Setting the region to // an empty string, will result in the region value being ignored. @@ -274,6 +299,30 @@ func WithAppID(ID string) LoadOptionsFunc { } } +// WithDisableRequestCompression is a helper function to construct functional options +// that sets DisableRequestCompression on config's LoadOptions. +func WithDisableRequestCompression(DisableRequestCompression *bool) LoadOptionsFunc { + return func(o *LoadOptions) error { + if DisableRequestCompression == nil { + return nil + } + o.DisableRequestCompression = DisableRequestCompression + return nil + } +} + +// WithRequestMinCompressSizeBytes is a helper function to construct functional options +// that sets RequestMinCompressSizeBytes on config's LoadOptions. +func WithRequestMinCompressSizeBytes(RequestMinCompressSizeBytes *int64) LoadOptionsFunc { + return func(o *LoadOptions) error { + if RequestMinCompressSizeBytes == nil { + return nil + } + o.RequestMinCompressSizeBytes = RequestMinCompressSizeBytes + return nil + } +} + // getDefaultRegion returns DefaultRegion from config's LoadOptions func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) { if len(o.DefaultRegion) == 0 { @@ -1044,3 +1093,22 @@ func WithDefaultsMode(mode aws.DefaultsMode, optFns ...func(options *DefaultsMod return nil } } + +// GetS3DisableExpressAuth returns the configured value for +// [EnvConfig.S3DisableExpressAuth]. +func (o LoadOptions) GetS3DisableExpressAuth() (value, ok bool) { + if o.S3DisableExpressAuth == nil { + return false, false + } + + return *o.S3DisableExpressAuth, true +} + +// WithS3DisableExpressAuth sets [LoadOptions.S3DisableExpressAuth] +// to the value provided. +func WithS3DisableExpressAuth(v bool) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.S3DisableExpressAuth = &v + return nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go index d52358460..13745fc98 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go @@ -191,6 +191,40 @@ func getAppID(ctx context.Context, configs configs) (value string, found bool, e return } +// disableRequestCompressionProvider provides access to the DisableRequestCompression +type disableRequestCompressionProvider interface { + getDisableRequestCompression(context.Context) (bool, bool, error) +} + +func getDisableRequestCompression(ctx context.Context, configs configs) (value bool, found bool, err error) { + for _, cfg := range configs { + if p, ok := cfg.(disableRequestCompressionProvider); ok { + value, found, err = p.getDisableRequestCompression(ctx) + if err != nil || found { + break + } + } + } + return +} + +// requestMinCompressSizeBytesProvider provides access to the MinCompressSizeBytes +type requestMinCompressSizeBytesProvider interface { + getRequestMinCompressSizeBytes(context.Context) (int64, bool, error) +} + +func getRequestMinCompressSizeBytes(ctx context.Context, configs configs) (value int64, found bool, err error) { + for _, cfg := range configs { + if p, ok := cfg.(requestMinCompressSizeBytesProvider); ok { + value, found, err = p.getRequestMinCompressSizeBytes(ctx) + if err != nil || found { + break + } + } + } + return +} + // ec2IMDSRegionProvider provides access to the ec2 imds region // configuration value type ec2IMDSRegionProvider interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go index b3b2c93cd..fde2e3980 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go @@ -139,6 +139,33 @@ func resolveAppID(ctx context.Context, cfg *aws.Config, configs configs) error { return nil } +// resolveDisableRequestCompression extracts the DisableRequestCompression from the configs slice's +// SharedConfig or EnvConfig +func resolveDisableRequestCompression(ctx context.Context, cfg *aws.Config, configs configs) error { + disable, _, err := getDisableRequestCompression(ctx, configs) + if err != nil { + return err + } + + cfg.DisableRequestCompression = disable + return nil +} + +// resolveRequestMinCompressSizeBytes extracts the RequestMinCompressSizeBytes from the configs slice's +// SharedConfig or EnvConfig +func resolveRequestMinCompressSizeBytes(ctx context.Context, cfg *aws.Config, configs configs) error { + minBytes, found, err := getRequestMinCompressSizeBytes(ctx, configs) + if err != nil { + return err + } + // must set a default min size 10240 if not configured + if !found { + minBytes = 10240 + } + cfg.RequestMinCompressSizeBytes = minBytes + return nil +} + // resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default // region if region had not been resolved from other sources. func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go index 20683bf5f..c546cb7d0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go @@ -17,6 +17,7 @@ import ( "github.com/aws/aws-sdk-go-v2/internal/ini" "github.com/aws/aws-sdk-go-v2/internal/shareddefaults" "github.com/aws/smithy-go/logging" + smithyrequestcompression "github.com/aws/smithy-go/private/requestcompression" ) const ( @@ -30,7 +31,7 @@ const ( // Prefix for services section. It is referenced in profile via the services // parameter to configure clients for service-specific parameters. - servicesPrefix = `services` + servicesPrefix = `services ` // string equivalent for boolean endpointDiscoveryDisabled = `false` @@ -107,6 +108,13 @@ const ( ignoreConfiguredEndpoints = "ignore_configured_endpoint_urls" endpointURL = "endpoint_url" + + servicesSectionKey = "services" + + disableRequestCompression = "disable_request_compression" + requestMinCompressionSizeBytes = "request_min_compression_size_bytes" + + s3DisableExpressSessionAuthKey = "s3_disable_express_session_auth" ) // defaultSharedConfigProfile allows for swapping the default profile for testing @@ -314,8 +322,25 @@ type SharedConfig struct { // corresponding endpoint resolution field. BaseEndpoint string - // Value to contain services section content. - Services Services + // Services section config. + ServicesSectionName string + Services Services + + // determine if request compression is allowed, default to false + // retrieved from config file's profile field disable_request_compression + DisableRequestCompression *bool + + // inclusive threshold request body size to trigger compression, + // default to 10240 and must be within 0 and 10485760 bytes inclusive + // retrieved from config file's profile field request_min_compression_size_bytes + RequestMinCompressSizeBytes *int64 + + // Whether S3Express auth is disabled. + // + // This will NOT prevent requests from being made to S3Express buckets, it + // will only bypass the modified endpoint routing and signing behaviors + // associated with the feature. + S3DisableExpressAuth *bool } func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) { @@ -435,6 +460,16 @@ func (c SharedConfig) GetUseFIPSEndpoint(ctx context.Context) (value aws.FIPSEnd return c.UseFIPSEndpoint, true, nil } +// GetS3DisableExpressAuth returns the configured value for +// [SharedConfig.S3DisableExpressAuth]. +func (c SharedConfig) GetS3DisableExpressAuth() (value, ok bool) { + if c.S3DisableExpressAuth == nil { + return false, false + } + + return *c.S3DisableExpressAuth, true +} + // GetCustomCABundle returns the custom CA bundle's PEM bytes if the file was func (c SharedConfig) getCustomCABundle(context.Context) (io.Reader, bool, error) { if len(c.CustomCABundle) == 0 { @@ -975,14 +1010,11 @@ func (c *SharedConfig) setFromIniSections(profiles map[string]struct{}, profile c.SSOSession = &ssoSession } - for _, sectionName := range sections.List() { - if strings.HasPrefix(sectionName, servicesPrefix) { - section, ok := sections.GetSection(sectionName) - if ok { - var svcs Services - svcs.setFromIniSection(section) - c.Services = svcs - } + if len(c.ServicesSectionName) > 0 { + if section, ok := sections.GetSection(servicesPrefix + c.ServicesSectionName); ok { + var svcs Services + svcs.setFromIniSection(section) + c.Services = svcs } } @@ -1054,6 +1086,7 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er updateEndpointDiscoveryType(&c.EnableEndpointDiscovery, section, enableEndpointDiscoveryKey) updateBoolPtr(&c.S3UseARNRegion, section, s3UseARNRegionKey) updateBoolPtr(&c.S3DisableMultiRegionAccessPoints, section, s3DisableMultiRegionAccessPointsKey) + updateBoolPtr(&c.S3DisableExpressAuth, section, s3DisableExpressSessionAuthKey) if err := updateEC2MetadataServiceEndpointMode(&c.EC2IMDSEndpointMode, section, ec2MetadataServiceEndpointModeKey); err != nil { return fmt.Errorf("failed to load %s from shared config, %v", ec2MetadataServiceEndpointModeKey, err) @@ -1084,6 +1117,13 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er updateString(&c.BaseEndpoint, section, endpointURL) + if err := updateDisableRequestCompression(&c.DisableRequestCompression, section, disableRequestCompression); err != nil { + return fmt.Errorf("failed to load %s from shared config, %w", disableRequestCompression, err) + } + if err := updateRequestMinCompressSizeBytes(&c.RequestMinCompressSizeBytes, section, requestMinCompressionSizeBytes); err != nil { + return fmt.Errorf("failed to load %s from shared config, %w", requestMinCompressionSizeBytes, err) + } + // Shared Credentials creds := aws.Credentials{ AccessKeyID: section.String(accessKeyIDKey), @@ -1096,9 +1136,61 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er c.Credentials = creds } + updateString(&c.ServicesSectionName, section, servicesSectionKey) + return nil } +func updateRequestMinCompressSizeBytes(bytes **int64, sec ini.Section, key string) error { + if !sec.Has(key) { + return nil + } + + v, ok := sec.Int(key) + if !ok { + return fmt.Errorf("invalid value for min request compression size bytes %s, need int64", sec.String(key)) + } + if v < 0 || v > smithyrequestcompression.MaxRequestMinCompressSizeBytes { + return fmt.Errorf("invalid range for min request compression size bytes %d, must be within 0 and 10485760 inclusively", v) + } + *bytes = new(int64) + **bytes = v + return nil +} + +func updateDisableRequestCompression(disable **bool, sec ini.Section, key string) error { + if !sec.Has(key) { + return nil + } + + v := sec.String(key) + switch { + case v == "true": + *disable = new(bool) + **disable = true + case v == "false": + *disable = new(bool) + **disable = false + default: + return fmt.Errorf("invalid value for shared config profile field, %s=%s, need true or false", key, v) + } + return nil +} + +func (c SharedConfig) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) { + if c.RequestMinCompressSizeBytes == nil { + return 0, false, nil + } + return *c.RequestMinCompressSizeBytes, true, nil +} + +func (c SharedConfig) getDisableRequestCompression(ctx context.Context) (bool, bool, error) { + if c.DisableRequestCompression == nil { + return false, false, nil + } + return *c.DisableRequestCompression, true, nil +} + func updateDefaultsMode(mode *aws.DefaultsMode, section ini.Section, key string) error { if !section.Has(key) { return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md index 357b05f0a..dd7af71d1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md @@ -1,3 +1,47 @@ +# v1.16.12 (2023-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.11 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.10 (2023-12-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.9 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.8 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.7 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.6 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.5 (2023-11-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.4 (2023-11-21) + +* **Bug Fix**: Don't expect error responses to have a JSON payload in the endpointcreds provider. + +# v1.16.3 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.2 (2023-11-17) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.16.1 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go index 60b8298f8..df0e7575c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go @@ -62,7 +62,16 @@ func New(options Options, optFns ...func(*Options)) *Client { } if options.Retryer == nil { - options.Retryer = retry.NewStandard() + // Amazon-owned implementations of this endpoint are known to sometimes + // return plaintext responses (i.e. no Code) like normal, add a few + // additional status codes + options.Retryer = retry.NewStandard(func(o *retry.StandardOptions) { + o.Retryables = append(o.Retryables, retry.RetryableHTTPStatusCode{ + Codes: map[int]struct{}{ + http.StatusTooManyRequests: {}, + }, + }) + }) } for _, fn := range optFns { @@ -122,9 +131,10 @@ type GetCredentialsOutput struct { // EndpointError is an error returned from the endpoint service type EndpointError struct { - Code string `json:"code"` - Message string `json:"message"` - Fault smithy.ErrorFault `json:"-"` + Code string `json:"code"` + Message string `json:"message"` + Fault smithy.ErrorFault `json:"-"` + statusCode int `json:"-"` } // Error is the error mesage string @@ -146,3 +156,8 @@ func (e *EndpointError) ErrorMessage() string { func (e *EndpointError) ErrorFault() smithy.ErrorFault { return e.Fault } + +// HTTPStatusCode implements retry.HTTPStatusCode. +func (e *EndpointError) HTTPStatusCode() int { + return e.statusCode +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go index 40747a53c..ddb28a66d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + "io" "net/url" "github.com/aws/smithy-go" @@ -104,17 +105,44 @@ func (d *deserializeOpGetCredential) HandleDeserialize(ctx context.Context, in s } func deserializeError(response *smithyhttp.Response) error { - var errShape *EndpointError - err := json.NewDecoder(response.Body).Decode(&errShape) + // we could be talking to anything, json isn't guaranteed + // see https://github.com/aws/aws-sdk-go-v2/issues/2316 + if response.Header.Get("Content-Type") == "application/json" { + return deserializeJSONError(response) + } + + msg, err := io.ReadAll(response.Body) if err != nil { - return &smithy.DeserializationError{Err: fmt.Errorf("failed to decode error message, %w", err)} + return &smithy.DeserializationError{ + Err: fmt.Errorf("read response, %w", err), + } } - if response.StatusCode >= 500 { - errShape.Fault = smithy.FaultServer - } else { - errShape.Fault = smithy.FaultClient + return &EndpointError{ + // no sensible value for Code + Message: string(msg), + Fault: stof(response.StatusCode), + statusCode: response.StatusCode, + } +} + +func deserializeJSONError(response *smithyhttp.Response) error { + var errShape *EndpointError + if err := json.NewDecoder(response.Body).Decode(&errShape); err != nil { + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode error message, %w", err), + } } + errShape.Fault = stof(response.StatusCode) + errShape.statusCode = response.StatusCode return errShape } + +// maps HTTP status code to smithy ErrorFault +func stof(code int) smithy.ErrorFault { + if code >= 500 { + return smithy.FaultServer + } + return smithy.FaultClient +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go index 3769f58c8..ec3eb5f6e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go @@ -3,4 +3,4 @@ package credentials // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.16.1" +const goModuleVersion = "1.16.12" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md index 11ce26fa3..eef77e9d5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md @@ -1,3 +1,27 @@ +# v1.14.10 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.9 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.8 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.7 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.6 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.5 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.14.4 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go index 90f2e5d78..ce3e31118 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go @@ -3,4 +3,4 @@ package imds // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.14.4" +const goModuleVersion = "1.14.10" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md index d688bdeea..64776bda6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md @@ -1,3 +1,61 @@ +# v1.15.7 (2023-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.6 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.5 (2023-12-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.4 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.3 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.2 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.1 (2023-11-28.3) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.15.0 (2023-11-28.2) + +* **Feature**: Add S3Express support. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.4 (2023-11-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.3 (2023-11-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.2 (2023-11-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.1 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.14.0 (2023-11-17) + +* **Feature**: **BREAKING CHANGE** Correct nullability of a large number of S3 structure fields. See https://github.com/aws/aws-sdk-go-v2/issues/2162. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.9 (2023-11-16) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.13.8 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/download.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/download.go index 2ebcea585..06070adad 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/download.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/download.go @@ -436,8 +436,8 @@ func (d *downloader) setTotalBytes(resp *s3.GetObjectOutput) { if resp.ContentRange == nil { // ContentRange is nil when the full file contents is provided, and // is not chunked. Use ContentLength instead. - if resp.ContentLength > 0 { - d.totalBytes = resp.ContentLength + if aws.ToInt64(resp.ContentLength) > 0 { + d.totalBytes = aws.ToInt64(resp.ContentLength) return } } else { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go index 0c4a28dda..dc9bdc397 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go @@ -3,4 +3,4 @@ package manager // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.8" +const goModuleVersion = "1.15.7" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/upload.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/upload.go index d68246c2b..d1be506e0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/upload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/upload.go @@ -13,8 +13,11 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/internal/awsutil" + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/aws/aws-sdk-go-v2/service/s3/types" + smithymiddleware "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" ) // MaxUploadParts is the maximum allowed number of parts in a multi-part upload @@ -308,6 +311,9 @@ func (u Uploader) Upload(ctx context.Context, input *s3.PutObjectInput, opts ... clientOptions = append(clientOptions, func(o *s3.Options) { o.APIOptions = append(o.APIOptions, middleware.AddSDKAgentKey(middleware.FeatureMetadata, userAgentKey), + func(s *smithymiddleware.Stack) error { + return s.Finalize.Insert(&setS3ExpressDefaultChecksum{}, "ResolveEndpointV2", smithymiddleware.After) + }, ) }) clientOptions = append(clientOptions, i.cfg.ClientOptions...) @@ -501,7 +507,7 @@ func (u *uploader) singlePart(r io.ReadSeeker, cleanup func()) (*UploadOutput, e return &UploadOutput{ Location: locationRecorder.location, - BucketKeyEnabled: out.BucketKeyEnabled, + BucketKeyEnabled: aws.ToBool(out.BucketKeyEnabled), ChecksumCRC32: out.ChecksumCRC32, ChecksumCRC32C: out.ChecksumCRC32C, ChecksumSHA1: out.ChecksumSHA1, @@ -568,9 +574,11 @@ type chunk struct { // since S3 required this list to be sent in sorted order. type completedParts []types.CompletedPart -func (a completedParts) Len() int { return len(a) } -func (a completedParts) Swap(i, j int) { a[i], a[j] = a[j], a[i] } -func (a completedParts) Less(i, j int) bool { return a[i].PartNumber < a[j].PartNumber } +func (a completedParts) Len() int { return len(a) } +func (a completedParts) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a completedParts) Less(i, j int) bool { + return aws.ToInt32(a[i].PartNumber) < aws.ToInt32(a[j].PartNumber) +} // upload will perform a multipart upload using the firstBuf buffer containing // the first chunk of data. @@ -639,7 +647,7 @@ func (u *multiuploader) upload(firstBuf io.ReadSeeker, cleanup func()) (*UploadO UploadID: u.uploadID, CompletedParts: u.parts, - BucketKeyEnabled: completeOut.BucketKeyEnabled, + BucketKeyEnabled: aws.ToBool(completeOut.BucketKeyEnabled), ChecksumCRC32: completeOut.ChecksumCRC32, ChecksumCRC32C: completeOut.ChecksumCRC32C, ChecksumSHA1: completeOut.ChecksumSHA1, @@ -722,7 +730,7 @@ func (u *multiuploader) send(c chunk) error { // PutObject as they are never valid for individual parts of a // multipart upload. - PartNumber: c.num, + PartNumber: aws.Int32(c.num), UploadId: &u.uploadID, } // TODO should do copy then clear? @@ -734,7 +742,7 @@ func (u *multiuploader) send(c chunk) error { var completed types.CompletedPart awsutil.Copy(&completed, resp) - completed.PartNumber = c.num + completed.PartNumber = aws.Int32(c.num) u.m.Lock() u.parts = append(u.parts, completed) @@ -806,3 +814,42 @@ type readerAtSeeker interface { io.ReaderAt io.ReadSeeker } + +// setS3ExpressDefaultChecksum defaults to CRC32 for S3Express buckets, +// which is required when uploading to those through transfer manager. +type setS3ExpressDefaultChecksum struct{} + +func (*setS3ExpressDefaultChecksum) ID() string { + return "setS3ExpressDefaultChecksum" +} + +func (*setS3ExpressDefaultChecksum) HandleFinalize( + ctx context.Context, in smithymiddleware.FinalizeInput, next smithymiddleware.FinalizeHandler, +) ( + out smithymiddleware.FinalizeOutput, metadata smithymiddleware.Metadata, err error, +) { + const checksumHeader = "x-amz-checksum-algorithm" + + if internalcontext.GetS3Backend(ctx) != internalcontext.S3BackendS3Express { + return next.HandleFinalize(ctx, in) + } + + // If this is CreateMultipartUpload we need to ensure the checksum + // algorithm header is present. Otherwise everything is driven off the + // context setting and we can let it flow from there. + if middleware.GetOperationName(ctx) == "CreateMultipartUpload" { + r, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) + } + + if internalcontext.GetChecksumInputAlgorithm(ctx) == "" { + r.Header.Set(checksumHeader, "CRC32") + } + return next.HandleFinalize(ctx, in) + } else if internalcontext.GetChecksumInputAlgorithm(ctx) == "" { + ctx = internalcontext.SetChecksumInputAlgorithm(ctx, string(types.ChecksumAlgorithmCrc32)) + } + + return next.HandleFinalize(ctx, in) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go index ff229c048..bbc2ec06e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go @@ -16,6 +16,9 @@ const SigV4 = "sigv4" // Authentication Scheme Signature Version 4A const SigV4A = "sigv4a" +// SigV4S3Express identifies the S3 S3Express auth scheme. +const SigV4S3Express = "sigv4-s3express" + // None is a constant representing the // None Authentication Scheme const None = "none" @@ -24,9 +27,10 @@ const None = "none" // that indicates the list of supported AWS // authentication schemes var SupportedSchemes = map[string]bool{ - SigV4: true, - SigV4A: true, - None: true, + SigV4: true, + SigV4A: true, + SigV4S3Express: true, + None: true, } // AuthenticationScheme is a representation of @@ -93,10 +97,11 @@ func GetAuthenticationSchemes(p *smithy.Properties) ([]AuthenticationScheme, err for _, scheme := range authSchemes { authScheme, _ := scheme.(map[string]interface{}) - switch authScheme["name"] { - case SigV4: + version := authScheme["name"].(string) + switch version { + case SigV4, SigV4S3Express: v4Scheme := AuthenticationSchemeV4{ - Name: SigV4, + Name: version, SigningName: getSigningName(authScheme), SigningRegion: getSigningRegion(authScheme), DisableDoubleEncoding: getDisableDoubleEncoding(authScheme), diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_adapter.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_adapter.go index 94dda3ed8..f059b5d39 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_adapter.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_adapter.go @@ -36,7 +36,7 @@ func (v *BearerTokenProviderAdapter) GetIdentity(ctx context.Context, _ smithy.P ) { token, err := v.Provider.RetrieveBearerToken(ctx) if err != nil { - return nil, fmt.Errorf("get token: %v", err) + return nil, fmt.Errorf("get token: %w", err) } return &BearerTokenAdapter{Token: token}, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_signer_adapter.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_signer_adapter.go index 081cd8299..a88281527 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_signer_adapter.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_signer_adapter.go @@ -27,7 +27,7 @@ func (v *BearerTokenSignerAdapter) SignRequest(ctx context.Context, r *smithyhtt signed, err := v.Signer.SignWithBearerToken(ctx, ca.Token, r) if err != nil { - return fmt.Errorf("sign request: %v", err) + return fmt.Errorf("sign request: %w", err) } *r = *signed.(*smithyhttp.Request) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/credentials_adapter.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/credentials_adapter.go index 6017044f4..f926c4aaa 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/credentials_adapter.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/credentials_adapter.go @@ -39,7 +39,7 @@ func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.P creds, err := v.Provider.Retrieve(ctx) if err != nil { - return nil, fmt.Errorf("get credentials: %v", err) + return nil, fmt.Errorf("get credentials: %w", err) } return &CredentialsAdapter{Credentials: creds}, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go index 919156edd..0c5a2d40c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go @@ -46,7 +46,7 @@ func (v *V4SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request o.LogSigning = v.LogSigning }) if err != nil { - return fmt.Errorf("sign http: %v", err) + return fmt.Errorf("sign http: %w", err) } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md index 9159e6a45..5ceb3b82f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md @@ -1,3 +1,27 @@ +# v1.2.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.2.3 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go index 7ce6c26e3..da7d0d813 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go @@ -3,4 +3,4 @@ package configsources // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.2.3" +const goModuleVersion = "1.2.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go new file mode 100644 index 000000000..15bf10477 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go @@ -0,0 +1,39 @@ +package context + +import ( + "context" + + "github.com/aws/smithy-go/middleware" +) + +type s3BackendKey struct{} +type checksumInputAlgorithmKey struct{} + +const ( + // S3BackendS3Express identifies the S3Express backend + S3BackendS3Express = "S3Express" +) + +// SetS3Backend stores the resolved endpoint backend within the request +// context, which is required for a variety of custom S3 behaviors. +func SetS3Backend(ctx context.Context, typ string) context.Context { + return middleware.WithStackValue(ctx, s3BackendKey{}, typ) +} + +// GetS3Backend retrieves the stored endpoint backend within the context. +func GetS3Backend(ctx context.Context) string { + v, _ := middleware.GetStackValue(ctx, s3BackendKey{}).(string) + return v +} + +// SetChecksumInputAlgorithm sets the request checksum algorithm on the +// context. +func SetChecksumInputAlgorithm(ctx context.Context, value string) context.Context { + return middleware.WithStackValue(ctx, checksumInputAlgorithmKey{}, value) +} + +// GetChecksumInputAlgorithm returns the checksum algorithm from the context. +func GetChecksumInputAlgorithm(ctx context.Context) string { + v, _ := middleware.GetStackValue(ctx, checksumInputAlgorithmKey{}).(string) + return v +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go index 7ea49d4ea..849beffd7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go @@ -11,7 +11,7 @@ func GetPartition(region string) *PartitionConfig { var partitions = []Partition{ { ID: "aws", - RegionRegex: "^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$", + RegionRegex: "^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$", DefaultConfig: PartitionConfig{ Name: "aws", DnsSuffix: "amazonaws.com", @@ -90,6 +90,13 @@ var partitions = []Partition{ SupportsFIPS: nil, SupportsDualStack: nil, }, + "ap-southeast-4": { + Name: nil, + DnsSuffix: nil, + DualStackDnsSuffix: nil, + SupportsFIPS: nil, + SupportsDualStack: nil, + }, "aws-global": { Name: nil, DnsSuffix: nil, @@ -160,6 +167,13 @@ var partitions = []Partition{ SupportsFIPS: nil, SupportsDualStack: nil, }, + "il-central-1": { + Name: nil, + DnsSuffix: nil, + DualStackDnsSuffix: nil, + SupportsFIPS: nil, + SupportsDualStack: nil, + }, "me-central-1": { Name: nil, DnsSuffix: nil, @@ -340,4 +354,28 @@ var partitions = []Partition{ }, }, }, + { + ID: "aws-iso-e", + RegionRegex: "^eu\\-isoe\\-\\w+\\-\\d+$", + DefaultConfig: PartitionConfig{ + Name: "aws-iso-e", + DnsSuffix: "cloud.adc-e.uk", + DualStackDnsSuffix: "cloud.adc-e.uk", + SupportsFIPS: true, + SupportsDualStack: false, + }, + Regions: map[string]RegionOverrides{}, + }, + { + ID: "aws-iso-f", + RegionRegex: "^us\\-isof\\-\\w+\\-\\d+$", + DefaultConfig: PartitionConfig{ + Name: "aws-iso-f", + DnsSuffix: "csp.hci.ic.gov", + DualStackDnsSuffix: "csp.hci.ic.gov", + SupportsFIPS: true, + SupportsDualStack: false, + }, + Regions: map[string]RegionOverrides{}, + }, } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md index 0f71bbe71..761cc992b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md @@ -1,3 +1,27 @@ +# v2.5.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.5.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.5.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.5.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.5.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.5.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v2.5.3 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go index 2de64a7cd..caabf668d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go @@ -3,4 +3,4 @@ package endpoints // goModuleVersion is the tagged release for this module -const goModuleVersion = "2.5.3" +const goModuleVersion = "2.5.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md index a04ce9b6f..adbbf4adc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md @@ -1,3 +1,11 @@ +# v1.7.2 (2023-12-08) + +* **Bug Fix**: Correct loading of [services *] sections into shared config. + +# v1.7.1 (2023-11-16) + +* **Bug Fix**: Fix recognition of trailing comments in shared config properties. # or ; separators that aren't preceded by whitespace at the end of a property value should be considered part of it. + # v1.7.0 (2023-11-13) * **Feature**: Replace the legacy config parser with a modern, less-strict implementation. Parsing failures within a section will now simply ignore the invalid line rather than silently drop the entire section. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go index 9ffee6eed..f0673f3a0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go @@ -3,4 +3,4 @@ package ini // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.7.0" +const goModuleVersion = "1.7.2" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go index 0fcb8ec07..2422d9046 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go @@ -82,7 +82,7 @@ func (p *parser) handleSubProperty(tok *lineTokenSubProperty) { // "promote" this to a normal property. p.handleProperty(&lineTokenProperty{ Key: tok.Key, - Value: strings.TrimSpace(trimComment(tok.Value)), + Value: strings.TrimSpace(trimPropertyComment(tok.Value)), }) return } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go index 478239a25..661588c22 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go @@ -1,11 +1,21 @@ package ini -import "strings" +import ( + "strings" +) -func trimComment(v string) string { - rest, _, _ := strings.Cut(v, "#") - rest, _, _ = strings.Cut(rest, ";") - return rest +func trimProfileComment(s string) string { + r, _, _ := strings.Cut(s, "#") + r, _, _ = strings.Cut(r, ";") + return r +} + +func trimPropertyComment(s string) string { + r, _, _ := strings.Cut(s, " #") + r, _, _ = strings.Cut(r, " ;") + r, _, _ = strings.Cut(r, "\t#") + r, _, _ = strings.Cut(r, "\t;") + return r } // assumes no surrounding comment diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go index 9778a1738..89a773684 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go @@ -30,7 +30,7 @@ func isLineComment(line string) bool { } func asProfile(line string) *lineTokenProfile { // " [ type name ] ; comment" - trimmed := strings.TrimSpace(trimComment(line)) // "[ type name ]" + trimmed := strings.TrimSpace(trimProfileComment(line)) // "[ type name ]" if !isBracketed(trimmed) { return nil } @@ -48,7 +48,8 @@ func asProperty(line string) *lineTokenProperty { return nil } - trimmed := strings.TrimRight(trimComment(line), " \t") + trimmed := trimPropertyComment(line) + trimmed = strings.TrimRight(trimmed, " \t") k, v, ok := splitProperty(trimmed) if !ok { return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go index ade75bf34..e3706b3c3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go @@ -54,18 +54,7 @@ func (v Value) String() string { // MapValue returns a map value for sub properties func (v Value) MapValue() map[string]string { - newlineParts := strings.Split(string(v.str), "\n") - mp := make(map[string]string) - for _, part := range newlineParts { - operandParts := strings.Split(part, "=") - if len(operandParts) < 2 { - continue - } - key := strings.TrimSpace(operandParts[0]) - val := strings.TrimSpace(operandParts[1]) - mp[key] = val - } - return mp + return v.mp } // IntValue returns an integer value diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md index 57739ecc9..982bc97c2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md @@ -1,3 +1,27 @@ +# v1.2.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.2.3 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go index fc7be536e..4bfe4abd0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go @@ -3,4 +3,4 @@ package v4a // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.2.3" +const goModuleVersion = "1.2.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go index a3a2dc1c6..516d459d5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go @@ -39,7 +39,7 @@ func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.P ) { creds, err := v.Provider.RetrievePrivateKey(ctx) if err != nil { - return nil, fmt.Errorf("get credentials: %v", err) + return nil, fmt.Errorf("get credentials: %w", err) } return &CredentialsAdapter{Credentials: creds}, nil @@ -79,7 +79,7 @@ func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, o.LogSigning = v.LogSigning }) if err != nil { - return fmt.Errorf("sign http: %v", err) + return fmt.Errorf("sign http: %w", err) } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md index 95cf44811..c3525fd22 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md @@ -1,3 +1,15 @@ +# v1.10.4 (2023-12-07) + +* No change notes available for this release. + +# v1.10.3 (2023-11-30) + +* No change notes available for this release. + +# v1.10.2 (2023-11-29) + +* No change notes available for this release. + # v1.10.1 (2023-11-15) * No change notes available for this release. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go index ee1cccaab..cc6384005 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go @@ -3,4 +3,4 @@ package acceptencoding // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.10.1" +const goModuleVersion = "1.10.4" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md index cdb7a8fa2..d27305250 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md @@ -1,3 +1,27 @@ +# v1.2.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.2.3 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go index 62b8267b7..8076821c4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go @@ -3,4 +3,4 @@ package checksum // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.2.3" +const goModuleVersion = "1.2.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go index 8943613ca..c7740658a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go @@ -9,6 +9,7 @@ import ( "strconv" v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -377,7 +378,7 @@ func (m *addInputChecksumTrailer) HandleFinalize( } func getInputAlgorithm(ctx context.Context) (Algorithm, bool, error) { - ctxAlgorithm := getContextInputAlgorithm(ctx) + ctxAlgorithm := internalcontext.GetChecksumInputAlgorithm(ctx) if ctxAlgorithm == "" { return "", false, nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go index f72952549..3db73afe7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go @@ -3,6 +3,7 @@ package checksum import ( "context" + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" "github.com/aws/smithy-go/middleware" ) @@ -35,33 +36,13 @@ func (m *setupInputContext) HandleInitialize( // check is input resource has a checksum algorithm algorithm, ok := m.GetAlgorithm(in.Parameters) if ok && len(algorithm) != 0 { - ctx = setContextInputAlgorithm(ctx, algorithm) + ctx = internalcontext.SetChecksumInputAlgorithm(ctx, algorithm) } } return next.HandleInitialize(ctx, in) } -// inputAlgorithmKey is the key set on context used to identify, retrieves the -// request checksum algorithm if present on the context. -type inputAlgorithmKey struct{} - -// setContextInputAlgorithm sets the request checksum algorithm on the context. -// -// Scoped to stack values. -func setContextInputAlgorithm(ctx context.Context, value string) context.Context { - return middleware.WithStackValue(ctx, inputAlgorithmKey{}, value) -} - -// getContextInputAlgorithm returns the checksum algorithm from the context if -// one was specified. Empty string is returned if one is not specified. -// -// Scoped to stack values. -func getContextInputAlgorithm(ctx context.Context) (v string) { - v, _ = middleware.GetStackValue(ctx, inputAlgorithmKey{}).(string) - return v -} - type setupOutputContext struct { // GetValidationMode is a function to get the checksum validation // mode of the output payload from the input parameters. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md index 301998292..1191b30c6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md @@ -1,3 +1,27 @@ +# v1.10.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.10.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.10.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.10.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.10.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.10.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.10.3 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go index 4750c8c4e..aacb4dd24 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go @@ -3,4 +3,4 @@ package presignedurl // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.10.3" +const goModuleVersion = "1.10.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md index 2bdf4e3aa..3b15285f3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md @@ -1,3 +1,27 @@ +# v1.16.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.16.3 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go index 243414446..5f16c5859 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go @@ -3,4 +3,4 @@ package s3shared // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.16.3" +const goModuleVersion = "1.16.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md index 49749b880..c16b702a6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md @@ -1,3 +1,60 @@ +# v1.47.5 (2023-12-08) + +* **Bug Fix**: Add non-vhostable buckets to request path when using legacy V1 endpoint resolver. +* **Bug Fix**: Improve uniqueness of default S3Express sesssion credentials cache keying to prevent collision in multi-credential scenarios. +* **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein. + +# v1.47.4 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.47.3 (2023-12-06) + +* **Bug Fix**: Restore pre-refactor auth behavior where all operations could technically be performed anonymously. + +# v1.47.2 (2023-12-01) + +* **Bug Fix**: Correct wrapping of errors in authentication workflow. +* **Bug Fix**: Correctly recognize cache-wrapped instances of AnonymousCredentials at client construction. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.47.1 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.47.0 (2023-11-29) + +* **Feature**: Expose Options() accessor on service clients. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.46.0 (2023-11-28.2) + +* **Feature**: Add S3Express support. +* **Feature**: Adds support for S3 Express One Zone. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.45.1 (2023-11-28) + +* **Bug Fix**: Respect setting RetryMaxAttempts in functional options at client construction. + +# v1.45.0 (2023-11-27) + +* **Feature**: Adding new params - Key and Prefix, to S3 API operations for supporting S3 Access Grants. Note - These updates will not change any of the existing S3 API functionality. + +# v1.44.0 (2023-11-21) + +* **Feature**: Add support for automatic date based partitioning in S3 Server Access Logs. +* **Bug Fix**: Don't send MaxKeys/MaxUploads=0 when unspecified in ListObjectVersions and ListMultipartUploads paginators. + +# v1.43.1 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.43.0 (2023-11-17) + +* **Feature**: **BREAKING CHANGE** Correct nullability of a large number of S3 structure fields. See https://github.com/aws/aws-sdk-go-v2/issues/2162. +* **Feature**: Removes all default 0 values for numbers and false values for booleans + # v1.42.2 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go index 61c7b65a9..a3fe93b7f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go @@ -66,10 +66,14 @@ func New(options Options, optFns ...func(*Options)) *Client { fn(&options) } + finalizeRetryMaxAttempts(&options) + resolveCredentialProvider(&options) ignoreAnonymousAuth(&options) + resolveExpressCredentials(&options) + finalizeServiceEndpointAuthResolver(&options) resolveAuthSchemes(&options) @@ -78,9 +82,20 @@ func New(options Options, optFns ...func(*Options)) *Client { options: options, } + finalizeExpressCredentials(&options, client) + return client } +// Options returns a copy of the client configuration. +// +// Callers SHOULD NOT perform mutations on any inner structures within client +// config. Config overrides should instead be made on a per-operation basis through +// functional options. +func (c *Client) Options() Options { + return c.options.Copy() +} + func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) { ctx = middleware.ClearStackValues(ctx) stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) @@ -92,12 +107,14 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf setSafeEventStreamClientLogMode(&options, opID) - finalizeRetryMaxAttemptOptions(&options, *c) + finalizeOperationRetryMaxAttempts(&options, *c) finalizeClientEndpointResolverOptions(&options) resolveCredentialProvider(&options) + finalizeOperationExpressCredentials(&options, *c) + finalizeOperationEndpointAuthResolver(&options) for _, fn := range stackFns { @@ -150,7 +167,7 @@ func (m *setOperationInputMiddleware) HandleSerialize(ctx context.Context, in mi func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error { if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil { - return fmt.Errorf("add ResolveAuthScheme: %v", err) + return fmt.Errorf("add ResolveAuthScheme: %w", err) } if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil { return fmt.Errorf("add GetIdentity: %v", err) @@ -159,7 +176,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o return fmt.Errorf("add ResolveEndpointV2: %v", err) } if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil { - return fmt.Errorf("add Signing: %v", err) + return fmt.Errorf("add Signing: %w", err) } return nil } @@ -177,6 +194,11 @@ func resolveAuthSchemes(options *Options) { Logger: options.Logger, LogSigning: options.ClientLogMode.IsSigning(), }), + internalauth.NewHTTPAuthScheme("com.amazonaws.s3#sigv4express", &s3cust.ExpressSigner{ + Signer: options.HTTPSignerV4, + Logger: options.Logger, + LogSigning: options.ClientLogMode.IsSigning(), + }), internalauth.NewHTTPAuthScheme("aws.auth#sigv4a", &v4a.SignerAdapter{ Signer: options.httpSignerV4a, Logger: options.Logger, @@ -257,6 +279,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client { resolveAWSEndpointResolver(cfg, &opts) resolveUseARNRegion(cfg, &opts) resolveDisableMultiRegionAccessPoints(cfg, &opts) + resolveDisableExpressAuth(cfg, &opts) resolveUseDualStackEndpoint(cfg, &opts) resolveUseFIPSEndpoint(cfg, &opts) resolveBaseEndpoint(cfg, &opts) @@ -351,7 +374,15 @@ func resolveAWSRetryMaxAttempts(cfg aws.Config, o *Options) { o.RetryMaxAttempts = cfg.RetryMaxAttempts } -func finalizeRetryMaxAttemptOptions(o *Options, client Client) { +func finalizeRetryMaxAttempts(o *Options) { + if o.RetryMaxAttempts == 0 { + return + } + + o.Retryer = retry.AddWithMaxAttempts(o.Retryer, o.RetryMaxAttempts) +} + +func finalizeOperationRetryMaxAttempts(o *Options, client Client) { if v := o.RetryMaxAttempts; v == 0 || v == client.options.RetryMaxAttempts { return } @@ -721,7 +752,7 @@ func (m *presignContextPolyfillMiddleware) HandleFinalize(ctx context.Context, i schemeID := rscheme.Scheme.SchemeID() ctx = s3cust.SetSignerVersion(ctx, schemeID) - if schemeID == "aws.auth#sigv4" { + if schemeID == "aws.auth#sigv4" || schemeID == "com.amazonaws.s3#sigv4express" { if sn, ok := smithyhttp.GetSigV4SigningName(&rscheme.SignerProperties); ok { ctx = awsmiddleware.SetSigningName(ctx, sn) } @@ -765,9 +796,10 @@ func (c presignConverter) convertToPresignMiddleware(stack *middleware.Stack, op return err } - // add multi-region access point presigner + // extended s3 presigning signermv := s3cust.NewPresignHTTPRequestMiddleware(s3cust.PresignHTTPRequestMiddlewareOptions{ CredentialsProvider: options.Credentials, + ExpressCredentials: options.ExpressCredentials, V4Presigner: c.Presigner, V4aPresigner: c.presignerV4a, LogSigning: options.ClientLogMode.IsSigning(), diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go index c41dfe00c..d1e7dceae 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go @@ -13,18 +13,40 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This action aborts a multipart upload. After a multipart upload is aborted, no -// additional parts can be uploaded using that upload ID. The storage consumed by -// any previously uploaded parts will be freed. However, if any part uploads are +// This operation aborts a multipart upload. After a multipart upload is aborted, +// no additional parts can be uploaded using that upload ID. The storage consumed +// by any previously uploaded parts will be freed. However, if any part uploads are // currently in progress, those part uploads might or might not succeed. As a // result, it might be necessary to abort a given multipart upload multiple times // in order to completely free all storage consumed by all parts. To verify that -// all parts have been removed, so you don't get charged for the part storage, you -// should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) -// action and ensure that the parts list is empty. For information about -// permissions required to use the multipart upload, see Multipart Upload and -// Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// . The following operations are related to AbortMultipartUpload : +// all parts have been removed and prevent getting charged for the part storage, +// you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) +// API operation and ensure that the parts list is empty. Directory buckets - For +// directory buckets, you must make requests for this API operation to the Zonal +// endpoint. These endpoints support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to AbortMultipartUpload : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) @@ -47,16 +69,26 @@ func (c *Client) AbortMultipartUpload(ctx context.Context, params *AbortMultipar type AbortMultipartUploadInput struct { - // The bucket name to which the upload was taking place. When using this action - // with an access point, you must direct requests to the access point hostname. The - // access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The bucket name to which the upload was taking place. Directory buckets - When + // you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -76,18 +108,19 @@ type AbortMultipartUploadInput struct { // This member is required. UploadId *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer noSmithyDocumentSerde @@ -95,13 +128,14 @@ type AbortMultipartUploadInput struct { func (in *AbortMultipartUploadInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } type AbortMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -165,6 +199,9 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpAbortMultipartUploadValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go index 88901f707..b9f094f1e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go @@ -15,54 +15,81 @@ import ( // Completes a multipart upload by assembling previously uploaded parts. You first // initiate the multipart upload and then upload all parts using the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// operation or the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. After successfully uploading all relevant parts of an upload, you -// call this action to complete the upload. Upon receiving this request, Amazon S3 -// concatenates all the parts in ascending order by part number to create a new -// object. In the Complete Multipart Upload request, you must provide the parts -// list. You must ensure that the parts list is complete. This action concatenates -// the parts that you provide in the list. For each part in the list, you must -// provide the part number and the ETag value, returned after that part was -// uploaded. Processing of a Complete Multipart Upload request could take several -// minutes to complete. After Amazon S3 begins processing the request, it sends an -// HTTP response header that specifies a 200 OK response. While processing is in -// progress, Amazon S3 periodically sends white space characters to keep the -// connection from timing out. A request could fail after the initial 200 OK -// response has been sent. This means that a 200 OK response can contain either a -// success or an error. If you call the S3 API directly, make sure to design your -// application to parse the contents of the response and handle it appropriately. -// If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect -// the embedded error and apply error handling per your configuration settings -// (including automatically retrying the request as appropriate). If the condition -// persists, the SDKs throws an exception (or, for the SDKs that don't use -// exceptions, they return the error). Note that if CompleteMultipartUpload fails, -// applications should be prepared to retry the failed requests. For more -// information, see Amazon S3 Error Best Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html) -// . You cannot use Content-Type: application/x-www-form-urlencoded with Complete -// Multipart Upload requests. Also, if you do not provide a Content-Type header, -// CompleteMultipartUpload returns a 200 OK response. For more information about -// multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) -// . For information about permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// . CompleteMultipartUpload has the following special errors: -// - Error code: EntityTooSmall +// call this CompleteMultipartUpload operation to complete the upload. Upon +// receiving this request, Amazon S3 concatenates all the parts in ascending order +// by part number to create a new object. In the CompleteMultipartUpload request, +// you must provide the parts list and ensure that the parts list is complete. The +// CompleteMultipartUpload API operation concatenates the parts that you provide in +// the list. For each part in the list, you must provide the PartNumber value and +// the ETag value that are returned after that part was uploaded. The processing +// of a CompleteMultipartUpload request could take several minutes to finalize. +// After Amazon S3 begins processing the request, it sends an HTTP response header +// that specifies a 200 OK response. While processing is in progress, Amazon S3 +// periodically sends white space characters to keep the connection from timing +// out. A request could fail after the initial 200 OK response has been sent. This +// means that a 200 OK response can contain either a success or an error. The +// error response might be embedded in the 200 OK response. If you call this API +// operation directly, make sure to design your application to parse the contents +// of the response and handle it appropriately. If you use Amazon Web Services +// SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply +// error handling per your configuration settings (including automatically retrying +// the request as appropriate). If the condition persists, the SDKs throw an +// exception (or, for the SDKs that don't use exceptions, they return an error). +// Note that if CompleteMultipartUpload fails, applications should be prepared to +// retry the failed requests. For more information, see Amazon S3 Error Best +// Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html) +// . You can't use Content-Type: application/x-www-form-urlencoded for the +// CompleteMultipartUpload requests. Also, if you don't provide a Content-Type +// header, CompleteMultipartUpload can still return a 200 OK response. For more +// information about multipart uploads, see Uploading Objects Using Multipart +// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. Directory buckets - For directory buckets, you must +// make requests for this API operation to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Special errors +// - Error Code: EntityTooSmall // - Description: Your proposed upload is smaller than the minimum allowed // object size. Each part must be at least 5 MB in size, except the last part. -// - 400 Bad Request -// - Error code: InvalidPart +// - HTTP Status Code: 400 Bad Request +// - Error Code: InvalidPart // - Description: One or more of the specified parts could not be found. The -// part might not have been uploaded, or the specified entity tag might not have -// matched the part's entity tag. -// - 400 Bad Request -// - Error code: InvalidPartOrder +// part might not have been uploaded, or the specified ETag might not have matched +// the uploaded part's ETag. +// - HTTP Status Code: 400 Bad Request +// - Error Code: InvalidPartOrder // - Description: The list of parts was not in ascending order. The parts list // must be specified in order by part number. -// - 400 Bad Request -// - Error code: NoSuchUpload +// - HTTP Status Code: 400 Bad Request +// - Error Code: NoSuchUpload // - Description: The specified multipart upload does not exist. The upload ID // might be invalid, or the multipart upload might have been aborted or completed. -// - 404 Not Found +// - HTTP Status Code: 404 Not Found // -// The following operations are related to CompleteMultipartUpload : +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to CompleteMultipartUpload : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) @@ -85,16 +112,26 @@ func (c *Client) CompleteMultipartUpload(ctx context.Context, params *CompleteMu type CompleteMultipartUploadInput struct { - // Name of the bucket to which the multipart upload was initiated. When using this - // action with an access point, you must direct requests to the access point - // hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // Name of the bucket to which the multipart upload was initiated. Directory + // buckets - When you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -142,9 +179,9 @@ type CompleteMultipartUploadInput struct { // in the Amazon S3 User Guide. ChecksumSHA256 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The container for the multipart upload request information. @@ -152,29 +189,34 @@ type CompleteMultipartUploadInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The server-side encryption (SSE) algorithm used to encrypt the object. This - // parameter is needed only when the object was created using a checksum algorithm. - // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) - // in the Amazon S3 User Guide. + // parameter is required only when the object was created using a checksum + // algorithm or if your bucket policy requires the use of SSE-C. For more + // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // The server-side encryption (SSE) customer managed key. This parameter is needed // only when the object was created using a checksum algorithm. For more // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerKey *string // The MD5 server-side encryption (SSE) customer managed key. This parameter is // needed only when the object was created using a checksum algorithm. For more // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerKeyMD5 *string noSmithyDocumentSerde @@ -182,58 +224,55 @@ type CompleteMultipartUploadInput struct { func (in *CompleteMultipartUploadInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } type CompleteMultipartUploadOutput struct { // The name of the bucket that contains the newly created object. Does not return - // the access point ARN or access point alias if used. When using this action with - // an access point, you must direct requests to the access point hostname. The - // access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you - // use this action with S3 on Outposts through the Amazon Web Services SDKs, you - // provide the Outposts access point ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // the access point ARN or access point alias if used. Access points are not + // supported by directory buckets. Bucket *string // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality + // is not supported for directory buckets. + BucketKeyEnabled *bool // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string @@ -249,6 +288,7 @@ type CompleteMultipartUploadOutput struct { // If the object expiration is configured, this will contain the expiration date ( // expiry-date ) and rule ID ( rule-id ). The value of rule-id is URL-encoded. + // This functionality is not supported for directory buckets. Expiration *string // The object key of the newly created object. @@ -258,19 +298,21 @@ type CompleteMultipartUploadOutput struct { Location *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms ). + // (for example, AES256 , aws:kms ). For directory buckets, only server-side + // encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. ServerSideEncryption types.ServerSideEncryption // Version ID of the newly created object, in case the bucket has versioning - // turned on. + // turned on. This functionality is not supported for directory buckets. VersionId *string // Metadata pertaining to the operation's result. @@ -334,6 +376,9 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpCompleteMultipartUploadValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go index bd1b4cda8..deb21cee0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go @@ -10,6 +10,7 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" "time" ) @@ -20,135 +21,89 @@ import ( // object greater than 5 GB, you must use the multipart upload Upload Part - Copy // (UploadPartCopy) API. For more information, see Copy Object Using the REST // Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html) -// . All copy requests must be authenticated. Additionally, you must have read -// access to the source object and write access to the destination bucket. For more -// information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) -// . Both the Region that you want to copy the object from and the Region that you -// want to copy the object to must be enabled for your account. A copy request -// might return an error when Amazon S3 receives the copy request or while Amazon -// S3 is copying the files. If the error occurs before the copy action starts, you -// receive a standard Amazon S3 error. If the error occurs during the copy -// operation, the error response is embedded in the 200 OK response. This means -// that a 200 OK response can contain either a success or an error. If you call -// the S3 API directly, make sure to design your application to parse the contents -// of the response and handle it appropriately. If you use Amazon Web Services -// SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply -// error handling per your configuration settings (including automatically retrying -// the request as appropriate). If the condition persists, the SDKs throws an -// exception (or, for the SDKs that don't use exceptions, they return the error). -// If the copy is successful, you receive a response with information about the -// copied object. If the request is an HTTP 1.1 request, the response is chunk -// encoded. If it were not, it would not contain the content-length, and you would -// need to read the entire body. The copy request charge is based on the storage -// class and Region that you specify for the destination object. The request can -// also result in a data retrieval charge for the source if the source storage -// class bills for data retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/) -// . Amazon S3 transfer acceleration does not support cross-Region copies. If you -// request a cross-Region copy using a transfer acceleration endpoint, you get a -// 400 Bad Request error. For more information, see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) -// . Metadata When copying an object, you can preserve all metadata (the default) -// or specify new metadata. However, the access control list (ACL) is not preserved -// and is set to private for the user making the request. To override the default -// ACL setting, specify a new ACL when generating a copy request. For more -// information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) -// . To specify whether you want the object metadata copied from the source object -// or replaced with metadata provided in the request, you can optionally add the -// x-amz-metadata-directive header. When you grant permissions, you can use the -// s3:x-amz-metadata-directive condition key to enforce certain metadata behavior -// when objects are uploaded. For more information, see Specifying Conditions in a -// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) -// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition -// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) -// . x-amz-website-redirect-location is unique to each object and must be -// specified in the request headers to copy the value. x-amz-copy-source-if Headers -// To only copy an object under certain conditions, such as whether the Etag -// matches or whether the object was modified before or after a specified date, use -// the following request parameters: -// - x-amz-copy-source-if-match -// - x-amz-copy-source-if-none-match -// - x-amz-copy-source-if-unmodified-since -// - x-amz-copy-source-if-modified-since +// . You can copy individual objects between general purpose buckets, between +// directory buckets, and between general purpose buckets and directory buckets. +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Both the Region that you want to copy the object +// from and the Region that you want to copy the object to must be enabled for your +// account. Amazon S3 transfer acceleration does not support cross-Region copies. +// If you request a cross-Region copy using a transfer acceleration endpoint, you +// get a 400 Bad Request error. For more information, see Transfer Acceleration (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) +// . Authentication and authorization All CopyObject requests must be +// authenticated and signed by using IAM credentials (access key ID and secret +// access key for the IAM identities). All headers with the x-amz- prefix, +// including x-amz-copy-source , must be signed. For more information, see REST +// Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) +// . Directory buckets - You must use the IAM credentials to authenticate and +// authorize your access to the CopyObject API operation, instead of using the +// temporary security credentials through the CreateSession API operation. Amazon +// Web Services CLI or SDKs handles authentication and authorization on your +// behalf. Permissions You must have read access to the source object and write +// access to the destination bucket. +// - General purpose bucket permissions - You must have permissions in an IAM +// policy based on the source and destination bucket types in a CopyObject +// operation. +// - If the source object is in a general purpose bucket, you must have +// s3:GetObject permission to read the source object that is being copied. +// - If the destination bucket is a general purpose bucket, you must have +// s3:PubObject permission to write the object copy to the destination bucket. +// - Directory bucket permissions - You must have permissions in a bucket policy +// or an IAM identity-based policy based on the source and destination bucket types +// in a CopyObject operation. +// - If the source object that you want to copy is in a directory bucket, you +// must have the s3express:CreateSession permission in the Action element of a +// policy to read the object. By default, the session is in the ReadWrite mode. +// If you want to restrict the access, you can explicitly set the +// s3express:SessionMode condition key to ReadOnly on the copy source bucket. +// - If the copy destination is a directory bucket, you must have the +// s3express:CreateSession permission in the Action element of a policy to write +// the object to the destination. The s3express:SessionMode condition key can't +// be set to ReadOnly on the copy destination bucket. For example policies, see +// Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// 200 OK and copies the data: -// - x-amz-copy-source-if-match condition evaluates to true -// - x-amz-copy-source-if-unmodified-since condition evaluates to false +// Response and special errors When the request is an HTTP 1.1 request, the +// response is chunk encoded. When the request is not an HTTP 1.1 request, the +// response would not contain the Content-Length . You always need to read the +// entire response body to check if the copy succeeds. to keep the connection alive +// while we copy the data. +// - If the copy is successful, you receive a response with information about +// the copied object. +// - A copy request might return an error when Amazon S3 receives the copy +// request or while Amazon S3 is copying the files. A 200 OK response can contain +// either a success or an error. +// - If the error occurs before the copy action starts, you receive a standard +// Amazon S3 error. +// - If the error occurs during the copy operation, the error response is +// embedded in the 200 OK response. For example, in a cross-region copy, you may +// encounter throttling and receive a 200 OK response. For more information, see +// Resolve the Error 200 response when copying objects to Amazon S3 . The 200 OK +// status code means the copy was accepted, but it doesn't mean the copy is +// complete. Another example is when you disconnect from Amazon S3 before the copy +// is complete, Amazon S3 might cancel the copy and you may receive a 200 OK +// response. You must stay connected to Amazon S3 until the entire response is +// successfully received and processed. If you call this API operation directly, +// make sure to design your application to parse the content of the response and +// handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this +// condition. The SDKs detect the embedded error and apply error handling per your +// configuration settings (including automatically retrying the request as +// appropriate). If the condition persists, the SDKs throw an exception (or, for +// the SDKs that don't use exceptions, they return an error). // -// If both the x-amz-copy-source-if-none-match and -// x-amz-copy-source-if-modified-since headers are present in the request and -// evaluate as follows, Amazon S3 returns the 412 Precondition Failed response -// code: -// - x-amz-copy-source-if-none-match condition evaluates to false -// - x-amz-copy-source-if-modified-since condition evaluates to true -// -// All headers with the x-amz- prefix, including x-amz-copy-source , must be -// signed. Server-side encryption Amazon S3 automatically encrypts all new objects -// that are copied to an S3 bucket. When copying an object, if you don't specify -// encryption information in your copy request, the encryption setting of the -// target object is set to the default encryption configuration of the destination -// bucket. By default, all buckets have a base level of encryption configuration -// that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the -// destination bucket has a default encryption configuration that uses server-side -// encryption with Key Management Service (KMS) keys (SSE-KMS), dual-layer -// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), or -// server-side encryption with customer-provided encryption keys (SSE-C), Amazon S3 -// uses the corresponding KMS key, or a customer-provided key to encrypt the target -// object copy. When you perform a CopyObject operation, if you want to use a -// different type of encryption setting for the target object, you can use other -// appropriate encryption-related headers to encrypt the target object with a KMS -// key, an Amazon S3 managed key, or a customer-provided key. With server-side -// encryption, Amazon S3 encrypts your data as it writes your data to disks in its -// data centers and decrypts the data when you access it. If the encryption setting -// in your request is different from the default encryption configuration of the -// destination bucket, the encryption setting in your request takes precedence. If -// the source object for the copy is stored in Amazon S3 using SSE-C, you must -// provide the necessary encryption information in your request so that Amazon S3 -// can decrypt the object for copying. For more information about server-side -// encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) -// . If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the -// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. Access Control List (ACL)-Specific Request Headers -// When copying an object, you can optionally use headers to grant ACL-based -// permissions. By default, all objects are private. Only the owner has full access -// control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups that are defined by Amazon -// S3. These permissions are then added to the ACL on the object. For more -// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) -// . If the bucket that you're copying objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect -// permissions. Buckets that use this setting only accept PUT requests that don't -// specify an ACL or PUT requests that specify bucket owner full control ACLs, -// such as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. For more information, see Controlling -// ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced -// setting for Object Ownership, all objects written to the bucket by any account -// will be owned by the bucket owner. Checksums When copying an object, if it has a -// checksum, that checksum will be copied to the new object by default. When you -// copy the object over, you can optionally specify a different checksum algorithm -// to use with the x-amz-checksum-algorithm header. Storage Class Options You can -// use the CopyObject action to change the storage class of an object that is -// already stored in Amazon S3 by using the StorageClass parameter. For more -// information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. If the source object's storage class is GLACIER or -// DEEP_ARCHIVE, or the object's storage class is INTELLIGENT_TIERING and it's S3 -// Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) -// is Archive Access or Deep Archive Access, you must restore a copy of this object -// before you can use it as a source object for the copy operation. For more -// information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) -// . For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) -// . Versioning By default, x-amz-copy-source header identifies the current -// version of an object to copy. If the current version is a delete marker, Amazon -// S3 behaves as if the object was deleted. To copy a different version, use the -// versionId subresource. If you enable versioning on the target bucket, Amazon S3 -// generates a unique version ID for the object being copied. This version ID is -// different from the version ID of the source object. Amazon S3 returns the -// version ID of the copied object in the x-amz-version-id response header in the -// response. If you do not enable versioning or suspend it on the target bucket, -// the version ID that Amazon S3 generates is always null. The following operations -// are related to CopyObject : +// Charge The copy request charge is based on the storage class and Region that +// you specify for the destination object. The request can also result in a data +// retrieval charge for the source if the source storage class bills for data +// retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/) +// . HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to CopyObject : // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) func (c *Client) CopyObject(ctx context.Context, params *CopyObjectInput, optFns ...func(*Options)) (*CopyObjectOutput, error) { @@ -168,16 +123,26 @@ func (c *Client) CopyObject(ctx context.Context, params *CopyObjectInput, optFns type CopyObjectInput struct { - // The name of the destination bucket. When using this action with an access - // point, you must direct requests to the access point hostname. The access point - // hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the destination bucket. Directory buckets - When you use this + // operation with a directory bucket, you must use virtual-hosted-style requests in + // the format Bucket_name.s3express-az_id.region.amazonaws.com . Path-style + // requests are not supported. Directory bucket names must be unique in the chosen + // Availability Zone. Bucket names must follow the format + // bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -187,35 +152,52 @@ type CopyObjectInput struct { // This member is required. Bucket *string - // Specifies the source object for the copy operation. You specify the value in - // one of two formats, depending on whether you want to access the source object - // through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html) + // Specifies the source object for the copy operation. The source object can be up + // to 5 GB. If the source object is an object that was uploaded by using a + // multipart upload, the object copy will be a single part object after the source + // object is copied to the destination bucket. You specify the value of the copy + // source in one of two formats, depending on whether you want to access the source + // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html) // : // - For objects not accessed through an access point, specify the name of the // source bucket and the key of the source object, separated by a slash (/). For - // example, to copy the object reports/january.pdf from the bucket - // awsexamplebucket , use awsexamplebucket/reports/january.pdf . The value must - // be URL-encoded. + // example, to copy the object reports/january.pdf from the general purpose + // bucket awsexamplebucket , use awsexamplebucket/reports/january.pdf . The value + // must be URL-encoded. To copy the object reports/january.pdf from the directory + // bucket awsexamplebucket--use1-az5--x-s3 , use + // awsexamplebucket--use1-az5--x-s3/reports/january.pdf . The value must be + // URL-encoded. // - For objects accessed through access points, specify the Amazon Resource // Name (ARN) of the object as accessed through the access point, in the format // arn:aws:s3:::accesspoint//object/ . For example, to copy the object // reports/january.pdf through access point my-access-point owned by account // 123456789012 in Region us-west-2 , use the URL encoding of // arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf - // . The value must be URL encoded. Amazon S3 supports copy operations using access - // points only when the source and destination buckets are in the same Amazon Web - // Services Region. Alternatively, for objects accessed through Amazon S3 on - // Outposts, specify the ARN of the object as accessed in the format - // arn:aws:s3-outposts:::outpost//object/ . For example, to copy the object - // reports/january.pdf through outpost my-outpost owned by account 123456789012 - // in Region us-west-2 , use the URL encoding of + // . The value must be URL encoded. + // - Amazon S3 supports copy operations using Access points only when the source + // and destination buckets are in the same Amazon Web Services Region. + // - Access points are not supported by directory buckets. Alternatively, for + // objects accessed through Amazon S3 on Outposts, specify the ARN of the object as + // accessed in the format arn:aws:s3-outposts:::outpost//object/ . For example, + // to copy the object reports/january.pdf through outpost my-outpost owned by + // account 123456789012 in Region us-west-2 , use the URL encoding of // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf // . The value must be URL-encoded. - // To copy a specific version of an object, append ?versionId= to the value (for - // example, + // If your source bucket versioning is enabled, the x-amz-copy-source header by + // default identifies the current version of an object to copy. If the current + // version is a delete marker, Amazon S3 behaves as if the object was deleted. To + // copy a different version, use the versionId query parameter. Specifically, + // append ?versionId= to the value (for example, // awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893 // ). If you don't specify a version ID, Amazon S3 copies the latest version of the - // source object. + // source object. If you enable versioning on the destination bucket, Amazon S3 + // generates a unique version ID for the copied object. This version ID is + // different from the version ID of the source object. Amazon S3 returns the + // version ID of the copied object in the x-amz-version-id response header in the + // response. If you do not enable versioning or suspend it on the destination + // bucket, the version ID that Amazon S3 generates in the x-amz-version-id + // response header is always null. Directory buckets - S3 Versioning isn't enabled + // and supported for directory buckets. // // This member is required. CopySource *string @@ -225,138 +207,230 @@ type CopyObjectInput struct { // This member is required. Key *string - // The canned ACL to apply to the object. This action is not supported by Amazon - // S3 on Outposts. + // The canned access control list (ACL) to apply to the object. When you copy an + // object, the ACL metadata is not preserved and is set to private by default. + // Only the owner has full access control. To override the default ACL setting, + // specify a new ACL when you generate a copy request. For more information, see + // Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) + // . If the destination bucket that you're copying objects to uses the bucket owner + // enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect + // permissions. Buckets that use this setting only accept PUT requests that don't + // specify an ACL or PUT requests that specify bucket owner full control ACLs, + // such as the bucket-owner-full-control canned ACL or an equivalent form of this + // ACL expressed in the XML format. For more information, see Controlling + // ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // - If your destination bucket uses the bucket owner enforced setting for + // Object Ownership, all objects written to the bucket by any account will be owned + // by the bucket owner. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. ACL types.ObjectCannedACL // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object // encryption with SSE-KMS. Specifying this header with a COPY action doesn’t - // affect bucket-level settings for S3 Bucket Key. - BucketKeyEnabled bool + // affect bucket-level settings for S3 Bucket Key. For more information, see + // Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) + // in the Amazon S3 User Guide. This functionality is not supported when the + // destination bucket is a directory bucket. + BucketKeyEnabled *bool - // Specifies caching behavior along the request/reply chain. + // Specifies the caching behavior along the request/reply chain. CacheControl *string - // Indicates the algorithm you want Amazon S3 to use to create the checksum for - // the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) - // in the Amazon S3 User Guide. + // Indicates the algorithm that you want Amazon S3 to use to create the checksum + // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. When you copy an object, if the source object has a + // checksum, that checksum value will be copied to the new object by default. If + // the CopyObject request does not include this x-amz-checksum-algorithm header, + // the checksum algorithm will be copied from the source object to the destination + // object (if it's present on the source object). You can optionally specify a + // different checksum algorithm to use with the x-amz-checksum-algorithm header. + // Unrecognized or unsupported values will respond with the HTTP status code 400 + // Bad Request . For directory buckets, when you use Amazon Web Services SDKs, + // CRC32 is the default checksum algorithm that's used for performance. ChecksumAlgorithm types.ChecksumAlgorithm - // Specifies presentational information for the object. + // Specifies presentational information for the object. Indicates whether an + // object should be displayed in a web browser or downloaded as a file. It allows + // specifying the desired filename for the downloaded file. ContentDisposition *string // Specifies what content encodings have been applied to the object and thus what // decoding mechanisms must be applied to obtain the media-type referenced by the - // Content-Type header field. + // Content-Type header field. For directory buckets, only the aws-chunked value is + // supported in this header field. ContentEncoding *string // The language the content is in. ContentLanguage *string - // A standard MIME type describing the format of the object data. + // A standard MIME type that describes the format of the object data. ContentType *string - // Copies the object if its entity tag (ETag) matches the specified tag. + // Copies the object if its entity tag (ETag) matches the specified tag. If both + // the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // - x-amz-copy-source-if-match condition evaluates to true + // - x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfMatch *string - // Copies the object if it has been modified since the specified time. + // Copies the object if it has been modified since the specified time. If both the + // x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since headers + // are present in the request and evaluate as follows, Amazon S3 returns the 412 + // Precondition Failed response code: + // - x-amz-copy-source-if-none-match condition evaluates to false + // - x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfModifiedSince *time.Time - // Copies the object if its entity tag (ETag) is different than the specified ETag. + // Copies the object if its entity tag (ETag) is different than the specified + // ETag. If both the x-amz-copy-source-if-none-match and + // x-amz-copy-source-if-modified-since headers are present in the request and + // evaluate as follows, Amazon S3 returns the 412 Precondition Failed response + // code: + // - x-amz-copy-source-if-none-match condition evaluates to false + // - x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfNoneMatch *string - // Copies the object if it hasn't been modified since the specified time. + // Copies the object if it hasn't been modified since the specified time. If both + // the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // - x-amz-copy-source-if-match condition evaluates to true + // - x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfUnmodifiedSince *time.Time // Specifies the algorithm to use when decrypting the source object (for example, - // AES256). + // AES256 ). If the source object for the copy is stored in Amazon S3 using SSE-C, + // you must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. This functionality is not + // supported when the source object is in a directory bucket. CopySourceSSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt - // the source object. The encryption key provided in this header must be one that - // was used when the source object was created. + // the source object. The encryption key provided in this header must be the same + // one that was used when the source object was created. If the source object for + // the copy is stored in Amazon S3 using SSE-C, you must provide the necessary + // encryption information in your request so that Amazon S3 can decrypt the object + // for copying. This functionality is not supported when the source object is in a + // directory bucket. CopySourceSSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. If the source object for the copy + // is stored in Amazon S3 using SSE-C, you must provide the necessary encryption + // information in your request so that Amazon S3 can decrypt the object for + // copying. This functionality is not supported when the source object is in a + // directory bucket. CopySourceSSECustomerKeyMD5 *string - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID that + // you provide does not match the actual owner of the destination bucket, the + // request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string - // The account ID of the expected source bucket owner. If the source bucket is - // owned by a different account, the request fails with the HTTP status code 403 - // Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that you + // provide does not match the actual owner of the source bucket, the request fails + // with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string // The date and time at which the object is no longer cacheable. Expires *time.Time - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. This - // action is not supported by Amazon S3 on Outposts. + // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string - // Allows grantee to read the object data and its metadata. This action is not - // supported by Amazon S3 on Outposts. + // Allows grantee to read the object data and its metadata. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantRead *string - // Allows grantee to read the object ACL. This action is not supported by Amazon - // S3 on Outposts. + // Allows grantee to read the object ACL. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string - // Allows grantee to write the ACL for the applicable object. This action is not - // supported by Amazon S3 on Outposts. + // Allows grantee to write the ACL for the applicable object. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string // A map of metadata to store with the object in S3. Metadata map[string]string // Specifies whether the metadata is copied from the source object or replaced - // with metadata provided in the request. + // with metadata that's provided in the request. When copying an object, you can + // preserve all metadata (the default) or specify new metadata. If this header + // isn’t specified, COPY is the default behavior. General purpose bucket - For + // general purpose buckets, when you grant permissions, you can use the + // s3:x-amz-metadata-directive condition key to enforce certain metadata behavior + // when objects are uploaded. For more information, see Amazon S3 condition key + // examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) + // in the Amazon S3 User Guide. x-amz-website-redirect-location is unique to each + // object and is not copied when using the x-amz-metadata-directive header. To + // copy the value, you must specify x-amz-website-redirect-location in the request + // header. MetadataDirective types.MetadataDirective - // Specifies whether you want to apply a legal hold to the copied object. + // Specifies whether you want to apply a legal hold to the object copy. This + // functionality is not supported for directory buckets. ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus - // The Object Lock mode that you want to apply to the copied object. + // The Object Lock mode that you want to apply to the object copy. This + // functionality is not supported for directory buckets. ObjectLockMode types.ObjectLockMode - // The date and time when you want the copied object's Object Lock to expire. + // The date and time when you want the Object Lock of the object copy to expire. + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256 + // ). When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting in + // your request is different from the default encryption configuration of the + // destination bucket, the encryption setting in your request takes precedence. + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in // encrypting data. This value is used to store the object and then it is - // discarded; Amazon S3 does not store the encryption key. The key must be + // discarded. Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the - // x-amz-server-side-encryption-customer-algorithm header. + // x-amz-server-side-encryption-customer-algorithm header. This functionality is + // not supported when the destination bucket is a directory bucket. SSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported when the destination bucket is a directory bucket. SSECustomerKeyMD5 *string // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value must be explicitly + // added to specify encryption context for CopyObject requests. This functionality + // is not supported when the destination bucket is a directory bucket. SSEKMSEncryptionContext *string // Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object @@ -364,35 +438,132 @@ type CopyObjectInput struct { // they're not made via SSL or using SigV4. For information about configuring any // of the officially supported Amazon Web Services SDKs and Amazon Web Services // CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported when the + // destination bucket is a directory bucket. SSEKMSKeyId *string // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms , aws:kms:dsse ). + // (for example, AES256 , aws:kms , aws:kms:dsse ). Unrecognized or unsupported + // values won’t write a destination object and will receive a 400 Bad Request + // response. Amazon S3 automatically encrypts all new objects that are copied to an + // S3 bucket. When copying an object, if you don't specify encryption information + // in your copy request, the encryption setting of the target object is set to the + // default encryption configuration of the destination bucket. By default, all + // buckets have a base level of encryption configuration that uses server-side + // encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket has a + // default encryption configuration that uses server-side encryption with Key + // Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with + // Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with + // customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding KMS + // key, or a customer-provided key to encrypt the target object copy. When you + // perform a CopyObject operation, if you want to use a different type of + // encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting in + // your request is different from the default encryption configuration of the + // destination bucket, the encryption setting in your request takes precedence. + // With server-side encryption, Amazon S3 encrypts your data as it writes your data + // to disks in its data centers and decrypts the data when you access it. For more + // information about server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) + // in the Amazon S3 User Guide. For directory buckets, only server-side encryption + // with Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. ServerSideEncryption types.ServerSideEncryption // If the x-amz-storage-class header is not used, the copied object will be stored // in the STANDARD Storage Class by default. The STANDARD storage class provides // high durability and high availability. Depending on performance needs, you can - // specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS - // Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // specify a different Storage Class. + // - Directory buckets - For directory buckets, only the S3 Express One Zone + // storage class is supported to store newly created objects. Unsupported storage + // class values won't write a destination object and will respond with the HTTP + // status code 400 Bad Request . + // - Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage Class. + // You can use the CopyObject action to change the storage class of an object that + // is already stored in Amazon S3 by using the x-amz-storage-class header. For + // more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. Before using an object as a source object for the + // copy operation, you must restore a copy of it if it meets any of the following + // conditions: + // - The storage class of the source object is GLACIER or DEEP_ARCHIVE . + // - The storage class of the source object is INTELLIGENT_TIERING and it's S3 + // Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) + // is Archive Access or Deep Archive Access . + // For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) + // and Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) // in the Amazon S3 User Guide. StorageClass types.StorageClass - // The tag-set for the object destination object this value must be used in - // conjunction with the TaggingDirective . The tag-set must be encoded as URL Query - // parameters. + // The tag-set for the object copy in the destination bucket. This value must be + // used in conjunction with the x-amz-tagging-directive if you choose REPLACE for + // the x-amz-tagging-directive . If you choose COPY for the x-amz-tagging-directive + // , you don't need to set the x-amz-tagging header, because the tag-set will be + // copied from the source object directly. The tag-set must be encoded as URL Query + // parameters. The default value is the empty value. Directory buckets - For + // directory buckets in a CopyObject operation, only the empty tag-set is + // supported. Any requests that attempt to write non-empty tags into directory + // buckets will receive a 501 Not Implemented status code. When the destination + // bucket is a directory bucket, you will receive a 501 Not Implemented response + // in any of the following situations: + // - When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // - When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging . + // - When you don't set the x-amz-tagging-directive header and the source object + // has non-empty tags. This is because the default value of + // x-amz-tagging-directive is COPY . + // Because only the empty tag-set is supported for directory buckets in a + // CopyObject operation, the following situations are allowed: + // - When you attempt to COPY the tag-set from a directory bucket source object + // that has no tags to a general purpose bucket. It copies an empty tag-set to the + // destination object. + // - When you attempt to REPLACE the tag-set of a directory bucket source object + // and set the x-amz-tagging value of the directory bucket destination object to + // empty. + // - When you attempt to REPLACE the tag-set of a general purpose bucket source + // object that has non-empty tags and set the x-amz-tagging value of the + // directory bucket destination object to empty. + // - When you attempt to REPLACE the tag-set of a directory bucket source object + // and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty value. Tagging *string - // Specifies whether the object tag-set are copied from the source object or - // replaced with tag-set provided in the request. + // Specifies whether the object tag-set is copied from the source object or + // replaced with the tag-set that's provided in the request. The default value is + // COPY . Directory buckets - For directory buckets in a CopyObject operation, + // only the empty tag-set is supported. Any requests that attempt to write + // non-empty tags into directory buckets will receive a 501 Not Implemented status + // code. When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // - When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // - When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging . + // - When you don't set the x-amz-tagging-directive header and the source object + // has non-empty tags. This is because the default value of + // x-amz-tagging-directive is COPY . + // Because only the empty tag-set is supported for directory buckets in a + // CopyObject operation, the following situations are allowed: + // - When you attempt to COPY the tag-set from a directory bucket source object + // that has no tags to a general purpose bucket. It copies an empty tag-set to the + // destination object. + // - When you attempt to REPLACE the tag-set of a directory bucket source object + // and set the x-amz-tagging value of the directory bucket destination object to + // empty. + // - When you attempt to REPLACE the tag-set of a general purpose bucket source + // object that has non-empty tags and set the x-amz-tagging value of the + // directory bucket destination object to empty. + // - When you attempt to REPLACE the tag-set of a directory bucket source object + // and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty value. TaggingDirective types.TaggingDirective - // If the bucket is configured as a website, redirects requests for this object to - // another object in the same bucket or to an external URL. Amazon S3 stores the - // value of this header in the object metadata. This value is unique to each object - // and is not copied when using the x-amz-metadata-directive header. Instead, you - // may opt to provide this header in combination with the directive. + // If the destination bucket is configured as a website, redirects requests for + // this object copy to another object in the same bucket or to an external URL. + // Amazon S3 stores the value of this header in the object metadata. This value is + // unique to each object and is not copied when using the x-amz-metadata-directive + // header. Instead, you may opt to provide this header in combination with the + // x-amz-metadata-directive header. This functionality is not supported for + // directory buckets. WebsiteRedirectLocation *string noSmithyDocumentSerde @@ -400,52 +571,62 @@ type CopyObjectInput struct { func (in *CopyObjectInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.DisableS3ExpressSessionAuth = ptr.Bool(true) } type CopyObjectOutput struct { // Indicates whether the copied object uses an S3 Bucket Key for server-side - // encryption with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality + // is not supported for directory buckets. + BucketKeyEnabled *bool // Container for all response elements. CopyObjectResult *types.CopyObjectResult - // Version of the copied object in the destination bucket. + // Version ID of the source object that was copied. This functionality is not + // supported when the source object is in a directory bucket. CopySourceVersionId *string - // If the object expiration is configured, the response includes this header. + // If the object expiration is configured, the response includes this header. This + // functionality is not supported for directory buckets. Expiration *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the Amazon Web Services KMS Encryption Context to use for + // If present, indicates the Amazon Web Services KMS Encryption Context to use for // object encryption. The value of this header is a base64-encoded UTF-8 string - // holding JSON with the encryption context key-value pairs. + // holding JSON with the encryption context key-value pairs. This functionality is + // not supported for directory buckets. SSEKMSEncryptionContext *string - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms , aws:kms:dsse ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms , aws:kms:dsse ). For directory buckets, only + // server-side encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is + // supported. ServerSideEncryption types.ServerSideEncryption - // Version ID of the newly created copy. + // Version ID of the newly created copy. This functionality is not supported for + // directory buckets. VersionId *string // Metadata pertaining to the operation's result. @@ -509,6 +690,9 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpCopyObjectValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go index c620fce9e..6357444ba 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go @@ -14,64 +14,80 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 -// and have a valid Amazon Web Services Access Key ID to authenticate requests. +// This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts +// bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html) +// . Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and +// have a valid Amazon Web Services Access Key ID to authenticate requests. // Anonymous requests are never allowed to create buckets. By creating the bucket, -// you become the bucket owner. Not every string is an acceptable bucket name. For -// information about bucket naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) -// . If you want to create an Amazon S3 on Outposts bucket, see Create Bucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html) -// . By default, the bucket is created in the US East (N. Virginia) Region. You can -// optionally specify a Region in the request body. To constrain the bucket -// creation to a specific Region, you can use LocationConstraint (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucketConfiguration.html) -// condition key. You might choose a Region to optimize latency, minimize costs, or -// address regulatory requirements. For example, if you reside in Europe, you will -// probably find it advantageous to create buckets in the Europe (Ireland) Region. -// For more information, see Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro) -// . If you send your create bucket request to the s3.amazonaws.com endpoint, the -// request goes to the us-east-1 Region. Accordingly, the signature calculations -// in Signature Version 4 must use us-east-1 as the Region, even if the location -// constraint in the request specifies another Region where the bucket is to be -// created. If you create a bucket in a Region other than US East (N. Virginia), -// your application must be able to handle 307 redirect. For more information, see -// Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) -// . Permissions In addition to s3:CreateBucket , the following permissions are -// required when your CreateBucket request includes specific headers: -// - Access control lists (ACLs) - If your CreateBucket request specifies access -// control list (ACL) permissions and the ACL is public-read, public-read-write, -// authenticated-read, or if you specify access permissions explicitly through any -// other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are needed. If -// the ACL for the CreateBucket request is private or if the request doesn't -// specify any ACLs, only s3:CreateBucket permission is needed. -// - Object Lock - If ObjectLockEnabledForBucket is set to true in your -// CreateBucket request, s3:PutBucketObjectLockConfiguration and -// s3:PutBucketVersioning permissions are required. -// - S3 Object Ownership - If your CreateBucket request includes the -// x-amz-object-ownership header, then the s3:PutBucketOwnershipControls -// permission is required. By default, ObjectOwnership is set to -// BucketOWnerEnforced and ACLs are disabled. We recommend keeping ACLs disabled, -// except in uncommon use cases where you must control access for each object -// individually. If you want to change the ObjectOwnership setting, you can use -// the x-amz-object-ownership header in your CreateBucket request to set the -// ObjectOwnership setting of your choice. For more information about S3 Object -// Ownership, see Controlling object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// you become the bucket owner. There are two types of buckets: general purpose +// buckets and directory buckets. For more information about these bucket types, +// see Creating, configuring, and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) +// in the Amazon S3 User Guide. +// - General purpose buckets - If you send your CreateBucket request to the +// s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So +// the signature calculations in Signature Version 4 must use us-east-1 as the +// Region, even if the location constraint in the request specifies another Region +// where the bucket is to be created. If you create a bucket in a Region other than +// US East (N. Virginia), your application must be able to handle 307 redirect. For +// more information, see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) // in the Amazon S3 User Guide. -// - S3 Block Public Access - If your specific use case requires granting public -// access to your S3 resources, you can disable Block Public Access. You can create -// a new bucket with Block Public Access enabled, then separately call the -// DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) -// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock -// permission. By default, all Block Public Access settings are enabled for new -// buckets. To avoid inadvertent exposure of your resources, we recommend keeping -// the S3 Block Public Access settings enabled. For more information about S3 Block -// Public Access, see Blocking public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// - Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format +// https://s3express-control.region_code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object -// Ownership and specifies a bucket ACL that provides access to an external Amazon -// Web Services account, your request fails with a 400 error and returns the -// InvalidBucketAcLWithObjectOwnership error code. For more information, see -// Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) -// in the Amazon S3 User Guide. The following operations are related to +// Permissions +// - General purpose bucket permissions - In addition to the s3:CreateBucket +// permission, the following permissions are required in a policy when your +// CreateBucket request includes specific headers: +// - Access control lists (ACLs) - In your CreateBucket request, if you specify +// an access control list (ACL) and set it to public-read , public-read-write , +// authenticated-read , or if you explicitly specify any other custom ACLs, both +// s3:CreateBucket and s3:PutBucketAcl permissions are required. In your +// CreateBucket request, if you set the ACL to private , or if you don't specify +// any ACLs, only the s3:CreateBucket permission is required. +// - Object Lock - In your CreateBucket request, if you set +// x-amz-bucket-object-lock-enabled to true, the +// s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning permissions are +// required. +// - S3 Object Ownership - If your CreateBucket request includes the +// x-amz-object-ownership header, then the s3:PutBucketOwnershipControls +// permission is required. If your CreateBucket request sets BucketOwnerEnforced +// for Amazon S3 Object Ownership and specifies a bucket ACL that provides access +// to an external Amazon Web Services account, your request fails with a 400 +// error and returns the InvalidBucketAcLWithObjectOwnership error code. For more +// information, see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) +// in the Amazon S3 User Guide. +// - S3 Block Public Access - If your specific use case requires granting public +// access to your S3 resources, you can disable Block Public Access. Specifically, +// you can create a new bucket with Block Public Access enabled, then separately +// call the DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock +// permission. For more information about S3 Block Public Access, see Blocking +// public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - You must have the s3express:CreateBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation can +// only be performed by the Amazon Web Services account that owns the resource. For +// more information about directory bucket policies and permissions, see Amazon +// Web Services Identity and Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. The permissions for ACLs, Object Lock, S3 Object +// Ownership, and S3 Block Public Access are not supported for directory buckets. +// For directory buckets, all Block Public Access settings are enabled at the +// bucket level and S3 Object Ownership is set to Bucket owner enforced (ACLs +// disabled). These settings can't be modified. For more information about +// permissions for creating and working with directory buckets, see Directory +// buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. For more information about supported S3 features +// for directory buckets, see Features of S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features) +// in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region.amazonaws.com . The following operations are related to // CreateBucket : // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) @@ -92,37 +108,52 @@ func (c *Client) CreateBucket(ctx context.Context, params *CreateBucketInput, op type CreateBucketInput struct { - // The name of the bucket to create. + // The name of the bucket to create. General purpose buckets - For information + // about bucket naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) + // in the Amazon S3 User Guide. Directory buckets - When you use this operation + // with a directory bucket, you must use path-style requests in the format + // https://s3express-control.region_code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Availability Zone. Bucket names must also follow the format + // bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide // // This member is required. Bucket *string - // The canned ACL to apply to the bucket. + // The canned ACL to apply to the bucket. This functionality is not supported for + // directory buckets. ACL types.BucketCannedACL // The configuration information for the bucket. CreateBucketConfiguration *types.CreateBucketConfiguration // Allows grantee the read, write, read ACP, and write ACP permissions on the - // bucket. + // bucket. This functionality is not supported for directory buckets. GrantFullControl *string - // Allows grantee to list the objects in the bucket. + // Allows grantee to list the objects in the bucket. This functionality is not + // supported for directory buckets. GrantRead *string - // Allows grantee to read the bucket ACL. + // Allows grantee to read the bucket ACL. This functionality is not supported for + // directory buckets. GrantReadACP *string // Allows grantee to create new objects in the bucket. For the bucket and object // owners of existing objects, also allows deletions and overwrites of those - // objects. + // objects. This functionality is not supported for directory buckets. GrantWrite *string - // Allows grantee to write the ACL for the applicable bucket. + // Allows grantee to write the ACL for the applicable bucket. This functionality + // is not supported for directory buckets. GrantWriteACP *string // Specifies whether you want S3 Object Lock to be enabled for the new bucket. - ObjectLockEnabledForBucket bool + // This functionality is not supported for directory buckets. + ObjectLockEnabledForBucket *bool // The container element for object ownership for a bucket's ownership controls. // BucketOwnerPreferred - Objects uploaded to the bucket change ownership to the @@ -132,9 +163,16 @@ type CreateBucketInput struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that don't - // specify an ACL or bucket owner full control ACLs, such as the - // bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed - // in the XML format. + // specify an ACL or specify bucket owner full control ACLs (such as the predefined + // bucket-owner-full-control canned ACL or a custom ACL in XML format that grants + // the same permissions). By default, ObjectOwnership is set to BucketOwnerEnforced + // and ACLs are disabled. We recommend keeping ACLs disabled, except in uncommon + // use cases where you must control access for each object individually. For more + // information about S3 Object Ownership, see Controlling ownership of objects and + // disabling ACLs for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. Directory buckets use the bucket owner enforced setting for S3 Object + // Ownership. ObjectOwnership types.ObjectOwnership noSmithyDocumentSerde @@ -142,6 +180,7 @@ type CreateBucketInput struct { func (in *CreateBucketInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.UseS3ExpressControlEndpoint = ptr.Bool(true) p.DisableAccessPoints = ptr.Bool(true) } @@ -211,6 +250,9 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpCreateBucketValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go index 8e21441b1..4f24e11c4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go @@ -21,97 +21,111 @@ import ( // ). You also include this upload ID in the final request to either complete or // abort the multipart upload request. For more information about multipart // uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) -// . If you have configured a lifecycle rule to abort incomplete multipart uploads, -// the upload must complete within the number of days specified in the bucket -// lifecycle configuration. Otherwise, the incomplete multipart upload becomes -// eligible for an abort action and Amazon S3 aborts the multipart upload. For more -// information, see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle -// Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) -// . For information about the permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// . For request signing, multipart upload is just a series of regular requests. -// You initiate a multipart upload, send one or more requests to upload parts, and -// then complete the multipart upload process. You sign each request individually. -// There is nothing special about signing multipart upload requests. For more -// information about signing, see Authenticating Requests (Amazon Web Services -// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) -// . After you initiate a multipart upload and upload one or more parts, to stop -// being charged for storing the uploaded parts, you must either complete or abort -// the multipart upload. Amazon S3 frees up the space used to store the parts and -// stop charging you for storing them only after you either complete or abort a -// multipart upload. Server-side encryption is for data encryption at rest. Amazon -// S3 encrypts your data as it writes it to disks in its data centers and decrypts -// it when you access it. Amazon S3 automatically encrypts all new objects that are -// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify -// encryption information in your request, the encryption setting of the uploaded -// parts is set to the default encryption configuration of the destination bucket. -// By default, all buckets have a base level of encryption configuration that uses -// server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination -// bucket has a default encryption configuration that uses server-side encryption -// with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided -// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a -// customer-provided key to encrypt the uploaded parts. When you perform a -// CreateMultipartUpload operation, if you want to use a different type of -// encryption setting for the uploaded parts, you can request that Amazon S3 -// encrypts the object with a KMS key, an Amazon S3 managed key, or a -// customer-provided key. If the encryption setting in your request is different -// from the default encryption configuration of the destination bucket, the -// encryption setting in your request takes precedence. If you choose to provide -// your own encryption key, the request headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) -// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) -// requests must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload . You can request that Amazon S3 save the -// uploaded parts encrypted with server-side encryption with an Amazon S3 managed -// key (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a -// customer-provided encryption key (SSE-C). To perform a multipart upload with -// encryption by using an Amazon Web Services KMS key, the requester must have -// permission to the kms:Decrypt and kms:GenerateDataKey* actions on the key. -// These permissions are required because Amazon S3 must decrypt and read data from -// the encrypted file parts before it completes the multipart upload. For more -// information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) -// and Protecting data using server-side encryption with Amazon Web Services KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) -// in the Amazon S3 User Guide. If your Identity and Access Management (IAM) user -// or role is in the same Amazon Web Services account as the KMS key, then you must -// have these permissions on the key policy. If your IAM user or role belongs to a -// different account than the key, then you must have the permissions on both the -// key policy and your IAM user or role. For more information, see Protecting Data -// Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) -// . Access Permissions When copying an object, you can optionally specify the -// accounts or groups that should be granted specific permissions on the new -// object. There are two ways to grant the permissions using the request headers: -// - Specify a canned ACL with the x-amz-acl request header. For more -// information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) -// . -// - Specify access permissions explicitly with the x-amz-grant-read , -// x-amz-grant-read-acp , x-amz-grant-write-acp , and x-amz-grant-full-control -// headers. These parameters map to the set of permissions that Amazon S3 supports -// in an ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) +// in the Amazon S3 User Guide. After you initiate a multipart upload and upload +// one or more parts, to stop being charged for storing the uploaded parts, you +// must either complete or abort the multipart upload. Amazon S3 frees up the space +// used to store the parts and stops charging you for storing them only after you +// either complete or abort a multipart upload. If you have configured a lifecycle +// rule to abort incomplete multipart uploads, the created multipart upload must be +// completed within the number of days specified in the bucket lifecycle +// configuration. Otherwise, the incomplete multipart upload becomes eligible for +// an abort action and Amazon S3 aborts the multipart upload. For more information, +// see Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) +// . +// - Directory buckets - S3 Lifecycle is not supported by directory buckets. +// - Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support +// virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . +// Path-style requests are not supported. For more information, see Regional and +// Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Request signing For request signing, multipart upload is just a series of +// regular requests. You initiate a multipart upload, send one or more requests to +// upload parts, and then complete the multipart upload process. You sign each +// request individually. There is nothing special about signing multipart upload +// requests. For more information about signing, see Authenticating Requests +// (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - For information about the permissions +// required to use the multipart upload API, see Multipart upload and permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. To perform a multipart upload with encryption by +// using an Amazon Web Services KMS key, the requester must have permission to the +// kms:Decrypt and kms:GenerateDataKey* actions on the key. These permissions are +// required because Amazon S3 must decrypt and read data from the encrypted file +// parts before it completes the multipart upload. For more information, see +// Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) // . // -// You can use either a canned ACL or specify access permissions explicitly. You -// cannot do both. Server-Side- Encryption-Specific Request Headers Amazon S3 -// encrypts data by using server-side encryption with an Amazon S3 managed key -// (SSE-S3) by default. Server-side encryption is for data encryption at rest. -// Amazon S3 encrypts your data as it writes it to disks in its data centers and -// decrypts it when you access it. You can request that Amazon S3 encrypts data at -// rest by using server-side encryption with other key options. The option you use -// depends on whether you want to use KMS keys (SSE-KMS) or provide your own -// encryption keys (SSE-C). +// Encryption +// - General purpose buckets - Server-side encryption is for data encryption at +// rest. Amazon S3 encrypts your data as it writes it to disks in its data centers +// and decrypts it when you access it. Amazon S3 automatically encrypts all new +// objects that are uploaded to an S3 bucket. When doing a multipart upload, if you +// don't specify encryption information in your request, the encryption setting of +// the uploaded parts is set to the default encryption configuration of the +// destination bucket. By default, all buckets have a base level of encryption +// configuration that uses server-side encryption with Amazon S3 managed keys +// (SSE-S3). If the destination bucket has a default encryption configuration that +// uses server-side encryption with an Key Management Service (KMS) key (SSE-KMS), +// or a customer-provided encryption key (SSE-C), Amazon S3 uses the corresponding +// KMS key, or a customer-provided key to encrypt the uploaded parts. When you +// perform a CreateMultipartUpload operation, if you want to use a different type +// of encryption setting for the uploaded parts, you can request that Amazon S3 +// encrypts the object with a different encryption key (such as an Amazon S3 +// managed key, a KMS key, or a customer-provided key). When the encryption setting +// in your request is different from the default encryption configuration of the +// destination bucket, the encryption setting in your request takes precedence. If +// you choose to provide your own encryption key, the request headers you provide +// in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// requests must match the headers you used in the CreateMultipartUpload request. // - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key ( // aws/s3 ) and KMS customer managed keys stored in Key Management Service (KMS) // – If you want Amazon Web Services to manage the keys used to encrypt data, // specify the following headers in the request. // - x-amz-server-side-encryption // - x-amz-server-side-encryption-aws-kms-key-id -// - x-amz-server-side-encryption-context If you specify -// x-amz-server-side-encryption:aws:kms , but don't provide +// - x-amz-server-side-encryption-context +// - If you specify x-amz-server-side-encryption:aws:kms , but don't provide // x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web -// Services managed key ( aws/s3 key) in KMS to protect the data. All GET and PUT -// requests for an object protected by KMS fail if you don't make them by using -// Secure Sockets Layer (SSL), Transport Layer Security (TLS), or Signature Version -// 4. For more information about server-side encryption with KMS keys (SSE-KMS), -// see Protecting Data Using Server-Side Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) -// . +// Services managed key ( aws/s3 key) in KMS to protect the data. +// - To perform a multipart upload with encryption by using an Amazon Web +// Services KMS key, the requester must have permission to the kms:Decrypt and +// kms:GenerateDataKey* actions on the key. These permissions are required +// because Amazon S3 must decrypt and read data from the encrypted file parts +// before it completes the multipart upload. For more information, see Multipart +// upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. +// - If your Identity and Access Management (IAM) user or role is in the same +// Amazon Web Services account as the KMS key, then you must have these permissions +// on the key policy. If your IAM user or role is in a different account from the +// key, then you must have the permissions on both the key policy and your IAM user +// or role. +// - All GET and PUT requests for an object protected by KMS fail if you don't +// make them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), +// or Signature Version 4. For information about configuring any of the officially +// supported Amazon Web Services SDKs and Amazon Web Services CLI, see +// Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) +// in the Amazon S3 User Guide. For more information about server-side +// encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side +// Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. // - Use customer-provided encryption keys (SSE-C) – If you want to manage your // own encryption keys, provide all the following headers in the request. // - x-amz-server-side-encryption-customer-algorithm @@ -120,55 +134,13 @@ import ( // server-side encryption with customer-provided encryption keys (SSE-C), see // Protecting data using server-side encryption with customer-provided encryption // keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) -// . +// in the Amazon S3 User Guide. +// - Directory buckets -For directory buckets, only server-side encryption with +// Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. // -// Access-Control-List (ACL)-Specific Request Headers You also can use the -// following access control–related headers with this operation. By default, all -// objects are private. Only the owner has full access control. When adding a new -// object, you can grant permissions to individual Amazon Web Services accounts or -// to predefined groups defined by Amazon S3. These permissions are then added to -// the access control list (ACL) on the object. For more information, see Using -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) . -// With this operation, you can grant access permissions using one of the following -// two methods: -// - Specify a canned ACL ( x-amz-acl ) — Amazon S3 supports a set of predefined -// ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and -// permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) -// . -// - Specify access permissions explicitly — To explicitly grant access -// permissions to specific Amazon Web Services accounts or groups, use the -// following headers. Each header maps to specific permissions that Amazon S3 -// supports in an ACL. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) . -// In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly, use: -// - x-amz-grant-read -// - x-amz-grant-write -// - x-amz-grant-read-acp -// - x-amz-grant-write-acp -// - x-amz-grant-full-control You specify each grantee as a type=value pair, -// where the type is one of the following: -// - id – if the value specified is the canonical user ID of an Amazon Web -// Services account -// - uri – if you are granting permissions to a predefined group -// - emailAddress – if the value specified is the email address of an Amazon Web -// Services account Using email addresses to specify a grantee is only supported in -// the following Amazon Web Services Regions: -// - US East (N. Virginia) -// - US West (N. California) -// - US West (Oregon) -// - Asia Pacific (Singapore) -// - Asia Pacific (Sydney) -// - Asia Pacific (Tokyo) -// - Europe (Ireland) -// - South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the Amazon Web Services General Reference. For example, the following -// x-amz-grant-read header grants the Amazon Web Services accounts identified by -// account IDs permissions to read object data and its metadata: -// x-amz-grant-read: id="11112222333", id="444455556666" -// -// The following operations are related to CreateMultipartUpload : +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to CreateMultipartUpload : // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) @@ -191,16 +163,26 @@ func (c *Client) CreateMultipartUpload(ctx context.Context, params *CreateMultip type CreateMultipartUploadInput struct { - // The name of the bucket to which to initiate the upload When using this action - // with an access point, you must direct requests to the access point hostname. The - // access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket where the multipart upload is initiated and where the + // object is uploaded. Directory buckets - When you use this operation with a + // directory bucket, you must use virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -215,22 +197,33 @@ type CreateMultipartUploadInput struct { // This member is required. Key *string - // The canned ACL to apply to the object. This action is not supported by Amazon - // S3 on Outposts. + // The canned ACL to apply to the object. Amazon S3 supports a set of predefined + // ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and + // permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. By default, all objects are private. Only the owner + // has full access control. When uploading an object, you can grant access + // permissions to individual Amazon Web Services accounts or to predefined groups + // defined by Amazon S3. These permissions are then added to the access control + // list (ACL) on the new object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) + // . One way to grant the permissions using the request headers is to specify a + // canned ACL with the x-amz-acl request header. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. ACL types.ObjectCannedACL // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object // encryption with SSE-KMS. Specifying this header with an object action doesn’t - // affect bucket-level settings for S3 Bucket Key. - BucketKeyEnabled bool + // affect bucket-level settings for S3 Bucket Key. This functionality is not + // supported for directory buckets. + BucketKeyEnabled *bool // Specifies caching behavior along the request/reply chain. CacheControl *string - // Indicates the algorithm you want Amazon S3 to use to create the checksum for - // the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm that you want Amazon S3 to use to create the checksum + // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumAlgorithm types.ChecksumAlgorithm @@ -239,108 +232,226 @@ type CreateMultipartUploadInput struct { // Specifies what content encodings have been applied to the object and thus what // decoding mechanisms must be applied to obtain the media-type referenced by the - // Content-Type header field. + // Content-Type header field. For directory buckets, only the aws-chunked value is + // supported in this header field. ContentEncoding *string - // The language the content is in. + // The language that the content is in. ContentLanguage *string // A standard MIME type describing the format of the object data. ContentType *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The date and time at which the object is no longer cacheable. Expires *time.Time - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. This - // action is not supported by Amazon S3 on Outposts. + // Specify access permissions explicitly to give the grantee READ, READ_ACP, and + // WRITE_ACP permissions on the object. By default, all objects are private. Only + // the owner has full access control. When uploading an object, you can use this + // header to explicitly grant access permissions to specific Amazon Web Services + // accounts or groups. This header maps to specific permissions that Amazon S3 + // supports in an ACL. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. You specify each grantee as a type=value pair, + // where the type is one of the following: + // - id – if the value specified is the canonical user ID of an Amazon Web + // Services account + // - uri – if you are granting permissions to a predefined group + // - emailAddress – if the value specified is the email address of an Amazon Web + // Services account Using email addresses to specify a grantee is only supported in + // the following Amazon Web Services Regions: + // - US East (N. Virginia) + // - US West (N. California) + // - US West (Oregon) + // - Asia Pacific (Singapore) + // - Asia Pacific (Sydney) + // - Asia Pacific (Tokyo) + // - Europe (Ireland) + // - South America (São Paulo) For a list of all the Amazon S3 supported Regions + // and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data and + // its metadata: x-amz-grant-read: id="11112222333", id="444455556666" + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string - // Allows grantee to read the object data and its metadata. This action is not - // supported by Amazon S3 on Outposts. + // Specify access permissions explicitly to allow grantee to read the object data + // and its metadata. By default, all objects are private. Only the owner has full + // access control. When uploading an object, you can use this header to explicitly + // grant access permissions to specific Amazon Web Services accounts or groups. + // This header maps to specific permissions that Amazon S3 supports in an ACL. For + // more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. You specify each grantee as a type=value pair, + // where the type is one of the following: + // - id – if the value specified is the canonical user ID of an Amazon Web + // Services account + // - uri – if you are granting permissions to a predefined group + // - emailAddress – if the value specified is the email address of an Amazon Web + // Services account Using email addresses to specify a grantee is only supported in + // the following Amazon Web Services Regions: + // - US East (N. Virginia) + // - US West (N. California) + // - US West (Oregon) + // - Asia Pacific (Singapore) + // - Asia Pacific (Sydney) + // - Asia Pacific (Tokyo) + // - Europe (Ireland) + // - South America (São Paulo) For a list of all the Amazon S3 supported Regions + // and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data and + // its metadata: x-amz-grant-read: id="11112222333", id="444455556666" + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantRead *string - // Allows grantee to read the object ACL. This action is not supported by Amazon - // S3 on Outposts. + // Specify access permissions explicitly to allows grantee to read the object ACL. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header maps + // to specific permissions that Amazon S3 supports in an ACL. For more information, + // see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. You specify each grantee as a type=value pair, + // where the type is one of the following: + // - id – if the value specified is the canonical user ID of an Amazon Web + // Services account + // - uri – if you are granting permissions to a predefined group + // - emailAddress – if the value specified is the email address of an Amazon Web + // Services account Using email addresses to specify a grantee is only supported in + // the following Amazon Web Services Regions: + // - US East (N. Virginia) + // - US West (N. California) + // - US West (Oregon) + // - Asia Pacific (Singapore) + // - Asia Pacific (Sydney) + // - Asia Pacific (Tokyo) + // - Europe (Ireland) + // - South America (São Paulo) For a list of all the Amazon S3 supported Regions + // and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data and + // its metadata: x-amz-grant-read: id="11112222333", id="444455556666" + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string - // Allows grantee to write the ACL for the applicable object. This action is not - // supported by Amazon S3 on Outposts. + // Specify access permissions explicitly to allows grantee to allow grantee to + // write the ACL for the applicable object. By default, all objects are private. + // Only the owner has full access control. When uploading an object, you can use + // this header to explicitly grant access permissions to specific Amazon Web + // Services accounts or groups. This header maps to specific permissions that + // Amazon S3 supports in an ACL. For more information, see Access Control List + // (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. You specify each grantee as a type=value pair, + // where the type is one of the following: + // - id – if the value specified is the canonical user ID of an Amazon Web + // Services account + // - uri – if you are granting permissions to a predefined group + // - emailAddress – if the value specified is the email address of an Amazon Web + // Services account Using email addresses to specify a grantee is only supported in + // the following Amazon Web Services Regions: + // - US East (N. Virginia) + // - US West (N. California) + // - US West (Oregon) + // - Asia Pacific (Singapore) + // - Asia Pacific (Sydney) + // - Asia Pacific (Tokyo) + // - Europe (Ireland) + // - South America (São Paulo) For a list of all the Amazon S3 supported Regions + // and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data and + // its metadata: x-amz-grant-read: id="11112222333", id="444455556666" + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string // A map of metadata to store with the object in S3. Metadata map[string]string - // Specifies whether you want to apply a legal hold to the uploaded object. + // Specifies whether you want to apply a legal hold to the uploaded object. This + // functionality is not supported for directory buckets. ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus // Specifies the Object Lock mode that you want to apply to the uploaded object. + // This functionality is not supported for directory buckets. ObjectLockMode types.ObjectLockMode - // Specifies the date and time when you want the Object Lock to expire. + // Specifies the date and time when you want the Object Lock to expire. This + // functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, + // AES256). This functionality is not supported for directory buckets. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in // encrypting data. This value is used to store the object and then it is // discarded; Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the - // x-amz-server-side-encryption-customer-algorithm header. + // x-amz-server-side-encryption-customer-algorithm header. This functionality is + // not supported for directory buckets. SSECustomerKey *string - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity check + // to ensure that the encryption key was transmitted without error. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This functionality is not + // supported for directory buckets. SSEKMSEncryptionContext *string // Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption - // customer managed key to use for object encryption. All GET and PUT requests for - // an object protected by KMS will fail if they're not made via SSL or using SigV4. - // For information about configuring any of the officially supported Amazon Web - // Services SDKs and Amazon Web Services CLI, see Specifying the Signature Version - // in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 User Guide. + // customer managed key to use for object encryption. This functionality is not + // supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms ). For directory buckets, only server-side + // encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. ServerSideEncryption types.ServerSideEncryption // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high // availability. Depending on performance needs, you can specify a different - // Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For - // more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // - For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // - Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass types.StorageClass - // The tag-set for the object. The tag-set must be encoded as URL Query parameters. + // The tag-set for the object. The tag-set must be encoded as URL Query + // parameters. This functionality is not supported for directory buckets. Tagging *string // If the bucket is configured as a website, redirects requests for this object to // another object in the same bucket or to an external URL. Amazon S3 stores the - // value of this header in the object metadata. + // value of this header in the object metadata. This functionality is not supported + // for directory buckets. WebsiteRedirectLocation *string noSmithyDocumentSerde @@ -348,6 +459,7 @@ type CreateMultipartUploadInput struct { func (in *CreateMultipartUploadInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } @@ -359,36 +471,26 @@ type CreateMultipartUploadOutput struct { // indicates when the initiated multipart upload becomes eligible for an abort // operation. For more information, see Aborting Incomplete Multipart Uploads // Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) - // . The response also includes the x-amz-abort-rule-id header that provides the - // ID of the lifecycle configuration rule that defines this action. + // in the Amazon S3 User Guide. The response also includes the x-amz-abort-rule-id + // header that provides the ID of the lifecycle configuration rule that defines the + // abort action. This functionality is not supported for directory buckets. AbortDate *time.Time // This header is returned along with the x-amz-abort-date header. It identifies // the applicable lifecycle configuration rule that defines the action to abort - // incomplete multipart uploads. + // incomplete multipart uploads. This functionality is not supported for directory + // buckets. AbortRuleId *string // The name of the bucket to which the multipart upload was initiated. Does not - // return the access point ARN or access point alias if used. When using this - // action with an access point, you must direct requests to the access point - // hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you - // use this action with S3 on Outposts through the Amazon Web Services SDKs, you - // provide the Outposts access point ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // return the access point ARN or access point alias if used. Access points are not + // supported by directory buckets. Bucket *string // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality + // is not supported for directory buckets. + BucketKeyEnabled *bool // The algorithm that was used to create a checksum of the object. ChecksumAlgorithm types.ChecksumAlgorithm @@ -397,30 +499,35 @@ type CreateMultipartUploadOutput struct { Key *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the Amazon Web Services KMS Encryption Context to use for + // If present, indicates the Amazon Web Services KMS Encryption Context to use for // object encryption. The value of this header is a base64-encoded UTF-8 string - // holding JSON with the encryption context key-value pairs. + // holding JSON with the encryption context key-value pairs. This functionality is + // not supported for directory buckets. SSEKMSEncryptionContext *string - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms ). For directory buckets, only server-side + // encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. ServerSideEncryption types.ServerSideEncryption // ID for the initiated multipart upload. @@ -487,6 +594,9 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware. if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpCreateMultipartUploadValidationMiddleware(stack); err != nil { return err } @@ -520,6 +630,9 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware. if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = addSetCreateMPUChecksumAlgorithm(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go new file mode 100644 index 000000000..1cb1f1512 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go @@ -0,0 +1,260 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package s3 + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" + "github.com/aws/aws-sdk-go-v2/service/s3/types" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Creates a session that establishes temporary security credentials to support +// fast authentication and authorization for the Zonal endpoint APIs on directory +// buckets. For more information about Zonal endpoint APIs that include the +// Availability Zone in the request endpoint, see S3 Express One Zone APIs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) +// in the Amazon S3 User Guide. To make Zonal endpoint API requests on a directory +// bucket, use the CreateSession API operation. Specifically, you grant +// s3express:CreateSession permission to a bucket in a bucket policy or an IAM +// identity-based policy. Then, you use IAM credentials to make the CreateSession +// API request on the bucket, which returns temporary security credentials that +// include the access key ID, secret access key, session token, and expiration. +// These credentials have associated permissions to access the Zonal endpoint APIs. +// After the session is created, you don’t need to use other policies to grant +// permissions to each Zonal endpoint API individually. Instead, in your Zonal +// endpoint API requests, you sign your requests by applying the temporary security +// credentials of the session to the request headers and following the SigV4 +// protocol for authentication. You also apply the session token to the +// x-amz-s3session-token request header for authorization. Temporary security +// credentials are scoped to the bucket and expire after 5 minutes. After the +// expiration time, any calls that you make with those credentials will fail. You +// must use IAM credentials again to make a CreateSession API request that +// generates a new set of temporary credentials for use. Temporary credentials +// cannot be extended or refreshed beyond the original specified interval. If you +// use Amazon Web Services SDKs, SDKs handle the session token refreshes +// automatically to avoid service interruptions when a session expires. We +// recommend that you use the Amazon Web Services SDKs to initiate and manage +// requests to the CreateSession API. For more information, see Performance +// guidelines and design patterns (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) +// in the Amazon S3 User Guide. +// - You must make requests for this API operation to the Zonal endpoint. These +// endpoints support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests +// are not supported. For more information, see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// - CopyObject API operation - Unlike other Zonal endpoint APIs, the CopyObject +// API operation doesn't use the temporary security credentials returned from the +// CreateSession API operation for authentication and authorization. For +// information about authentication and authorization of the CopyObject API +// operation on directory buckets, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// . +// - HeadBucket API operation - Unlike other Zonal endpoint APIs, the HeadBucket +// API operation doesn't use the temporary security credentials returned from the +// CreateSession API operation for authentication and authorization. For +// information about authentication and authorization of the HeadBucket API +// operation on directory buckets, see HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html) +// . +// +// Permissions To obtain temporary security credentials, you must create a bucket +// policy or an IAM identity-based policy that grants s3express:CreateSession +// permission to the bucket. In a policy, you can have the s3express:SessionMode +// condition key to control who can create a ReadWrite or ReadOnly session. For +// more information about ReadWrite or ReadOnly sessions, see +// x-amz-create-session-mode (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters) +// . For example policies, see Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. To grant cross-account access to Zonal endpoint +// APIs, the bucket policy should also grant both accounts the +// s3express:CreateSession permission. HTTP Host header syntax Directory buckets - +// The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com . +func (c *Client) CreateSession(ctx context.Context, params *CreateSessionInput, optFns ...func(*Options)) (*CreateSessionOutput, error) { + if params == nil { + params = &CreateSessionInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "CreateSession", params, optFns, c.addOperationCreateSessionMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*CreateSessionOutput) + out.ResultMetadata = metadata + return out, nil +} + +type CreateSessionInput struct { + + // The name of the bucket that you create a session for. + // + // This member is required. + Bucket *string + + // Specifies the mode of the session that will be created, either ReadWrite or + // ReadOnly . By default, a ReadWrite session is created. A ReadWrite session is + // capable of executing all the Zonal endpoint APIs on a directory bucket. A + // ReadOnly session is constrained to execute the following Zonal endpoint APIs: + // GetObject , HeadObject , ListObjectsV2 , GetObjectAttributes , ListParts , and + // ListMultipartUploads . + SessionMode types.SessionMode + + noSmithyDocumentSerde +} + +func (in *CreateSessionInput) bindEndpointParams(p *EndpointParameters) { + p.Bucket = in.Bucket + p.DisableS3ExpressSessionAuth = ptr.Bool(true) +} + +type CreateSessionOutput struct { + + // The established temporary security credentials for the created session.. + // + // This member is required. + Credentials *types.SessionCredentials + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationCreateSessionMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsRestxml_serializeOpCreateSession{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestxml_deserializeOpCreateSession{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "CreateSession"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } + if err = addOpCreateSessionValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateSession(options.Region), middleware.Before); err != nil { + return err + } + if err = addMetadataRetrieverMiddleware(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecursionDetection(stack); err != nil { + return err + } + if err = addCreateSessionUpdateEndpoint(stack, options); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { + return err + } + if err = disableAcceptEncodingGzip(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { + return err + } + return nil +} + +func (v *CreateSessionInput) bucket() (string, bool) { + if v.Bucket == nil { + return "", false + } + return *v.Bucket, true +} + +func newServiceMetadataMiddleware_opCreateSession(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "CreateSession", + } +} + +// getCreateSessionBucketMember returns a pointer to string denoting a provided +// bucket member valueand a boolean indicating if the input has a modeled bucket +// name, +func getCreateSessionBucketMember(input interface{}) (*string, bool) { + in := input.(*CreateSessionInput) + if in.Bucket == nil { + return nil, false + } + return in.Bucket, true +} +func addCreateSessionUpdateEndpoint(stack *middleware.Stack, options Options) error { + return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{ + Accessor: s3cust.UpdateEndpointParameterAccessor{ + GetBucketFromInput: getCreateSessionBucketMember, + }, + UsePathStyle: options.UsePathStyle, + UseAccelerate: options.UseAccelerate, + SupportsAccelerate: true, + TargetS3ObjectLambda: false, + EndpointResolver: options.EndpointResolver, + EndpointResolverOptions: options.EndpointOptions, + UseARNRegion: options.UseARNRegion, + DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints, + }) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go index 6acd7a0e8..34645bb9a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go @@ -9,12 +9,37 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) // Deletes the S3 bucket. All objects (including all object versions and delete // markers) in the bucket must be deleted before the bucket itself can be deleted. -// The following operations are related to DeleteBucket : +// - Directory buckets - If multipart uploads in a directory bucket are in +// progress, you can't delete the bucket until all the in-progress multipart +// uploads are aborted or completed. +// - Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format +// https://s3express-control.region_code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// - General purpose bucket permissions - You must have the s3:DeleteBucket +// permission on the specified bucket in a policy. +// - Directory bucket permissions - You must have the s3express:DeleteBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation can +// only be performed by the Amazon Web Services account that owns the resource. For +// more information about directory bucket policies and permissions, see Amazon +// Web Services Identity and Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region.amazonaws.com . The following operations are related to +// DeleteBucket : // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) func (c *Client) DeleteBucket(ctx context.Context, params *DeleteBucketInput, optFns ...func(*Options)) (*DeleteBucketOutput, error) { @@ -34,14 +59,24 @@ func (c *Client) DeleteBucket(ctx context.Context, params *DeleteBucketInput, op type DeleteBucketInput struct { - // Specifies the bucket being deleted. + // Specifies the bucket being deleted. Directory buckets - When you use this + // operation with a directory bucket, you must use path-style requests in the + // format https://s3express-control.region_code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Availability Zone. Bucket names must also follow the format + // bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). For directory buckets, this header + // is not supported in this API operation. If you specify this header, the request + // fails with the HTTP status code 501 Not Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -49,7 +84,7 @@ type DeleteBucketInput struct { func (in *DeleteBucketInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketOutput struct { @@ -114,6 +149,9 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go index 131acae66..55d8fc1c9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go @@ -9,13 +9,15 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes an analytics configuration for the bucket (specified by the analytics -// configuration ID). To use this operation, you must have permissions to perform -// the s3:PutAnalyticsConfiguration action. The bucket owner has this permission -// by default. The bucket owner can grant this permission to others. For more +// This operation is not supported by directory buckets. Deletes an analytics +// configuration for the bucket (specified by the analytics configuration ID). To +// use this operation, you must have permissions to perform the +// s3:PutAnalyticsConfiguration action. The bucket owner has this permission by +// default. The bucket owner can grant this permission to others. For more // information about permissions, see Permissions Related to Bucket Subresource // Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) @@ -52,9 +54,9 @@ type DeleteBucketAnalyticsConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -62,7 +64,7 @@ type DeleteBucketAnalyticsConfigurationInput struct { func (in *DeleteBucketAnalyticsConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketAnalyticsConfigurationOutput struct { @@ -127,6 +129,9 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go index e9ef64747..9a544922e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go @@ -9,13 +9,15 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes the cors configuration information set for the bucket. To use this -// operation, you must have permission to perform the s3:PutBucketCORS action. The -// bucket owner has this permission by default and can grant this permission to -// others. For information about cors , see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) +// This operation is not supported by directory buckets. Deletes the cors +// configuration information set for the bucket. To use this operation, you must +// have permission to perform the s3:PutBucketCORS action. The bucket owner has +// this permission by default and can grant this permission to others. For +// information about cors , see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) // in the Amazon S3 User Guide. Related Resources // - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) // - RESTOPTIONSobject (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) @@ -41,9 +43,9 @@ type DeleteBucketCorsInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -51,7 +53,7 @@ type DeleteBucketCorsInput struct { func (in *DeleteBucketCorsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketCorsOutput struct { @@ -116,6 +118,9 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketCorsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go index 444d76246..0ef6f93ec 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go @@ -9,13 +9,14 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This implementation of the DELETE action resets the default encryption for the -// bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). For -// information about the bucket default encryption feature, see Amazon S3 Bucket -// Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// This operation is not supported by directory buckets. This implementation of +// the DELETE action resets the default encryption for the bucket as server-side +// encryption with Amazon S3 managed keys (SSE-S3). For information about the +// bucket default encryption feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. To use this operation, you must have permissions to // perform the s3:PutEncryptionConfiguration action. The bucket owner has this // permission by default. The bucket owner can grant this permission to others. For @@ -49,9 +50,9 @@ type DeleteBucketEncryptionInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -59,7 +60,7 @@ type DeleteBucketEncryptionInput struct { func (in *DeleteBucketEncryptionInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketEncryptionOutput struct { @@ -124,6 +125,9 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketEncryptionValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go index 1566d84ff..eeaefc5f2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go @@ -9,11 +9,13 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes the S3 Intelligent-Tiering configuration from the specified bucket. The -// S3 Intelligent-Tiering storage class is designed to optimize storage costs by +// This operation is not supported by directory buckets. Deletes the S3 +// Intelligent-Tiering configuration from the specified bucket. The S3 +// Intelligent-Tiering storage class is designed to optimize storage costs by // automatically moving data to the most cost-effective storage access tier, // without performance impact or operational overhead. S3 Intelligent-Tiering // delivers automatic cost savings in three low latency and high throughput access @@ -63,7 +65,7 @@ type DeleteBucketIntelligentTieringConfigurationInput struct { func (in *DeleteBucketIntelligentTieringConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketIntelligentTieringConfigurationOutput struct { @@ -128,6 +130,9 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go index 67bb38df4..28a93e0dc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go @@ -9,15 +9,16 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes an inventory configuration (identified by the inventory ID) from the -// bucket. To use this operation, you must have permissions to perform the -// s3:PutInventoryConfiguration action. The bucket owner has this permission by -// default. The bucket owner can grant this permission to others. For more -// information about permissions, see Permissions Related to Bucket Subresource -// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Deletes an inventory +// configuration (identified by the inventory ID) from the bucket. To use this +// operation, you must have permissions to perform the s3:PutInventoryConfiguration +// action. The bucket owner has this permission by default. The bucket owner can +// grant this permission to others. For more information about permissions, see +// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) // . Operations related to DeleteBucketInventoryConfiguration include: @@ -51,9 +52,9 @@ type DeleteBucketInventoryConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -61,7 +62,7 @@ type DeleteBucketInventoryConfigurationInput struct { func (in *DeleteBucketInventoryConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketInventoryConfigurationOutput struct { @@ -126,6 +127,9 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketInventoryConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go index d87964d4a..d7b8eb581 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go @@ -9,17 +9,19 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes the lifecycle configuration from the specified bucket. Amazon S3 -// removes all the lifecycle configuration rules in the lifecycle subresource -// associated with the bucket. Your objects never expire, and Amazon S3 no longer -// automatically deletes any objects on the basis of rules contained in the deleted -// lifecycle configuration. To use this operation, you must have permission to -// perform the s3:PutLifecycleConfiguration action. By default, the bucket owner -// has this permission and the bucket owner can grant this permission to others. -// There is usually some time lag before lifecycle configuration deletion is fully +// This operation is not supported by directory buckets. Deletes the lifecycle +// configuration from the specified bucket. Amazon S3 removes all the lifecycle +// configuration rules in the lifecycle subresource associated with the bucket. +// Your objects never expire, and Amazon S3 no longer automatically deletes any +// objects on the basis of rules contained in the deleted lifecycle configuration. +// To use this operation, you must have permission to perform the +// s3:PutLifecycleConfiguration action. By default, the bucket owner has this +// permission and the bucket owner can grant this permission to others. There is +// usually some time lag before lifecycle configuration deletion is fully // propagated to all the Amazon S3 systems. For more information about the object // expiration, see Elements to Describe Lifecycle Actions (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions) // . Related actions include: @@ -47,9 +49,9 @@ type DeleteBucketLifecycleInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -57,7 +59,7 @@ type DeleteBucketLifecycleInput struct { func (in *DeleteBucketLifecycleInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketLifecycleOutput struct { @@ -122,6 +124,9 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware. if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketLifecycleValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go index f9c8d6be6..a6675a880 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go @@ -9,16 +9,18 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes a metrics configuration for the Amazon CloudWatch request metrics -// (specified by the metrics configuration ID) from the bucket. Note that this -// doesn't include the daily storage metrics. To use this operation, you must have -// permissions to perform the s3:PutMetricsConfiguration action. The bucket owner -// has this permission by default. The bucket owner can grant this permission to -// others. For more information about permissions, see Permissions Related to -// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Deletes a metrics +// configuration for the Amazon CloudWatch request metrics (specified by the +// metrics configuration ID) from the bucket. Note that this doesn't include the +// daily storage metrics. To use this operation, you must have permissions to +// perform the s3:PutMetricsConfiguration action. The bucket owner has this +// permission by default. The bucket owner can grant this permission to others. For +// more information about permissions, see Permissions Related to Bucket +// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . For information about CloudWatch request metrics for Amazon S3, see // Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) @@ -55,9 +57,9 @@ type DeleteBucketMetricsConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -65,7 +67,7 @@ type DeleteBucketMetricsConfigurationInput struct { func (in *DeleteBucketMetricsConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketMetricsConfigurationOutput struct { @@ -130,6 +132,9 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack * if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketMetricsConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go index 0000e6cf8..1b53e08e9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go @@ -9,12 +9,14 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Removes OwnershipControls for an Amazon S3 bucket. To use this operation, you -// must have the s3:PutBucketOwnershipControls permission. For more information -// about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// This operation is not supported by directory buckets. Removes OwnershipControls +// for an Amazon S3 bucket. To use this operation, you must have the +// s3:PutBucketOwnershipControls permission. For more information about Amazon S3 +// permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // . For information about Amazon S3 Object Ownership, see Using Object Ownership (https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html) // . The following operations are related to DeleteBucketOwnershipControls : // - GetBucketOwnershipControls @@ -41,9 +43,9 @@ type DeleteBucketOwnershipControlsInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -51,7 +53,7 @@ type DeleteBucketOwnershipControlsInput struct { func (in *DeleteBucketOwnershipControlsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketOwnershipControlsOutput struct { @@ -116,6 +118,9 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketOwnershipControlsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go index 3874598e9..0d8e77ff7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go @@ -9,26 +9,46 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This implementation of the DELETE action uses the policy subresource to delete -// the policy of a specified bucket. If you are using an identity other than the -// root user of the Amazon Web Services account that owns the bucket, the calling -// identity must have the DeleteBucketPolicy permissions on the specified bucket -// and belong to the bucket owner's account to use this operation. If you don't -// have DeleteBucketPolicy permissions, Amazon S3 returns a 403 Access Denied -// error. If you have the correct permissions, but you're not using an identity -// that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not -// Allowed error. To ensure that bucket owners don't inadvertently lock themselves -// out of their own buckets, the root principal in a bucket owner's Amazon Web -// Services account can perform the GetBucketPolicy , PutBucketPolicy , and -// DeleteBucketPolicy API actions, even if their bucket policy explicitly denies -// the root principal's access. Bucket owner root principals can only be blocked -// from performing these API actions by VPC endpoint policies and Amazon Web -// Services Organizations policies. For more information about bucket policies, see -// Using Bucket Policies and UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) -// . The following operations are related to DeleteBucketPolicy +// Deletes the policy of a specified bucket. Directory buckets - For directory +// buckets, you must make requests for this API operation to the Regional endpoint. +// These endpoints support path-style requests in the format +// https://s3express-control.region_code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions If you are using an identity other than +// the root user of the Amazon Web Services account that owns the bucket, the +// calling identity must both have the DeleteBucketPolicy permissions on the +// specified bucket and belong to the bucket owner's account in order to use this +// operation. If you don't have DeleteBucketPolicy permissions, Amazon S3 returns +// a 403 Access Denied error. If you have the correct permissions, but you're not +// using an identity that belongs to the bucket owner's account, Amazon S3 returns +// a 405 Method Not Allowed error. To ensure that bucket owners don't +// inadvertently lock themselves out of their own buckets, the root principal in a +// bucket owner's Amazon Web Services account can perform the GetBucketPolicy , +// PutBucketPolicy , and DeleteBucketPolicy API actions, even if their bucket +// policy explicitly denies the root principal's access. Bucket owner root +// principals can only be blocked from performing these API actions by VPC endpoint +// policies and Amazon Web Services Organizations policies. +// - General purpose bucket permissions - The s3:DeleteBucketPolicy permission is +// required in a policy. For more information about general purpose buckets bucket +// policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:DeleteBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web Services +// account that owns the resource. For more information about directory bucket +// policies and permissions, see Amazon Web Services Identity and Access +// Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region.amazonaws.com . The following operations are related to +// DeleteBucketPolicy // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) func (c *Client) DeleteBucketPolicy(ctx context.Context, params *DeleteBucketPolicyInput, optFns ...func(*Options)) (*DeleteBucketPolicyOutput, error) { @@ -48,14 +68,24 @@ func (c *Client) DeleteBucketPolicy(ctx context.Context, params *DeleteBucketPol type DeleteBucketPolicyInput struct { - // The bucket name. + // The bucket name. Directory buckets - When you use this operation with a + // directory bucket, you must use path-style requests in the format + // https://s3express-control.region_code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Availability Zone. Bucket names must also follow the format + // bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). For directory buckets, this header + // is not supported in this API operation. If you specify this header, the request + // fails with the HTTP status code 501 Not Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -63,7 +93,7 @@ type DeleteBucketPolicyInput struct { func (in *DeleteBucketPolicyInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketPolicyOutput struct { @@ -128,6 +158,9 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketPolicyValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go index bd12eecf2..7ac11a7ba 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go @@ -9,14 +9,15 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes the replication configuration from the bucket. To use this operation, -// you must have permissions to perform the s3:PutReplicationConfiguration action. -// The bucket owner has these permissions by default and can grant it to others. -// For more information about permissions, see Permissions Related to Bucket -// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Deletes the replication +// configuration from the bucket. To use this operation, you must have permissions +// to perform the s3:PutReplicationConfiguration action. The bucket owner has +// these permissions by default and can grant it to others. For more information +// about permissions, see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . It can take a while for the deletion of a replication configuration to fully // propagate. For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) @@ -46,9 +47,9 @@ type DeleteBucketReplicationInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -56,7 +57,7 @@ type DeleteBucketReplicationInput struct { func (in *DeleteBucketReplicationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketReplicationOutput struct { @@ -121,6 +122,9 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketReplicationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go index a9306784f..5a75a1f4a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go @@ -9,13 +9,15 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Deletes the tags from the bucket. To use this operation, you must have -// permission to perform the s3:PutBucketTagging action. By default, the bucket -// owner has this permission and can grant this permission to others. The following -// operations are related to DeleteBucketTagging : +// This operation is not supported by directory buckets. Deletes the tags from the +// bucket. To use this operation, you must have permission to perform the +// s3:PutBucketTagging action. By default, the bucket owner has this permission and +// can grant this permission to others. The following operations are related to +// DeleteBucketTagging : // - GetBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html) // - PutBucketTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) func (c *Client) DeleteBucketTagging(ctx context.Context, params *DeleteBucketTaggingInput, optFns ...func(*Options)) (*DeleteBucketTaggingOutput, error) { @@ -40,9 +42,9 @@ type DeleteBucketTaggingInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -50,7 +52,7 @@ type DeleteBucketTaggingInput struct { func (in *DeleteBucketTaggingInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketTaggingOutput struct { @@ -115,6 +117,9 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketTaggingValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go index 9eccc2465..dbe84fbb9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go @@ -9,20 +9,21 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This action removes the website configuration for a bucket. Amazon S3 returns a -// 200 OK response upon successfully deleting a website configuration on the -// specified bucket. You will get a 200 OK response if the website configuration -// you are trying to delete does not exist on the bucket. Amazon S3 returns a 404 -// response if the bucket specified in the request does not exist. This DELETE -// action requires the S3:DeleteBucketWebsite permission. By default, only the -// bucket owner can delete the website configuration attached to a bucket. However, -// bucket owners can grant other users permission to delete the website -// configuration by writing a bucket policy granting them the -// S3:DeleteBucketWebsite permission. For more information about hosting websites, -// see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) +// This operation is not supported by directory buckets. This action removes the +// website configuration for a bucket. Amazon S3 returns a 200 OK response upon +// successfully deleting a website configuration on the specified bucket. You will +// get a 200 OK response if the website configuration you are trying to delete +// does not exist on the bucket. Amazon S3 returns a 404 response if the bucket +// specified in the request does not exist. This DELETE action requires the +// S3:DeleteBucketWebsite permission. By default, only the bucket owner can delete +// the website configuration attached to a bucket. However, bucket owners can grant +// other users permission to delete the website configuration by writing a bucket +// policy granting them the S3:DeleteBucketWebsite permission. For more +// information about hosting websites, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) // . The following operations are related to DeleteBucketWebsite : // - GetBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketWebsite.html) // - PutBucketWebsite (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketWebsite.html) @@ -48,9 +49,9 @@ type DeleteBucketWebsiteInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -58,7 +59,7 @@ type DeleteBucketWebsiteInput struct { func (in *DeleteBucketWebsiteInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeleteBucketWebsiteOutput struct { @@ -123,6 +124,9 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteBucketWebsiteValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go index 983a51bec..cd00e5998 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go @@ -13,24 +13,69 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Removes the null version (if there is one) of an object and inserts a delete -// marker, which becomes the latest version of the object. If there isn't a null -// version, Amazon S3 does not remove any objects but will still respond that the -// command was successful. To remove a specific version, you must use the version -// Id subresource. Using this subresource permanently deletes the version. If the -// object deleted is a delete marker, Amazon S3 sets the response header, -// x-amz-delete-marker , to true. If the object you want to delete is in a bucket -// where the bucket versioning configuration is MFA Delete enabled, you must -// include the x-amz-mfa request header in the DELETE versionId request. Requests -// that include x-amz-mfa must use HTTPS. For more information about MFA Delete, -// see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) -// . To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete) -// . You can delete objects by explicitly calling DELETE Object or configure its -// lifecycle ( PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) +// Removes an object from a bucket. The behavior depends on the bucket's +// versioning state: +// +// - If versioning is enabled, the operation removes the null version (if there +// is one) of an object and inserts a delete marker, which becomes the latest +// version of the object. If there isn't a null version, Amazon S3 does not remove +// any objects but will still respond that the command was successful. +// +// - If versioning is suspended or not enabled, the operation permanently +// deletes the object. +// +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID is +// supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// - Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support +// virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . +// Path-style requests are not supported. For more information, see Regional and +// Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// To remove a specific version, you must use the versionId query parameter. Using +// this query parameter permanently deletes the version. If the object deleted is a +// delete marker, Amazon S3 sets the response header x-amz-delete-marker to true. +// If the object you want to delete is in a bucket where the bucket versioning +// configuration is MFA Delete enabled, you must include the x-amz-mfa request +// header in the DELETE versionId request. Requests that include x-amz-mfa must +// use HTTPS. For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) +// in the Amazon S3 User Guide. To see sample requests that use versioning, see +// Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete) +// . Directory buckets - MFA delete is not supported by directory buckets. You can +// delete objects by explicitly calling DELETE Object or calling ( +// PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html) // ) to enable Amazon S3 to remove them for you. If you want to block users or // accounts from removing or deleting objects from your bucket, you must deny them // the s3:DeleteObject , s3:DeleteObjectVersion , and s3:PutLifeCycleConfiguration -// actions. The following action is related to DeleteObject : +// actions. Directory buckets - S3 Lifecycle is not supported by directory buckets. +// Permissions +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// - s3:DeleteObject - To delete an object from a bucket, you must always have +// the s3:DeleteObject permission. +// - s3:DeleteObjectVersion - To delete a specific version of an object from a +// versiong-enabled bucket, you must have the s3:DeleteObjectVersion permission. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following action is +// related to DeleteObject : // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, optFns ...func(*Options)) (*DeleteObjectOutput, error) { if params == nil { @@ -49,16 +94,26 @@ func (c *Client) DeleteObject(ctx context.Context, params *DeleteObjectInput, op type DeleteObjectInput struct { - // The bucket name of the bucket containing the object. When using this action - // with an access point, you must direct requests to the access point hostname. The - // access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The bucket name of the bucket containing the object. Directory buckets - When + // you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -75,30 +130,34 @@ type DeleteObjectInput struct { // Indicates whether S3 Object Lock should bypass Governance-mode restrictions to // process this operation. To use this header, you must have the - // s3:BypassGovernanceRetention permission. - BypassGovernanceRetention bool + // s3:BypassGovernanceRetention permission. This functionality is not supported for + // directory buckets. + BypassGovernanceRetention *bool - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The concatenation of the authentication device's serial number, a space, and // the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA - // delete enabled. + // delete enabled. This functionality is not supported for directory buckets. MFA *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. For directory + // buckets in this API operation, only the null value of the version ID is + // supported. VersionId *string noSmithyDocumentSerde @@ -106,6 +165,7 @@ type DeleteObjectInput struct { func (in *DeleteObjectInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } @@ -114,15 +174,16 @@ type DeleteObjectOutput struct { // Indicates whether the specified object version that was permanently deleted was // (true) or was not (false) a delete marker before deletion. In a simple DELETE, // this header indicates whether (true) or not (false) the current version of the - // object is a delete marker. - DeleteMarker bool + // object is a delete marker. This functionality is not supported for directory + // buckets. + DeleteMarker *bool // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Returns the version ID of the delete marker created as a result of the DELETE - // operation. + // operation. This functionality is not supported for directory buckets. VersionId *string // Metadata pertaining to the operation's result. @@ -186,6 +247,9 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteObjectValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go index 1fd67d48d..961b9459a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go @@ -12,8 +12,9 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Removes the entire tag set from the specified object. For more information -// about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html) +// This operation is not supported by directory buckets. Removes the entire tag +// set from the specified object. For more information about managing object tags, +// see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html) // . To use this operation, you must have permission to perform the // s3:DeleteObjectTagging action. To delete tags of a specific object version, add // the versionId query parameter in the request. You will need permission for the @@ -38,16 +39,18 @@ func (c *Client) DeleteObjectTagging(ctx context.Context, params *DeleteObjectTa type DeleteObjectTaggingInput struct { - // The bucket name containing the objects from which to remove the tags. When - // using this action with an access point, you must direct requests to the access - // point hostname. The access point hostname takes the form + // The bucket name containing the objects from which to remove the tags. Access + // points - When you use this action with an access point, you must provide the + // alias of the access point in place of the bucket name or specify the access + // point ARN. When using the access point ARN, you must direct requests to the + // access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // in the Amazon S3 User Guide. S3 on Outposts - When you use this action with + // Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. + // The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -62,9 +65,9 @@ type DeleteObjectTaggingInput struct { // This member is required. Key *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The versionId of the object that the tag-set will be removed from. @@ -144,6 +147,9 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteObjectTaggingValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go index 7676e8415..1d1fa4327 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go @@ -14,31 +14,72 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This action enables you to delete multiple objects from a bucket using a single -// HTTP request. If you know the object keys that you want to delete, then this -// action provides a suitable alternative to sending individual delete requests, -// reducing per-request overhead. The request contains a list of up to 1000 keys -// that you want to delete. In the XML, you provide the object key names, and -// optionally, version IDs if you want to delete a specific version of the object -// from a versioning-enabled bucket. For each key, Amazon S3 performs a delete -// action and returns the result of that delete, success, or failure, in the -// response. Note that if the object specified in the request is not found, Amazon -// S3 returns the result as deleted. The action supports two modes for the -// response: verbose and quiet. By default, the action uses verbose mode in which -// the response includes the result of deletion of each key in your request. In -// quiet mode the response includes only keys where the delete action encountered -// an error. For a successful deletion, the action does not return any information -// about the delete in the response body. When performing this action on an MFA -// Delete enabled bucket, that attempts to delete any versioned objects, you must -// include an MFA token. If you do not provide one, the entire request will fail, -// even if there are non-versioned objects you are trying to delete. If you provide -// an invalid token, whether there are versioned keys in the request or not, the -// entire Multi-Object Delete request will fail. For information about MFA Delete, -// see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) -// . Finally, the Content-MD5 header is required for all Multi-Object Delete -// requests. Amazon S3 uses the header value to ensure that your request body has -// not been altered in transit. The following operations are related to -// DeleteObjects : +// This operation enables you to delete multiple objects from a bucket using a +// single HTTP request. If you know the object keys that you want to delete, then +// this operation provides a suitable alternative to sending individual delete +// requests, reducing per-request overhead. The request can contain a list of up to +// 1000 keys that you want to delete. In the XML, you provide the object key names, +// and optionally, version IDs if you want to delete a specific version of the +// object from a versioning-enabled bucket. For each key, Amazon S3 performs a +// delete operation and returns the result of that delete, success or failure, in +// the response. Note that if the object specified in the request is not found, +// Amazon S3 returns the result as deleted. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. +// - Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support +// virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . +// Path-style requests are not supported. For more information, see Regional and +// Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// The operation supports two modes for the response: verbose and quiet. By +// default, the operation uses verbose mode in which the response includes the +// result of deletion of each key in your request. In quiet mode the response +// includes only keys where the delete operation encountered an error. For a +// successful deletion in a quiet mode, the operation does not return any +// information about the delete in the response body. When performing this action +// on an MFA Delete enabled bucket, that attempts to delete any versioned objects, +// you must include an MFA token. If you do not provide one, the entire request +// will fail, even if there are non-versioned objects you are trying to delete. If +// you provide an invalid token, whether there are versioned keys in the request or +// not, the entire Multi-Object Delete request will fail. For information about MFA +// Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) +// in the Amazon S3 User Guide. Directory buckets - MFA delete is not supported by +// directory buckets. Permissions +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// - s3:DeleteObject - To delete an object from a bucket, you must always specify +// the s3:DeleteObject permission. +// - s3:DeleteObjectVersion - To delete a specific version of an object from a +// versiong-enabled bucket, you must specify the s3:DeleteObjectVersion +// permission. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Content-MD5 request header +// - General purpose bucket - The Content-MD5 request header is required for all +// Multi-Object Delete requests. Amazon S3 uses the header value to ensure that +// your request body has not been altered in transit. +// - Directory bucket - The Content-MD5 request header or a additional checksum +// request header (including x-amz-checksum-crc32 , x-amz-checksum-crc32c , +// x-amz-checksum-sha1 , or x-amz-checksum-sha256 ) is required for all +// Multi-Object Delete requests. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to DeleteObjects : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) @@ -61,16 +102,26 @@ func (c *Client) DeleteObjects(ctx context.Context, params *DeleteObjectsInput, type DeleteObjectsInput struct { - // The bucket name containing the objects to delete. When using this action with - // an access point, you must direct requests to the access point hostname. The - // access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The bucket name containing the objects to delete. Directory buckets - When you + // use this operation with a directory bucket, you must use virtual-hosted-style + // requests in the format Bucket_name.s3express-az_id.region.amazonaws.com . + // Path-style requests are not supported. Directory bucket names must be unique in + // the chosen Availability Zone. Bucket names must follow the format + // bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -87,39 +138,57 @@ type DeleteObjectsInput struct { // Specifies whether you want to delete this object even if it has a // Governance-type Object Lock in place. To use this header, you must have the - // s3:BypassGovernanceRetention permission. - BypassGovernanceRetention bool + // s3:BypassGovernanceRetention permission. This functionality is not supported for + // directory buckets. + BypassGovernanceRetention *bool - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) - // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 - // ignores any provided ChecksumAlgorithm parameter. This checksum algorithm must - // be the same for all parts and it match the checksum value supplied in the - // CreateMultipartUpload request. + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 + // fails the request with the HTTP status code 400 Bad Request . For the + // x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // - CRC32 + // - CRC32C + // - SHA1 + // - SHA256 + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. If the individual checksum value you provide + // through x-amz-checksum-algorithm doesn't match the checksum algorithm you set + // through x-amz-sdk-checksum-algorithm , Amazon S3 ignores any provided + // ChecksumAlgorithm parameter and uses the checksum algorithm that matches the + // provided value in x-amz-checksum-algorithm . If you provide an individual + // checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The concatenation of the authentication device's serial number, a space, and // the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA - // delete enabled. + // delete enabled. When performing the DeleteObjects operation on an MFA delete + // enabled bucket, which attempts to delete the specified versioned objects, you + // must include an MFA token. If you don't provide an MFA token, the entire request + // will fail, even if there are non-versioned objects that you are trying to + // delete. If you provide an invalid token, whether there are versioned object keys + // in the request or not, the entire Multi-Object Delete request will fail. For + // information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. MFA *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer noSmithyDocumentSerde @@ -141,7 +210,7 @@ type DeleteObjectsOutput struct { Errors []types.Error // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -205,6 +274,9 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeleteObjectsValidationMiddleware(stack); err != nil { return err } @@ -241,6 +313,9 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go index 61ce60ef9..488d2a797 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go @@ -9,13 +9,15 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use -// this operation, you must have the s3:PutBucketPublicAccessBlock permission. For -// more information about permissions, see Permissions Related to Bucket -// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Removes the +// PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, +// you must have the s3:PutBucketPublicAccessBlock permission. For more +// information about permissions, see Permissions Related to Bucket Subresource +// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . The following operations are related to DeletePublicAccessBlock : // - Using Amazon S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) @@ -44,9 +46,9 @@ type DeletePublicAccessBlockInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -54,7 +56,7 @@ type DeletePublicAccessBlockInput struct { func (in *DeletePublicAccessBlockInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type DeletePublicAccessBlockOutput struct { @@ -119,6 +121,9 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpDeletePublicAccessBlockValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go index 671a3c8f8..9a90a88a0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go @@ -10,17 +10,19 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This implementation of the GET action uses the accelerate subresource to return -// the Transfer Acceleration state of a bucket, which is either Enabled or -// Suspended . Amazon S3 Transfer Acceleration is a bucket-level feature that -// enables you to perform faster data transfers to and from Amazon S3. To use this -// operation, you must have permission to perform the s3:GetAccelerateConfiguration -// action. The bucket owner has this permission by default. The bucket owner can -// grant this permission to others. For more information about permissions, see -// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. This implementation of +// the GET action uses the accelerate subresource to return the Transfer +// Acceleration state of a bucket, which is either Enabled or Suspended . Amazon S3 +// Transfer Acceleration is a bucket-level feature that enables you to perform +// faster data transfers to and from Amazon S3. To use this operation, you must +// have permission to perform the s3:GetAccelerateConfiguration action. The bucket +// owner has this permission by default. The bucket owner can grant this permission +// to others. For more information about permissions, see Permissions Related to +// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. You set the Transfer Acceleration state of an // existing bucket to Enabled or Suspended by using the @@ -54,18 +56,19 @@ type GetBucketAccelerateConfigurationInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer noSmithyDocumentSerde @@ -73,13 +76,13 @@ type GetBucketAccelerateConfigurationInput struct { func (in *GetBucketAccelerateConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketAccelerateConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // The accelerate configuration of the bucket. @@ -146,6 +149,9 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack * if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketAccelerateConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go index 9fd961d25..36747fc9c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go @@ -10,17 +10,19 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This implementation of the GET action uses the acl subresource to return the -// access control list (ACL) of a bucket. To use GET to return the ACL of the -// bucket, you must have READ_ACP access to the bucket. If READ_ACP permission is -// granted to the anonymous user, you can return the ACL of the bucket without -// using an authorization header. To use this API operation against an access -// point, provide the alias of the access point in place of the bucket name. To use -// this API operation against an Object Lambda access point, provide the alias of -// the Object Lambda access point in place of the bucket name. If the Object Lambda +// This operation is not supported by directory buckets. This implementation of +// the GET action uses the acl subresource to return the access control list (ACL) +// of a bucket. To use GET to return the ACL of the bucket, you must have the +// READ_ACP access to the bucket. If READ_ACP permission is granted to the +// anonymous user, you can return the ACL of the bucket without using an +// authorization header. When you use this API operation with an access point, +// provide the alias of the access point in place of the bucket name. When you use +// this API operation with an Object Lambda access point, provide the alias of the +// Object Lambda access point in place of the bucket name. If the Object Lambda // access point alias in a request is not valid, the error code // InvalidAccessPointAliasError is returned. For more information about // InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) @@ -49,21 +51,21 @@ func (c *Client) GetBucketAcl(ctx context.Context, params *GetBucketAclInput, op type GetBucketAclInput struct { - // Specifies the S3 bucket whose ACL is being requested. To use this API operation - // against an access point, provide the alias of the access point in place of the - // bucket name. To use this API operation against an Object Lambda access point, - // provide the alias of the Object Lambda access point in place of the bucket name. - // If the Object Lambda access point alias in a request is not valid, the error - // code InvalidAccessPointAliasError is returned. For more information about - // InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) + // Specifies the S3 bucket whose ACL is being requested. When you use this API + // operation with an access point, provide the alias of the access point in place + // of the bucket name. When you use this API operation with an Object Lambda access + // point, provide the alias of the Object Lambda access point in place of the + // bucket name. If the Object Lambda access point alias in a request is not valid, + // the error code InvalidAccessPointAliasError is returned. For more information + // about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) // . // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -71,7 +73,7 @@ type GetBucketAclInput struct { func (in *GetBucketAclInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketAclOutput struct { @@ -143,6 +145,9 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketAclValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go index 1c3679e63..0f7922ae9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go @@ -10,15 +10,17 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This implementation of the GET action returns an analytics configuration -// (identified by the analytics configuration ID) from the bucket. To use this -// operation, you must have permissions to perform the s3:GetAnalyticsConfiguration -// action. The bucket owner has this permission by default. The bucket owner can -// grant this permission to others. For more information about permissions, see -// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. This implementation of +// the GET action returns an analytics configuration (identified by the analytics +// configuration ID) from the bucket. To use this operation, you must have +// permissions to perform the s3:GetAnalyticsConfiguration action. The bucket +// owner has this permission by default. The bucket owner can grant this permission +// to others. For more information about permissions, see Permissions Related to +// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // in the Amazon S3 User Guide. For information about Amazon S3 analytics feature, // see Amazon S3 Analytics – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) @@ -54,9 +56,9 @@ type GetBucketAnalyticsConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -64,7 +66,7 @@ type GetBucketAnalyticsConfigurationInput struct { func (in *GetBucketAnalyticsConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketAnalyticsConfigurationOutput struct { @@ -133,6 +135,9 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go index 8902ccd2f..33c25aa13 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go @@ -10,19 +10,21 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the Cross-Origin Resource Sharing (CORS) configuration information set -// for the bucket. To use this operation, you must have permission to perform the -// s3:GetBucketCORS action. By default, the bucket owner has this permission and -// can grant it to others. To use this API operation against an access point, -// provide the alias of the access point in place of the bucket name. To use this -// API operation against an Object Lambda access point, provide the alias of the -// Object Lambda access point in place of the bucket name. If the Object Lambda -// access point alias in a request is not valid, the error code -// InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) +// This operation is not supported by directory buckets. Returns the Cross-Origin +// Resource Sharing (CORS) configuration information set for the bucket. To use +// this operation, you must have permission to perform the s3:GetBucketCORS +// action. By default, the bucket owner has this permission and can grant it to +// others. When you use this API operation with an access point, provide the alias +// of the access point in place of the bucket name. When you use this API operation +// with an Object Lambda access point, provide the alias of the Object Lambda +// access point in place of the bucket name. If the Object Lambda access point +// alias in a request is not valid, the error code InvalidAccessPointAliasError is +// returned. For more information about InvalidAccessPointAliasError , see List of +// Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) // . For more information about CORS, see Enabling Cross-Origin Resource Sharing (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) // . The following operations are related to GetBucketCors : // - PutBucketCors (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketCors.html) @@ -44,21 +46,21 @@ func (c *Client) GetBucketCors(ctx context.Context, params *GetBucketCorsInput, type GetBucketCorsInput struct { - // The bucket name for which to get the cors configuration. To use this API - // operation against an access point, provide the alias of the access point in - // place of the bucket name. To use this API operation against an Object Lambda - // access point, provide the alias of the Object Lambda access point in place of - // the bucket name. If the Object Lambda access point alias in a request is not - // valid, the error code InvalidAccessPointAliasError is returned. For more - // information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) + // The bucket name for which to get the cors configuration. When you use this API + // operation with an access point, provide the alias of the access point in place + // of the bucket name. When you use this API operation with an Object Lambda access + // point, provide the alias of the Object Lambda access point in place of the + // bucket name. If the Object Lambda access point alias in a request is not valid, + // the error code InvalidAccessPointAliasError is returned. For more information + // about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) // . // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -66,7 +68,7 @@ type GetBucketCorsInput struct { func (in *GetBucketCorsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketCorsOutput struct { @@ -136,6 +138,9 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketCorsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go index 9bd98cbf2..c8be5dd00 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go @@ -10,14 +10,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the default encryption configuration for an Amazon S3 bucket. By -// default, all buckets have a default encryption configuration that uses -// server-side encryption with Amazon S3 managed keys (SSE-S3). For information -// about the bucket default encryption feature, see Amazon S3 Bucket Default -// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// This operation is not supported by directory buckets. Returns the default +// encryption configuration for an Amazon S3 bucket. By default, all buckets have a +// default encryption configuration that uses server-side encryption with Amazon S3 +// managed keys (SSE-S3). For information about the bucket default encryption +// feature, see Amazon S3 Bucket Default Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // in the Amazon S3 User Guide. To use this operation, you must have permission to // perform the s3:GetEncryptionConfiguration action. The bucket owner has this // permission by default. The bucket owner can grant this permission to others. For @@ -50,9 +51,9 @@ type GetBucketEncryptionInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -60,7 +61,7 @@ type GetBucketEncryptionInput struct { func (in *GetBucketEncryptionInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketEncryptionOutput struct { @@ -129,6 +130,9 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketEncryptionValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go index cd74655be..a3531f983 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go @@ -10,10 +10,12 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Gets the S3 Intelligent-Tiering configuration from the specified bucket. The S3 +// This operation is not supported by directory buckets. Gets the S3 +// Intelligent-Tiering configuration from the specified bucket. The S3 // Intelligent-Tiering storage class is designed to optimize storage costs by // automatically moving data to the most cost-effective storage access tier, // without performance impact or operational overhead. S3 Intelligent-Tiering @@ -64,7 +66,7 @@ type GetBucketIntelligentTieringConfigurationInput struct { func (in *GetBucketIntelligentTieringConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketIntelligentTieringConfigurationOutput struct { @@ -133,6 +135,9 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go index 845c53e3b..3fe6f9868 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go @@ -10,13 +10,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns an inventory configuration (identified by the inventory configuration -// ID) from the bucket. To use this operation, you must have permissions to perform -// the s3:GetInventoryConfiguration action. The bucket owner has this permission -// by default and can grant this permission to others. For more information about +// This operation is not supported by directory buckets. Returns an inventory +// configuration (identified by the inventory configuration ID) from the bucket. To +// use this operation, you must have permissions to perform the +// s3:GetInventoryConfiguration action. The bucket owner has this permission by +// default and can grant this permission to others. For more information about // permissions, see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . For information about the Amazon S3 inventory feature, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) @@ -51,9 +53,9 @@ type GetBucketInventoryConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -61,7 +63,7 @@ type GetBucketInventoryConfigurationInput struct { func (in *GetBucketInventoryConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketInventoryConfigurationOutput struct { @@ -130,6 +132,9 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketInventoryConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go index d878d134a..4cc9eff88 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go @@ -10,16 +10,17 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Bucket lifecycle configuration now supports specifying a lifecycle rule using -// an object key name prefix, one or more object tags, or a combination of both. -// Accordingly, this section describes the latest API. The response describes the -// new filter element that you can use to specify a filter to select a subset of -// objects to which the rule applies. If you are using a previous version of the -// lifecycle configuration, it still works. For the earlier action, see -// GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html) +// This operation is not supported by directory buckets. Bucket lifecycle +// configuration now supports specifying a lifecycle rule using an object key name +// prefix, one or more object tags, or a combination of both. Accordingly, this +// section describes the latest API. The response describes the new filter element +// that you can use to specify a filter to select a subset of objects to which the +// rule applies. If you are using a previous version of the lifecycle +// configuration, it still works. For the earlier action, see GetBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycle.html) // . Returns the lifecycle configuration information set on the bucket. For // information about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) // . To use this operation, you must have permission to perform the @@ -60,9 +61,9 @@ type GetBucketLifecycleConfigurationInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -70,7 +71,7 @@ type GetBucketLifecycleConfigurationInput struct { func (in *GetBucketLifecycleConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketLifecycleConfigurationOutput struct { @@ -139,6 +140,9 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketLifecycleConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go index 851548e5e..e94875fe5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go @@ -15,17 +15,19 @@ import ( smithyxml "github.com/aws/smithy-go/encoding/xml" smithyio "github.com/aws/smithy-go/io" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" "io" ) -// Returns the Region the bucket resides in. You set the bucket's Region using the -// LocationConstraint request parameter in a CreateBucket request. For more -// information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) -// . To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. To use this API operation against an -// Object Lambda access point, provide the alias of the Object Lambda access point -// in place of the bucket name. If the Object Lambda access point alias in a +// This operation is not supported by directory buckets. Returns the Region the +// bucket resides in. You set the bucket's Region using the LocationConstraint +// request parameter in a CreateBucket request. For more information, see +// CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) +// . When you use this API operation with an access point, provide the alias of the +// access point in place of the bucket name. When you use this API operation with +// an Object Lambda access point, provide the alias of the Object Lambda access +// point in place of the bucket name. If the Object Lambda access point alias in a // request is not valid, the error code InvalidAccessPointAliasError is returned. // For more information about InvalidAccessPointAliasError , see List of Error // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) @@ -52,21 +54,21 @@ func (c *Client) GetBucketLocation(ctx context.Context, params *GetBucketLocatio type GetBucketLocationInput struct { - // The name of the bucket for which to get the location. To use this API operation - // against an access point, provide the alias of the access point in place of the - // bucket name. To use this API operation against an Object Lambda access point, - // provide the alias of the Object Lambda access point in place of the bucket name. - // If the Object Lambda access point alias in a request is not valid, the error - // code InvalidAccessPointAliasError is returned. For more information about - // InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) + // The name of the bucket for which to get the location. When you use this API + // operation with an access point, provide the alias of the access point in place + // of the bucket name. When you use this API operation with an Object Lambda access + // point, provide the alias of the Object Lambda access point in place of the + // bucket name. If the Object Lambda access point alias in a request is not valid, + // the error code InvalidAccessPointAliasError is returned. For more information + // about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) // . // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -74,7 +76,7 @@ type GetBucketLocationInput struct { func (in *GetBucketLocationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketLocationOutput struct { @@ -148,6 +150,9 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketLocationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go index f3f80c9d0..5bbca7e4c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go @@ -10,12 +10,13 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the logging status of a bucket and the permissions users have to view -// and modify that status. The following operations are related to GetBucketLogging -// : +// This operation is not supported by directory buckets. Returns the logging +// status of a bucket and the permissions users have to view and modify that +// status. The following operations are related to GetBucketLogging : // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // - PutBucketLogging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLogging.html) func (c *Client) GetBucketLogging(ctx context.Context, params *GetBucketLoggingInput, optFns ...func(*Options)) (*GetBucketLoggingOutput, error) { @@ -40,9 +41,9 @@ type GetBucketLoggingInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -50,7 +51,7 @@ type GetBucketLoggingInput struct { func (in *GetBucketLoggingInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketLoggingOutput struct { @@ -121,6 +122,9 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketLoggingValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go index 28099c60d..913b9a04d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go @@ -10,16 +10,17 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Gets a metrics configuration (specified by the metrics configuration ID) from -// the bucket. Note that this doesn't include the daily storage metrics. To use -// this operation, you must have permissions to perform the -// s3:GetMetricsConfiguration action. The bucket owner has this permission by -// default. The bucket owner can grant this permission to others. For more -// information about permissions, see Permissions Related to Bucket Subresource -// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Gets a metrics +// configuration (specified by the metrics configuration ID) from the bucket. Note +// that this doesn't include the daily storage metrics. To use this operation, you +// must have permissions to perform the s3:GetMetricsConfiguration action. The +// bucket owner has this permission by default. The bucket owner can grant this +// permission to others. For more information about permissions, see Permissions +// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . For information about CloudWatch request metrics for Amazon S3, see // Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) @@ -56,9 +57,9 @@ type GetBucketMetricsConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -66,7 +67,7 @@ type GetBucketMetricsConfigurationInput struct { func (in *GetBucketMetricsConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketMetricsConfigurationOutput struct { @@ -135,6 +136,9 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketMetricsConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go index 58d9f614e..67a35d973 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go @@ -10,21 +10,23 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the notification configuration of a bucket. If notifications are not -// enabled on the bucket, the action returns an empty NotificationConfiguration -// element. By default, you must be the bucket owner to read the notification -// configuration of a bucket. However, the bucket owner can use a bucket policy to -// grant permission to other users to read this configuration with the -// s3:GetBucketNotification permission. To use this API operation against an access -// point, provide the alias of the access point in place of the bucket name. To use -// this API operation against an Object Lambda access point, provide the alias of -// the Object Lambda access point in place of the bucket name. If the Object Lambda -// access point alias in a request is not valid, the error code -// InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) +// This operation is not supported by directory buckets. Returns the notification +// configuration of a bucket. If notifications are not enabled on the bucket, the +// action returns an empty NotificationConfiguration element. By default, you must +// be the bucket owner to read the notification configuration of a bucket. However, +// the bucket owner can use a bucket policy to grant permission to other users to +// read this configuration with the s3:GetBucketNotification permission. When you +// use this API operation with an access point, provide the alias of the access +// point in place of the bucket name. When you use this API operation with an +// Object Lambda access point, provide the alias of the Object Lambda access point +// in place of the bucket name. If the Object Lambda access point alias in a +// request is not valid, the error code InvalidAccessPointAliasError is returned. +// For more information about InvalidAccessPointAliasError , see List of Error +// Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) // . For more information about setting and reading the notification configuration // on a bucket, see Setting Up Notification of Bucket Events (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // . For more information about bucket policies, see Using Bucket Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) @@ -47,21 +49,22 @@ func (c *Client) GetBucketNotificationConfiguration(ctx context.Context, params type GetBucketNotificationConfigurationInput struct { - // The name of the bucket for which to get the notification configuration. To use - // this API operation against an access point, provide the alias of the access - // point in place of the bucket name. To use this API operation against an Object - // Lambda access point, provide the alias of the Object Lambda access point in - // place of the bucket name. If the Object Lambda access point alias in a request - // is not valid, the error code InvalidAccessPointAliasError is returned. For more - // information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) + // The name of the bucket for which to get the notification configuration. When + // you use this API operation with an access point, provide the alias of the access + // point in place of the bucket name. When you use this API operation with an + // Object Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError , see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) // . // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -69,7 +72,7 @@ type GetBucketNotificationConfigurationInput struct { func (in *GetBucketNotificationConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } // A container for specifying the notification configuration of the bucket. If @@ -152,6 +155,9 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketNotificationConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go index ddf5c4cd2..dca55854e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go @@ -10,12 +10,14 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, you -// must have the s3:GetBucketOwnershipControls permission. For more information -// about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html) +// This operation is not supported by directory buckets. Retrieves +// OwnershipControls for an Amazon S3 bucket. To use this operation, you must have +// the s3:GetBucketOwnershipControls permission. For more information about Amazon +// S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html) // . For information about Amazon S3 Object Ownership, see Using Object Ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) // . The following operations are related to GetBucketOwnershipControls : // - PutBucketOwnershipControls @@ -42,9 +44,9 @@ type GetBucketOwnershipControlsInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -52,7 +54,7 @@ type GetBucketOwnershipControlsInput struct { func (in *GetBucketOwnershipControlsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketOwnershipControlsOutput struct { @@ -122,6 +124,9 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketOwnershipControlsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go index a76b11cf6..ff42b705b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go @@ -9,32 +9,50 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/signer/v4" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the policy of a specified bucket. If you are using an identity other -// than the root user of the Amazon Web Services account that owns the bucket, the -// calling identity must have the GetBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account in order to use this operation. -// If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access -// Denied error. If you have the correct permissions, but you're not using an -// identity that belongs to the bucket owner's account, Amazon S3 returns a 405 -// Method Not Allowed error. To ensure that bucket owners don't inadvertently lock -// themselves out of their own buckets, the root principal in a bucket owner's -// Amazon Web Services account can perform the GetBucketPolicy , PutBucketPolicy , -// and DeleteBucketPolicy API actions, even if their bucket policy explicitly -// denies the root principal's access. Bucket owner root principals can only be -// blocked from performing these API actions by VPC endpoint policies and Amazon -// Web Services Organizations policies. To use this API operation against an access -// point, provide the alias of the access point in place of the bucket name. To use -// this API operation against an Object Lambda access point, provide the alias of -// the Object Lambda access point in place of the bucket name. If the Object Lambda -// access point alias in a request is not valid, the error code -// InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) -// . For more information about bucket policies, see Using Bucket Policies and -// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) -// . The following action is related to GetBucketPolicy : +// Returns the policy of a specified bucket. Directory buckets - For directory +// buckets, you must make requests for this API operation to the Regional endpoint. +// These endpoints support path-style requests in the format +// https://s3express-control.region_code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions If you are using an identity other than +// the root user of the Amazon Web Services account that owns the bucket, the +// calling identity must both have the GetBucketPolicy permissions on the +// specified bucket and belong to the bucket owner's account in order to use this +// operation. If you don't have GetBucketPolicy permissions, Amazon S3 returns a +// 403 Access Denied error. If you have the correct permissions, but you're not +// using an identity that belongs to the bucket owner's account, Amazon S3 returns +// a 405 Method Not Allowed error. To ensure that bucket owners don't +// inadvertently lock themselves out of their own buckets, the root principal in a +// bucket owner's Amazon Web Services account can perform the GetBucketPolicy , +// PutBucketPolicy , and DeleteBucketPolicy API actions, even if their bucket +// policy explicitly denies the root principal's access. Bucket owner root +// principals can only be blocked from performing these API actions by VPC endpoint +// policies and Amazon Web Services Organizations policies. +// - General purpose bucket permissions - The s3:GetBucketPolicy permission is +// required in a policy. For more information about general purpose buckets bucket +// policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:GetBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web Services +// account that owns the resource. For more information about directory bucket +// policies and permissions, see Amazon Web Services Identity and Access +// Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// Example bucket policies General purpose buckets example bucket policies - See +// Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. Directory bucket example bucket policies - See +// Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. HTTP Host header syntax Directory buckets - The +// HTTP Host header syntax is s3express-control.region.amazonaws.com . The +// following action is related to GetBucketPolicy : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInput, optFns ...func(*Options)) (*GetBucketPolicyOutput, error) { if params == nil { @@ -53,21 +71,33 @@ func (c *Client) GetBucketPolicy(ctx context.Context, params *GetBucketPolicyInp type GetBucketPolicyInput struct { - // The bucket name for which to get the bucket policy. To use this API operation - // against an access point, provide the alias of the access point in place of the - // bucket name. To use this API operation against an Object Lambda access point, - // provide the alias of the Object Lambda access point in place of the bucket name. - // If the Object Lambda access point alias in a request is not valid, the error - // code InvalidAccessPointAliasError is returned. For more information about - // InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) - // . + // The bucket name to get the bucket policy for. Directory buckets - When you use + // this operation with a directory bucket, you must use path-style requests in the + // format https://s3express-control.region_code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Availability Zone. Bucket names must also follow the format + // bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide Access points - When you use this API operation with + // an access point, provide the alias of the access point in place of the bucket + // name. Object Lambda access points - When you use this API operation with an + // Object Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError , see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) + // . Access points and Object Lambda access points are not supported by directory + // buckets. // // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). For directory buckets, this header + // is not supported in this API operation. If you specify this header, the request + // fails with the HTTP status code 501 Not Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -75,7 +105,7 @@ type GetBucketPolicyInput struct { func (in *GetBucketPolicyInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketPolicyOutput struct { @@ -144,6 +174,9 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketPolicyValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go index c7ed281c0..6acf706fc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go @@ -10,13 +10,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Retrieves the policy status for an Amazon S3 bucket, indicating whether the -// bucket is public. In order to use this operation, you must have the -// s3:GetBucketPolicyStatus permission. For more information about Amazon S3 -// permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// This operation is not supported by directory buckets. Retrieves the policy +// status for an Amazon S3 bucket, indicating whether the bucket is public. In +// order to use this operation, you must have the s3:GetBucketPolicyStatus +// permission. For more information about Amazon S3 permissions, see Specifying +// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // . For more information about when Amazon S3 considers a bucket public, see The // Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) // . The following operations are related to GetBucketPolicyStatus : @@ -46,9 +48,9 @@ type GetBucketPolicyStatusInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -56,7 +58,7 @@ type GetBucketPolicyStatusInput struct { func (in *GetBucketPolicyStatusInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketPolicyStatusOutput struct { @@ -125,6 +127,9 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware. if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketPolicyStatusValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go index 54c23f7d1..8db927c13 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go @@ -10,13 +10,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the replication configuration of a bucket. It can take a while to -// propagate the put or delete a replication configuration to all Amazon S3 -// systems. Therefore, a get request soon after put or delete can return a wrong -// result. For information about replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) +// This operation is not supported by directory buckets. Returns the replication +// configuration of a bucket. It can take a while to propagate the put or delete a +// replication configuration to all Amazon S3 systems. Therefore, a get request +// soon after put or delete can return a wrong result. For information about +// replication configuration, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 User Guide. This action requires permissions for the // s3:GetReplicationConfiguration action. For more information about permissions, // see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) @@ -49,9 +51,9 @@ type GetBucketReplicationInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -59,7 +61,7 @@ type GetBucketReplicationInput struct { func (in *GetBucketReplicationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketReplicationOutput struct { @@ -129,6 +131,9 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketReplicationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go index a25d37857..37c964509 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go @@ -10,12 +10,13 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the request payment configuration of a bucket. To use this version of -// the operation, you must be the bucket owner. For more information, see -// Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) +// This operation is not supported by directory buckets. Returns the request +// payment configuration of a bucket. To use this version of the operation, you +// must be the bucket owner. For more information, see Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) // . The following operations are related to GetBucketRequestPayment : // - ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) func (c *Client) GetBucketRequestPayment(ctx context.Context, params *GetBucketRequestPaymentInput, optFns ...func(*Options)) (*GetBucketRequestPaymentOutput, error) { @@ -40,9 +41,9 @@ type GetBucketRequestPaymentInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -50,7 +51,7 @@ type GetBucketRequestPaymentInput struct { func (in *GetBucketRequestPaymentInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketRequestPaymentOutput struct { @@ -119,6 +120,9 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketRequestPaymentValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go index 1bf7767d2..4c2761be8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go @@ -10,13 +10,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the tag set associated with the bucket. To use this operation, you must -// have permission to perform the s3:GetBucketTagging action. By default, the -// bucket owner has this permission and can grant this permission to others. -// GetBucketTagging has the following special error: +// This operation is not supported by directory buckets. Returns the tag set +// associated with the bucket. To use this operation, you must have permission to +// perform the s3:GetBucketTagging action. By default, the bucket owner has this +// permission and can grant this permission to others. GetBucketTagging has the +// following special error: // - Error code: NoSuchTagSet // - Description: There is no tag set associated with the bucket. // @@ -45,9 +47,9 @@ type GetBucketTaggingInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -55,7 +57,7 @@ type GetBucketTaggingInput struct { func (in *GetBucketTaggingInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketTaggingOutput struct { @@ -126,6 +128,9 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketTaggingValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go index c56edbb4b..55cad6297 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go @@ -10,14 +10,16 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the versioning state of a bucket. To retrieve the versioning state of a -// bucket, you must be the bucket owner. This implementation also returns the MFA -// Delete status of the versioning state. If the MFA Delete status is enabled , the -// bucket owner must use an authentication device to change the versioning state of -// the bucket. The following operations are related to GetBucketVersioning : +// This operation is not supported by directory buckets. Returns the versioning +// state of a bucket. To retrieve the versioning state of a bucket, you must be the +// bucket owner. This implementation also returns the MFA Delete status of the +// versioning state. If the MFA Delete status is enabled , the bucket owner must +// use an authentication device to change the versioning state of the bucket. The +// following operations are related to GetBucketVersioning : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) // - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) @@ -43,9 +45,9 @@ type GetBucketVersioningInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -53,7 +55,7 @@ type GetBucketVersioningInput struct { func (in *GetBucketVersioningInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketVersioningOutput struct { @@ -127,6 +129,9 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketVersioningValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go index 4fb220a9d..f0ebf2b0d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go @@ -10,12 +10,14 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the website configuration for a bucket. To host website on Amazon S3, -// you can configure a bucket as website by adding a website configuration. For -// more information about hosting websites, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) +// This operation is not supported by directory buckets. Returns the website +// configuration for a bucket. To host website on Amazon S3, you can configure a +// bucket as website by adding a website configuration. For more information about +// hosting websites, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) // . This GET action requires the S3:GetBucketWebsite permission. By default, only // the bucket owner can read the bucket website configuration. However, bucket // owners can allow other users to read the website configuration by writing a @@ -45,9 +47,9 @@ type GetBucketWebsiteInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -55,7 +57,7 @@ type GetBucketWebsiteInput struct { func (in *GetBucketWebsiteInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetBucketWebsiteOutput struct { @@ -134,6 +136,9 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetBucketWebsiteValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go index 144815e15..d2dc15c7c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go @@ -16,95 +16,98 @@ import ( "time" ) -// Retrieves objects from Amazon S3. To use GET , you must have READ access to the -// object. If you grant READ access to the anonymous user, you can return the -// object without using an authorization header. An Amazon S3 bucket has no -// directory hierarchy such as you would find in a typical computer file system. -// You can, however, create a logical hierarchy by using object key names that -// imply a folder structure. For example, instead of naming an object sample.jpg , -// you can name it photos/2006/February/sample.jpg . To get an object from such a -// logical hierarchy, specify the full key name for the object in the GET -// operation. For a virtual hosted-style request example, if you have the object -// photos/2006/February/sample.jpg , specify the resource as -// /photos/2006/February/sample.jpg . For a path-style request example, if you have -// the object photos/2006/February/sample.jpg in the bucket named examplebucket , -// specify the resource as /examplebucket/photos/2006/February/sample.jpg . For -// more information about request types, see HTTP Host Header Bucket Specification (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) -// . For more information about returning the ACL of an object, see GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) -// . If the object you are retrieving is stored in the S3 Glacier Flexible -// Retrieval or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering -// Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve -// the object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) -// . Otherwise, this action returns an InvalidObjectState error. For information -// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) -// . Encryption request headers, like x-amz-server-side-encryption , should not be -// sent for GET requests if your object uses server-side encryption with Key -// Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with -// Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon -// S3 managed encryption keys (SSE-S3). If your object does use these types of -// keys, you’ll get an HTTP 400 Bad Request error. If you encrypt an object by -// using server-side encryption with customer-provided encryption keys (SSE-C) when -// you store the object in Amazon S3, then when you GET the object, you must use -// the following headers: -// - x-amz-server-side-encryption-customer-algorithm -// - x-amz-server-side-encryption-customer-key -// - x-amz-server-side-encryption-customer-key-MD5 +// Retrieves an object from Amazon S3. In the GetObject request, specify the full +// key name for the object. General purpose buckets - Both the virtual-hosted-style +// requests and the path-style requests are supported. For a virtual hosted-style +// request example, if you have the object photos/2006/February/sample.jpg , +// specify the object key name as /photos/2006/February/sample.jpg . For a +// path-style request example, if you have the object +// photos/2006/February/sample.jpg in the bucket named examplebucket , specify the +// object key name as /examplebucket/photos/2006/February/sample.jpg . For more +// information about request types, see HTTP Host Header Bucket Specification (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) +// in the Amazon S3 User Guide. Directory buckets - Only virtual-hosted-style +// requests are supported. For a virtual hosted-style request example, if you have +// the object photos/2006/February/sample.jpg in the bucket named +// examplebucket--use1-az5--x-s3 , specify the object key name as +// /photos/2006/February/sample.jpg . Also, when you make requests to this API +// operation, your requests are sent to the Zonal endpoint. These endpoints support +// virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - You must have the required permissions +// in a policy. To use GetObject , you must have the READ access to the object +// (or version). If you grant READ access to the anonymous user, the GetObject +// operation returns the object without using an authorization header. For more +// information, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If you include a versionId in your request +// header, you must have the s3:GetObjectVersion permission to access a specific +// version of an object. The s3:GetObject permission is not required in this +// scenario. If you request the current version of an object without a specific +// versionId in the request header, only the s3:GetObject permission is required. +// The s3:GetObjectVersion permission is not required in this scenario. If the +// object that you request doesn’t exist, the error that Amazon S3 returns depends +// on whether you also have the s3:ListBucket permission. +// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an +// HTTP status code 404 Not Found error. +// - If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Access Denied error. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . // -// For more information about SSE-C, see Server-Side Encryption (Using -// Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) -// . Assuming you have the relevant permission to read object tags, the response -// also returns the x-amz-tagging-count header that provides the count of number -// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) -// to retrieve the tag set associated with an object. Permissions You need the -// relevant read object (or version) permission for this operation. For more -// information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// . If the object that you request doesn’t exist, the error that Amazon S3 returns -// depends on whether you also have the s3:ListBucket permission. If you have the -// s3:ListBucket permission on the bucket, Amazon S3 returns an HTTP status code -// 404 (Not Found) error. If you don’t have the s3:ListBucket permission, Amazon -// S3 returns an HTTP status code 403 ("access denied") error. Versioning By -// default, the GET action returns the current version of an object. To return a -// different version, use the versionId subresource. -// - If you supply a versionId , you need the s3:GetObjectVersion permission to -// access a specific version of an object. If you request a specific version, you -// do not need to have the s3:GetObject permission. If you request the current -// version without a specific version ID, only s3:GetObject permission is -// required. s3:GetObjectVersion permission won't be required. -// - If the current version of the object is a delete marker, Amazon S3 behaves -// as if the object was deleted and includes x-amz-delete-marker: true in the -// response. -// -// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html) -// . Overriding Response Header Values There are times when you want to override -// certain response header values in a GET response. For example, you might -// override the Content-Disposition response header value in your GET request. You -// can override values for a set of response headers using the following query -// parameters. These response header values are sent only on a successful request, -// that is, when status code 200 OK is returned. The set of headers you can -// override using these parameters is a subset of the headers that Amazon S3 -// accepts when you create an object. The response headers that you can override -// for the GET response are Content-Type , Content-Language , Expires , -// Cache-Control , Content-Disposition , and Content-Encoding . To override these -// header values in the GET response, you use the following request parameters. -// You must sign the request, either using an Authorization header or a presigned -// URL, when using these parameters. They cannot be used with an unsigned -// (anonymous) request. -// - response-content-type -// - response-content-language -// - response-expires +// Storage classes If the object you are retrieving is stored in the S3 Glacier +// Flexible Retrieval storage class, the S3 Glacier Deep Archive storage class, the +// S3 Intelligent-Tiering Archive Access tier, or the S3 Intelligent-Tiering Deep +// Archive Access tier, before you can retrieve the object you must first restore a +// copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) +// . Otherwise, this operation returns an InvalidObjectState error. For +// information about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the +// S3 Express One Zone storage class is supported to store newly created objects. +// Unsupported storage class values won't write a destination object and will +// respond with the HTTP status code 400 Bad Request . Encryption Encryption +// request headers, like x-amz-server-side-encryption , should not be sent for the +// GetObject requests, if your object uses server-side encryption with Amazon S3 +// managed encryption keys (SSE-S3), server-side encryption with Key Management +// Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption with Amazon +// Web Services KMS keys (DSSE-KMS). If you include the header in your GetObject +// requests for the object that uses these types of keys, you’ll get an HTTP 400 +// Bad Request error. Overriding response header values through the request There +// are times when you want to override certain response header values of a +// GetObject response. For example, you might override the Content-Disposition +// response header value through your GetObject request. You can override values +// for a set of response headers. These modified response header values are +// included only in a successful response, that is, when the HTTP status code 200 +// OK is returned. The headers you can override using the following query +// parameters in the request are a subset of the headers that Amazon S3 accepts +// when you create an object. The response headers that you can override for the +// GetObject response are Cache-Control , Content-Disposition , Content-Encoding , +// Content-Language , Content-Type , and Expires . To override values for a set of +// response headers in the GetObject response, you can use the following query +// parameters in the request. // - response-cache-control // - response-content-disposition // - response-content-encoding +// - response-content-language +// - response-content-type +// - response-expires // -// Overriding Response Header Values If both of the If-Match and -// If-Unmodified-Since headers are present in the request as follows: If-Match -// condition evaluates to true , and; If-Unmodified-Since condition evaluates to -// false ; then, S3 returns 200 OK and the data requested. If both of the -// If-None-Match and If-Modified-Since headers are present in the request as -// follows: If-None-Match condition evaluates to false , and; If-Modified-Since -// condition evaluates to true ; then, S3 returns 304 Not Modified response code. -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) -// . The following operations are related to GetObject : +// When you use these parameters, you must sign the request by using either an +// Authorization header or a presigned URL. These parameters cannot be used with an +// unsigned (anonymous) request. HTTP Host header syntax Directory buckets - The +// HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com . +// The following operations are related to GetObject : // - ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) // - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) func (c *Client) GetObject(ctx context.Context, params *GetObjectInput, optFns ...func(*Options)) (*GetObjectOutput, error) { @@ -124,18 +127,30 @@ func (c *Client) GetObject(ctx context.Context, params *GetObjectInput, optFns . type GetObjectInput struct { - // The bucket name containing the object. When using this action with an access - // point, you must direct requests to the access point hostname. The access point + // The bucket name containing the object. Directory buckets - When you use this + // operation with a directory bucket, you must use virtual-hosted-style requests in + // the format Bucket_name.s3express-az_id.region.amazonaws.com . Path-style + // requests are not supported. Directory bucket names must be unique in the chosen + // Availability Zone. Bucket names must follow the format + // bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Object Lambda access points - When you use this + // action with an Object Lambda access point, you must direct requests to the + // Object Lambda access point hostname. The Object Lambda access point hostname + // takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. + // Access points and Object Lambda access points are not supported by directory + // buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, + // you must direct requests to the S3 on Outposts hostname. The S3 on Outposts // hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When using an Object Lambda access point the - // hostname takes the form - // AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. When you use - // this action with Amazon S3 on Outposts, you must direct requests to the S3 on - // Outposts hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -153,51 +168,69 @@ type GetObjectInput struct { // To retrieve the checksum, this mode must be enabled. ChecksumMode types.ChecksumMode - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Return the object only if its entity tag (ETag) is the same as the one - // specified; otherwise, return a 412 (precondition failed) error. + // specified in this header; otherwise, return a 412 Precondition Failed error. If + // both of the If-Match and If-Unmodified-Since headers are present in the request + // as follows: If-Match condition evaluates to true , and; If-Unmodified-Since + // condition evaluates to false ; then, S3 returns 200 OK and the data requested. + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) + // . IfMatch *string // Return the object only if it has been modified since the specified time; - // otherwise, return a 304 (not modified) error. + // otherwise, return a 304 Not Modified error. If both of the If-None-Match and + // If-Modified-Since headers are present in the request as follows: If-None-Match + // condition evaluates to false , and; If-Modified-Since condition evaluates to + // true ; then, S3 returns 304 Not Modified status code. For more information + // about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . IfModifiedSince *time.Time // Return the object only if its entity tag (ETag) is different from the one - // specified; otherwise, return a 304 (not modified) error. + // specified in this header; otherwise, return a 304 Not Modified error. If both + // of the If-None-Match and If-Modified-Since headers are present in the request + // as follows: If-None-Match condition evaluates to false , and; If-Modified-Since + // condition evaluates to true ; then, S3 returns 304 Not Modified HTTP status + // code. For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) + // . IfNoneMatch *string // Return the object only if it has not been modified since the specified time; - // otherwise, return a 412 (precondition failed) error. + // otherwise, return a 412 Precondition Failed error. If both of the If-Match and + // If-Unmodified-Since headers are present in the request as follows: If-Match + // condition evaluates to true , and; If-Unmodified-Since condition evaluates to + // false ; then, S3 returns 200 OK and the data requested. For more information + // about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . IfUnmodifiedSince *time.Time // Part number of the object being read. This is a positive integer between 1 and // 10,000. Effectively performs a 'ranged' GET request for the part specified. // Useful for downloading just a part of an object. - PartNumber int32 + PartNumber *int32 - // Downloads the specified range bytes of an object. For more information about - // the HTTP Range header, see - // https://www.rfc-editor.org/rfc/rfc9110.html#name-range (https://www.rfc-editor.org/rfc/rfc9110.html#name-range) + // Downloads the specified byte range of an object. For more information about the + // HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range (https://www.rfc-editor.org/rfc/rfc9110.html#name-range) // . Amazon S3 doesn't support retrieving multiple ranges of data per GET request. Range *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // Sets the Cache-Control header of the response. ResponseCacheControl *string - // Sets the Content-Disposition header of the response + // Sets the Content-Disposition header of the response. ResponseContentDisposition *string // Sets the Content-Encoding header of the response. @@ -212,23 +245,66 @@ type GetObjectInput struct { // Sets the Expires header of the response. ResponseExpires *time.Time - // Specifies the algorithm to use to when decrypting the object (for example, - // AES256). + // Specifies the algorithm to use when decrypting the object (for example, AES256 + // ). If you encrypt an object by using server-side encryption with + // customer-provided encryption keys (SSE-C) when you store the object in Amazon + // S3, then when you GET the object, you must use the following headers: + // - x-amz-server-side-encryption-customer-algorithm + // - x-amz-server-side-encryption-customer-key + // - x-amz-server-side-encryption-customer-key-MD5 + // For more information about SSE-C, see Server-Side Encryption (Using + // Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string - // Specifies the customer-provided encryption key for Amazon S3 used to encrypt - // the data. This value is used to decrypt the object when recovering it and must - // match the one used when storing the data. The key must be appropriate for use - // with the algorithm specified in the - // x-amz-server-side-encryption-customer-algorithm header. + // Specifies the customer-provided encryption key that you originally provided for + // Amazon S3 to encrypt the data before storing it. This value is used to decrypt + // the object when recovering it and must match the one used when storing the data. + // The key must be appropriate for use with the algorithm specified in the + // x-amz-server-side-encryption-customer-algorithm header. If you encrypt an object + // by using server-side encryption with customer-provided encryption keys (SSE-C) + // when you store the object in Amazon S3, then when you GET the object, you must + // use the following headers: + // - x-amz-server-side-encryption-customer-algorithm + // - x-amz-server-side-encryption-customer-key + // - x-amz-server-side-encryption-customer-key-MD5 + // For more information about SSE-C, see Server-Side Encryption (Using + // Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerKey *string - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity check + // to ensure that the encryption key was transmitted without error. If you encrypt + // an object by using server-side encryption with customer-provided encryption keys + // (SSE-C) when you store the object in Amazon S3, then when you GET the object, + // you must use the following headers: + // - x-amz-server-side-encryption-customer-algorithm + // - x-amz-server-side-encryption-customer-key + // - x-amz-server-side-encryption-customer-key-MD5 + // For more information about SSE-C, see Server-Side Encryption (Using + // Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerKeyMD5 *string - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. By default, the + // GetObject operation returns the current version of an object. To return a + // different version, use the versionId subresource. + // - If you include a versionId in your request header, you must have the + // s3:GetObjectVersion permission to access a specific version of an object. The + // s3:GetObject permission is not required in this scenario. + // - If you request the current version of an object without a specific versionId + // in the request header, only the s3:GetObject permission is required. The + // s3:GetObjectVersion permission is not required in this scenario. + // - Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. For this API operation, only the null value of the version ID is + // supported by directory buckets. You can only specify null to the versionId + // query parameter in the request. + // For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html) + // . VersionId *string noSmithyDocumentSerde @@ -236,56 +312,54 @@ type GetObjectInput struct { func (in *GetObjectInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } type GetObjectOutput struct { - // Indicates that a range of bytes was specified. + // Indicates that a range of bytes was specified in the request. AcceptRanges *string // Object data. Body io.ReadCloser // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // with Key Management Service (KMS) keys (SSE-KMS). This functionality is not + // supported for directory buckets. + BucketKeyEnabled *bool // Specifies caching behavior along the request/reply chain. CacheControl *string // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string // Specifies presentational information for the object. ContentDisposition *string - // Specifies what content encodings have been applied to the object and thus what + // Indicates what content encodings have been applied to the object and thus what // decoding mechanisms must be applied to obtain the media-type referenced by the // Content-Type header field. ContentEncoding *string @@ -294,7 +368,7 @@ type GetObjectOutput struct { ContentLanguage *string // Size of the body in bytes. - ContentLength int64 + ContentLength *int64 // The portion of the object returned in the response. ContentRange *string @@ -302,24 +376,34 @@ type GetObjectOutput struct { // A standard MIME type describing the format of the object data. ContentType *string - // Specifies whether the object retrieved was (true) or was not (false) a Delete + // Indicates whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. - DeleteMarker bool + // - If the current version of the object is a delete marker, Amazon S3 behaves + // as if the object was deleted and includes x-amz-delete-marker: true in the + // response. + // - If the specified version in the request is a delete marker, the response + // returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. + DeleteMarker *bool // An entity tag (ETag) is an opaque identifier assigned by a web server to a // specific version of a resource found at a URL. ETag *string - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is - // URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) + // ), the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. This functionality is not supported for directory + // buckets. Expiration *string // The date and time at which the object is no longer cacheable. Expires *time.Time - // Creation date of the object. + // Date and time when the object was last modified. General purpose buckets - When + // you specify a versionId of the object in your request, if the specified version + // in the request is a delete marker, the response returns a 405 Method Not Allowed + // error and the Last-Modified: timestamp response header. LastModified *time.Time // A map of metadata to store with the object in S3. @@ -327,69 +411,88 @@ type GetObjectOutput struct { // Map keys will be normalized to lower-case. Metadata map[string]string - // This is set to the number of metadata entries not returned in x-amz-meta - // headers. This can happen if you create metadata using an API like SOAP that - // supports more flexible metadata than the REST API. For example, using SOAP, you - // can create metadata whose values are not legal HTTP headers. - MissingMeta int32 + // This is set to the number of metadata entries not returned in the headers that + // are prefixed with x-amz-meta- . This can happen if you create metadata using an + // API like SOAP that supports more flexible metadata than the REST API. For + // example, using SOAP, you can create metadata whose values are not legal HTTP + // headers. This functionality is not supported for directory buckets. + MissingMeta *int32 // Indicates whether this object has an active legal hold. This field is only - // returned if you have permission to view an object's legal hold status. + // returned if you have permission to view an object's legal hold status. This + // functionality is not supported for directory buckets. ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus - // The Object Lock mode currently in place for this object. + // The Object Lock mode that's currently in place for this object. This + // functionality is not supported for directory buckets. ObjectLockMode types.ObjectLockMode - // The date and time when this object's Object Lock will expire. + // The date and time when this object's Object Lock will expire. This + // functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time // The count of parts this object has. This value is only returned if you specify // partNumber in your request and the object was uploaded as a multipart upload. - PartsCount int32 + PartsCount *int32 // Amazon S3 can return this if your request involves a bucket that is either a - // source or destination in a replication rule. + // source or destination in a replication rule. This functionality is not supported + // for directory buckets. ReplicationStatus types.ReplicationStatus // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Provides information about object restoration action and expiration time of the - // restored object copy. + // restored object copy. This functionality is not supported for directory buckets. + // Only the S3 Express One Zone storage class is supported by directory buckets to + // store objects. Restore *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms , aws:kms:dsse ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms , aws:kms:dsse ). For directory buckets, only + // server-side encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is + // supported. ServerSideEncryption types.ServerSideEncryption // Provides storage class information of the object. Amazon S3 returns this header - // for all objects except for S3 Standard storage class objects. + // for all objects except for S3 Standard storage class objects. Directory buckets + // - Only the S3 Express One Zone storage class is supported by directory buckets + // to store objects. StorageClass types.StorageClass - // The number of tags, if any, on the object. - TagCount int32 + // The number of tags, if any, on the object, when you have the relevant + // permission to read object tags. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + // to retrieve the tag set associated with an object. This functionality is not + // supported for directory buckets. + TagCount *int32 - // Version of the object. + // Version ID of the object. This functionality is not supported for directory + // buckets. VersionId *string // If the bucket is configured as a website, redirects requests for this object to // another object in the same bucket or to an external URL. Amazon S3 stores the - // value of this header in the object metadata. + // value of this header in the object metadata. This functionality is not supported + // for directory buckets. WebsiteRedirectLocation *string // Metadata pertaining to the operation's result. @@ -450,6 +553,9 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go index 016c1d99d..3b2a16872 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go @@ -13,10 +13,11 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the access control list (ACL) of an object. To use this operation, you -// must have s3:GetObjectAcl permissions or READ_ACP access to the object. For -// more information, see Mapping of ACL permissions and access policy permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) -// in the Amazon S3 User Guide This action is not supported by Amazon S3 on +// This operation is not supported by directory buckets. Returns the access +// control list (ACL) of an object. To use this operation, you must have +// s3:GetObjectAcl permissions or READ_ACP access to the object. For more +// information, see Mapping of ACL permissions and access policy permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) +// in the Amazon S3 User Guide This functionality is not supported for Amazon S3 on // Outposts. By default, GET returns ACL information about the current version of // an object. To return ACL information about a different version, use the // versionId subresource. If your bucket uses the bucket owner enforced setting for @@ -48,7 +49,9 @@ func (c *Client) GetObjectAcl(ctx context.Context, params *GetObjectAclInput, op type GetObjectAclInput struct { // The bucket name that contains the object for which to get the ACL information. - // When using this action with an access point, you must direct requests to the + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the access + // point ARN. When using the access point ARN, you must direct requests to the // access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide @@ -64,21 +67,23 @@ type GetObjectAclInput struct { // This member is required. Key *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. This + // functionality is not supported for directory buckets. VersionId *string noSmithyDocumentSerde @@ -86,6 +91,7 @@ type GetObjectAclInput struct { func (in *GetObjectAclInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } @@ -98,7 +104,7 @@ type GetObjectAclOutput struct { Owner *types.Owner // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -162,6 +168,9 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectAclValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go index 65f9ad4eb..ed53ae7b3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go @@ -15,57 +15,87 @@ import ( ) // Retrieves all the metadata from an object without returning the object itself. -// This action is useful if you're interested only in an object's metadata. To use -// GetObjectAttributes , you must have READ access to the object. +// This operation is useful if you're interested only in an object's metadata. // GetObjectAttributes combines the functionality of HeadObject and ListParts . All // of the data returned with each of those individual calls can be returned with a -// single call to GetObjectAttributes . If you encrypt an object by using -// server-side encryption with customer-provided encryption keys (SSE-C) when you -// store the object in Amazon S3, then when you retrieve the metadata from the -// object, you must use the following headers: +// single call to GetObjectAttributes . Directory buckets - For directory buckets, +// you must make requests for this API operation to the Zonal endpoint. These +// endpoints support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - To use GetObjectAttributes , you must +// have READ access to the object. The permissions that you need to use this +// operation with depend on whether the bucket is versioned. If the bucket is +// versioned, you need both the s3:GetObjectVersion and +// s3:GetObjectVersionAttributes permissions for this operation. If the bucket is +// not versioned, you need the s3:GetObject and s3:GetObjectAttributes +// permissions. For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If the object that you request does not exist, the +// error Amazon S3 returns depends on whether you also have the s3:ListBucket +// permission. +// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an +// HTTP status code 404 Not Found ("no such key") error. +// - If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Forbidden ("access denied") error. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Encryption Encryption request headers, like x-amz-server-side-encryption , +// should not be sent for HEAD requests if your object uses server-side encryption +// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side +// encryption with Amazon S3 managed encryption keys (SSE-S3). The +// x-amz-server-side-encryption header is used when you PUT an object to S3 and +// want to specify the encryption method. If you include this header in a GET +// request for an object that uses these types of keys, you’ll get an HTTP 400 Bad +// Request error. It's because the encryption method can't be changed when you +// retrieve the object. If you encrypt an object by using server-side encryption +// with customer-provided encryption keys (SSE-C) when you store the object in +// Amazon S3, then when you retrieve the metadata from the object, you must use the +// following headers to provide the encryption key for the server to be able to +// retrieve the object's metadata. The headers are: // - x-amz-server-side-encryption-customer-algorithm // - x-amz-server-side-encryption-customer-key // - x-amz-server-side-encryption-customer-key-MD5 // // For more information about SSE-C, see Server-Side Encryption (Using // Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) -// in the Amazon S3 User Guide. -// - Encryption request headers, such as x-amz-server-side-encryption , should -// not be sent for GET requests if your object uses server-side encryption with -// Amazon Web Services KMS keys stored in Amazon Web Services Key Management -// Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys -// (SSE-S3). If your object does use these types of keys, you'll get an HTTP 400 -// Bad Request error. -// - The last modified property in this case is the creation date of the object. -// -// Consider the following when using request headers: +// in the Amazon S3 User Guide. Directory bucket permissions - For directory +// buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) ( +// AES256 ) is supported. Versioning Directory buckets - S3 Versioning isn't +// enabled and supported for directory buckets. For this API operation, only the +// null value of the version ID is supported by directory buckets. You can only +// specify null to the versionId query parameter in the request. Conditional +// request headers Consider the following when using request headers: // - If both of the If-Match and If-Unmodified-Since headers are present in the // request as follows, then Amazon S3 returns the HTTP status code 200 OK and the // data requested: // - If-Match condition evaluates to true . -// - If-Unmodified-Since condition evaluates to false . +// - If-Unmodified-Since condition evaluates to false . For more information +// about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) +// . // - If both of the If-None-Match and If-Modified-Since headers are present in // the request as follows, then Amazon S3 returns the HTTP status code 304 Not // Modified : // - If-None-Match condition evaluates to false . -// - If-Modified-Since condition evaluates to true . +// - If-Modified-Since condition evaluates to true . For more information about +// conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) -// . Permissions The permissions that you need to use this operation depend on -// whether the bucket is versioned. If the bucket is versioned, you need both the -// s3:GetObjectVersion and s3:GetObjectVersionAttributes permissions for this -// operation. If the bucket is not versioned, you need the s3:GetObject and -// s3:GetObjectAttributes permissions. For more information, see Specifying -// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// in the Amazon S3 User Guide. If the object that you request does not exist, the -// error Amazon S3 returns depends on whether you also have the s3:ListBucket -// permission. -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an -// HTTP status code 404 Not Found ("no such key") error. -// - If you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP -// status code 403 Forbidden ("access denied") error. -// -// The following actions are related to GetObjectAttributes : +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following actions are +// related to GetObjectAttributes : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // - GetObjectAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html) // - GetObjectLegalHold (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectLegalHold.html) @@ -91,16 +121,26 @@ func (c *Client) GetObjectAttributes(ctx context.Context, params *GetObjectAttri type GetObjectAttributesInput struct { - // The name of the bucket that contains the object. When using this action with an - // access point, you must direct requests to the access point hostname. The access - // point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket that contains the object. Directory buckets - When you + // use this operation with a directory bucket, you must use virtual-hosted-style + // requests in the format Bucket_name.s3express-az_id.region.amazonaws.com . + // Path-style requests are not supported. Directory bucket names must be unique in + // the chosen Availability Zone. Bucket names must follow the format + // bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -121,13 +161,13 @@ type GetObjectAttributesInput struct { // This member is required. ObjectAttributes []types.ObjectAttributes - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Sets the maximum number of parts to return. - MaxParts int32 + MaxParts *int32 // Specifies the part after which listing should begin. Only parts with higher // part numbers will be listed. @@ -135,29 +175,37 @@ type GetObjectAttributesInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use when encrypting the object (for example, AES256). + // Specifies the algorithm to use when encrypting the object (for example, + // AES256). This functionality is not supported for directory buckets. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in // encrypting data. This value is used to store the object and then it is // discarded; Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the - // x-amz-server-side-encryption-customer-algorithm header. + // x-amz-server-side-encryption-customer-algorithm header. This functionality is + // not supported for directory buckets. SSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported for directory buckets. SSECustomerKeyMD5 *string - // The version ID used to reference a specific version of the object. + // The version ID used to reference a specific version of the object. S3 + // Versioning isn't enabled and supported for directory buckets. For this API + // operation, only the null value of the version ID is supported by directory + // buckets. You can only specify null to the versionId query parameter in the + // request. VersionId *string noSmithyDocumentSerde @@ -175,7 +223,8 @@ type GetObjectAttributesOutput struct { // Specifies whether the object retrieved was ( true ) or was not ( false ) a // delete marker. If false , this response header does not appear in the response. - DeleteMarker bool + // This functionality is not supported for directory buckets. + DeleteMarker *bool // An ETag is an opaque identifier assigned by a web server to a specific version // of a resource found at a URL. @@ -188,19 +237,21 @@ type GetObjectAttributesOutput struct { ObjectParts *types.GetObjectAttributesParts // The size of the object in bytes. - ObjectSize int64 + ObjectSize *int64 // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Provides the storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. For more // information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // . + // . Directory buckets - Only the S3 Express One Zone storage class is supported by + // directory buckets to store objects. StorageClass types.StorageClass - // The version ID of the object. + // The version ID of the object. This functionality is not supported for directory + // buckets. VersionId *string // Metadata pertaining to the operation's result. @@ -264,6 +315,9 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectAttributesValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go index fb244d1b4..3f7af2202 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go @@ -13,10 +13,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Gets an object's current legal hold status. For more information, see Locking -// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) . -// This action is not supported by Amazon S3 on Outposts. The following action is -// related to GetObjectLegalHold : +// This operation is not supported by directory buckets. Gets an object's current +// legal hold status. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// . This functionality is not supported for Amazon S3 on Outposts. The following +// action is related to GetObjectLegalHold : // - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) func (c *Client) GetObjectLegalHold(ctx context.Context, params *GetObjectLegalHoldInput, optFns ...func(*Options)) (*GetObjectLegalHoldOutput, error) { if params == nil { @@ -36,8 +36,10 @@ func (c *Client) GetObjectLegalHold(ctx context.Context, params *GetObjectLegalH type GetObjectLegalHoldInput struct { // The bucket name containing the object whose legal hold status you want to - // retrieve. When using this action with an access point, you must direct requests - // to the access point hostname. The access point hostname takes the form + // retrieve. Access points - When you use this action with an access point, you + // must provide the alias of the access point in place of the bucket name or + // specify the access point ARN. When using the access point ARN, you must direct + // requests to the access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about @@ -52,18 +54,19 @@ type GetObjectLegalHoldInput struct { // This member is required. Key *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The version ID of the object whose legal hold status you want to retrieve. @@ -143,6 +146,9 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectLegalHoldValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go index c76888814..1ba436d53 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go @@ -13,9 +13,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Gets the Object Lock configuration for a bucket. The rule specified in the -// Object Lock configuration will be applied by default to every new object placed -// in the specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// This operation is not supported by directory buckets. Gets the Object Lock +// configuration for a bucket. The rule specified in the Object Lock configuration +// will be applied by default to every new object placed in the specified bucket. +// For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) // . The following action is related to GetObjectLockConfiguration : // - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) func (c *Client) GetObjectLockConfiguration(ctx context.Context, params *GetObjectLockConfigurationInput, optFns ...func(*Options)) (*GetObjectLockConfigurationOutput, error) { @@ -35,8 +36,10 @@ func (c *Client) GetObjectLockConfiguration(ctx context.Context, params *GetObje type GetObjectLockConfigurationInput struct { - // The bucket whose Object Lock configuration you want to retrieve. When using - // this action with an access point, you must direct requests to the access point + // The bucket whose Object Lock configuration you want to retrieve. Access points + // - When you use this action with an access point, you must provide the alias of + // the access point in place of the bucket name or specify the access point ARN. + // When using the access point ARN, you must direct requests to the access point // hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide @@ -47,9 +50,9 @@ type GetObjectLockConfigurationInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -126,6 +129,9 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectLockConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go index d992fccbd..1dea7d8ab 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go @@ -13,10 +13,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Retrieves an object's retention settings. For more information, see Locking -// Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) . -// This action is not supported by Amazon S3 on Outposts. The following action is -// related to GetObjectRetention : +// This operation is not supported by directory buckets. Retrieves an object's +// retention settings. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// . This functionality is not supported for Amazon S3 on Outposts. The following +// action is related to GetObjectRetention : // - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) func (c *Client) GetObjectRetention(ctx context.Context, params *GetObjectRetentionInput, optFns ...func(*Options)) (*GetObjectRetentionOutput, error) { if params == nil { @@ -36,8 +36,10 @@ func (c *Client) GetObjectRetention(ctx context.Context, params *GetObjectRetent type GetObjectRetentionInput struct { // The bucket name containing the object whose retention settings you want to - // retrieve. When using this action with an access point, you must direct requests - // to the access point hostname. The access point hostname takes the form + // retrieve. Access points - When you use this action with an access point, you + // must provide the alias of the access point in place of the bucket name or + // specify the access point ARN. When using the access point ARN, you must direct + // requests to the access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about @@ -52,18 +54,19 @@ type GetObjectRetentionInput struct { // This member is required. Key *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The version ID for the object whose retention settings you want to retrieve. @@ -143,6 +146,9 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectRetentionValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go index 218e7d021..c020e9bd7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go @@ -13,15 +13,16 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns the tag-set of an object. You send the GET request against the tagging -// subresource associated with the object. To use this operation, you must have -// permission to perform the s3:GetObjectTagging action. By default, the GET -// action returns information about current version of an object. For a versioned -// bucket, you can have multiple versions of an object in your bucket. To retrieve -// tags of any other version, use the versionId query parameter. You also need -// permission for the s3:GetObjectVersionTagging action. By default, the bucket -// owner has this permission and can grant this permission to others. For -// information about the Amazon S3 object tagging feature, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html) +// This operation is not supported by directory buckets. Returns the tag-set of an +// object. You send the GET request against the tagging subresource associated with +// the object. To use this operation, you must have permission to perform the +// s3:GetObjectTagging action. By default, the GET action returns information about +// current version of an object. For a versioned bucket, you can have multiple +// versions of an object in your bucket. To retrieve tags of any other version, use +// the versionId query parameter. You also need permission for the +// s3:GetObjectVersionTagging action. By default, the bucket owner has this +// permission and can grant this permission to others. For information about the +// Amazon S3 object tagging feature, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html) // . The following actions are related to GetObjectTagging : // - DeleteObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjectTagging.html) // - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) @@ -44,15 +45,17 @@ func (c *Client) GetObjectTagging(ctx context.Context, params *GetObjectTaggingI type GetObjectTaggingInput struct { // The bucket name containing the object for which to get the tagging information. - // When using this action with an access point, you must direct requests to the + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the access + // point ARN. When using the access point ARN, you must direct requests to the // access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // in the Amazon S3 User Guide. S3 on Outposts - When you use this action with + // Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. + // The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -67,18 +70,19 @@ type GetObjectTaggingInput struct { // This member is required. Key *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The versionId of the object for which to get the tagging information. @@ -163,6 +167,9 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectTaggingValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go index f5048ce7e..6689ef976 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go @@ -14,12 +14,13 @@ import ( "io" ) -// Returns torrent files from a bucket. BitTorrent can save you bandwidth when -// you're distributing large files. You can get torrent only for objects that are -// less than 5 GB in size, and that are not encrypted using server-side encryption -// with a customer-provided encryption key. To use GET, you must have READ access -// to the object. This action is not supported by Amazon S3 on Outposts. The -// following action is related to GetObjectTorrent : +// This operation is not supported by directory buckets. Returns torrent files +// from a bucket. BitTorrent can save you bandwidth when you're distributing large +// files. You can get torrent only for objects that are less than 5 GB in size, and +// that are not encrypted using server-side encryption with a customer-provided +// encryption key. To use GET, you must have READ access to the object. This +// functionality is not supported for Amazon S3 on Outposts. The following action +// is related to GetObjectTorrent : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) func (c *Client) GetObjectTorrent(ctx context.Context, params *GetObjectTorrentInput, optFns ...func(*Options)) (*GetObjectTorrentOutput, error) { if params == nil { @@ -48,18 +49,19 @@ type GetObjectTorrentInput struct { // This member is required. Key *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer noSmithyDocumentSerde @@ -76,7 +78,7 @@ type GetObjectTorrentOutput struct { Body io.ReadCloser // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -137,6 +139,9 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetObjectTorrentValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go index 6a2cd83a9..0ae12e397 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go @@ -10,13 +10,14 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To use -// this operation, you must have the s3:GetBucketPublicAccessBlock permission. For -// more information about Amazon S3 permissions, see Specifying Permissions in a -// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// This operation is not supported by directory buckets. Retrieves the +// PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, +// you must have the s3:GetBucketPublicAccessBlock permission. For more +// information about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // . When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or // an object, it checks the PublicAccessBlock configuration for both the bucket // (or the bucket that contains the object) and the bucket owner's account. If the @@ -52,9 +53,9 @@ type GetPublicAccessBlockInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -62,7 +63,7 @@ type GetPublicAccessBlockInput struct { func (in *GetPublicAccessBlockInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type GetPublicAccessBlockOutput struct { @@ -132,6 +133,9 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpGetPublicAccessBlockValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go index 297376bc8..8a18ff851 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go @@ -17,30 +17,44 @@ import ( "time" ) -// This action is useful to determine if a bucket exists and you have permission -// to access it. The action returns a 200 OK if the bucket exists and you have -// permission to access it. If the bucket does not exist or you do not have -// permission to access it, the HEAD request returns a generic 400 Bad Request , -// 403 Forbidden or 404 Not Found code. A message body is not included, so you -// cannot determine the exception beyond these error codes. To use this operation, -// you must have permissions to perform the s3:ListBucket action. The bucket owner -// has this permission by default and can grant this permission to others. For more -// information about permissions, see Permissions Related to Bucket Subresource -// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) -// . To use this API operation against an access point, you must provide the alias -// of the access point in place of the bucket name or specify the access point ARN. -// When using the access point ARN, you must direct requests to the access point -// hostname. The access point hostname takes the form -// AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using the -// Amazon Web Services SDKs, you provide the ARN in place of the bucket name. For -// more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) -// . To use this API operation against an Object Lambda access point, provide the -// alias of the Object Lambda access point in place of the bucket name. If the -// Object Lambda access point alias in a request is not valid, the error code -// InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) -// . +// You can use this operation to determine if a bucket exists and if you have +// permission to access it. The action returns a 200 OK if the bucket exists and +// you have permission to access it. If the bucket does not exist or you do not +// have permission to access it, the HEAD request returns a generic 400 Bad Request +// , 403 Forbidden or 404 Not Found code. A message body is not included, so you +// cannot determine the exception beyond these error codes. Directory buckets - You +// must make requests for this API operation to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests +// are not supported. For more information, see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Authentication and authorization All HeadBucket +// requests must be authenticated and signed by using IAM credentials (access key +// ID and secret access key for the IAM identities). All headers with the x-amz- +// prefix, including x-amz-copy-source , must be signed. For more information, see +// REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) +// . Directory bucket - You must use IAM credentials to authenticate and authorize +// your access to the HeadBucket API operation, instead of using the temporary +// security credentials through the CreateSession API operation. Amazon Web +// Services CLI or SDKs handles authentication and authorization on your behalf. +// Permissions +// - General purpose bucket permissions - To use this operation, you must have +// permissions to perform the s3:ListBucket action. The bucket owner has this +// permission by default and can grant this permission to others. For more +// information about permissions, see Managing access permissions to your Amazon +// S3 resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - You must have the s3express:CreateSession +// permission in the Action element of a policy. By default, the session is in +// the ReadWrite mode. If you want to restrict the access, you can explicitly set +// the s3express:SessionMode condition key to ReadOnly on the bucket. For more +// information about example bucket policies, see Example bucket policies for S3 +// Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . func (c *Client) HeadBucket(ctx context.Context, params *HeadBucketInput, optFns ...func(*Options)) (*HeadBucketOutput, error) { if params == nil { params = &HeadBucketInput{} @@ -58,19 +72,31 @@ func (c *Client) HeadBucket(ctx context.Context, params *HeadBucketInput, optFns type HeadBucketInput struct { - // The bucket name. When using this action with an access point, you must direct - // requests to the access point hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with an Object Lambda - // access point, provide the alias of the Object Lambda access point in place of - // the bucket name. If the Object Lambda access point alias in a request is not - // valid, the error code InvalidAccessPointAliasError is returned. For more - // information about InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) - // . When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form + // The bucket name. Directory buckets - When you use this operation with a + // directory bucket, you must use virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Object Lambda access points - When you use this API + // operation with an Object Lambda access point, provide the alias of the Object + // Lambda access point in place of the bucket name. If the Object Lambda access + // point alias in a request is not valid, the error code + // InvalidAccessPointAliasError is returned. For more information about + // InvalidAccessPointAliasError , see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList) + // . Access points and Object Lambda access points are not supported by directory + // buckets. S3 on Outposts - When you use this action with Amazon S3 on Outposts, + // you must direct requests to the S3 on Outposts hostname. The S3 on Outposts + // hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -80,9 +106,9 @@ type HeadBucketInput struct { // This member is required. Bucket *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -94,6 +120,25 @@ func (in *HeadBucketInput) bindEndpointParams(p *EndpointParameters) { } type HeadBucketOutput struct { + + // Indicates whether the bucket name used in the request is an access point alias. + // This functionality is not supported for directory buckets. + AccessPointAlias *bool + + // The name of the location where the bucket will be created. For directory + // buckets, the AZ ID of the Availability Zone where the bucket is created. An + // example AZ ID value is usw2-az2 . This functionality is only supported by + // directory buckets. + BucketLocationName *string + + // The type of location where the bucket is created. This functionality is only + // supported by directory buckets. + BucketLocationType types.LocationType + + // The Region that the bucket is located. This functionality is not supported for + // directory buckets. + BucketRegion *string + // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata @@ -155,6 +200,9 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpHeadBucketValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go index 4277d70dd..5f7b55e56 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go @@ -17,58 +17,87 @@ import ( "time" ) -// The HEAD action retrieves metadata from an object without returning the object -// itself. This action is useful if you're only interested in an object's metadata. -// To use HEAD , you must have READ access to the object. A HEAD request has the -// same options as a GET action on an object. The response is identical to the GET -// response except that there is no response body. Because of this, if the HEAD -// request generates an error, it returns a generic 400 Bad Request , 403 Forbidden -// or 404 Not Found code. It is not possible to retrieve the exact exception -// beyond these error codes. If you encrypt an object by using server-side -// encryption with customer-provided encryption keys (SSE-C) when you store the -// object in Amazon S3, then when you retrieve the metadata from the object, you -// must use the following headers: +// The HEAD operation retrieves metadata from an object without returning the +// object itself. This operation is useful if you're interested only in an object's +// metadata. A HEAD request has the same options as a GET operation on an object. +// The response is identical to the GET response except that there is no response +// body. Because of this, if the HEAD request generates an error, it returns a +// generic code, such as 400 Bad Request , 403 Forbidden , 404 Not Found , 405 +// Method Not Allowed , 412 Precondition Failed , or 304 Not Modified . It's not +// possible to retrieve the exact exception of these error codes. Request headers +// are limited to 8 KB in size. For more information, see Common Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html) +// . Directory buckets - For directory buckets, you must make requests for this API +// operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - To use HEAD , you must have the +// s3:GetObject permission. You need the relevant read object (or version) +// permission for this operation. For more information, see Actions, resources, +// and condition keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) +// in the Amazon S3 User Guide. If the object you request doesn't exist, the error +// that Amazon S3 returns depends on whether you also have the s3:ListBucket +// permission. +// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an +// HTTP status code 404 Not Found error. +// - If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Forbidden error. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Encryption Encryption request headers, like x-amz-server-side-encryption , +// should not be sent for HEAD requests if your object uses server-side encryption +// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side +// encryption with Amazon S3 managed encryption keys (SSE-S3). The +// x-amz-server-side-encryption header is used when you PUT an object to S3 and +// want to specify the encryption method. If you include this header in a HEAD +// request for an object that uses these types of keys, you’ll get an HTTP 400 Bad +// Request error. It's because the encryption method can't be changed when you +// retrieve the object. If you encrypt an object by using server-side encryption +// with customer-provided encryption keys (SSE-C) when you store the object in +// Amazon S3, then when you retrieve the metadata from the object, you must use the +// following headers to provide the encryption key for the server to be able to +// retrieve the object's metadata. The headers are: // - x-amz-server-side-encryption-customer-algorithm // - x-amz-server-side-encryption-customer-key // - x-amz-server-side-encryption-customer-key-MD5 // // For more information about SSE-C, see Server-Side Encryption (Using // Customer-Provided Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) -// . -// - Encryption request headers, like x-amz-server-side-encryption , should not -// be sent for GET requests if your object uses server-side encryption with Key -// Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption with -// Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with Amazon -// S3 managed encryption keys (SSE-S3). If your object does use these types of -// keys, you’ll get an HTTP 400 Bad Request error. -// - The last modified property in this case is the creation date of the object. +// in the Amazon S3 User Guide. Directory bucket permissions - For directory +// buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) ( +// AES256 ) is supported. Versioning // -// Request headers are limited to 8 KB in size. For more information, see Common -// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html) -// . Consider the following when using request headers: -// - Consideration 1 – If both of the If-Match and If-Unmodified-Since headers -// are present in the request as follows: -// - If-Match condition evaluates to true , and; -// - If-Unmodified-Since condition evaluates to false ; Then Amazon S3 returns -// 200 OK and the data requested. -// - Consideration 2 – If both of the If-None-Match and If-Modified-Since headers -// are present in the request as follows: -// - If-None-Match condition evaluates to false , and; -// - If-Modified-Since condition evaluates to true ; Then Amazon S3 returns the -// 304 Not Modified response code. +// - If the current version of the object is a delete marker, Amazon S3 behaves +// as if the object was deleted and includes x-amz-delete-marker: true in the +// response. // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) -// . Permissions You need the relevant read object (or version) permission for this -// operation. For more information, see Actions, resources, and condition keys for -// Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) . -// If the object you request doesn't exist, the error that Amazon S3 returns -// depends on whether you also have the s3:ListBucket permission. -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns an -// HTTP status code 404 error. -// - If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP -// status code 403 error. +// - If the specified version is a delete marker, the response returns a 405 +// Method Not Allowed error and the Last-Modified: timestamp response header. // -// The following actions are related to HeadObject : +// - Directory buckets - Delete marker is not supported by directory buckets. +// +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID is +// supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following actions are +// related to HeadObject : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // - GetObjectAttributes (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAttributes.html) func (c *Client) HeadObject(ctx context.Context, params *HeadObjectInput, optFns ...func(*Options)) (*HeadObjectOutput, error) { @@ -88,16 +117,26 @@ func (c *Client) HeadObject(ctx context.Context, params *HeadObjectInput, optFns type HeadObjectInput struct { - // The name of the bucket containing the object. When using this action with an - // access point, you must direct requests to the access point hostname. The access - // point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket that contains the object. Directory buckets - When you + // use this operation with a directory bucket, you must use virtual-hosted-style + // requests in the format Bucket_name.s3express-az_id.region.amazonaws.com . + // Path-style requests are not supported. Directory bucket names must be unique in + // the chosen Availability Zone. Bucket names must follow the format + // bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -118,32 +157,53 @@ type HeadObjectInput struct { // the kms:Decrypt action for the request to succeed. ChecksumMode types.ChecksumMode - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Return the object only if its entity tag (ETag) is the same as the one - // specified; otherwise, return a 412 (precondition failed) error. + // specified; otherwise, return a 412 (precondition failed) error. If both of the + // If-Match and If-Unmodified-Since headers are present in the request as follows: + // - If-Match condition evaluates to true , and; + // - If-Unmodified-Since condition evaluates to false ; + // Then Amazon S3 returns 200 OK and the data requested. For more information + // about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . IfMatch *string // Return the object only if it has been modified since the specified time; - // otherwise, return a 304 (not modified) error. + // otherwise, return a 304 (not modified) error. If both of the If-None-Match and + // If-Modified-Since headers are present in the request as follows: + // - If-None-Match condition evaluates to false , and; + // - If-Modified-Since condition evaluates to true ; + // Then Amazon S3 returns the 304 Not Modified response code. For more information + // about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . IfModifiedSince *time.Time // Return the object only if its entity tag (ETag) is different from the one - // specified; otherwise, return a 304 (not modified) error. + // specified; otherwise, return a 304 (not modified) error. If both of the + // If-None-Match and If-Modified-Since headers are present in the request as + // follows: + // - If-None-Match condition evaluates to false , and; + // - If-Modified-Since condition evaluates to true ; + // Then Amazon S3 returns the 304 Not Modified response code. For more information + // about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . IfNoneMatch *string // Return the object only if it has not been modified since the specified time; - // otherwise, return a 412 (precondition failed) error. + // otherwise, return a 412 (precondition failed) error. If both of the If-Match + // and If-Unmodified-Since headers are present in the request as follows: + // - If-Match condition evaluates to true , and; + // - If-Unmodified-Since condition evaluates to false ; + // Then Amazon S3 returns 200 OK and the data requested. For more information + // about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232) . IfUnmodifiedSince *time.Time // Part number of the object being read. This is a positive integer between 1 and // 10,000. Effectively performs a 'ranged' HEAD request for the part specified. // Useful querying about the size of the part and the number of parts in this // object. - PartNumber int32 + PartNumber *int32 // HeadObject returns only the metadata for an object. If the Range is // satisfiable, only the ContentLength is affected in the response. If the Range @@ -152,30 +212,35 @@ type HeadObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, + // AES256). This functionality is not supported for directory buckets. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in // encrypting data. This value is used to store the object and then it is // discarded; Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the - // x-amz-server-side-encryption-customer-algorithm header. + // x-amz-server-side-encryption-customer-algorithm header. This functionality is + // not supported for directory buckets. SSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported for directory buckets. SSECustomerKeyMD5 *string - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. For directory + // buckets in this API operation, only the null value of the version ID is + // supported. VersionId *string noSmithyDocumentSerde @@ -183,6 +248,7 @@ type HeadObjectInput struct { func (in *HeadObjectInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } @@ -191,48 +257,58 @@ type HeadObjectOutput struct { // Indicates that a range of bytes was specified. AcceptRanges *string - // The archive state of the head object. + // The archive state of the head object. This functionality is not supported for + // directory buckets. ArchiveStatus types.ArchiveStatus // Indicates whether the object uses an S3 Bucket Key for server-side encryption - // with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // with Key Management Service (KMS) keys (SSE-KMS). This functionality is not + // supported for directory buckets. + BucketKeyEnabled *bool // Specifies caching behavior along the request/reply chain. CacheControl *string // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string // Specifies presentational information for the object. ContentDisposition *string - // Specifies what content encodings have been applied to the object and thus what + // Indicates what content encodings have been applied to the object and thus what // decoding mechanisms must be applied to obtain the media-type referenced by the // Content-Type header field. ContentEncoding *string @@ -241,29 +317,31 @@ type HeadObjectOutput struct { ContentLanguage *string // Size of the body in bytes. - ContentLength int64 + ContentLength *int64 // A standard MIME type describing the format of the object data. ContentType *string // Specifies whether the object retrieved was (true) or was not (false) a Delete - // Marker. If false, this response header does not appear in the response. - DeleteMarker bool + // Marker. If false, this response header does not appear in the response. This + // functionality is not supported for directory buckets. + DeleteMarker *bool // An entity tag (ETag) is an opaque identifier assigned by a web server to a // specific version of a resource found at a URL. ETag *string - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is - // URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) + // ), the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. This functionality is not supported for directory + // buckets. Expiration *string // The date and time at which the object is no longer cacheable. Expires *time.Time - // Creation date of the object. + // Date and time when the object was last modified. LastModified *time.Time // A map of metadata to store with the object in S3. @@ -274,29 +352,31 @@ type HeadObjectOutput struct { // This is set to the number of metadata entries not returned in x-amz-meta // headers. This can happen if you create metadata using an API like SOAP that // supports more flexible metadata than the REST API. For example, using SOAP, you - // can create metadata whose values are not legal HTTP headers. - MissingMeta int32 + // can create metadata whose values are not legal HTTP headers. This functionality + // is not supported for directory buckets. + MissingMeta *int32 // Specifies whether a legal hold is in effect for this object. This header is // only returned if the requester has the s3:GetObjectLegalHold permission. This // header is not returned if the specified version of this object has never had a // legal hold applied. For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) - // . + // . This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus // The Object Lock mode, if any, that's in effect for this object. This header is // only returned if the requester has the s3:GetObjectRetention permission. For // more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) - // . + // . This functionality is not supported for directory buckets. ObjectLockMode types.ObjectLockMode // The date and time when the Object Lock retention period expires. This header is - // only returned if the requester has the s3:GetObjectRetention permission. + // only returned if the requester has the s3:GetObjectRetention permission. This + // functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time // The count of parts this object has. This value is only returned if you specify // partNumber in your request and the object was uploaded as a multipart upload. - PartsCount int32 + PartsCount *int32 // Amazon S3 can return this header if your request involves a bucket that is // either a source or a destination in a replication rule. In replication, you have @@ -324,11 +404,11 @@ type HeadObjectOutput struct { // completed for all destinations. If one or more destinations fails replication // the header will return FAILED. // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) - // . + // . This functionality is not supported for directory buckets. ReplicationStatus types.ReplicationStatus // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // If the object is an archived object (an object whose storage class is GLACIER), @@ -340,39 +420,48 @@ type HeadObjectOutput struct { // Dec 2012 00:00:00 GMT" If the object restoration is in progress, the header // returns the value ongoing-request="true" . For more information about archiving // objects, see Transitioning Objects: General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations) - // . + // . This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms , aws:kms:dsse ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms , aws:kms:dsse ). For directory buckets, only + // server-side encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is + // supported. ServerSideEncryption types.ServerSideEncryption // Provides storage class information of the object. Amazon S3 returns this header // for all objects except for S3 Standard storage class objects. For more // information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) - // . + // . Directory buckets - Only the S3 Express One Zone storage class is supported by + // directory buckets to store objects. StorageClass types.StorageClass - // Version of the object. + // Version ID of the object. This functionality is not supported for directory + // buckets. VersionId *string // If the bucket is configured as a website, redirects requests for this object to // another object in the same bucket or to an external URL. Amazon S3 stores the - // value of this header in the object metadata. + // value of this header in the object metadata. This functionality is not supported + // for directory buckets. WebsiteRedirectLocation *string // Metadata pertaining to the operation's result. @@ -436,6 +525,9 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpHeadObjectValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go index 7e3f98e16..6ecf8458b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go @@ -10,18 +10,20 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Lists the analytics configurations for the bucket. You can have up to 1,000 -// analytics configurations per bucket. This action supports list pagination and -// does not return more than 100 configurations at a time. You should always check -// the IsTruncated element in the response. If there are no more configurations to -// list, IsTruncated is set to false. If there are more configurations to list, -// IsTruncated is set to true, and there will be a value in NextContinuationToken . -// You use the NextContinuationToken value to continue the pagination of the list -// by passing the value in continuation-token in the request to GET the next page. -// To use this operation, you must have permissions to perform the +// This operation is not supported by directory buckets. Lists the analytics +// configurations for the bucket. You can have up to 1,000 analytics configurations +// per bucket. This action supports list pagination and does not return more than +// 100 configurations at a time. You should always check the IsTruncated element +// in the response. If there are no more configurations to list, IsTruncated is +// set to false. If there are more configurations to list, IsTruncated is set to +// true, and there will be a value in NextContinuationToken . You use the +// NextContinuationToken value to continue the pagination of the list by passing +// the value in continuation-token in the request to GET the next page. To use +// this operation, you must have permissions to perform the // s3:GetAnalyticsConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see Permissions Related to Bucket Subresource @@ -59,9 +61,9 @@ type ListBucketAnalyticsConfigurationsInput struct { // should begin. ContinuationToken *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -69,7 +71,7 @@ type ListBucketAnalyticsConfigurationsInput struct { func (in *ListBucketAnalyticsConfigurationsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type ListBucketAnalyticsConfigurationsOutput struct { @@ -84,7 +86,7 @@ type ListBucketAnalyticsConfigurationsOutput struct { // Indicates whether the returned list of analytics configurations is complete. A // value of true indicates that the list is not complete and the // NextContinuationToken will be provided for a subsequent request. - IsTruncated bool + IsTruncated *bool // NextContinuationToken is sent when isTruncated is true, which indicates that // there are more analytics configurations to list. The next request must include @@ -152,6 +154,9 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListBucketAnalyticsConfigurationsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go index 29217e35f..de4a2079a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go @@ -10,11 +10,13 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Lists the S3 Intelligent-Tiering configuration from the specified bucket. The -// S3 Intelligent-Tiering storage class is designed to optimize storage costs by +// This operation is not supported by directory buckets. Lists the S3 +// Intelligent-Tiering configuration from the specified bucket. The S3 +// Intelligent-Tiering storage class is designed to optimize storage costs by // automatically moving data to the most cost-effective storage access tier, // without performance impact or operational overhead. S3 Intelligent-Tiering // delivers automatic cost savings in three low latency and high throughput access @@ -63,7 +65,7 @@ type ListBucketIntelligentTieringConfigurationsInput struct { func (in *ListBucketIntelligentTieringConfigurationsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type ListBucketIntelligentTieringConfigurationsOutput struct { @@ -78,7 +80,7 @@ type ListBucketIntelligentTieringConfigurationsOutput struct { // Indicates whether the returned list of analytics configurations is complete. A // value of true indicates that the list is not complete and the // NextContinuationToken will be provided for a subsequent request. - IsTruncated bool + IsTruncated *bool // The marker used to continue this inventory configuration listing. Use the // NextContinuationToken from this response to continue the listing in a subsequent @@ -146,6 +148,9 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListBucketIntelligentTieringConfigurationsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go index 62a686119..881f7d925 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go @@ -10,14 +10,16 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns a list of inventory configurations for the bucket. You can have up to -// 1,000 analytics configurations per bucket. This action supports list pagination -// and does not return more than 100 configurations at a time. Always check the -// IsTruncated element in the response. If there are no more configurations to -// list, IsTruncated is set to false. If there are more configurations to list, +// This operation is not supported by directory buckets. Returns a list of +// inventory configurations for the bucket. You can have up to 1,000 analytics +// configurations per bucket. This action supports list pagination and does not +// return more than 100 configurations at a time. Always check the IsTruncated +// element in the response. If there are no more configurations to list, +// IsTruncated is set to false. If there are more configurations to list, // IsTruncated is set to true, and there is a value in NextContinuationToken . You // use the NextContinuationToken value to continue the pagination of the list by // passing the value in continuation-token in the request to GET the next page. To @@ -60,9 +62,9 @@ type ListBucketInventoryConfigurationsInput struct { // Amazon S3 understands. ContinuationToken *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -70,7 +72,7 @@ type ListBucketInventoryConfigurationsInput struct { func (in *ListBucketInventoryConfigurationsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type ListBucketInventoryConfigurationsOutput struct { @@ -85,7 +87,7 @@ type ListBucketInventoryConfigurationsOutput struct { // Tells whether the returned list of inventory configurations is complete. A // value of true indicates that the list is not complete and the // NextContinuationToken is provided for a subsequent request. - IsTruncated bool + IsTruncated *bool // The marker used to continue this inventory configuration listing. Use the // NextContinuationToken from this response to continue the listing in a subsequent @@ -153,6 +155,9 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListBucketInventoryConfigurationsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go index b77570739..fc2cf7287 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go @@ -13,12 +13,13 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Lists the metrics configurations for the bucket. The metrics configurations are -// only for the request metrics of the bucket and do not provide information on -// daily storage metrics. You can have up to 1,000 configurations per bucket. This -// action supports list pagination and does not return more than 100 configurations -// at a time. Always check the IsTruncated element in the response. If there are -// no more configurations to list, IsTruncated is set to false. If there are more +// This operation is not supported by directory buckets. Lists the metrics +// configurations for the bucket. The metrics configurations are only for the +// request metrics of the bucket and do not provide information on daily storage +// metrics. You can have up to 1,000 configurations per bucket. This action +// supports list pagination and does not return more than 100 configurations at a +// time. Always check the IsTruncated element in the response. If there are no +// more configurations to list, IsTruncated is set to false. If there are more // configurations to list, IsTruncated is set to true, and there is a value in // NextContinuationToken . You use the NextContinuationToken value to continue the // pagination of the list by passing the value in continuation-token in the @@ -62,9 +63,9 @@ type ListBucketMetricsConfigurationsInput struct { // Amazon S3 understands. ContinuationToken *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -84,7 +85,7 @@ type ListBucketMetricsConfigurationsOutput struct { // Indicates whether the returned list of metrics configurations is complete. A // value of true indicates that the list is not complete and the // NextContinuationToken will be provided for a subsequent request. - IsTruncated bool + IsTruncated *bool // The list of metrics configurations for a bucket. MetricsConfigurationList []types.MetricsConfiguration @@ -156,6 +157,9 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListBucketMetricsConfigurationsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go index 7e3c35299..a61892887 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go @@ -13,10 +13,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns a list of all buckets owned by the authenticated sender of the request. -// To use this operation, you must have the s3:ListAllMyBuckets permission. For -// information about Amazon S3 buckets, see Creating, configuring, and working -// with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) +// This operation is not supported by directory buckets. Returns a list of all +// buckets owned by the authenticated sender of the request. To use this operation, +// you must have the s3:ListAllMyBuckets permission. For information about Amazon +// S3 buckets, see Creating, configuring, and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) // . func (c *Client) ListBuckets(ctx context.Context, params *ListBucketsInput, optFns ...func(*Options)) (*ListBucketsOutput, error) { if params == nil { @@ -106,6 +106,9 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListBuckets(options.Region), middleware.Before); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go new file mode 100644 index 000000000..373531ab2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go @@ -0,0 +1,291 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package s3 + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" + "github.com/aws/aws-sdk-go-v2/service/s3/types" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Returns a list of all Amazon S3 directory buckets owned by the authenticated +// sender of the request. For more information about directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. Directory buckets - For directory buckets, you must +// make requests for this API operation to the Regional endpoint. These endpoints +// support path-style requests in the format +// https://s3express-control.region_code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions You must have the +// s3express:ListAllMyDirectoryBuckets permission in an IAM identity-based policy +// instead of a bucket policy. Cross-account access to this API operation isn't +// supported. This operation can only be performed by the Amazon Web Services +// account that owns the resource. For more information about directory bucket +// policies and permissions, see Amazon Web Services Identity and Access +// Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. HTTP Host header syntax Directory buckets - The +// HTTP Host header syntax is s3express-control.region.amazonaws.com . +func (c *Client) ListDirectoryBuckets(ctx context.Context, params *ListDirectoryBucketsInput, optFns ...func(*Options)) (*ListDirectoryBucketsOutput, error) { + if params == nil { + params = &ListDirectoryBucketsInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "ListDirectoryBuckets", params, optFns, c.addOperationListDirectoryBucketsMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*ListDirectoryBucketsOutput) + out.ResultMetadata = metadata + return out, nil +} + +type ListDirectoryBucketsInput struct { + + // ContinuationToken indicates to Amazon S3 that the list is being continued on + // this bucket with a token. ContinuationToken is obfuscated and is not a real + // key. You can use this ContinuationToken for pagination of the list results. + ContinuationToken *string + + // Maximum number of buckets to be returned in response. When the number is more + // than the count of buckets that are owned by an Amazon Web Services account, + // return all the buckets in response. + MaxDirectoryBuckets *int32 + + noSmithyDocumentSerde +} + +func (in *ListDirectoryBucketsInput) bindEndpointParams(p *EndpointParameters) { + + p.UseS3ExpressControlEndpoint = ptr.Bool(true) +} + +type ListDirectoryBucketsOutput struct { + + // The list of buckets owned by the requester. + Buckets []types.Bucket + + // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + ContinuationToken *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationListDirectoryBucketsMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsRestxml_serializeOpListDirectoryBuckets{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestxml_deserializeOpListDirectoryBuckets{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "ListDirectoryBuckets"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListDirectoryBuckets(options.Region), middleware.Before); err != nil { + return err + } + if err = addMetadataRetrieverMiddleware(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecursionDetection(stack); err != nil { + return err + } + if err = addListDirectoryBucketsUpdateEndpoint(stack, options); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { + return err + } + if err = disableAcceptEncodingGzip(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { + return err + } + return nil +} + +// ListDirectoryBucketsAPIClient is a client that implements the +// ListDirectoryBuckets operation. +type ListDirectoryBucketsAPIClient interface { + ListDirectoryBuckets(context.Context, *ListDirectoryBucketsInput, ...func(*Options)) (*ListDirectoryBucketsOutput, error) +} + +var _ ListDirectoryBucketsAPIClient = (*Client)(nil) + +// ListDirectoryBucketsPaginatorOptions is the paginator options for +// ListDirectoryBuckets +type ListDirectoryBucketsPaginatorOptions struct { + // Maximum number of buckets to be returned in response. When the number is more + // than the count of buckets that are owned by an Amazon Web Services account, + // return all the buckets in response. + Limit int32 + + // Set to true if pagination should stop if the service returns a pagination token + // that matches the most recent token provided to the service. + StopOnDuplicateToken bool +} + +// ListDirectoryBucketsPaginator is a paginator for ListDirectoryBuckets +type ListDirectoryBucketsPaginator struct { + options ListDirectoryBucketsPaginatorOptions + client ListDirectoryBucketsAPIClient + params *ListDirectoryBucketsInput + nextToken *string + firstPage bool +} + +// NewListDirectoryBucketsPaginator returns a new ListDirectoryBucketsPaginator +func NewListDirectoryBucketsPaginator(client ListDirectoryBucketsAPIClient, params *ListDirectoryBucketsInput, optFns ...func(*ListDirectoryBucketsPaginatorOptions)) *ListDirectoryBucketsPaginator { + if params == nil { + params = &ListDirectoryBucketsInput{} + } + + options := ListDirectoryBucketsPaginatorOptions{} + if params.MaxDirectoryBuckets != nil { + options.Limit = *params.MaxDirectoryBuckets + } + + for _, fn := range optFns { + fn(&options) + } + + return &ListDirectoryBucketsPaginator{ + options: options, + client: client, + params: params, + firstPage: true, + nextToken: params.ContinuationToken, + } +} + +// HasMorePages returns a boolean indicating whether more pages are available +func (p *ListDirectoryBucketsPaginator) HasMorePages() bool { + return p.firstPage || (p.nextToken != nil && len(*p.nextToken) != 0) +} + +// NextPage retrieves the next ListDirectoryBuckets page. +func (p *ListDirectoryBucketsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListDirectoryBucketsOutput, error) { + if !p.HasMorePages() { + return nil, fmt.Errorf("no more pages available") + } + + params := *p.params + params.ContinuationToken = p.nextToken + + var limit *int32 + if p.options.Limit > 0 { + limit = &p.options.Limit + } + params.MaxDirectoryBuckets = limit + + result, err := p.client.ListDirectoryBuckets(ctx, ¶ms, optFns...) + if err != nil { + return nil, err + } + p.firstPage = false + + prevToken := p.nextToken + p.nextToken = result.ContinuationToken + + if p.options.StopOnDuplicateToken && + prevToken != nil && + p.nextToken != nil && + *prevToken == *p.nextToken { + p.nextToken = nil + } + + return result, nil +} + +func newServiceMetadataMiddleware_opListDirectoryBuckets(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "ListDirectoryBuckets", + } +} + +func addListDirectoryBucketsUpdateEndpoint(stack *middleware.Stack, options Options) error { + return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{ + Accessor: s3cust.UpdateEndpointParameterAccessor{ + GetBucketFromInput: nopGetBucketAccessor, + }, + UsePathStyle: options.UsePathStyle, + UseAccelerate: options.UseAccelerate, + SupportsAccelerate: true, + TargetS3ObjectLambda: false, + EndpointResolver: options.EndpointResolver, + EndpointResolverOptions: options.EndpointOptions, + UseARNRegion: options.UseARNRegion, + DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints, + }) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go index 6c908969d..3e6853e68 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go @@ -13,24 +13,66 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This action lists in-progress multipart uploads. An in-progress multipart -// upload is a multipart upload that has been initiated using the Initiate -// Multipart Upload request, but has not yet been completed or aborted. This action -// returns at most 1,000 multipart uploads in the response. 1,000 multipart uploads -// is the maximum number of uploads a response can include, which is also the -// default value. You can further limit the number of uploads in a response by -// specifying the max-uploads parameter in the response. If additional multipart -// uploads satisfy the list criteria, the response will contain an IsTruncated -// element with the value true. To list the additional multipart uploads, use the -// key-marker and upload-id-marker request parameters. In the response, the -// uploads are sorted by key. If your application has initiated more than one -// multipart upload using the same object key, then uploads in the response are -// first sorted by key. Additionally, uploads are sorted in ascending order within -// each key by the upload initiation time. For more information on multipart -// uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) -// . For information on permissions required to use the multipart upload API, see -// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// . The following operations are related to ListMultipartUploads : +// This operation lists in-progress multipart uploads in a bucket. An in-progress +// multipart upload is a multipart upload that has been initiated by the +// CreateMultipartUpload request, but has not yet been completed or aborted. +// Directory buckets - If multipart uploads in a directory bucket are in progress, +// you can't delete the bucket until all the in-progress multipart uploads are +// aborted or completed. The ListMultipartUploads operation returns a maximum of +// 1,000 multipart uploads in the response. The limit of 1,000 multipart uploads is +// also the default value. You can further limit the number of uploads in a +// response by specifying the max-uploads request parameter. If there are more +// than 1,000 multipart uploads that satisfy your ListMultipartUploads request, +// the response returns an IsTruncated element with the value of true , a +// NextKeyMarker element, and a NextUploadIdMarker element. To list the remaining +// multipart uploads, you need to make subsequent ListMultipartUploads requests. +// In these requests, include two query parameters: key-marker and upload-id-marker +// . Set the value of key-marker to the NextKeyMarker value from the previous +// response. Similarly, set the value of upload-id-marker to the NextUploadIdMarker +// value from the previous response. Directory buckets - The upload-id-marker +// element and the NextUploadIdMarker element aren't supported by directory +// buckets. To list the additional multipart uploads, you only need to set the +// value of key-marker to the NextKeyMarker value from the previous response. For +// more information about multipart uploads, see Uploading Objects Using Multipart +// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. Directory buckets - For directory buckets, you must +// make requests for this API operation to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Sorting of multipart uploads in response +// - General purpose bucket - In the ListMultipartUploads response, the multipart +// uploads are sorted based on two criteria: +// - Key-based sorting - Multipart uploads are initially sorted in ascending +// order based on their object keys. +// - Time-based sorting - For uploads that share the same object key, they are +// further sorted in ascending order based on the upload initiation time. Among +// uploads with the same key, the one that was initiated first will appear before +// the ones that were initiated later. +// - Directory bucket - In the ListMultipartUploads response, the multipart +// uploads aren't sorted lexicographically based on the object keys. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to ListMultipartUploads : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) @@ -53,16 +95,26 @@ func (c *Client) ListMultipartUploads(ctx context.Context, params *ListMultipart type ListMultipartUploadsInput struct { - // The name of the bucket to which the multipart upload was initiated. When using - // this action with an access point, you must direct requests to the access point - // hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket to which the multipart upload was initiated. Directory + // buckets - When you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -77,7 +129,8 @@ type ListMultipartUploadsInput struct { // prefix are grouped under a single result element, CommonPrefixes . If you don't // specify the prefix parameter, then the substring starts at the beginning of the // key. The keys that are grouped under CommonPrefixes result element are not - // returned elsewhere in the response. + // returned elsewhere in the response. Directory buckets - For directory buckets, / + // is the only supported delimiter. Delimiter *string // Requests Amazon S3 to encode the object keys in the response and specifies the @@ -88,45 +141,56 @@ type ListMultipartUploadsInput struct { // response. EncodingType types.EncodingType - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string - // Together with upload-id-marker , this parameter specifies the multipart upload - // after which listing should begin. If upload-id-marker is not specified, only - // the keys lexicographically greater than the specified key-marker will be - // included in the list. If upload-id-marker is specified, any multipart uploads - // for a key equal to the key-marker might also be included, provided those - // multipart uploads have upload IDs lexicographically greater than the specified - // upload-id-marker . + // Specifies the multipart upload after which listing should begin. + // - General purpose buckets - For general purpose buckets, key-marker is an + // object key. Together with upload-id-marker , this parameter specifies the + // multipart upload after which listing should begin. If upload-id-marker is not + // specified, only the keys lexicographically greater than the specified + // key-marker will be included in the list. If upload-id-marker is specified, any + // multipart uploads for a key equal to the key-marker might also be included, + // provided those multipart uploads have upload IDs lexicographically greater than + // the specified upload-id-marker . + // - Directory buckets - For directory buckets, key-marker is obfuscated and + // isn't a real object key. The upload-id-marker parameter isn't supported by + // directory buckets. To list the additional multipart uploads, you only need to + // set the value of key-marker to the NextKeyMarker value from the previous + // response. In the ListMultipartUploads response, the multipart uploads aren't + // sorted lexicographically based on the object keys. KeyMarker *string // Sets the maximum number of multipart uploads, from 1 to 1,000, to return in the // response body. 1,000 is the maximum number of uploads that can be returned in a // response. - MaxUploads int32 + MaxUploads *int32 // Lists in-progress uploads only for those keys that begin with the specified // prefix. You can use prefixes to separate a bucket into different grouping of // keys. (You can think of using prefix to make groups in the same way that you'd - // use a folder in a file system.) + // use a folder in a file system.) Directory buckets - For directory buckets, only + // prefixes that end in a delimiter ( / ) are supported. Prefix *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // Together with key-marker, specifies the multipart upload after which listing // should begin. If key-marker is not specified, the upload-id-marker parameter is // ignored. Otherwise, any multipart uploads for a key equal to the key-marker // might be included in the list only if they have an upload ID lexicographically - // greater than the specified upload-id-marker . + // greater than the specified upload-id-marker . This functionality is not + // supported for directory buckets. UploadIdMarker *string noSmithyDocumentSerde @@ -134,6 +198,7 @@ type ListMultipartUploadsInput struct { func (in *ListMultipartUploadsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Prefix = in.Prefix } @@ -145,11 +210,14 @@ type ListMultipartUploadsOutput struct { // If you specify a delimiter in the request, then the result returns each // distinct key prefix containing the delimiter in a CommonPrefixes element. The - // distinct key prefixes are returned in the Prefix child element. + // distinct key prefixes are returned in the Prefix child element. Directory + // buckets - For directory buckets, only prefixes that end in a delimiter ( / ) are + // supported. CommonPrefixes []types.CommonPrefix // Contains the delimiter you specified in the request. If you don't specify a - // delimiter in your request, this element is absent from the response. + // delimiter in your request, this element is absent from the response. Directory + // buckets - For directory buckets, / is the only supported delimiter. Delimiter *string // Encoding type used by Amazon S3 to encode object keys in the response. If you @@ -162,32 +230,36 @@ type ListMultipartUploadsOutput struct { // of true indicates that the list was truncated. The list can be truncated if the // number of multipart uploads exceeds the limit allowed or specified by max // uploads. - IsTruncated bool + IsTruncated *bool // The key at or after which the listing began. KeyMarker *string // Maximum number of multipart uploads that could have been included in the // response. - MaxUploads int32 + MaxUploads *int32 // When a list is truncated, this element specifies the value that should be used // for the key-marker request parameter in a subsequent request. NextKeyMarker *string // When a list is truncated, this element specifies the value that should be used - // for the upload-id-marker request parameter in a subsequent request. + // for the upload-id-marker request parameter in a subsequent request. This + // functionality is not supported for directory buckets. NextUploadIdMarker *string // When a prefix is provided in the request, this field contains the specified // prefix. The result contains only keys starting with the specified prefix. + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // ( / ) are supported. Prefix *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged - // Upload ID after which listing began. + // Upload ID after which listing began. This functionality is not supported for + // directory buckets. UploadIdMarker *string // Container for elements related to a particular multipart upload. A response can @@ -255,6 +327,9 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListMultipartUploadsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go index c968c61fe..2a0cd10fa 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go @@ -13,15 +13,15 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns metadata about all versions of the objects in a bucket. You can also -// use request parameters as selection criteria to return metadata about a subset -// of all the object versions. To use this operation, you must have permission to -// perform the s3:ListBucketVersions action. Be aware of the name difference. A -// 200 OK response can contain valid or invalid XML. Make sure to design your -// application to parse the contents of the response and handle it appropriately. -// To use this operation, you must have READ access to the bucket. This action is -// not supported by Amazon S3 on Outposts. The following operations are related to -// ListObjectVersions : +// This operation is not supported by directory buckets. Returns metadata about +// all versions of the objects in a bucket. You can also use request parameters as +// selection criteria to return metadata about a subset of all the object versions. +// To use this operation, you must have permission to perform the +// s3:ListBucketVersions action. Be aware of the name difference. A 200 OK +// response can contain valid or invalid XML. Make sure to design your application +// to parse the contents of the response and handle it appropriately. To use this +// operation, you must have READ access to the bucket. The following operations are +// related to ListObjectVersions : // - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) @@ -63,9 +63,9 @@ type ListObjectVersionsInput struct { // response. EncodingType types.EncodingType - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Specifies the key to start with when listing objects in a bucket. @@ -76,7 +76,7 @@ type ListObjectVersionsInput struct { // will never contain more. If additional keys satisfy the search criteria, but // were not returned because max-keys was exceeded, the response contains true . To // return the additional keys, see key-marker and version-id-marker . - MaxKeys int32 + MaxKeys *int32 // Specifies the optional fields that you want returned in the response. Fields // that you do not specify are not returned. @@ -91,11 +91,12 @@ type ListObjectVersionsInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // Specifies the object version you want to start listing from. @@ -106,6 +107,7 @@ type ListObjectVersionsInput struct { func (in *ListObjectVersionsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Prefix = in.Prefix } @@ -136,13 +138,13 @@ type ListObjectVersionsOutput struct { // follow-up paginated request by using the NextKeyMarker and NextVersionIdMarker // response parameters as a starting place in another request to return the rest of // the results. - IsTruncated bool + IsTruncated *bool // Marks the last key returned in a truncated response. KeyMarker *string // Specifies the maximum number of objects to return. - MaxKeys int32 + MaxKeys *int32 // The bucket name. Name *string @@ -162,7 +164,7 @@ type ListObjectVersionsOutput struct { Prefix *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Marks the last version of the key returned in a truncated response. @@ -232,6 +234,9 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListObjectVersionsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go index 13184b399..f0732edc7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go @@ -13,12 +13,12 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Returns some or all (up to 1,000) of the objects in a bucket. You can use the -// request parameters as selection criteria to return a subset of the objects in a -// bucket. A 200 OK response can contain valid or invalid XML. Be sure to design -// your application to parse the contents of the response and handle it -// appropriately. This action has been revised. We recommend that you use the newer -// version, ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) +// This operation is not supported by directory buckets. Returns some or all (up +// to 1,000) of the objects in a bucket. You can use the request parameters as +// selection criteria to return a subset of the objects in a bucket. A 200 OK +// response can contain valid or invalid XML. Be sure to design your application to +// parse the contents of the response and handle it appropriately. This action has +// been revised. We recommend that you use the newer version, ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) // , when developing applications. For backward compatibility, Amazon S3 continues // to support ListObjects . The following operations are related to ListObjects : // - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) @@ -43,16 +43,26 @@ func (c *Client) ListObjects(ctx context.Context, params *ListObjectsInput, optF type ListObjectsInput struct { - // The name of the bucket containing the objects. When using this action with an - // access point, you must direct requests to the access point hostname. The access - // point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket containing the objects. Directory buckets - When you use + // this operation with a directory bucket, you must use virtual-hosted-style + // requests in the format Bucket_name.s3express-az_id.region.amazonaws.com . + // Path-style requests are not supported. Directory bucket names must be unique in + // the chosen Availability Zone. Bucket names must follow the format + // bucket_base_name--az-id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -73,9 +83,9 @@ type ListObjectsInput struct { // response. EncodingType types.EncodingType - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Marker is where you want Amazon S3 to start listing from. Amazon S3 starts @@ -85,7 +95,7 @@ type ListObjectsInput struct { // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys but // will never contain more. - MaxKeys int32 + MaxKeys *int32 // Specifies the optional fields that you want returned in the response. Fields // that you do not specify are not returned. @@ -104,6 +114,7 @@ type ListObjectsInput struct { func (in *ListObjectsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Prefix = in.Prefix } @@ -135,14 +146,14 @@ type ListObjectsOutput struct { // A flag that indicates whether Amazon S3 returned all of the results that // satisfied the search criteria. - IsTruncated bool + IsTruncated *bool // Indicates where in the bucket listing begins. Marker is included in the // response if it was sent with the request. Marker *string // The maximum number of keys returned in the response body. - MaxKeys int32 + MaxKeys *int32 // The bucket name. Name *string @@ -161,7 +172,7 @@ type ListObjectsOutput struct { Prefix *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -225,6 +236,9 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListObjectsValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go index fea614ffb..b2f182dfb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go @@ -17,21 +17,47 @@ import ( // You can use the request parameters as selection criteria to return a subset of // the objects in a bucket. A 200 OK response can contain valid or invalid XML. // Make sure to design your application to parse the contents of the response and -// handle it appropriately. Objects are returned sorted in an ascending order of -// the respective key names in the list. For more information about listing -// objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) -// in the Amazon S3 User Guide. To use this operation, you must have READ access to -// the bucket. To use this action in an Identity and Access Management (IAM) -// policy, you must have permission to perform the s3:ListBucket action. The -// bucket owner has this permission by default and can grant this permission to -// others. For more information about permissions, see Permissions Related to -// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) -// in the Amazon S3 User Guide. This section describes the latest revision of this -// action. We recommend that you use this revised API operation for application -// development. For backward compatibility, Amazon S3 continues to support the -// prior version of this API operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) -// . To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) +// handle it appropriately. For more information about listing objects, see +// Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) +// . Directory buckets - For directory buckets, you must make requests for this API +// operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - To use this operation, you must have +// READ access to the bucket. You must have permission to perform the +// s3:ListBucket action. The bucket owner has this permission by default and can +// grant this permission to others. For more information about permissions, see +// Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Sorting order of returned objects +// - General purpose bucket - For general purpose buckets, ListObjectsV2 returns +// objects in lexicographical order based on their key names. +// - Directory bucket - For directory buckets, ListObjectsV2 does not return +// objects in lexicographical order. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . This section describes the +// latest revision of this action. We recommend that you use this revised API +// operation for application development. For backward compatibility, Amazon S3 +// continues to support the prior version of this API operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html) // . The following operations are related to ListObjectsV2 : // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) @@ -53,15 +79,25 @@ func (c *Client) ListObjectsV2(ctx context.Context, params *ListObjectsV2Input, type ListObjectsV2Input struct { - // Bucket name to list. When using this action with an access point, you must - // direct requests to the access point hostname. The access point hostname takes - // the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When - // using this action with an access point through the Amazon Web Services SDKs, you - // provide the access point ARN in place of the bucket name. For more information - // about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // Directory buckets - When you use this operation with a directory bucket, you + // must use virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -72,44 +108,57 @@ type ListObjectsV2Input struct { Bucket *string // ContinuationToken indicates to Amazon S3 that the list is being continued on - // this bucket with a token. ContinuationToken is obfuscated and is not a real key. + // this bucket with a token. ContinuationToken is obfuscated and is not a real + // key. You can use this ContinuationToken for pagination of the list results. ContinuationToken *string // A delimiter is a character that you use to group keys. + // - Directory buckets - For directory buckets, / is the only supported + // delimiter. + // - Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. For + // more information about multipart uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) + // in the Amazon S3 User Guide. Delimiter *string // Encoding type used by Amazon S3 to encode object keys in the response. EncodingType types.EncodingType - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The owner field is not present in ListObjectsV2 by default. If you want to // return the owner field with each key in the result, then set the FetchOwner - // field to true . - FetchOwner bool + // field to true . Directory buckets - For directory buckets, the bucket owner is + // returned as the object owner for all objects. + FetchOwner *bool // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys but // will never contain more. - MaxKeys int32 + MaxKeys *int32 // Specifies the optional fields that you want returned in the response. Fields - // that you do not specify are not returned. + // that you do not specify are not returned. This functionality is not supported + // for directory buckets. OptionalObjectAttributes []types.OptionalObjectAttributes - // Limits the response to keys that begin with the specified prefix. + // Limits the response to keys that begin with the specified prefix. Directory + // buckets - For directory buckets, only prefixes that end in a delimiter ( / ) are + // supported. Prefix *string // Confirms that the requester knows that she or he will be charged for the list // objects request in V2 style. Bucket owners need not specify this parameter in - // their requests. + // their requests. This functionality is not supported for directory buckets. RequestPayer types.RequestPayer // StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts - // listing after this specified key. StartAfter can be any key in the bucket. + // listing after this specified key. StartAfter can be any key in the bucket. This + // functionality is not supported for directory buckets. StartAfter *string noSmithyDocumentSerde @@ -117,33 +166,45 @@ type ListObjectsV2Input struct { func (in *ListObjectsV2Input) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Prefix = in.Prefix } type ListObjectsV2Output struct { - // All of the keys (up to 1,000) rolled up into a common prefix count as a single - // return when calculating the number of returns. A response can contain - // CommonPrefixes only if you specify a delimiter. CommonPrefixes contains all (if - // there are any) keys between Prefix and the next occurrence of the string - // specified by a delimiter. CommonPrefixes lists keys that act like - // subdirectories in the directory specified by Prefix . For example, if the prefix - // is notes/ and the delimiter is a slash ( / ) as in notes/summer/july , the - // common prefix is notes/summer/ . All of the keys that roll up into a common - // prefix count as a single return when calculating the number of returns. + // All of the keys (up to 1,000) that share the same prefix are grouped together. + // When counting the total numbers of returns by this API operation, this group of + // keys is considered as one item. A response can contain CommonPrefixes only if + // you specify a delimiter. CommonPrefixes contains all (if there are any) keys + // between Prefix and the next occurrence of the string specified by a delimiter. + // CommonPrefixes lists keys that act like subdirectories in the directory + // specified by Prefix . For example, if the prefix is notes/ and the delimiter is + // a slash ( / ) as in notes/summer/july , the common prefix is notes/summer/ . All + // of the keys that roll up into a common prefix count as a single return when + // calculating the number of returns. + // - Directory buckets - For directory buckets, only prefixes that end in a + // delimiter ( / ) are supported. + // - Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. For + // more information about multipart uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) + // in the Amazon S3 User Guide. CommonPrefixes []types.CommonPrefix // Metadata about each object returned. Contents []types.Object // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + // You can use this ContinuationToken for pagination of the list results. ContinuationToken *string // Causes keys that contain the same string between the prefix and the first // occurrence of the delimiter to be rolled up into a single result element in the // CommonPrefixes collection. These rolled-up keys are not returned elsewhere in // the response. Each rolled-up result counts as only one return against the - // MaxKeys value. + // MaxKeys value. Directory buckets - For directory buckets, / is the only + // supported delimiter. Delimiter *string // Encoding type used by Amazon S3 to encode object key names in the XML response. @@ -155,32 +216,19 @@ type ListObjectsV2Output struct { // Set to false if all of the results were returned. Set to true if more keys are // available to return. If the number of results exceeds that specified by MaxKeys // , all of the results might not be returned. - IsTruncated bool + IsTruncated *bool // KeyCount is the number of keys returned with this request. KeyCount will always // be less than or equal to the MaxKeys field. For example, if you ask for 50 // keys, your result will include 50 keys or fewer. - KeyCount int32 + KeyCount *int32 // Sets the maximum number of keys returned in the response. By default, the // action returns up to 1,000 key names. The response might contain fewer keys but // will never contain more. - MaxKeys int32 + MaxKeys *int32 - // The bucket name. When using this action with an access point, you must direct - // requests to the access point hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you - // use this action with S3 on Outposts through the Amazon Web Services SDKs, you - // provide the Outposts access point ARN in place of the bucket name. For more - // information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // The bucket name. Name *string // NextContinuationToken is sent when isTruncated is true, which means there are @@ -189,14 +237,16 @@ type ListObjectsV2Output struct { // obfuscated and is not a real key NextContinuationToken *string - // Keys that begin with the indicated prefix. + // Keys that begin with the indicated prefix. Directory buckets - For directory + // buckets, only prefixes that end in a delimiter ( / ) are supported. Prefix *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged - // If StartAfter was sent with the request, it is included in the response. + // If StartAfter was sent with the request, it is included in the response. This + // functionality is not supported for directory buckets. StartAfter *string // Metadata pertaining to the operation's result. @@ -260,6 +310,9 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListObjectsV2ValidationMiddleware(stack); err != nil { return err } @@ -338,8 +391,8 @@ func NewListObjectsV2Paginator(client ListObjectsV2APIClient, params *ListObject } options := ListObjectsV2PaginatorOptions{} - if params.MaxKeys != 0 { - options.Limit = params.MaxKeys + if params.MaxKeys != nil { + options.Limit = *params.MaxKeys } for _, fn := range optFns { @@ -369,7 +422,11 @@ func (p *ListObjectsV2Paginator) NextPage(ctx context.Context, optFns ...func(*O params := *p.params params.ContinuationToken = p.nextToken - params.MaxKeys = p.options.Limit + var limit *int32 + if p.options.Limit > 0 { + limit = &p.options.Limit + } + params.MaxKeys = limit result, err := p.client.ListObjectsV2(ctx, ¶ms, optFns...) if err != nil { @@ -379,7 +436,7 @@ func (p *ListObjectsV2Paginator) NextPage(ctx context.Context, optFns ...func(*O prevToken := p.nextToken p.nextToken = nil - if result.IsTruncated { + if result.IsTruncated != nil && *result.IsTruncated { p.nextToken = result.NextContinuationToken } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go index 0badfaaa9..11b0d59b6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go @@ -14,22 +14,49 @@ import ( "time" ) -// Lists the parts that have been uploaded for a specific multipart upload. This -// operation must include the upload ID, which you obtain by sending the initiate -// multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) -// ). This request returns a maximum of 1,000 uploaded parts. The default number of -// parts returned is 1,000 parts. You can restrict the number of parts returned by -// specifying the max-parts request parameter. If your multipart upload consists -// of more than 1,000 parts, the response returns an IsTruncated field with the -// value of true, and a NextPartNumberMarker element. In subsequent ListParts -// requests you can include the part-number-marker query string parameter and set -// its value to the NextPartNumberMarker field value from the previous response. -// If the upload was created using a checksum algorithm, you will need to have -// permission to the kms:Decrypt action for the request to succeed. For more +// Lists the parts that have been uploaded for a specific multipart upload. To use +// this operation, you must provide the upload ID in the request. You obtain this +// uploadID by sending the initiate multipart upload request through +// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// . The ListParts request returns a maximum of 1,000 uploaded parts. The limit of +// 1,000 parts is also the default value. You can restrict the number of parts in a +// response by specifying the max-parts request parameter. If your multipart +// upload consists of more than 1,000 parts, the response returns an IsTruncated +// field with the value of true , and a NextPartNumberMarker element. To list +// remaining uploaded parts, in subsequent ListParts requests, include the +// part-number-marker query string parameter and set its value to the +// NextPartNumberMarker field value from the previous response. For more // information on multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) -// . For information on permissions required to use the multipart upload API, see -// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// . The following operations are related to ListParts : +// in the Amazon S3 User Guide. Directory buckets - For directory buckets, you must +// make requests for this API operation to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. If the upload was created using server-side +// encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer +// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you must +// have permission to the kms:Decrypt action for the ListParts request to +// succeed. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to ListParts : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) @@ -53,16 +80,26 @@ func (c *Client) ListParts(ctx context.Context, params *ListPartsInput, optFns . type ListPartsInput struct { - // The name of the bucket to which the parts are being uploaded. When using this - // action with an access point, you must direct requests to the access point - // hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket to which the parts are being uploaded. Directory buckets + // - When you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -82,13 +119,13 @@ type ListPartsInput struct { // This member is required. UploadId *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Sets the maximum number of parts to return. - MaxParts int32 + MaxParts *int32 // Specifies the part after which listing should begin. Only parts with higher // part numbers will be listed. @@ -96,29 +133,33 @@ type ListPartsInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The server-side encryption (SSE) algorithm used to encrypt the object. This // parameter is needed only when the object was created using a checksum algorithm. // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // The server-side encryption (SSE) customer managed key. This parameter is needed // only when the object was created using a checksum algorithm. For more // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerKey *string // The MD5 server-side encryption (SSE) customer managed key. This parameter is // needed only when the object was created using a checksum algorithm. For more // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. SSECustomerKeyMD5 *string noSmithyDocumentSerde @@ -126,6 +167,7 @@ type ListPartsInput struct { func (in *ListPartsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } @@ -139,11 +181,13 @@ type ListPartsOutput struct { // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) // . The response will also include the x-amz-abort-rule-id header that will // provide the ID of the lifecycle configuration rule that defines this action. + // This functionality is not supported for directory buckets. AbortDate *time.Time // This header is returned along with the x-amz-abort-date header. It identifies // applicable lifecycle configuration rule that defines the action to abort - // incomplete multipart uploads. + // incomplete multipart uploads. This functionality is not supported for directory + // buckets. AbortRuleId *string // The name of the bucket to which the multipart upload was initiated. Does not @@ -162,13 +206,13 @@ type ListPartsOutput struct { // Indicates whether the returned list of parts is truncated. A true value // indicates that the list was truncated. A list can be truncated if the number of // parts exceeds the limit returned in the MaxParts element. - IsTruncated bool + IsTruncated *bool // Object key for which the multipart upload was initiated. Key *string // Maximum number of parts that were allowed in the response. - MaxParts int32 + MaxParts *int32 // When a list is truncated, this element specifies the last part in the list, as // well as the value to use for the part-number-marker request parameter in a @@ -177,7 +221,8 @@ type ListPartsOutput struct { // Container element that identifies the object owner, after the object is // created. If multipart upload is initiated by an IAM user, this element provides - // the parent account ID and display name. + // the parent account ID and display name. Directory buckets - The bucket owner is + // returned as the object owner for all the parts. Owner *types.Owner // When a list is truncated, this element specifies the last part in the list, as @@ -190,11 +235,12 @@ type ListPartsOutput struct { Parts []types.Part // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged - // Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded - // object. + // The class of storage used to store the uploaded object. Directory buckets - + // Only the S3 Express One Zone storage class is supported by directory buckets to + // store objects. StorageClass types.StorageClass // Upload ID identifying the multipart upload whose parts are being listed. @@ -261,6 +307,9 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpListPartsValidationMiddleware(stack); err != nil { return err } @@ -337,8 +386,8 @@ func NewListPartsPaginator(client ListPartsAPIClient, params *ListPartsInput, op } options := ListPartsPaginatorOptions{} - if params.MaxParts != 0 { - options.Limit = params.MaxParts + if params.MaxParts != nil { + options.Limit = *params.MaxParts } for _, fn := range optFns { @@ -368,7 +417,11 @@ func (p *ListPartsPaginator) NextPage(ctx context.Context, optFns ...func(*Optio params := *p.params params.PartNumberMarker = p.nextToken - params.MaxParts = p.options.Limit + var limit *int32 + if p.options.Limit > 0 { + limit = &p.options.Limit + } + params.MaxParts = limit result, err := p.client.ListParts(ctx, ¶ms, optFns...) if err != nil { @@ -378,7 +431,7 @@ func (p *ListPartsPaginator) NextPage(ctx context.Context, optFns ...func(*Optio prevToken := p.nextToken p.nextToken = nil - if result.IsTruncated { + if result.IsTruncated != nil && *result.IsTruncated { p.nextToken = result.NextPartNumberMarker } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go index 498c51b64..80344efb1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go @@ -11,16 +11,18 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer -// Acceleration is a bucket-level feature that enables you to perform faster data -// transfers to Amazon S3. To use this operation, you must have permission to -// perform the s3:PutAccelerateConfiguration action. The bucket owner has this -// permission by default. The bucket owner can grant this permission to others. For -// more information about permissions, see Permissions Related to Bucket -// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Sets the accelerate +// configuration of an existing bucket. Amazon S3 Transfer Acceleration is a +// bucket-level feature that enables you to perform faster data transfers to Amazon +// S3. To use this operation, you must have permission to perform the +// s3:PutAccelerateConfiguration action. The bucket owner has this permission by +// default. The bucket owner can grant this permission to others. For more +// information about permissions, see Permissions Related to Bucket Subresource +// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . The Transfer Acceleration state of a bucket can be set to one of the following // two values: @@ -64,19 +66,19 @@ type PutBucketAccelerateConfigurationInput struct { // This member is required. Bucket *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -84,7 +86,7 @@ type PutBucketAccelerateConfigurationInput struct { func (in *PutBucketAccelerateConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketAccelerateConfigurationOutput struct { @@ -149,6 +151,9 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack * if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketAccelerateConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go index 2174bc569..6382d2769 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go @@ -11,13 +11,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the permissions on an existing bucket using access control lists (ACL). -// For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) -// . To set the ACL of a bucket, you must have WRITE_ACP permission. You can use -// one of the following two ways to set a bucket's permissions: +// This operation is not supported by directory buckets. Sets the permissions on +// an existing bucket using access control lists (ACL). For more information, see +// Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html) +// . To set the ACL of a bucket, you must have the WRITE_ACP permission. You can +// use one of the following two ways to set a bucket's permissions: // - Specify the ACL in the request body // - Specify permissions using request headers // @@ -124,12 +126,12 @@ type PutBucketAclInput struct { // Contains the elements that set the ACL permissions for an object per grantee. AccessControlPolicy *types.AccessControlPolicy - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -141,9 +143,9 @@ type PutBucketAclInput struct { // Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Allows grantee the read, write, read ACP, and write ACP permissions on the @@ -169,7 +171,7 @@ type PutBucketAclInput struct { func (in *PutBucketAclInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketAclOutput struct { @@ -234,6 +236,9 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketAclValidationMiddleware(stack); err != nil { return err } @@ -270,6 +275,9 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go index 9dd28ec8b..9b1009f65 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go @@ -10,20 +10,21 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets an analytics configuration for the bucket (specified by the analytics -// configuration ID). You can have up to 1,000 analytics configurations per bucket. -// You can choose to have storage class analysis export analysis reports sent to a -// comma-separated values (CSV) flat file. See the DataExport request element. -// Reports are updated daily and are based on the object filters that you -// configure. When selecting data export, you specify a destination bucket and an -// optional destination prefix where the file is written. You can export the data -// to a destination bucket in a different account. However, the destination bucket -// must be in the same Region as the bucket that you are making the PUT analytics -// configuration to. For more information, see Amazon S3 Analytics – Storage Class -// Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) +// This operation is not supported by directory buckets. Sets an analytics +// configuration for the bucket (specified by the analytics configuration ID). You +// can have up to 1,000 analytics configurations per bucket. You can choose to have +// storage class analysis export analysis reports sent to a comma-separated values +// (CSV) flat file. See the DataExport request element. Reports are updated daily +// and are based on the object filters that you configure. When selecting data +// export, you specify a destination bucket and an optional destination prefix +// where the file is written. You can export the data to a destination bucket in a +// different account. However, the destination bucket must be in the same Region as +// the bucket that you are making the PUT analytics configuration to. For more +// information, see Amazon S3 Analytics – Storage Class Analysis (https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) // . You must create a bucket policy on the destination bucket where the exported // file is written to grant permissions to Amazon S3 to write objects to the // bucket. For an example policy, see Granting Permissions for Amazon S3 Inventory @@ -84,9 +85,9 @@ type PutBucketAnalyticsConfigurationInput struct { // This member is required. Id *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -94,7 +95,7 @@ type PutBucketAnalyticsConfigurationInput struct { func (in *PutBucketAnalyticsConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketAnalyticsConfigurationOutput struct { @@ -159,6 +160,9 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketAnalyticsConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go index a5bd71b48..394a2bad8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go @@ -11,21 +11,23 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the cors configuration for your bucket. If the configuration exists, -// Amazon S3 replaces it. To use this operation, you must be allowed to perform the -// s3:PutBucketCORS action. By default, the bucket owner has this permission and -// can grant it to others. You set this configuration on a bucket so that the -// bucket can service cross-origin requests. For example, you might want to enable -// a request whose origin is http://www.example.com to access your Amazon S3 -// bucket at my.example.bucket.com by using the browser's XMLHttpRequest -// capability. To enable cross-origin resource sharing (CORS) on a bucket, you add -// the cors subresource to the bucket. The cors subresource is an XML document in -// which you configure rules that identify origins and the HTTP methods that can be -// executed on your bucket. The document is limited to 64 KB in size. When Amazon -// S3 receives a cross-origin request (or a pre-flight OPTIONS request) against a +// This operation is not supported by directory buckets. Sets the cors +// configuration for your bucket. If the configuration exists, Amazon S3 replaces +// it. To use this operation, you must be allowed to perform the s3:PutBucketCORS +// action. By default, the bucket owner has this permission and can grant it to +// others. You set this configuration on a bucket so that the bucket can service +// cross-origin requests. For example, you might want to enable a request whose +// origin is http://www.example.com to access your Amazon S3 bucket at +// my.example.bucket.com by using the browser's XMLHttpRequest capability. To +// enable cross-origin resource sharing (CORS) on a bucket, you add the cors +// subresource to the bucket. The cors subresource is an XML document in which you +// configure rules that identify origins and the HTTP methods that can be executed +// on your bucket. The document is limited to 64 KB in size. When Amazon S3 +// receives a cross-origin request (or a pre-flight OPTIONS request) against a // bucket, it evaluates the cors configuration on the bucket and uses the first // CORSRule rule that matches the incoming browser request to enable a cross-origin // request. For a rule to match, the following conditions must be met: @@ -71,12 +73,12 @@ type PutBucketCorsInput struct { // This member is required. CORSConfiguration *types.CORSConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -88,9 +90,9 @@ type PutBucketCorsInput struct { // Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -98,7 +100,7 @@ type PutBucketCorsInput struct { func (in *PutBucketCorsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketCorsOutput struct { @@ -163,6 +165,9 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketCorsValidationMiddleware(stack); err != nil { return err } @@ -199,6 +204,9 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go index 7f060b97d..615e98a3d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go @@ -11,17 +11,19 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This action uses the encryption subresource to configure default encryption and -// Amazon S3 Bucket Keys for an existing bucket. By default, all buckets have a -// default encryption configuration that uses server-side encryption with Amazon S3 -// managed keys (SSE-S3). You can optionally configure default encryption for a -// bucket by using server-side encryption with Key Management Service (KMS) keys -// (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys -// (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also -// configure Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) +// This operation is not supported by directory buckets. This action uses the +// encryption subresource to configure default encryption and Amazon S3 Bucket Keys +// for an existing bucket. By default, all buckets have a default encryption +// configuration that uses server-side encryption with Amazon S3 managed keys +// (SSE-S3). You can optionally configure default encryption for a bucket by using +// server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or +// dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). +// If you specify default encryption by using SSE-KMS, you can also configure +// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) // . If you use PutBucketEncryption to set your default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) // to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does // not validate the KMS key ID provided in PutBucketEncryption requests. This @@ -71,12 +73,12 @@ type PutBucketEncryptionInput struct { // This member is required. ServerSideEncryptionConfiguration *types.ServerSideEncryptionConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -87,9 +89,9 @@ type PutBucketEncryptionInput struct { // automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -97,7 +99,7 @@ type PutBucketEncryptionInput struct { func (in *PutBucketEncryptionInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketEncryptionOutput struct { @@ -162,6 +164,9 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketEncryptionValidationMiddleware(stack); err != nil { return err } @@ -198,6 +203,9 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go index bd8ed472c..a5f8fc7ad 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go @@ -10,11 +10,13 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can -// have up to 1,000 S3 Intelligent-Tiering configurations per bucket. The S3 +// This operation is not supported by directory buckets. Puts a S3 +// Intelligent-Tiering configuration to the specified bucket. You can have up to +// 1,000 S3 Intelligent-Tiering configurations per bucket. The S3 // Intelligent-Tiering storage class is designed to optimize storage costs by // automatically moving data to the most cost-effective storage access tier, // without performance impact or operational overhead. S3 Intelligent-Tiering @@ -81,7 +83,7 @@ type PutBucketIntelligentTieringConfigurationInput struct { func (in *PutBucketIntelligentTieringConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketIntelligentTieringConfigurationOutput struct { @@ -146,6 +148,9 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketIntelligentTieringConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go index 314eaa456..e2d06796a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go @@ -10,22 +10,23 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This implementation of the PUT action adds an inventory configuration -// (identified by the inventory ID) to the bucket. You can have up to 1,000 -// inventory configurations per bucket. Amazon S3 inventory generates inventories -// of the objects in the bucket on a daily or weekly basis, and the results are -// published to a flat file. The bucket that is inventoried is called the source -// bucket, and the bucket where the inventory flat file is stored is called the -// destination bucket. The destination bucket must be in the same Amazon Web -// Services Region as the source bucket. When you configure an inventory for a -// source bucket, you specify the destination bucket where you want the inventory -// to be stored, and whether to generate the inventory daily or weekly. You can -// also configure what object metadata to include and whether to inventory all -// object versions or only current versions. For more information, see Amazon S3 -// Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) +// This operation is not supported by directory buckets. This implementation of +// the PUT action adds an inventory configuration (identified by the inventory ID) +// to the bucket. You can have up to 1,000 inventory configurations per bucket. +// Amazon S3 inventory generates inventories of the objects in the bucket on a +// daily or weekly basis, and the results are published to a flat file. The bucket +// that is inventoried is called the source bucket, and the bucket where the +// inventory flat file is stored is called the destination bucket. The destination +// bucket must be in the same Amazon Web Services Region as the source bucket. When +// you configure an inventory for a source bucket, you specify the destination +// bucket where you want the inventory to be stored, and whether to generate the +// inventory daily or weekly. You can also configure what object metadata to +// include and whether to inventory all object versions or only current versions. +// For more information, see Amazon S3 Inventory (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) // in the Amazon S3 User Guide. You must create a bucket policy on the destination // bucket to grant permissions to Amazon S3 to write objects to the bucket in the // defined location. For an example policy, see Granting Permissions for Amazon S3 @@ -87,9 +88,9 @@ type PutBucketInventoryConfigurationInput struct { // This member is required. InventoryConfiguration *types.InventoryConfiguration - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -97,7 +98,7 @@ type PutBucketInventoryConfigurationInput struct { func (in *PutBucketInventoryConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketInventoryConfigurationOutput struct { @@ -162,6 +163,9 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketInventoryConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go index 77792dfec..ac2b63ebb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go @@ -11,14 +11,16 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates a new lifecycle configuration for the bucket or replaces an existing -// lifecycle configuration. Keep in mind that this will overwrite an existing -// lifecycle configuration, so if you want to retain any configuration details, -// they must be included in the new lifecycle configuration. For information about -// lifecycle configuration, see Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) +// This operation is not supported by directory buckets. Creates a new lifecycle +// configuration for the bucket or replaces an existing lifecycle configuration. +// Keep in mind that this will overwrite an existing lifecycle configuration, so if +// you want to retain any configuration details, they must be included in the new +// lifecycle configuration. For information about lifecycle configuration, see +// Managing your storage lifecycle (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) // . Bucket lifecycle configuration now supports specifying a lifecycle rule using // an object key name prefix, one or more object tags, or a combination of both. // Accordingly, this section describes the latest API. The previous version of the @@ -86,19 +88,19 @@ type PutBucketLifecycleConfigurationInput struct { // This member is required. Bucket *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Container for lifecycle rules. You can add as many as 1,000 rules. @@ -109,7 +111,7 @@ type PutBucketLifecycleConfigurationInput struct { func (in *PutBucketLifecycleConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketLifecycleConfigurationOutput struct { @@ -174,6 +176,9 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketLifecycleConfigurationValidationMiddleware(stack); err != nil { return err } @@ -210,6 +215,9 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go index 6db91d1a5..e69fa24c7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go @@ -11,20 +11,21 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Set the logging parameters for a bucket and to specify permissions for who can -// view and modify the logging parameters. All logs are saved to buckets in the -// same Amazon Web Services Region as the source bucket. To set the logging status -// of a bucket, you must be the bucket owner. The bucket owner is automatically -// granted FULL_CONTROL to all logs. You use the Grantee request element to grant -// access to other people. The Permissions request element specifies the kind of -// access the grantee has to the logs. If the target bucket for log delivery uses -// the bucket owner enforced setting for S3 Object Ownership, you can't use the -// Grantee request element to grant access to others. Permissions can only be -// granted using policies. For more information, see Permissions for server access -// log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) +// This operation is not supported by directory buckets. Set the logging +// parameters for a bucket and to specify permissions for who can view and modify +// the logging parameters. All logs are saved to buckets in the same Amazon Web +// Services Region as the source bucket. To set the logging status of a bucket, you +// must be the bucket owner. The bucket owner is automatically granted FULL_CONTROL +// to all logs. You use the Grantee request element to grant access to other +// people. The Permissions request element specifies the kind of access the +// grantee has to the logs. If the target bucket for log delivery uses the bucket +// owner enforced setting for S3 Object Ownership, you can't use the Grantee +// request element to grant access to others. Permissions can only be granted using +// policies. For more information, see Permissions for server access log delivery (https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general) // in the Amazon S3 User Guide. Grantee Values You can specify the person (grantee) // to whom you're assigning access rights (by using request elements) in the // following ways: @@ -74,12 +75,12 @@ type PutBucketLoggingInput struct { // This member is required. BucketLoggingStatus *types.BucketLoggingStatus - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -89,9 +90,9 @@ type PutBucketLoggingInput struct { // this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -99,7 +100,7 @@ type PutBucketLoggingInput struct { func (in *PutBucketLoggingInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketLoggingOutput struct { @@ -164,6 +165,9 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketLoggingValidationMiddleware(stack); err != nil { return err } @@ -200,6 +204,9 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go index 5afe04665..099736c11 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go @@ -10,18 +10,20 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets a metrics configuration (specified by the metrics configuration ID) for -// the bucket. You can have up to 1,000 metrics configurations per bucket. If -// you're updating an existing metrics configuration, note that this is a full -// replacement of the existing metrics configuration. If you don't include the -// elements you want to keep, they are erased. To use this operation, you must have -// permissions to perform the s3:PutMetricsConfiguration action. The bucket owner -// has this permission by default. The bucket owner can grant this permission to -// others. For more information about permissions, see Permissions Related to -// Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// This operation is not supported by directory buckets. Sets a metrics +// configuration (specified by the metrics configuration ID) for the bucket. You +// can have up to 1,000 metrics configurations per bucket. If you're updating an +// existing metrics configuration, note that this is a full replacement of the +// existing metrics configuration. If you don't include the elements you want to +// keep, they are erased. To use this operation, you must have permissions to +// perform the s3:PutMetricsConfiguration action. The bucket owner has this +// permission by default. The bucket owner can grant this permission to others. For +// more information about permissions, see Permissions Related to Bucket +// Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) // . For information about CloudWatch request metrics for Amazon S3, see // Monitoring Metrics with Amazon CloudWatch (https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html) @@ -68,9 +70,9 @@ type PutBucketMetricsConfigurationInput struct { // This member is required. MetricsConfiguration *types.MetricsConfiguration - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -78,7 +80,7 @@ type PutBucketMetricsConfigurationInput struct { func (in *PutBucketMetricsConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketMetricsConfigurationOutput struct { @@ -143,6 +145,9 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketMetricsConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go index 7f1c8c331..7139f6ea6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go @@ -10,11 +10,13 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Enables notifications of specified events for a bucket. For more information -// about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) +// This operation is not supported by directory buckets. Enables notifications of +// specified events for a bucket. For more information about event notifications, +// see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) // . Using this API, you can replace an existing notification configuration. The // configuration is an XML file that defines the event types that you want Amazon // S3 to publish and the destination where you want Amazon S3 to publish an event @@ -75,21 +77,21 @@ type PutBucketNotificationConfigurationInput struct { // This member is required. NotificationConfiguration *types.NotificationConfiguration - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. True or // false value. - SkipDestinationValidation bool + SkipDestinationValidation *bool noSmithyDocumentSerde } func (in *PutBucketNotificationConfigurationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketNotificationConfigurationOutput struct { @@ -154,6 +156,9 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketNotificationConfigurationValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go index 695054d59..f89f86d65 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go @@ -11,12 +11,14 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this -// operation, you must have the s3:PutBucketOwnershipControls permission. For more -// information about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html) +// This operation is not supported by directory buckets. Creates or modifies +// OwnershipControls for an Amazon S3 bucket. To use this operation, you must have +// the s3:PutBucketOwnershipControls permission. For more information about Amazon +// S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html) // . For information about Amazon S3 Object Ownership, see Using object ownership (https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html) // . The following operations are related to PutBucketOwnershipControls : // - GetBucketOwnershipControls @@ -54,9 +56,9 @@ type PutBucketOwnershipControlsInput struct { // this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -64,7 +66,7 @@ type PutBucketOwnershipControlsInput struct { func (in *PutBucketOwnershipControlsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketOwnershipControlsOutput struct { @@ -129,6 +131,9 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketOwnershipControlsValidationMiddleware(stack); err != nil { return err } @@ -165,6 +170,9 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go index 1e7e5b627..b3da186ac 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go @@ -11,25 +11,50 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an -// identity other than the root user of the Amazon Web Services account that owns -// the bucket, the calling identity must have the PutBucketPolicy permissions on -// the specified bucket and belong to the bucket owner's account in order to use -// this operation. If you don't have PutBucketPolicy permissions, Amazon S3 -// returns a 403 Access Denied error. If you have the correct permissions, but -// you're not using an identity that belongs to the bucket owner's account, Amazon -// S3 returns a 405 Method Not Allowed error. To ensure that bucket owners don't +// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. Directory buckets - +// For directory buckets, you must make requests for this API operation to the +// Regional endpoint. These endpoints support path-style requests in the format +// https://s3express-control.region_code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions If you are using an identity other than +// the root user of the Amazon Web Services account that owns the bucket, the +// calling identity must both have the PutBucketPolicy permissions on the +// specified bucket and belong to the bucket owner's account in order to use this +// operation. If you don't have PutBucketPolicy permissions, Amazon S3 returns a +// 403 Access Denied error. If you have the correct permissions, but you're not +// using an identity that belongs to the bucket owner's account, Amazon S3 returns +// a 405 Method Not Allowed error. To ensure that bucket owners don't // inadvertently lock themselves out of their own buckets, the root principal in a // bucket owner's Amazon Web Services account can perform the GetBucketPolicy , // PutBucketPolicy , and DeleteBucketPolicy API actions, even if their bucket // policy explicitly denies the root principal's access. Bucket owner root // principals can only be blocked from performing these API actions by VPC endpoint -// policies and Amazon Web Services Organizations policies. For more information, -// see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) -// . The following operations are related to PutBucketPolicy : +// policies and Amazon Web Services Organizations policies. +// - General purpose bucket permissions - The s3:PutBucketPolicy permission is +// required in a policy. For more information about general purpose buckets bucket +// policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:PutBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web Services +// account that owns the resource. For more information about directory bucket +// policies and permissions, see Amazon Web Services Identity and Access +// Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// Example bucket policies General purpose buckets example bucket policies - See +// Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. Directory bucket example bucket policies - See +// Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. HTTP Host header syntax Directory buckets - The +// HTTP Host header syntax is s3express-control.region.amazonaws.com . The +// following operations are related to PutBucketPolicy : // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // - DeleteBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html) func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInput, optFns ...func(*Options)) (*PutBucketPolicyOutput, error) { @@ -49,38 +74,62 @@ func (c *Client) PutBucketPolicy(ctx context.Context, params *PutBucketPolicyInp type PutBucketPolicyInput struct { - // The name of the bucket. + // The name of the bucket. Directory buckets - When you use this operation with a + // directory bucket, you must use path-style requests in the format + // https://s3express-control.region_code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Availability Zone. Bucket names must also follow the format + // bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 + // ). For information about bucket naming restrictions, see Directory bucket + // naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide // // This member is required. Bucket *string - // The bucket policy as a JSON document. + // The bucket policy as a JSON document. For directory buckets, the only IAM + // action supported in the bucket policy is s3express:CreateSession . // // This member is required. Policy *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) - // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 - // ignores any provided ChecksumAlgorithm parameter. + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 + // fails the request with the HTTP status code 400 Bad Request . For the + // x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // - CRC32 + // - CRC32C + // - SHA1 + // - SHA256 + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. If the individual checksum value you provide + // through x-amz-checksum-algorithm doesn't match the checksum algorithm you set + // through x-amz-sdk-checksum-algorithm , Amazon S3 ignores any provided + // ChecksumAlgorithm parameter and uses the checksum algorithm that matches the + // provided value in x-amz-checksum-algorithm . For directory buckets, when you + // use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's + // used for performance. ChecksumAlgorithm types.ChecksumAlgorithm // Set this parameter to true to confirm that you want to remove your permissions - // to change this bucket policy in the future. - ConfirmRemoveSelfBucketAccess bool + // to change this bucket policy in the future. This functionality is not supported + // for directory buckets. + ConfirmRemoveSelfBucketAccess *bool // The MD5 hash of the request body. For requests made using the Amazon Web // Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is - // calculated automatically. + // calculated automatically. This functionality is not supported for directory + // buckets. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). For directory buckets, this header + // is not supported in this API operation. If you specify this header, the request + // fails with the HTTP status code 501 Not Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -88,7 +137,7 @@ type PutBucketPolicyInput struct { func (in *PutBucketPolicyInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketPolicyOutput struct { @@ -153,6 +202,9 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketPolicyValidationMiddleware(stack); err != nil { return err } @@ -189,6 +241,9 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go index 0690f20e2..ddf58ad88 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go @@ -11,11 +11,12 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates a replication configuration or replaces an existing one. For more -// information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) +// This operation is not supported by directory buckets. Creates a replication +// configuration or replaces an existing one. For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 User Guide. Specify the replication configuration in the // request body. In the replication configuration, you provide the name of the // destination bucket or buckets where you want Amazon S3 to replicate objects, the @@ -83,12 +84,12 @@ type PutBucketReplicationInput struct { // This member is required. ReplicationConfiguration *types.ReplicationConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -100,9 +101,9 @@ type PutBucketReplicationInput struct { // or Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // A token to allow Object Lock to be enabled for an existing bucket. @@ -113,7 +114,7 @@ type PutBucketReplicationInput struct { func (in *PutBucketReplicationInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketReplicationOutput struct { @@ -178,6 +179,9 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketReplicationValidationMiddleware(stack); err != nil { return err } @@ -214,6 +218,9 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go index 180b2f16a..d1dc5a765 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go @@ -11,13 +11,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the request payment configuration for a bucket. By default, the bucket -// owner pays for downloads from the bucket. This configuration parameter enables -// the bucket owner (only) to specify that the person requesting the download will -// be charged for the download. For more information, see Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) +// This operation is not supported by directory buckets. Sets the request payment +// configuration for a bucket. By default, the bucket owner pays for downloads from +// the bucket. This configuration parameter enables the bucket owner (only) to +// specify that the person requesting the download will be charged for the +// download. For more information, see Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) // . The following operations are related to PutBucketRequestPayment : // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) // - GetBucketRequestPayment (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketRequestPayment.html) @@ -48,12 +50,12 @@ type PutBucketRequestPaymentInput struct { // This member is required. RequestPaymentConfiguration *types.RequestPaymentConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -65,9 +67,9 @@ type PutBucketRequestPaymentInput struct { // or Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -75,7 +77,7 @@ type PutBucketRequestPaymentInput struct { func (in *PutBucketRequestPaymentInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketRequestPaymentOutput struct { @@ -140,6 +142,9 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketRequestPaymentValidationMiddleware(stack); err != nil { return err } @@ -176,6 +181,9 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go index 6264943a1..725facc11 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go @@ -11,17 +11,19 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the tags for a bucket. Use tags to organize your Amazon Web Services bill -// to reflect your own cost structure. To do this, sign up to get your Amazon Web -// Services account bill with tag key values included. Then, to see the cost of -// combined resources, organize your billing information according to resources -// with the same tag key values. For example, you can tag several resources with a -// specific application name, and then organize your billing information to see the -// total cost of that application across several services. For more information, -// see Cost Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) +// This operation is not supported by directory buckets. Sets the tags for a +// bucket. Use tags to organize your Amazon Web Services bill to reflect your own +// cost structure. To do this, sign up to get your Amazon Web Services account bill +// with tag key values included. Then, to see the cost of combined resources, +// organize your billing information according to resources with the same tag key +// values. For example, you can tag several resources with a specific application +// name, and then organize your billing information to see the total cost of that +// application across several services. For more information, see Cost Allocation +// and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) // and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html) // . When this operation sets the tags for a bucket, it will overwrite any current // tags the bucket already has. You cannot use this operation to add tags to an @@ -73,12 +75,12 @@ type PutBucketTaggingInput struct { // This member is required. Tagging *types.Tagging - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -90,9 +92,9 @@ type PutBucketTaggingInput struct { // or Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -100,7 +102,7 @@ type PutBucketTaggingInput struct { func (in *PutBucketTaggingInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketTaggingOutput struct { @@ -165,6 +167,9 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketTaggingValidationMiddleware(stack); err != nil { return err } @@ -201,6 +206,9 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go index 28ee7cef5..c2b751ab7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go @@ -11,15 +11,17 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the versioning state of an existing bucket. You can set the versioning -// state with one of the following values: Enabled—Enables versioning for the -// objects in the bucket. All objects added to the bucket receive a unique version -// ID. Suspended—Disables versioning for the objects in the bucket. All objects -// added to the bucket receive the version ID null. If the versioning state has -// never been set on a bucket, it has no versioning state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) +// This operation is not supported by directory buckets. Sets the versioning state +// of an existing bucket. You can set the versioning state with one of the +// following values: Enabled—Enables versioning for the objects in the bucket. All +// objects added to the bucket receive a unique version ID. Suspended—Disables +// versioning for the objects in the bucket. All objects added to the bucket +// receive the version ID null. If the versioning state has never been set on a +// bucket, it has no versioning state; a GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) // request does not return a versioning state value. In order to enable MFA Delete, // you must be the bucket owner. If you are the bucket owner and want to enable MFA // Delete in the bucket versioning configuration, you must include the x-amz-mfa @@ -62,12 +64,12 @@ type PutBucketVersioningInput struct { // This member is required. VersioningConfiguration *types.VersioningConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -79,9 +81,9 @@ type PutBucketVersioningInput struct { // or Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The concatenation of the authentication device's serial number, a space, and @@ -93,7 +95,7 @@ type PutBucketVersioningInput struct { func (in *PutBucketVersioningInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketVersioningOutput struct { @@ -158,6 +160,9 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketVersioningValidationMiddleware(stack); err != nil { return err } @@ -194,6 +199,9 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go index 8a8e6dbb0..275554530 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go @@ -11,14 +11,15 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the configuration of the website that is specified in the website -// subresource. To configure a bucket as a website, you can add this subresource on -// the bucket with website configuration information such as the file name of the -// index document and any redirect rules. For more information, see Hosting -// Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) +// This operation is not supported by directory buckets. Sets the configuration of +// the website that is specified in the website subresource. To configure a bucket +// as a website, you can add this subresource on the bucket with website +// configuration information such as the file name of the index document and any +// redirect rules. For more information, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) // . This PUT action requires the S3:PutBucketWebsite permission. By default, only // the bucket owner can configure the website attached to a bucket; however, bucket // owners can allow other users to set the website configuration by writing a @@ -84,12 +85,12 @@ type PutBucketWebsiteInput struct { // This member is required. WebsiteConfiguration *types.WebsiteConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -101,9 +102,9 @@ type PutBucketWebsiteInput struct { // or Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -111,7 +112,7 @@ type PutBucketWebsiteInput struct { func (in *PutBucketWebsiteInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutBucketWebsiteOutput struct { @@ -176,6 +177,9 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutBucketWebsiteValidationMiddleware(stack); err != nil { return err } @@ -212,6 +216,9 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go index 9175ef2d1..1bade82e9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go @@ -17,71 +17,75 @@ import ( "time" ) -// Adds an object to a bucket. You must have WRITE permissions on a bucket to add -// an object to it. Amazon S3 never adds partial objects; if you receive a success -// response, Amazon S3 added the entire object to the bucket. You cannot use -// PutObject to only update a single piece of metadata for an existing object. You -// must put the entire object with updated metadata if you want to update some -// values. Amazon S3 is a distributed system. If it receives multiple write -// requests for the same object simultaneously, it overwrites all but the last -// object written. To prevent objects from being deleted or overwritten, you can -// use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) -// . To ensure that data is not corrupted traversing the network, use the -// Content-MD5 header. When you use this header, Amazon S3 checks the object -// against the provided MD5 value and, if they do not match, returns an error. -// Additionally, you can calculate the MD5 while putting an object to Amazon S3 and -// compare the returned ETag to the calculated MD5 value. -// - To successfully complete the PutObject request, you must have the -// s3:PutObject in your IAM permissions. -// - To successfully change the objects acl of your PutObject request, you must -// have the s3:PutObjectAcl in your IAM permissions. -// - To successfully set the tag-set with your PutObject request, you must have -// the s3:PutObjectTagging in your IAM permissions. -// - The Content-MD5 header is required for any request to upload an object with -// a retention period configured using Amazon S3 Object Lock. For more information -// about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) +// Adds an object to a bucket. +// - Amazon S3 never adds partial objects; if you receive a success response, +// Amazon S3 added the entire object to the bucket. You cannot use PutObject to +// only update a single piece of metadata for an existing object. You must put the +// entire object with updated metadata if you want to update some values. +// - If your bucket uses the bucket owner enforced setting for Object Ownership, +// ACLs are disabled and no longer affect permissions. All objects written to the +// bucket by any account will be owned by the bucket owner. +// - Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support +// virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . +// Path-style requests are not supported. For more information, see Regional and +// Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// You have four mutually exclusive options to protect data using server-side -// encryption in Amazon S3, depending on how you choose to manage the encryption -// keys. Specifically, the encryption key options are Amazon S3 managed keys -// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and -// customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side -// encryption by using Amazon S3 managed keys (SSE-S3) by default. You can -// optionally tell Amazon S3 to encrypt data at rest by using server-side -// encryption with other key options. For more information, see Using Server-Side -// Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) -// . When adding a new object, you can use headers to grant ACL-based permissions -// to individual Amazon Web Services accounts or to predefined groups defined by -// Amazon S3. These permissions are then added to the ACL on the object. By -// default, all objects are private. Only the owner has full access control. For -// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) -// . If the bucket that you're uploading objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect -// permissions. Buckets that use this setting only accept PUT requests that don't -// specify an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this ACL -// expressed in the XML format. PUT requests that contain other ACLs (for example, -// custom grants to certain Amazon Web Services accounts) fail and return a 400 -// error with the error code AccessControlListNotSupported . For more information, -// see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced -// setting for Object Ownership, all objects written to the bucket by any account -// will be owned by the bucket owner. By default, Amazon S3 uses the STANDARD -// Storage Class to store newly created objects. The STANDARD storage class -// provides high durability and high availability. Depending on performance needs, -// you can specify a different Storage Class. Amazon S3 on Outposts only uses the -// OUTPOSTS Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. If you enable versioning for a bucket, Amazon S3 -// automatically generates a unique version ID for the object being stored. Amazon -// S3 returns this ID in the response. When you enable versioning for a bucket, if -// Amazon S3 receives multiple write requests for the same object simultaneously, -// it stores all of the objects. For more information about versioning, see Adding -// Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) -// . For information about returning the versioning state of a bucket, see -// GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) -// . For more information about related Amazon S3 APIs, see the following: +// Amazon S3 is a distributed system. If it receives multiple write requests for +// the same object simultaneously, it overwrites all but the last object written. +// However, Amazon S3 provides features that can modify this behavior: +// - S3 Object Lock - To prevent objects from being deleted or overwritten, you +// can use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) +// in the Amazon S3 User Guide. This functionality is not supported for directory +// buckets. +// - S3 Versioning - When you enable versioning for a bucket, if Amazon S3 +// receives multiple write requests for the same object simultaneously, it stores +// all versions of the objects. For each write request that is made to the same +// object, Amazon S3 automatically generates a unique version ID of that object +// being stored in Amazon S3. You can retrieve, replace, or delete any version of +// the object. For more information about versioning, see Adding Objects to +// Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) +// in the Amazon S3 User Guide. For information about returning the versioning +// state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) +// . This functionality is not supported for directory buckets. +// +// Permissions +// - General purpose bucket permissions - The following permissions are required +// in your policies when your PutObject request includes specific headers. +// - s3:PutObject - To successfully complete the PutObject request, you must +// always have the s3:PutObject permission on a bucket to add an object to it. +// - s3:PutObjectAcl - To successfully change the objects ACL of your PutObject +// request, you must have the s3:PutObjectAcl . +// - s3:PutObjectTagging - To successfully set the tag-set with your PutObject +// request, you must have the s3:PutObjectTagging . +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Data integrity with Content-MD5 +// - General purpose bucket - To ensure that data is not corrupted traversing +// the network, use the Content-MD5 header. When you use this header, Amazon S3 +// checks the object against the provided MD5 value and, if they do not match, +// Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 +// digest, you can calculate the MD5 while putting the object to Amazon S3 and +// compare the returned ETag to the calculated MD5 value. +// - Directory bucket - This functionality is not supported for directory +// buckets. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . For more information about +// related Amazon S3 APIs, see the following: // - CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // - DeleteObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html) func (c *Client) PutObject(ctx context.Context, params *PutObjectInput, optFns ...func(*Options)) (*PutObjectOutput, error) { @@ -101,16 +105,26 @@ func (c *Client) PutObject(ctx context.Context, params *PutObjectInput, optFns . type PutObjectInput struct { - // The bucket name to which the PUT action was initiated. When using this action - // with an access point, you must direct requests to the access point hostname. The - // access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The bucket name to which the PUT action was initiated. Directory buckets - When + // you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -126,7 +140,25 @@ type PutObjectInput struct { Key *string // The canned ACL to apply to the object. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) - // . This action is not supported by Amazon S3 on Outposts. + // in the Amazon S3 User Guide. When adding a new object, you can use headers to + // grant ACL-based permissions to individual Amazon Web Services accounts or to + // predefined groups defined by Amazon S3. These permissions are then added to the + // ACL on the object. By default, all objects are private. Only the owner has full + // access control. For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) + // in the Amazon S3 User Guide. If the bucket that you're uploading objects to uses + // the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and + // no longer affect permissions. Buckets that use this setting only accept PUT + // requests that don't specify an ACL or PUT requests that specify bucket owner + // full control ACLs, such as the bucket-owner-full-control canned ACL or an + // equivalent form of this ACL expressed in the XML format. PUT requests that + // contain other ACLs (for example, custom grants to certain Amazon Web Services + // accounts) fail and return a 400 error with the error code + // AccessControlListNotSupported . For more information, see Controlling + // ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. ACL types.ObjectCannedACL // Object data. @@ -136,22 +168,34 @@ type PutObjectInput struct { // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for object // encryption with SSE-KMS. Specifying this header with a PUT action doesn’t affect - // bucket-level settings for S3 Bucket Key. - BucketKeyEnabled bool + // bucket-level settings for S3 Bucket Key. This functionality is not supported for + // directory buckets. + BucketKeyEnabled *bool // Can be used to specify caching behavior along the request/reply chain. For more // information, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) // . CacheControl *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) - // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 - // ignores any provided ChecksumAlgorithm parameter. + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon S3 + // fails the request with the HTTP status code 400 Bad Request . For the + // x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // - CRC32 + // - CRC32C + // - SHA1 + // - SHA256 + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // in the Amazon S3 User Guide. If the individual checksum value you provide + // through x-amz-checksum-algorithm doesn't match the checksum algorithm you set + // through x-amz-sdk-checksum-algorithm , Amazon S3 ignores any provided + // ChecksumAlgorithm parameter and uses the checksum algorithm that matches the + // provided value in x-amz-checksum-algorithm . For directory buckets, when you + // use Amazon Web Services SDKs, CRC32 is the default checksum algorithm that's + // used for performance. ChecksumAlgorithm types.ChecksumAlgorithm // This header can be used as a data integrity check to verify that the data @@ -201,7 +245,7 @@ type PutObjectInput struct { // cannot be determined automatically. For more information, see // https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length) // . - ContentLength int64 + ContentLength *int64 // The base64-encoded 128-bit MD5 digest of the message (without the headers) // according to RFC 1864. This header can be used as a message integrity check to @@ -209,7 +253,11 @@ type PutObjectInput struct { // optional, we recommend using the Content-MD5 mechanism as an end-to-end // integrity check. For more information about REST request authentication, see // REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) - // . + // . The Content-MD5 header is required for any request to upload an object with a + // retention period configured using Amazon S3 Object Lock. For more information + // about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. ContentMD5 *string // A standard MIME type describing the format of the contents. For more @@ -217,9 +265,9 @@ type PutObjectInput struct { // . ContentType *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The date and time at which the object is no longer cacheable. For more @@ -227,20 +275,24 @@ type PutObjectInput struct { // . Expires *time.Time - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. This - // action is not supported by Amazon S3 on Outposts. + // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string - // Allows grantee to read the object data and its metadata. This action is not - // supported by Amazon S3 on Outposts. + // Allows grantee to read the object data and its metadata. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantRead *string - // Allows grantee to read the object ACL. This action is not supported by Amazon - // S3 on Outposts. + // Allows grantee to read the object ACL. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string - // Allows grantee to write the ACL for the applicable object. This action is not - // supported by Amazon S3 on Outposts. + // Allows grantee to write the ACL for the applicable object. + // - This functionality is not supported for directory buckets. + // - This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string // A map of metadata to store with the object in S3. @@ -248,46 +300,54 @@ type PutObjectInput struct { // Specifies whether a legal hold will be applied to this object. For more // information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) - // . + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus - // The Object Lock mode that you want to apply to this object. + // The Object Lock mode that you want to apply to this object. This functionality + // is not supported for directory buckets. ObjectLockMode types.ObjectLockMode // The date and time when you want this object's Object Lock to expire. Must be - // formatted as a timestamp parameter. + // formatted as a timestamp parameter. This functionality is not supported for + // directory buckets. ObjectLockRetainUntilDate *time.Time // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256 + // ). This functionality is not supported for directory buckets. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in // encrypting data. This value is used to store the object and then it is // discarded; Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the - // x-amz-server-side-encryption-customer-algorithm header. + // x-amz-server-side-encryption-customer-algorithm header. This functionality is + // not supported for directory buckets. SSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported for directory buckets. SSECustomerKeyMD5 *string // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding // JSON with the encryption context key-value pairs. This value is stored as object // metadata and automatically gets passed on to Amazon Web Services KMS for future - // GetObject or CopyObject operations on this object. + // GetObject or CopyObject operations on this object. This value must be + // explicitly added during CopyObject operations. This functionality is not + // supported for directory buckets. SSEKMSEncryptionContext *string // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse , @@ -298,37 +358,53 @@ type PutObjectInput struct { // x-amz-server-side-encryption-aws-kms-key-id , Amazon S3 uses the Amazon Web // Services managed key ( aws/s3 ) to protect the data. If the KMS key does not // exist in the same account that's issuing the command, you must use the full ARN - // and not just the ID. + // and not just the ID. This functionality is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms , aws:kms:dsse ). + // The server-side encryption algorithm that was used when you store this object + // in Amazon S3 (for example, AES256 , aws:kms , aws:kms:dsse ). General purpose + // buckets - You have four mutually exclusive options to protect data using + // server-side encryption in Amazon S3, depending on how you choose to manage the + // encryption keys. Specifically, the encryption key options are Amazon S3 managed + // keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and + // customer-provided keys (SSE-C). Amazon S3 encrypts data with server-side + // encryption by using Amazon S3 managed keys (SSE-S3) by default. You can + // optionally tell Amazon S3 to encrypt data at rest by using server-side + // encryption with other key options. For more information, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) + // in the Amazon S3 User Guide. Directory buckets - For directory buckets, only the + // server-side encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) value is + // supported. ServerSideEncryption types.ServerSideEncryption // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high // availability. Depending on performance needs, you can specify a different - // Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For - // more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // Storage Class. For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // - For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // - Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass types.StorageClass // The tag-set for the object. The tag-set must be encoded as URL Query - // parameters. (For example, "Key1=Value1") + // parameters. (For example, "Key1=Value1") This functionality is not supported for + // directory buckets. Tagging *string // If the bucket is configured as a website, redirects requests for this object to // another object in the same bucket or to an external URL. Amazon S3 stores the // value of this header in the object metadata. For information about object // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) - // . In the following example, the request header sets the redirect to an object - // (anotherPage.html) in the same bucket: x-amz-website-redirect-location: - // /anotherPage.html In the following example, the request header sets the object - // redirect to another website: x-amz-website-redirect-location: - // http://www.example.com/ For more information about website hosting in Amazon S3, - // see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) + // in the Amazon S3 User Guide. In the following example, the request header sets + // the redirect to an object (anotherPage.html) in the same bucket: + // x-amz-website-redirect-location: /anotherPage.html In the following example, the + // request header sets the object redirect to another website: + // x-amz-website-redirect-location: http://www.example.com/ For more information + // about website hosting in Amazon S3, see Hosting Websites on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) - // . + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. WebsiteRedirectLocation *string noSmithyDocumentSerde @@ -336,84 +412,114 @@ type PutObjectInput struct { func (in *PutObjectInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } type PutObjectOutput struct { // Indicates whether the uploaded object uses an S3 Bucket Key for server-side - // encryption with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality + // is not supported for directory buckets. + BucketKeyEnabled *bool // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string - // Entity tag for the uploaded object. + // Entity tag for the uploaded object. General purpose buckets - To ensure that + // data is not corrupted traversing the network, for objects where the ETag is the + // MD5 digest of the object, you can calculate the MD5 while putting an object to + // Amazon S3 and compare the returned ETag to the calculated MD5 value. Directory + // buckets - The ETag for the object in a directory bucket isn't the MD5 digest of + // the object. ETag *string // If the expiration is configured for the object (see // PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html) - // ), the response includes this header. It includes the expiry-date and rule-id - // key-value pairs that provide information about object expiration. The value of - // the rule-id is URL-encoded. + // ) in the Amazon S3 User Guide, the response includes this header. It includes + // the expiry-date and rule-id key-value pairs that provide information about + // object expiration. The value of the rule-id is URL-encoded. This functionality + // is not supported for directory buckets. Expiration *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the Amazon Web Services KMS Encryption Context to use for + // If present, indicates the Amazon Web Services KMS Encryption Context to use for // object encryption. The value of this header is a base64-encoded UTF-8 string // holding JSON with the encryption context key-value pairs. This value is stored // as object metadata and automatically gets passed on to Amazon Web Services KMS - // for future GetObject or CopyObject operations on this object. + // for future GetObject or CopyObject operations on this object. This + // functionality is not supported for directory buckets. SSEKMSEncryptionContext *string // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse , - // this header specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // this header indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms , aws:kms:dsse ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms , aws:kms:dsse ). For directory buckets, only + // server-side encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is + // supported. ServerSideEncryption types.ServerSideEncryption - // Version of the object. + // Version ID of the object. If you enable versioning for a bucket, Amazon S3 + // automatically generates a unique version ID for the object being stored. Amazon + // S3 returns this ID in the response. When you enable versioning for a bucket, if + // Amazon S3 receives multiple write requests for the same object simultaneously, + // it stores all of the objects. For more information about versioning, see Adding + // Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) + // in the Amazon S3 User Guide. For information about returning the versioning + // state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html) + // . This functionality is not supported for directory buckets. VersionId *string // Metadata pertaining to the operation's result. @@ -477,6 +583,9 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutObjectValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go index f74465e79..5716f550f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go @@ -14,15 +14,15 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Uses the acl subresource to set the access control list (ACL) permissions for a -// new or existing object in an S3 bucket. You must have WRITE_ACP permission to -// set the ACL of an object. For more information, see What permissions can I -// grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) -// in the Amazon S3 User Guide. This action is not supported by Amazon S3 on -// Outposts. Depending on your application needs, you can choose to set the ACL on -// an object using either the request body or the headers. For example, if you have -// an existing application that updates a bucket ACL using the request body, you -// can continue to use that approach. For more information, see Access Control +// This operation is not supported by directory buckets. Uses the acl subresource +// to set the access control list (ACL) permissions for a new or existing object in +// an S3 bucket. You must have the WRITE_ACP permission to set the ACL of an +// object. For more information, see What permissions can I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) +// in the Amazon S3 User Guide. This functionality is not supported for Amazon S3 +// on Outposts. Depending on your application needs, you can choose to set the ACL +// on an object using either the request body or the headers. For example, if you +// have an existing application that updates a bucket ACL using the request body, +// you can continue to use that approach. For more information, see Access Control // List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) // in the Amazon S3 User Guide. If your bucket uses the bucket owner enforced // setting for S3 Object Ownership, ACLs are disabled and no longer affect @@ -113,27 +113,17 @@ func (c *Client) PutObjectAcl(ctx context.Context, params *PutObjectAclInput, op type PutObjectAclInput struct { // The bucket name that contains the object to which you want to attach the ACL. - // When using this action with an access point, you must direct requests to the + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the access + // point ARN. When using the access point ARN, you must direct requests to the // access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // This member is required. - Bucket *string - - // Key for which the PUT action was initiated. When using this action with an - // access point, you must direct requests to the access point hostname. The access - // point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // in the Amazon S3 User Guide. S3 on Outposts - When you use this action with + // Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. + // The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -141,6 +131,11 @@ type PutObjectAclInput struct { // in the Amazon S3 User Guide. // // This member is required. + Bucket *string + + // Key for which the PUT action was initiated. + // + // This member is required. Key *string // The canned ACL to apply to the object. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) @@ -150,12 +145,12 @@ type PutObjectAclInput struct { // Contains the elements that set the ACL permissions for an object per grantee. AccessControlPolicy *types.AccessControlPolicy - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -167,21 +162,21 @@ type PutObjectAclInput struct { // Amazon Web Services SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Allows grantee the read, write, read ACP, and write ACP permissions on the - // bucket. This action is not supported by Amazon S3 on Outposts. + // bucket. This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string - // Allows grantee to list the objects in the bucket. This action is not supported - // by Amazon S3 on Outposts. + // Allows grantee to list the objects in the bucket. This functionality is not + // supported for Amazon S3 on Outposts. GrantRead *string - // Allows grantee to read the bucket ACL. This action is not supported by Amazon - // S3 on Outposts. + // Allows grantee to read the bucket ACL. This functionality is not supported for + // Amazon S3 on Outposts. GrantReadACP *string // Allows grantee to create new objects in the bucket. For the bucket and object @@ -189,20 +184,22 @@ type PutObjectAclInput struct { // objects. GrantWrite *string - // Allows grantee to write the ACL for the applicable bucket. This action is not - // supported by Amazon S3 on Outposts. + // Allows grantee to write the ACL for the applicable bucket. This functionality + // is not supported for Amazon S3 on Outposts. GrantWriteACP *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. This + // functionality is not supported for directory buckets. VersionId *string noSmithyDocumentSerde @@ -210,13 +207,14 @@ type PutObjectAclInput struct { func (in *PutObjectAclInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } type PutObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -280,6 +278,9 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutObjectAclValidationMiddleware(stack); err != nil { return err } @@ -316,6 +317,9 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go index 4adbe8cf7..3fa38af3e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go @@ -14,9 +14,9 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Applies a legal hold configuration to the specified object. For more -// information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) -// . This action is not supported by Amazon S3 on Outposts. +// This operation is not supported by directory buckets. Applies a legal hold +// configuration to the specified object. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// . This functionality is not supported for Amazon S3 on Outposts. func (c *Client) PutObjectLegalHold(ctx context.Context, params *PutObjectLegalHoldInput, optFns ...func(*Options)) (*PutObjectLegalHoldOutput, error) { if params == nil { params = &PutObjectLegalHoldInput{} @@ -35,7 +35,9 @@ func (c *Client) PutObjectLegalHold(ctx context.Context, params *PutObjectLegalH type PutObjectLegalHoldInput struct { // The bucket name containing the object that you want to place a legal hold on. - // When using this action with an access point, you must direct requests to the + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the access + // point ARN. When using the access point ARN, you must direct requests to the // access point hostname. The access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide @@ -51,12 +53,12 @@ type PutObjectLegalHoldInput struct { // This member is required. Key *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -66,9 +68,9 @@ type PutObjectLegalHoldInput struct { // calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Container element for the legal hold configuration you want to apply to the @@ -77,11 +79,12 @@ type PutObjectLegalHoldInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The version ID of the object that you want to place a legal hold on. @@ -98,7 +101,7 @@ func (in *PutObjectLegalHoldInput) bindEndpointParams(p *EndpointParameters) { type PutObjectLegalHoldOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -162,6 +165,9 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutObjectLegalHoldValidationMiddleware(stack); err != nil { return err } @@ -198,6 +204,9 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go index d300c11c6..49425c8f9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go @@ -14,15 +14,17 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Places an Object Lock configuration on the specified bucket. The rule specified -// in the Object Lock configuration will be applied by default to every new object -// placed in the specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// This operation is not supported by directory buckets. Places an Object Lock +// configuration on the specified bucket. The rule specified in the Object Lock +// configuration will be applied by default to every new object placed in the +// specified bucket. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) // . // - The DefaultRetention settings require both a mode and a period. // - The DefaultRetention period can be either Days or Years but you must select // one. You cannot specify Days and Years at the same time. -// - You can only enable Object Lock for new buckets. If you want to turn on -// Object Lock for an existing bucket, contact Amazon Web Services Support. +// - You can enable Object Lock for new or existing buckets. For more +// information, see Configuring Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html) +// . func (c *Client) PutObjectLockConfiguration(ctx context.Context, params *PutObjectLockConfigurationInput, optFns ...func(*Options)) (*PutObjectLockConfigurationOutput, error) { if params == nil { params = &PutObjectLockConfigurationInput{} @@ -45,12 +47,12 @@ type PutObjectLockConfigurationInput struct { // This member is required. Bucket *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -60,9 +62,9 @@ type PutObjectLockConfigurationInput struct { // calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // The Object Lock configuration that you want to apply to the specified bucket. @@ -70,11 +72,12 @@ type PutObjectLockConfigurationInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // A token to allow Object Lock to be enabled for an existing bucket. @@ -91,7 +94,7 @@ func (in *PutObjectLockConfigurationInput) bindEndpointParams(p *EndpointParamet type PutObjectLockConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -155,6 +158,9 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutObjectLockConfigurationValidationMiddleware(stack); err != nil { return err } @@ -191,6 +197,9 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go index 3663b78b6..5dfb98f3d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go @@ -14,12 +14,12 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Places an Object Retention configuration on an object. For more information, -// see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) +// This operation is not supported by directory buckets. Places an Object +// Retention configuration on an object. For more information, see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) // . Users or accounts require the s3:PutObjectRetention permission in order to // place an Object Retention configuration on objects. Bypassing a Governance // Retention configuration requires the s3:BypassGovernanceRetention permission. -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. func (c *Client) PutObjectRetention(ctx context.Context, params *PutObjectRetentionInput, optFns ...func(*Options)) (*PutObjectRetentionOutput, error) { if params == nil { params = &PutObjectRetentionInput{} @@ -38,8 +38,10 @@ func (c *Client) PutObjectRetention(ctx context.Context, params *PutObjectRetent type PutObjectRetentionInput struct { // The bucket name that contains the object you want to apply this Object - // Retention configuration to. When using this action with an access point, you - // must direct requests to the access point hostname. The access point hostname + // Retention configuration to. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more @@ -56,14 +58,14 @@ type PutObjectRetentionInput struct { Key *string // Indicates whether this action should bypass Governance-mode restrictions. - BypassGovernanceRetention bool + BypassGovernanceRetention *bool - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -73,18 +75,19 @@ type PutObjectRetentionInput struct { // calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The container element for the Object Retention configuration. @@ -105,7 +108,7 @@ func (in *PutObjectRetentionInput) bindEndpointParams(p *EndpointParameters) { type PutObjectRetentionOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Metadata pertaining to the operation's result. @@ -169,6 +172,9 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutObjectRetentionValidationMiddleware(stack); err != nil { return err } @@ -205,6 +211,9 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go index 37e998a33..8b42d43d1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go @@ -14,8 +14,9 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Sets the supplied tag-set to an object that already exists in a bucket. A tag -// is a key-value pair. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) +// This operation is not supported by directory buckets. Sets the supplied tag-set +// to an object that already exists in a bucket. A tag is a key-value pair. For +// more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html) // . You can associate tags with an object by sending a PUT request against the // tagging subresource that is associated with the object. You can retrieve tags by // sending a GET request. For more information, see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) @@ -59,16 +60,18 @@ func (c *Client) PutObjectTagging(ctx context.Context, params *PutObjectTaggingI type PutObjectTaggingInput struct { - // The bucket name containing the object. When using this action with an access - // point, you must direct requests to the access point hostname. The access point + // The bucket name containing the object. Access points - When you use this action + // with an access point, you must provide the alias of the access point in place of + // the bucket name or specify the access point ARN. When using the access point + // ARN, you must direct requests to the access point hostname. The access point // hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // in the Amazon S3 User Guide. S3 on Outposts - When you use this action with + // Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. + // The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -88,12 +91,12 @@ type PutObjectTaggingInput struct { // This member is required. Tagging *types.Tagging - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -103,18 +106,19 @@ type PutObjectTaggingInput struct { // calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // The versionId of the object that the tag-set will be added to. @@ -194,6 +198,9 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutObjectTaggingValidationMiddleware(stack); err != nil { return err } @@ -230,6 +237,9 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go index 4c2f0c546..ab0b5405e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go @@ -11,18 +11,19 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates or modifies the PublicAccessBlock configuration for an Amazon S3 -// bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock -// permission. For more information about Amazon S3 permissions, see Specifying -// Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// This operation is not supported by directory buckets. Creates or modifies the +// PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, +// you must have the s3:PutBucketPublicAccessBlock permission. For more +// information about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // . When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or // an object, it checks the PublicAccessBlock configuration for both the bucket // (or the bucket that contains the object) and the bucket owner's account. If the // PublicAccessBlock configurations are different between the bucket and the -// account, S3 uses the most restrictive combination of the bucket-level and +// account, Amazon S3 uses the most restrictive combination of the bucket-level and // account-level settings. For more information about when Amazon S3 considers a // bucket or an object public, see The Meaning of "Public" (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status) // . The following operations are related to PutPublicAccessBlock : @@ -62,12 +63,12 @@ type PutPublicAccessBlockInput struct { // This member is required. PublicAccessBlockConfiguration *types.PublicAccessBlockConfiguration - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm @@ -77,9 +78,9 @@ type PutPublicAccessBlockInput struct { // SDKs, this field is calculated automatically. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string noSmithyDocumentSerde @@ -87,7 +88,7 @@ type PutPublicAccessBlockInput struct { func (in *PutPublicAccessBlockInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type PutPublicAccessBlockOutput struct { @@ -152,6 +153,9 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpPutPublicAccessBlockValidationMiddleware(stack); err != nil { return err } @@ -188,6 +192,9 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { return err } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } return nil } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go index 19b5e6f1e..a84b5326c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go @@ -14,9 +14,9 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Restores an archived copy of an object back into Amazon S3 This action is not -// supported by Amazon S3 on Outposts. This action performs the following types of -// requests: +// This operation is not supported by directory buckets. Restores an archived copy +// of an object back into Amazon S3 This functionality is not supported for Amazon +// S3 on Outposts. This action performs the following types of requests: // - select - Perform a select query on an archived object // - restore an archive - Restore an archived object // @@ -179,16 +179,18 @@ func (c *Client) RestoreObject(ctx context.Context, params *RestoreObjectInput, type RestoreObjectInput struct { - // The bucket name containing the object to restore. When using this action with - // an access point, you must direct requests to the access point hostname. The + // The bucket name containing the object to restore. Access points - When you use + // this action with an access point, you must provide the alias of the access point + // in place of the bucket name or specify the access point ARN. When using the + // access point ARN, you must direct requests to the access point hostname. The // access point hostname takes the form // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this // action with an access point through the Amazon Web Services SDKs, you provide // the access point ARN in place of the bucket name. For more information about // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // in the Amazon S3 User Guide. S3 on Outposts - When you use this action with + // Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. + // The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -203,28 +205,29 @@ type RestoreObjectInput struct { // This member is required. Key *string - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. ChecksumAlgorithm types.ChecksumAlgorithm - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer // Container for restore job parameters. @@ -244,7 +247,7 @@ func (in *RestoreObjectInput) bindEndpointParams(p *EndpointParameters) { type RestoreObjectOutput struct { // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Indicates the path in the provided S3 output location where Select results will @@ -312,6 +315,9 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpRestoreObjectValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go index 24cb77910..888ec9c25 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go @@ -15,18 +15,20 @@ import ( "sync" ) -// This action filters the contents of an Amazon S3 object based on a simple -// structured query language (SQL) statement. In the request, along with the SQL -// expression, you must also specify a data serialization format (JSON, CSV, or -// Apache Parquet) of the object. Amazon S3 uses this format to parse object data -// into records, and returns only records that match the specified SQL expression. -// You must also specify the data serialization format for the response. This -// action is not supported by Amazon S3 on Outposts. For more information about -// Amazon S3 Select, see Selecting Content from Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) +// This operation is not supported by directory buckets. This action filters the +// contents of an Amazon S3 object based on a simple structured query language +// (SQL) statement. In the request, along with the SQL expression, you must also +// specify a data serialization format (JSON, CSV, or Apache Parquet) of the +// object. Amazon S3 uses this format to parse object data into records, and +// returns only records that match the specified SQL expression. You must also +// specify the data serialization format for the response. This functionality is +// not supported for Amazon S3 on Outposts. For more information about Amazon S3 +// Select, see Selecting Content from Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) // and SELECT Command (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html) -// in the Amazon S3 User Guide. Permissions You must have s3:GetObject permission -// for this operation. Amazon S3 Select does not support anonymous access. For more -// information about permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. Permissions You must have the s3:GetObject +// permission for this operation. Amazon S3 Select does not support anonymous +// access. For more information about permissions, see Specifying Permissions in a +// Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // in the Amazon S3 User Guide. Object Data Formats You can use Amazon S3 Select to // query objects that have the following format properties: // - CSV, JSON, and Parquet - Objects must be in CSV, JSON, or Parquet format. @@ -129,9 +131,9 @@ type SelectObjectContentInput struct { // This member is required. OutputSerialization *types.OutputSerialization - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Specifies if periodic request progress information should be enabled. @@ -240,6 +242,9 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpSelectObjectContentValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go index 7e6e231f0..53507fbab 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go @@ -16,20 +16,49 @@ import ( "io" ) -// Uploads a part in a multipart upload. In this operation, you provide part data -// in your request. However, you have an option to specify your existing Amazon S3 -// object as a data source for the part you are uploading. To upload a part from an -// existing object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// Uploads a part in a multipart upload. In this operation, you provide new data +// as a part of an object in your request. However, you have an option to specify +// your existing Amazon S3 object as a data source for the part you are uploading. +// To upload a part from an existing object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // ) before you can upload any part. In response to your initiate request, Amazon -// S3 returns an upload ID, a unique identifier, that you must include in your +// S3 returns an upload ID, a unique identifier that you must include in your // upload part request. Part numbers can be any number from 1 to 10,000, inclusive. // A part number uniquely identifies a part and also defines its position within // the object being created. If you upload a new part using the same part number // that was used with a previous part, the previously uploaded part is overwritten. // For information about maximum and minimum part sizes and other multipart upload // specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) -// in the Amazon S3 User Guide. To ensure that data is not corrupted when +// in the Amazon S3 User Guide. After you initiate multipart upload and upload one +// or more parts, you must either complete or abort multipart upload in order to +// stop getting charged for storage of the uploaded parts. Only after you either +// complete or abort multipart upload, Amazon S3 frees up the parts storage and +// stops charging you for the parts storage. For more information on multipart +// uploads, go to Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) +// in the Amazon S3 User Guide . Directory buckets - For directory buckets, you +// must make requests for this API operation to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Permissions +// - General purpose bucket permissions - For information on the permissions +// required to use the multipart upload API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation on a +// directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant the +// s3express:CreateSession permission to the directory bucket in a bucket policy +// or an IAM identity-based policy. Then, you make the CreateSession API call on +// the bucket to obtain a session token. With the session token in your request +// header, you can make API requests to this operation. After the session token +// expires, you make another CreateSession API call to generate a new session +// token for use. Amazon Web Services CLI or SDKs create session and refresh the +// session token automatically to avoid service interruptions when a session +// expires. For more information about authorization, see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// . +// +// Data integrity General purpose bucket - To ensure that data is not corrupted // traversing the network, specify the Content-MD5 header in the upload part // request. Amazon S3 checks the part data against the provided MD5 value. If they // do not match, Amazon S3 returns an error. If the upload request is signed with @@ -37,51 +66,44 @@ import ( // header as a checksum instead of Content-MD5 . For more information see // Authenticating Requests: Using the Authorization Header (Amazon Web Services // Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html) -// . Note: After you initiate multipart upload and upload one or more parts, you -// must either complete or abort multipart upload in order to stop getting charged -// for storage of the uploaded parts. Only after you either complete or abort -// multipart upload, Amazon S3 frees up the parts storage and stops charging you -// for the parts storage. For more information on multipart uploads, go to -// Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) -// in the Amazon S3 User Guide . For information on the permissions required to use -// the multipart upload API, go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) -// in the Amazon S3 User Guide. Server-side encryption is for data encryption at -// rest. Amazon S3 encrypts your data as it writes it to disks in its data centers -// and decrypts it when you access it. You have three mutually exclusive options to -// protect data using server-side encryption in Amazon S3, depending on how you -// choose to manage the encryption keys. Specifically, the encryption key options -// are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and -// Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side -// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally -// tell Amazon S3 to encrypt data at rest using server-side encryption with other -// key options. The option you use depends on whether you want to use KMS keys -// (SSE-KMS) or provide your own encryption key (SSE-C). If you choose to provide -// your own encryption key, the request headers you provide in the request must -// match the headers you used in the request to initiate the upload by using -// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) -// . For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) -// in the Amazon S3 User Guide. Server-side encryption is supported by the S3 -// Multipart Upload actions. Unless you are using a customer-provided encryption -// key (SSE-C), you don't need to specify the encryption parameters in each -// UploadPart request. Instead, you only need to specify the server-side encryption -// parameters in the initial Initiate Multipart request. For more information, see -// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) -// . If you requested server-side encryption using a customer-provided encryption -// key (SSE-C) in your initiate multipart upload request, you must provide -// identical encryption information in each part upload using the following -// headers. +// . Directory buckets - MD5 is not supported by directory buckets. You can use +// checksum algorithms to check object integrity. Encryption +// - General purpose bucket - Server-side encryption is for data encryption at +// rest. Amazon S3 encrypts your data as it writes it to disks in its data centers +// and decrypts it when you access it. You have mutually exclusive options to +// protect data using server-side encryption in Amazon S3, depending on how you +// choose to manage the encryption keys. Specifically, the encryption key options +// are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and +// Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side +// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally +// tell Amazon S3 to encrypt data at rest using server-side encryption with other +// key options. The option you use depends on whether you want to use KMS keys +// (SSE-KMS) or provide your own encryption key (SSE-C). Server-side encryption is +// supported by the S3 Multipart Upload operations. Unless you are using a +// customer-provided encryption key (SSE-C), you don't need to specify the +// encryption parameters in each UploadPart request. Instead, you only need to +// specify the server-side encryption parameters in the initial Initiate Multipart +// request. For more information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) +// . If you request server-side encryption using a customer-provided encryption key +// (SSE-C) in your initiate multipart upload request, you must provide identical +// encryption information in each part upload using the following request headers. // - x-amz-server-side-encryption-customer-algorithm // - x-amz-server-side-encryption-customer-key // - x-amz-server-side-encryption-customer-key-MD5 +// - Directory bucket - For directory buckets, only server-side encryption with +// Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. // -// UploadPart has the following special errors: -// - Code: NoSuchUpload -// - Cause: The specified multipart upload does not exist. The upload ID might -// be invalid, or the multipart upload might have been aborted or completed. +// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) +// in the Amazon S3 User Guide. Special errors +// - Error Code: NoSuchUpload +// - Description: The specified multipart upload does not exist. The upload ID +// might be invalid, or the multipart upload might have been aborted or completed. // - HTTP Status Code: 404 Not Found // - SOAP Fault Code Prefix: Client // -// The following operations are related to UploadPart : +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to UploadPart : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) // - AbortMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html) @@ -104,16 +126,26 @@ func (c *Client) UploadPart(ctx context.Context, params *UploadPartInput, optFns type UploadPartInput struct { - // The name of the bucket to which the multipart upload was initiated. When using - // this action with an access point, you must direct requests to the access point - // hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The name of the bucket to which the multipart upload was initiated. Directory + // buckets - When you use this operation with a directory bucket, you must use + // virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -132,7 +164,7 @@ type UploadPartInput struct { // 10,000. // // This member is required. - PartNumber int32 + PartNumber *int32 // Upload ID identifying the multipart upload whose part is being uploaded. // @@ -142,12 +174,12 @@ type UploadPartInput struct { // Object data. Body io.Reader - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not using - // the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the - // HTTP status code 400 Bad Request . For more information, see Checking object - // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you use + // the SDK. This header will not provide any additional functionality if you don't + // use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request . For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. If you provide an individual checksum, Amazon S3 // ignores any provided ChecksumAlgorithm parameter. This checksum algorithm must // be the same for all parts and it match the checksum value supplied in the @@ -184,29 +216,31 @@ type UploadPartInput struct { // Size of the body in bytes. This parameter is useful when the size of the body // cannot be determined automatically. - ContentLength int64 + ContentLength *int64 // The base64-encoded 128-bit MD5 digest of the part data. This parameter is // auto-populated when using the command from the CLI. This parameter is required - // if object lock parameters are specified. + // if object lock parameters are specified. This functionality is not supported for + // directory buckets. ContentMD5 *string - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the HTTP + // status code 403 Forbidden (access denied). ExpectedBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, + // AES256). This functionality is not supported for directory buckets. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in @@ -214,12 +248,14 @@ type UploadPartInput struct { // discarded; Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the // x-amz-server-side-encryption-customer-algorithm header . This must be the same - // encryption key specified in the initiate multipart upload request. + // encryption key specified in the initiate multipart upload request. This + // functionality is not supported for directory buckets. SSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported for directory buckets. SSECustomerKeyMD5 *string noSmithyDocumentSerde @@ -227,40 +263,50 @@ type UploadPartInput struct { func (in *UploadPartInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket + p.Key = in.Key } type UploadPartOutput struct { // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality + // is not supported for directory buckets. + BucketKeyEnabled *bool // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string @@ -268,25 +314,29 @@ type UploadPartOutput struct { ETag *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms ). For directory buckets, only server-side + // encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. ServerSideEncryption types.ServerSideEncryption // Metadata pertaining to the operation's result. @@ -350,6 +400,9 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpUploadPartValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go index 4ca31052f..1d48a7bea 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go @@ -10,72 +10,92 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" "time" ) -// Uploads a part by copying data from an existing object as data source. You -// specify the data source by adding the request header x-amz-copy-source in your -// request and a byte range by adding the request header x-amz-copy-source-range -// in your request. For information about maximum and minimum part sizes and other -// multipart upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) -// in the Amazon S3 User Guide. Instead of using an existing object as part data, -// you might use the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) -// action and provide data in your request. You must initiate a multipart upload -// before you can upload any part. In response to your initiate request. Amazon S3 -// returns a unique identifier, the upload ID, that you must include in your upload -// part request. For more information about using the UploadPartCopy operation, -// see the following: -// - For conceptual information about multipart uploads, see Uploading Objects -// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// Uploads a part by copying data from an existing object as data source. To +// specify the data source, you add the request header x-amz-copy-source in your +// request. To specify a byte range, you add the request header +// x-amz-copy-source-range in your request. For information about maximum and +// minimum part sizes and other multipart upload specifications, see Multipart +// upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) +// in the Amazon S3 User Guide. Instead of copying data from an existing object as +// part data, you might use the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// action to upload new data as a part of an object in your request. You must +// initiate a multipart upload before you can upload any part. In response to your +// initiate request, Amazon S3 returns the upload ID, a unique identifier that you +// must include in your upload part request. For conceptual information about +// multipart uploads, see Uploading Objects Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. For information about copying objects using a +// single atomic action vs. a multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) +// in the Amazon S3 User Guide. Directory buckets - For directory buckets, you must +// make requests for this API operation to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format +// https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. Authentication and authorization All UploadPartCopy +// requests must be authenticated and signed by using IAM credentials (access key +// ID and secret access key for the IAM identities). All headers with the x-amz- +// prefix, including x-amz-copy-source , must be signed. For more information, see +// REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html) +// . Directory buckets - You must use IAM credentials to authenticate and authorize +// your access to the UploadPartCopy API operation, instead of using the temporary +// security credentials through the CreateSession API operation. Amazon Web +// Services CLI or SDKs handles authentication and authorization on your behalf. +// Permissions You must have READ access to the source object and WRITE access to +// the destination bucket. +// - General purpose bucket permissions - You must have the permissions in a +// policy based on the bucket types of your source bucket and destination bucket in +// an UploadPartCopy operation. +// - If the source object is in a general purpose bucket, you must have the +// s3:GetObject permission to read the source object that is being copied. +// - If the destination bucket is a general purpose bucket, you must have the +// s3:PubObject permission to write the object copy to the destination bucket. +// For information about permissions required to use the multipart upload API, see +// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) // in the Amazon S3 User Guide. -// - For information about permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// - Directory bucket permissions - You must have permissions in a bucket policy +// or an IAM identity-based policy based on the source and destination bucket types +// in an UploadPartCopy operation. +// - If the source object that you want to copy is in a directory bucket, you +// must have the s3express:CreateSession permission in the Action element of a +// policy to read the object . By default, the session is in the ReadWrite mode. +// If you want to restrict the access, you can explicitly set the +// s3express:SessionMode condition key to ReadOnly on the copy source bucket. +// - If the copy destination is a directory bucket, you must have the +// s3express:CreateSession permission in the Action element of a policy to write +// the object to the destination. The s3express:SessionMode condition key cannot +// be set to ReadOnly on the copy destination. For example policies, see Example +// bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) // in the Amazon S3 User Guide. -// - For information about copying objects using a single atomic action vs. a -// multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) -// in the Amazon S3 User Guide. -// - For information about using server-side encryption with customer-provided -// encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// +// Encryption +// - General purpose buckets - For information about using server-side +// encryption with customer-provided encryption keys with the UploadPartCopy +// operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // . +// - Directory buckets - For directory buckets, only server-side encryption with +// Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. // -// Note the following additional considerations about the request headers -// x-amz-copy-source-if-match , x-amz-copy-source-if-none-match , -// x-amz-copy-source-if-unmodified-since , and x-amz-copy-source-if-modified-since -// : -// - Consideration 1 - If both of the x-amz-copy-source-if-match and -// x-amz-copy-source-if-unmodified-since headers are present in the request as -// follows: x-amz-copy-source-if-match condition evaluates to true , and; -// x-amz-copy-source-if-unmodified-since condition evaluates to false ; Amazon S3 -// returns 200 OK and copies the data. -// - Consideration 2 - If both of the x-amz-copy-source-if-none-match and -// x-amz-copy-source-if-modified-since headers are present in the request as -// follows: x-amz-copy-source-if-none-match condition evaluates to false , and; -// x-amz-copy-source-if-modified-since condition evaluates to true ; Amazon S3 -// returns 412 Precondition Failed response code. -// -// Versioning If your bucket has versioning enabled, you could have multiple -// versions of the same object. By default, x-amz-copy-source identifies the -// current version of the object to copy. If the current version is a delete marker -// and you don't specify a versionId in the x-amz-copy-source , Amazon S3 returns a -// 404 error, because the object does not exist. If you specify versionId in the -// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns an -// HTTP 400 error, because you are not allowed to specify a delete marker as a -// version for the x-amz-copy-source . You can optionally specify a specific -// version of the source object to copy by adding the versionId subresource as -// shown in the following example: x-amz-copy-source: -// /bucket/object?versionId=version id Special errors -// - Code: NoSuchUpload -// - Cause: The specified multipart upload does not exist. The upload ID might -// be invalid, or the multipart upload might have been aborted or completed. +// Special errors +// - Error Code: NoSuchUpload +// - Description: The specified multipart upload does not exist. The upload ID +// might be invalid, or the multipart upload might have been aborted or completed. // - HTTP Status Code: 404 Not Found -// - Code: InvalidRequest -// - Cause: The specified copy source is not supported as a byte-range copy -// source. +// - Error Code: InvalidRequest +// - Description: The specified copy source is not supported as a byte-range +// copy source. // - HTTP Status Code: 400 Bad Request // -// The following operations are related to UploadPartCopy : +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// Bucket_name.s3express-az_id.region.amazonaws.com . The following operations are +// related to UploadPartCopy : // - CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html) // - UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) // - CompleteMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html) @@ -99,15 +119,25 @@ func (c *Client) UploadPartCopy(ctx context.Context, params *UploadPartCopyInput type UploadPartCopyInput struct { - // The bucket name. When using this action with an access point, you must direct - // requests to the access point hostname. The access point hostname takes the form - // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When using this - // action with an access point through the Amazon Web Services SDKs, you provide - // the access point ARN in place of the bucket name. For more information about - // access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. When you use this action with Amazon S3 on - // Outposts, you must direct requests to the S3 on Outposts hostname. The S3 on - // Outposts hostname takes the form + // The bucket name. Directory buckets - When you use this operation with a + // directory bucket, you must use virtual-hosted-style requests in the format + // Bucket_name.s3express-az_id.region.amazonaws.com . Path-style requests are not + // supported. Directory bucket names must be unique in the chosen Availability + // Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 (for + // example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3 ). For information about bucket + // naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. Access points - When you use this action with an + // access point, you must provide the alias of the access point in place of the + // bucket name or specify the access point ARN. When using the access point ARN, + // you must direct requests to the access point hostname. The access point hostname + // takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // When using this action with an access point through the Amazon Web Services + // SDKs, you provide the access point ARN in place of the bucket name. For more + // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) + // in the Amazon S3 User Guide. Access points and Object Lambda access points are + // not supported by directory buckets. S3 on Outposts - When you use this action + // with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts + // hostname. The S3 on Outposts hostname takes the form // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com . When you // use this action with S3 on Outposts through the Amazon Web Services SDKs, you // provide the Outposts access point ARN in place of the bucket name. For more @@ -132,20 +162,29 @@ type UploadPartCopyInput struct { // reports/january.pdf through access point my-access-point owned by account // 123456789012 in Region us-west-2 , use the URL encoding of // arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf - // . The value must be URL encoded. Amazon S3 supports copy operations using access - // points only when the source and destination buckets are in the same Amazon Web - // Services Region. Alternatively, for objects accessed through Amazon S3 on - // Outposts, specify the ARN of the object as accessed in the format - // arn:aws:s3-outposts:::outpost//object/ . For example, to copy the object - // reports/january.pdf through outpost my-outpost owned by account 123456789012 - // in Region us-west-2 , use the URL encoding of + // . The value must be URL encoded. + // - Amazon S3 supports copy operations using Access points only when the source + // and destination buckets are in the same Amazon Web Services Region. + // - Access points are not supported by directory buckets. Alternatively, for + // objects accessed through Amazon S3 on Outposts, specify the ARN of the object as + // accessed in the format arn:aws:s3-outposts:::outpost//object/ . For example, + // to copy the object reports/january.pdf through outpost my-outpost owned by + // account 123456789012 in Region us-west-2 , use the URL encoding of // arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf // . The value must be URL-encoded. - // To copy a specific version of an object, append ?versionId= to the value (for - // example, - // awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893 - // ). If you don't specify a version ID, Amazon S3 copies the latest version of the - // source object. + // If your bucket has versioning enabled, you could have multiple versions of the + // same object. By default, x-amz-copy-source identifies the current version of + // the source object to copy. To copy a specific version of the source object to + // copy, append ?versionId= to the x-amz-copy-source request header (for example, + // x-amz-copy-source: + // /awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893 + // ). If the current version is a delete marker and you don't specify a versionId + // in the x-amz-copy-source request header, Amazon S3 returns a 404 Not Found + // error, because the object does not exist. If you specify versionId in the + // x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns an + // HTTP 400 Bad Request error, because you are not allowed to specify a delete + // marker as a version for the x-amz-copy-source . Directory buckets - S3 + // Versioning isn't enabled and supported for directory buckets. // // This member is required. CopySource *string @@ -159,23 +198,41 @@ type UploadPartCopyInput struct { // 10,000. // // This member is required. - PartNumber int32 + PartNumber *int32 // Upload ID identifying the multipart upload whose part is being copied. // // This member is required. UploadId *string - // Copies the object if its entity tag (ETag) matches the specified tag. + // Copies the object if its entity tag (ETag) matches the specified tag. If both + // of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: x-amz-copy-source-if-match + // condition evaluates to true , and; x-amz-copy-source-if-unmodified-since + // condition evaluates to false ; Amazon S3 returns 200 OK and copies the data. CopySourceIfMatch *string - // Copies the object if it has been modified since the specified time. + // Copies the object if it has been modified since the specified time. If both of + // the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: x-amz-copy-source-if-none-match + // condition evaluates to false , and; x-amz-copy-source-if-modified-since + // condition evaluates to true ; Amazon S3 returns 412 Precondition Failed + // response code. CopySourceIfModifiedSince *time.Time - // Copies the object if its entity tag (ETag) is different than the specified ETag. + // Copies the object if its entity tag (ETag) is different than the specified + // ETag. If both of the x-amz-copy-source-if-none-match and + // x-amz-copy-source-if-modified-since headers are present in the request as + // follows: x-amz-copy-source-if-none-match condition evaluates to false , and; + // x-amz-copy-source-if-modified-since condition evaluates to true ; Amazon S3 + // returns 412 Precondition Failed response code. CopySourceIfNoneMatch *string - // Copies the object if it hasn't been modified since the specified time. + // Copies the object if it hasn't been modified since the specified time. If both + // of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: x-amz-copy-source-if-match + // condition evaluates to true , and; x-amz-copy-source-if-unmodified-since + // condition evaluates to false ; Amazon S3 returns 200 OK and copies the data. CopySourceIfUnmodifiedSince *time.Time // The range of bytes to copy from the source object. The range value must use the @@ -186,40 +243,45 @@ type UploadPartCopyInput struct { CopySourceRange *string // Specifies the algorithm to use when decrypting the source object (for example, - // AES256). + // AES256 ). This functionality is not supported when the source object is in a + // directory bucket. CopySourceSSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt // the source object. The encryption key provided in this header must be one that - // was used when the source object was created. + // was used when the source object was created. This functionality is not supported + // when the source object is in a directory bucket. CopySourceSSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported when the source object is in a directory bucket. CopySourceSSECustomerKeyMD5 *string - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID that + // you provide does not match the actual owner of the destination bucket, the + // request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string - // The account ID of the expected source bucket owner. If the source bucket is - // owned by a different account, the request fails with the HTTP status code 403 - // Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that you + // provide does not match the actual owner of the source bucket, the request fails + // with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the - // source or destination Amazon S3 bucket has Requester Pays enabled, the requester - // will pay for corresponding charges to copy the object. For information about + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for corresponding charges to copy the object. For information about // downloading objects from Requester Pays buckets, see Downloading Objects in // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. RequestPayer types.RequestPayer - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, + // AES256). This functionality is not supported when the destination bucket is a + // directory bucket. SSECustomerAlgorithm *string // Specifies the customer-provided encryption key for Amazon S3 to use in @@ -227,12 +289,15 @@ type UploadPartCopyInput struct { // discarded; Amazon S3 does not store the encryption key. The key must be // appropriate for use with the algorithm specified in the // x-amz-server-side-encryption-customer-algorithm header. This must be the same - // encryption key specified in the initiate multipart upload request. + // encryption key specified in the initiate multipart upload request. This + // functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKey *string // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // encryption key was transmitted without error. This functionality is not + // supported when the destination bucket is a directory bucket. SSECustomerKeyMD5 *string noSmithyDocumentSerde @@ -240,42 +305,48 @@ type UploadPartCopyInput struct { func (in *UploadPartCopyInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.DisableS3ExpressSessionAuth = ptr.Bool(true) } type UploadPartCopyOutput struct { // Indicates whether the multipart upload uses an S3 Bucket Key for server-side - // encryption with Key Management Service (KMS) keys (SSE-KMS). - BucketKeyEnabled bool + // encryption with Key Management Service (KMS) keys (SSE-KMS). This functionality + // is not supported for directory buckets. + BucketKeyEnabled *bool // Container for all response elements. CopyPartResult *types.CopyPartResult // The version of the source object that was copied, if you have enabled - // versioning on the source bucket. + // versioning on the source bucket. This functionality is not supported when the + // source object is in a directory bucket. CopySourceVersionId *string // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header confirming the encryption - // algorithm used. + // requested, the response will include this header to confirm the encryption + // algorithm that's used. This functionality is not supported for directory + // buckets. SSECustomerAlgorithm *string // If server-side encryption with a customer-provided encryption key was - // requested, the response will include this header to provide round-trip message - // integrity verification of the customer-provided encryption key. + // requested, the response will include this header to provide the round-trip + // message integrity verification of the customer-provided encryption key. This + // functionality is not supported for directory buckets. SSECustomerKeyMD5 *string - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. This functionality + // is not supported for directory buckets. SSEKMSKeyId *string - // The server-side encryption algorithm used when storing this object in Amazon S3 - // (for example, AES256 , aws:kms ). + // The server-side encryption algorithm used when you store this object in Amazon + // S3 (for example, AES256 , aws:kms ). For directory buckets, only server-side + // encryption with Amazon S3 managed keys (SSE-S3) ( AES256 ) is supported. ServerSideEncryption types.ServerSideEncryption // Metadata pertaining to the operation's result. @@ -339,6 +410,9 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addOpUploadPartCopyValidationMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go index 3246145db..ac90ff703 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go @@ -18,9 +18,10 @@ import ( "time" ) -// Passes transformed objects to a GetObject operation when using Object Lambda -// access points. For information about Object Lambda access points, see -// Transforming objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) +// This operation is not supported by directory buckets. Passes transformed +// objects to a GetObject operation when using Object Lambda access points. For +// information about Object Lambda access points, see Transforming objects with +// Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) // in the Amazon S3 User Guide. This operation supports metadata that can be // returned by GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) // , in addition to RequestRoute , RequestToken , StatusCode , ErrorCode , and @@ -89,7 +90,7 @@ type WriteGetObjectResponseInput struct { // Indicates whether the object stored in Amazon S3 uses an S3 bucket key for // server-side encryption with Amazon Web Services KMS (SSE-KMS). - BucketKeyEnabled bool + BucketKeyEnabled *bool // Specifies caching behavior along the request/reply chain. CacheControl *string @@ -150,7 +151,7 @@ type WriteGetObjectResponseInput struct { ContentLanguage *string // The size of the content body in bytes. - ContentLength int64 + ContentLength *int64 // The portion of the object returned in the response. ContentRange *string @@ -160,7 +161,7 @@ type WriteGetObjectResponseInput struct { // Specifies whether an object stored in Amazon S3 is ( true ) or is not ( false ) // a delete marker. - DeleteMarker bool + DeleteMarker *bool // An opaque identifier assigned by a web server to a specific version of a // resource found at a URL. @@ -198,7 +199,7 @@ type WriteGetObjectResponseInput struct { // can happen if you create metadata using an API like SOAP that supports more // flexible metadata than the REST API. For example, using SOAP, you can create // metadata whose values are not legal HTTP headers. - MissingMeta int32 + MissingMeta *int32 // Indicates whether an object stored in Amazon S3 has an active legal hold. ObjectLockLegalHoldStatus types.ObjectLockLegalHoldStatus @@ -212,7 +213,7 @@ type WriteGetObjectResponseInput struct { ObjectLockRetainUntilDate *time.Time // The count of parts this object has. - PartsCount int32 + PartsCount *int32 // Indicates if request involves bucket that is either a source or destination in // a Replication rule. For more information about S3 Replication, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html) @@ -220,7 +221,7 @@ type WriteGetObjectResponseInput struct { ReplicationStatus types.ReplicationStatus // If present, indicates that the requester was successfully charged for the - // request. + // request. This functionality is not supported for directory buckets. RequestCharged types.RequestCharged // Provides information about object restoration operation and expiration time of @@ -262,7 +263,7 @@ type WriteGetObjectResponseInput struct { // - 416 - Range Not Satisfiable // - 500 - Internal Server Error // - 503 - Service Unavailable - StatusCode int32 + StatusCode *int32 // Provides storage class information of the object. Amazon S3 returns this header // for all objects except for S3 Standard storage class objects. For more @@ -271,7 +272,7 @@ type WriteGetObjectResponseInput struct { StorageClass types.StorageClass // The number of tags, if any, on the object. - TagCount int32 + TagCount *int32 // An ID used to reference a specific version of the object. VersionId *string @@ -349,6 +350,9 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } if err = addEndpointPrefix_opWriteGetObjectResponseMiddleware(stack); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/auth.go index 90d96f8a7..8a4f832f7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/auth.go @@ -56,6 +56,34 @@ func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before) } +type withAnonymous struct { + resolver AuthSchemeResolver +} + +var _ AuthSchemeResolver = (*withAnonymous)(nil) + +func (v *withAnonymous) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) { + opts, err := v.resolver.ResolveAuthSchemes(ctx, params) + if err != nil { + return nil, err + } + + opts = append(opts, &smithyauth.Option{ + SchemeID: smithyauth.SchemeIDAnonymous, + }) + return opts, nil +} + +func wrapWithAnonymousAuth(options *Options) { + if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok { + return + } + + options.AuthSchemeResolver = &withAnonymous{ + resolver: options.AuthSchemeResolver, + } +} + // AuthResolverParameters contains the set of inputs necessary for auth scheme // resolution. type AuthResolverParameters struct { @@ -146,7 +174,7 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options) options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { - return out, metadata, fmt.Errorf("resolve auth scheme: %v", err) + return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) } scheme, ok := m.selectScheme(options) @@ -226,7 +254,7 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties) if err != nil { - return out, metadata, fmt.Errorf("get identity: %v", err) + return out, metadata, fmt.Errorf("get identity: %w", err) } ctx = setIdentity(ctx, identity) @@ -275,7 +303,7 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar } if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil { - return out, metadata, fmt.Errorf("sign request: %v", err) + return out, metadata, fmt.Errorf("sign request: %w", err) } return next.HandleFinalize(ctx, in) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go new file mode 100644 index 000000000..860af056a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go @@ -0,0 +1,47 @@ +package s3 + +import ( + "context" + + "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" + "github.com/aws/smithy-go/middleware" +) + +// putBucketContextMiddleware stores the input bucket name within the request context (if +// present) which is required for a variety of custom S3 behaviors +type putBucketContextMiddleware struct{} + +func (*putBucketContextMiddleware) ID() string { + return "putBucketContext" +} + +func (m *putBucketContextMiddleware) HandleSerialize( + ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler, +) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + if bucket, ok := m.bucketFromInput(in.Parameters); ok { + ctx = customizations.SetBucket(ctx, bucket) + } + return next.HandleSerialize(ctx, in) +} + +func (m *putBucketContextMiddleware) bucketFromInput(params interface{}) (string, bool) { + v, ok := params.(bucketer) + if !ok { + return "", false + } + + return v.bucket() +} + +func addPutBucketContextMiddleware(stack *middleware.Stack) error { + // This is essentially a post-Initialize task - only run it once the input + // has received all modifications from that phase. Therefore we add it as + // an early Serialize step. + // + // FUTURE: it would be nice to have explicit phases that only we as SDK + // authors can hook into (such as between phases like this really should + // be) + return stack.Serialize.Add(&putBucketContextMiddleware{}, middleware.Before) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/create_mpu_checksum.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/create_mpu_checksum.go new file mode 100644 index 000000000..5803b9e45 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/create_mpu_checksum.go @@ -0,0 +1,36 @@ +package s3 + +import ( + "context" + "fmt" + + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" + "github.com/aws/smithy-go/middleware" +) + +// backfills checksum algorithm onto the context for CreateMultipart upload so +// transfer manager can set a checksum header on the request accordingly for +// s3express requests +type setCreateMPUChecksumAlgorithm struct{} + +func (*setCreateMPUChecksumAlgorithm) ID() string { + return "setCreateMPUChecksumAlgorithm" +} + +func (*setCreateMPUChecksumAlgorithm) HandleSerialize( + ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler, +) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CreateMultipartUploadInput) + if !ok { + return out, metadata, fmt.Errorf("unexpected input type %T", in.Parameters) + } + + ctx = internalcontext.SetChecksumInputAlgorithm(ctx, string(input.ChecksumAlgorithm)) + return next.HandleSerialize(ctx, in) +} + +func addSetCreateMPUChecksumAlgorithm(s *middleware.Stack) error { + return s.Serialize.Add(&setCreateMPUChecksumAlgorithm{}, middleware.Before) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go index fc192a326..2be5df30f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go @@ -230,7 +230,7 @@ func awsRestxml_deserializeOpHttpBindingsCompleteMultipartUploadOutput(v *Comple if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-expiration"); len(headerValues) != 0 { @@ -516,7 +516,7 @@ func awsRestxml_deserializeOpHttpBindingsCopyObjectOutput(v *CopyObjectOutput, r if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-copy-source-version-id"); len(headerValues) != 0 { @@ -828,7 +828,7 @@ func awsRestxml_deserializeOpHttpBindingsCreateMultipartUploadOutput(v *CreateMu if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-checksum-algorithm"); len(headerValues) != 0 { @@ -943,6 +943,148 @@ func awsRestxml_deserializeOpDocumentCreateMultipartUploadOutput(v **CreateMulti return nil } +type awsRestxml_deserializeOpCreateSession struct { +} + +func (*awsRestxml_deserializeOpCreateSession) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestxml_deserializeOpCreateSession) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestxml_deserializeOpErrorCreateSession(response, &metadata) + } + output := &CreateSessionOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(response.Body, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return out, metadata, nil + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + err = awsRestxml_deserializeOpDocumentCreateSessionOutput(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return out, metadata, err +} + +func awsRestxml_deserializeOpErrorCreateSession(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := s3shared.GetErrorResponseComponents(errorBody, s3shared.ErrorResponseDeserializerOptions{ + UseStatusCode: true, StatusCode: response.StatusCode, + }) + if err != nil { + return err + } + if hostID := errorComponents.HostID; len(hostID) != 0 { + s3shared.SetHostIDMetadata(metadata, hostID) + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + case strings.EqualFold("NoSuchBucket", errorCode): + return awsRestxml_deserializeErrorNoSuchBucket(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestxml_deserializeOpDocumentCreateSessionOutput(v **CreateSessionOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *CreateSessionOutput + if *v == nil { + sv = &CreateSessionOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("Credentials", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsRestxml_deserializeDocumentSessionCredentials(&sv.Credentials, nodeDecoder); err != nil { + return err + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + type awsRestxml_deserializeOpDeleteBucket struct { } @@ -2003,7 +2145,7 @@ func awsRestxml_deserializeOpHttpBindingsDeleteObjectOutput(v *DeleteObjectOutpu if err != nil { return err } - v.DeleteMarker = vv + v.DeleteMarker = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 { @@ -5280,7 +5422,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("Cache-Control"); len(headerValues) != 0 { @@ -5329,7 +5471,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res if err != nil { return err } - v.ContentLength = vv + v.ContentLength = ptr.Int64(vv) } if headerValues := response.Header.Values("Content-Range"); len(headerValues) != 0 { @@ -5348,7 +5490,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res if err != nil { return err } - v.DeleteMarker = vv + v.DeleteMarker = ptr.Bool(vv) } if headerValues := response.Header.Values("ETag"); len(headerValues) != 0 { @@ -5395,7 +5537,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res if err != nil { return err } - v.MissingMeta = int32(vv) + v.MissingMeta = ptr.Int32(int32(vv)) } if headerValues := response.Header.Values("x-amz-object-lock-legal-hold"); len(headerValues) != 0 { @@ -5423,7 +5565,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res if err != nil { return err } - v.PartsCount = int32(vv) + v.PartsCount = ptr.Int32(int32(vv)) } if headerValues := response.Header.Values("x-amz-replication-status"); len(headerValues) != 0 { @@ -5472,7 +5614,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res if err != nil { return err } - v.TagCount = int32(vv) + v.TagCount = ptr.Int32(int32(vv)) } if headerValues := response.Header.Values("x-amz-version-id"); len(headerValues) != 0 { @@ -5776,7 +5918,7 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectAttributesOutput(v *GetObjectA if err != nil { return err } - v.DeleteMarker = vv + v.DeleteMarker = ptr.Bool(vv) } if headerValues := response.Header.Values("Last-Modified"); len(headerValues) != 0 { @@ -5861,7 +6003,7 @@ func awsRestxml_deserializeOpDocumentGetObjectAttributesOutput(v **GetObjectAttr if err != nil { return err } - sv.ObjectSize = i64 + sv.ObjectSize = ptr.Int64(i64) } case strings.EqualFold("StorageClass", t.Name.Local): @@ -6728,10 +6870,9 @@ func (m *awsRestxml_deserializeOpHeadBucket) HandleDeserialize(ctx context.Conte output := &HeadBucketOutput{} out.Result = output - if _, err = io.Copy(ioutil.Discard, response.Body); err != nil { - return out, metadata, &smithy.DeserializationError{ - Err: fmt.Errorf("failed to discard response body, %w", err), - } + err = awsRestxml_deserializeOpHttpBindingsHeadBucketOutput(output, response) + if err != nil { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)} } return out, metadata, err @@ -6780,6 +6921,38 @@ func awsRestxml_deserializeOpErrorHeadBucket(response *smithyhttp.Response, meta } } +func awsRestxml_deserializeOpHttpBindingsHeadBucketOutput(v *HeadBucketOutput, response *smithyhttp.Response) error { + if v == nil { + return fmt.Errorf("unsupported deserialization for nil %T", v) + } + + if headerValues := response.Header.Values("x-amz-access-point-alias"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + vv, err := strconv.ParseBool(headerValues[0]) + if err != nil { + return err + } + v.AccessPointAlias = ptr.Bool(vv) + } + + if headerValues := response.Header.Values("x-amz-bucket-location-name"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.BucketLocationName = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-bucket-location-type"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.BucketLocationType = types.LocationType(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-bucket-region"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.BucketRegion = ptr.String(headerValues[0]) + } + + return nil +} + type awsRestxml_deserializeOpHeadObject struct { } @@ -6878,7 +7051,7 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("Cache-Control"); len(headerValues) != 0 { @@ -6927,7 +7100,7 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r if err != nil { return err } - v.ContentLength = vv + v.ContentLength = ptr.Int64(vv) } if headerValues := response.Header.Values("Content-Type"); len(headerValues) != 0 { @@ -6941,7 +7114,7 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r if err != nil { return err } - v.DeleteMarker = vv + v.DeleteMarker = ptr.Bool(vv) } if headerValues := response.Header.Values("ETag"); len(headerValues) != 0 { @@ -6988,7 +7161,7 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r if err != nil { return err } - v.MissingMeta = int32(vv) + v.MissingMeta = ptr.Int32(int32(vv)) } if headerValues := response.Header.Values("x-amz-object-lock-legal-hold"); len(headerValues) != 0 { @@ -7016,7 +7189,7 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r if err != nil { return err } - v.PartsCount = int32(vv) + v.PartsCount = ptr.Int32(int32(vv)) } if headerValues := response.Header.Values("x-amz-replication-status"); len(headerValues) != 0 { @@ -7223,7 +7396,7 @@ func awsRestxml_deserializeOpDocumentListBucketAnalyticsConfigurationsOutput(v * if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("NextContinuationToken", t.Name.Local): @@ -7404,7 +7577,7 @@ func awsRestxml_deserializeOpDocumentListBucketIntelligentTieringConfigurationsO if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("NextContinuationToken", t.Name.Local): @@ -7585,7 +7758,7 @@ func awsRestxml_deserializeOpDocumentListBucketInventoryConfigurationsOutput(v * if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("NextContinuationToken", t.Name.Local): @@ -7760,7 +7933,7 @@ func awsRestxml_deserializeOpDocumentListBucketMetricsConfigurationsOutput(v **L if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("MetricsConfiguration", t.Name.Local): @@ -7941,6 +8114,158 @@ func awsRestxml_deserializeOpDocumentListBucketsOutput(v **ListBucketsOutput, de return nil } +type awsRestxml_deserializeOpListDirectoryBuckets struct { +} + +func (*awsRestxml_deserializeOpListDirectoryBuckets) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestxml_deserializeOpListDirectoryBuckets) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestxml_deserializeOpErrorListDirectoryBuckets(response, &metadata) + } + output := &ListDirectoryBucketsOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(response.Body, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return out, metadata, nil + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + err = awsRestxml_deserializeOpDocumentListDirectoryBucketsOutput(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return out, metadata, err +} + +func awsRestxml_deserializeOpErrorListDirectoryBuckets(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := s3shared.GetErrorResponseComponents(errorBody, s3shared.ErrorResponseDeserializerOptions{ + UseStatusCode: true, StatusCode: response.StatusCode, + }) + if err != nil { + return err + } + if hostID := errorComponents.HostID; len(hostID) != 0 { + s3shared.SetHostIDMetadata(metadata, hostID) + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestxml_deserializeOpDocumentListDirectoryBucketsOutput(v **ListDirectoryBucketsOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *ListDirectoryBucketsOutput + if *v == nil { + sv = &ListDirectoryBucketsOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("Buckets", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsRestxml_deserializeDocumentBuckets(&sv.Buckets, nodeDecoder); err != nil { + return err + } + + case strings.EqualFold("ContinuationToken", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ContinuationToken = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + type awsRestxml_deserializeOpListMultipartUploads struct { } @@ -8135,7 +8460,7 @@ func awsRestxml_deserializeOpDocumentListMultipartUploadsOutput(v **ListMultipar if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("KeyMarker", t.Name.Local): @@ -8165,7 +8490,7 @@ func awsRestxml_deserializeOpDocumentListMultipartUploadsOutput(v **ListMultipar if err != nil { return err } - sv.MaxUploads = int32(i64) + sv.MaxUploads = ptr.Int32(int32(i64)) } case strings.EqualFold("NextKeyMarker", t.Name.Local): @@ -8430,7 +8755,7 @@ func awsRestxml_deserializeOpDocumentListObjectsOutput(v **ListObjectsOutput, de if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("Marker", t.Name.Local): @@ -8460,7 +8785,7 @@ func awsRestxml_deserializeOpDocumentListObjectsOutput(v **ListObjectsOutput, de if err != nil { return err } - sv.MaxKeys = int32(i64) + sv.MaxKeys = ptr.Int32(int32(i64)) } case strings.EqualFold("Name", t.Name.Local): @@ -8719,7 +9044,7 @@ func awsRestxml_deserializeOpDocumentListObjectsV2Output(v **ListObjectsV2Output if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("KeyCount", t.Name.Local): @@ -8736,7 +9061,7 @@ func awsRestxml_deserializeOpDocumentListObjectsV2Output(v **ListObjectsV2Output if err != nil { return err } - sv.KeyCount = int32(i64) + sv.KeyCount = ptr.Int32(int32(i64)) } case strings.EqualFold("MaxKeys", t.Name.Local): @@ -8753,7 +9078,7 @@ func awsRestxml_deserializeOpDocumentListObjectsV2Output(v **ListObjectsV2Output if err != nil { return err } - sv.MaxKeys = int32(i64) + sv.MaxKeys = ptr.Int32(int32(i64)) } case strings.EqualFold("Name", t.Name.Local): @@ -9009,7 +9334,7 @@ func awsRestxml_deserializeOpDocumentListObjectVersionsOutput(v **ListObjectVers if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("KeyMarker", t.Name.Local): @@ -9039,7 +9364,7 @@ func awsRestxml_deserializeOpDocumentListObjectVersionsOutput(v **ListObjectVers if err != nil { return err } - sv.MaxKeys = int32(i64) + sv.MaxKeys = ptr.Int32(int32(i64)) } case strings.EqualFold("Name", t.Name.Local): @@ -9322,7 +9647,7 @@ func awsRestxml_deserializeOpDocumentListPartsOutput(v **ListPartsOutput, decode if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("Key", t.Name.Local): @@ -9352,7 +9677,7 @@ func awsRestxml_deserializeOpDocumentListPartsOutput(v **ListPartsOutput, decode if err != nil { return err } - sv.MaxParts = int32(i64) + sv.MaxParts = ptr.Int32(int32(i64)) } case strings.EqualFold("NextPartNumberMarker", t.Name.Local): @@ -10868,7 +11193,7 @@ func awsRestxml_deserializeOpHttpBindingsPutObjectOutput(v *PutObjectOutput, res if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-checksum-crc32"); len(headerValues) != 0 { @@ -11701,7 +12026,7 @@ func awsRestxml_deserializeOpHttpBindingsUploadPartOutput(v *UploadPartOutput, r if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-checksum-crc32"); len(headerValues) != 0 { @@ -11870,7 +12195,7 @@ func awsRestxml_deserializeOpHttpBindingsUploadPartCopyOutput(v *UploadPartCopyO if err != nil { return err } - v.BucketKeyEnabled = vv + v.BucketKeyEnabled = ptr.Bool(vv) } if headerValues := response.Header.Values("x-amz-copy-source-version-id"); len(headerValues) != 0 { @@ -12392,7 +12717,7 @@ func awsRestxml_deserializeDocumentProgress(v **types.Progress, decoder smithyxm if err != nil { return err } - sv.BytesProcessed = i64 + sv.BytesProcessed = ptr.Int64(i64) } case strings.EqualFold("BytesReturned", t.Name.Local): @@ -12409,7 +12734,7 @@ func awsRestxml_deserializeDocumentProgress(v **types.Progress, decoder smithyxm if err != nil { return err } - sv.BytesReturned = i64 + sv.BytesReturned = ptr.Int64(i64) } case strings.EqualFold("BytesScanned", t.Name.Local): @@ -12426,7 +12751,7 @@ func awsRestxml_deserializeDocumentProgress(v **types.Progress, decoder smithyxm if err != nil { return err } - sv.BytesScanned = i64 + sv.BytesScanned = ptr.Int64(i64) } default: @@ -12479,7 +12804,7 @@ func awsRestxml_deserializeDocumentStats(v **types.Stats, decoder smithyxml.Node if err != nil { return err } - sv.BytesProcessed = i64 + sv.BytesProcessed = ptr.Int64(i64) } case strings.EqualFold("BytesReturned", t.Name.Local): @@ -12496,7 +12821,7 @@ func awsRestxml_deserializeDocumentStats(v **types.Stats, decoder smithyxml.Node if err != nil { return err } - sv.BytesReturned = i64 + sv.BytesReturned = ptr.Int64(i64) } case strings.EqualFold("BytesScanned", t.Name.Local): @@ -12513,7 +12838,7 @@ func awsRestxml_deserializeDocumentStats(v **types.Stats, decoder smithyxml.Node if err != nil { return err } - sv.BytesScanned = i64 + sv.BytesScanned = ptr.Int64(i64) } default: @@ -12639,7 +12964,7 @@ func awsRestxml_deserializeDocumentAbortIncompleteMultipartUpload(v **types.Abor if err != nil { return err } - sv.DaysAfterInitiation = int32(i64) + sv.DaysAfterInitiation = ptr.Int32(int32(i64)) } default: @@ -14192,7 +14517,7 @@ func awsRestxml_deserializeDocumentCORSRule(v **types.CORSRule, decoder smithyxm if err != nil { return err } - sv.MaxAgeSeconds = int32(i64) + sv.MaxAgeSeconds = ptr.Int32(int32(i64)) } default: @@ -14313,7 +14638,7 @@ func awsRestxml_deserializeDocumentDefaultRetention(v **types.DefaultRetention, if err != nil { return err } - sv.Days = int32(i64) + sv.Days = ptr.Int32(int32(i64)) } case strings.EqualFold("Mode", t.Name.Local): @@ -14343,7 +14668,7 @@ func awsRestxml_deserializeDocumentDefaultRetention(v **types.DefaultRetention, if err != nil { return err } - sv.Years = int32(i64) + sv.Years = ptr.Int32(int32(i64)) } default: @@ -14395,7 +14720,7 @@ func awsRestxml_deserializeDocumentDeletedObject(v **types.DeletedObject, decode if err != nil { return fmt.Errorf("expected DeleteMarker to be of type *bool, got %T instead", val) } - sv.DeleteMarker = xtv + sv.DeleteMarker = ptr.Bool(xtv) } case strings.EqualFold("DeleteMarkerVersionId", t.Name.Local): @@ -14554,7 +14879,7 @@ func awsRestxml_deserializeDocumentDeleteMarkerEntry(v **types.DeleteMarkerEntry if err != nil { return fmt.Errorf("expected IsLatest to be of type *bool, got %T instead", val) } - sv.IsLatest = xtv + sv.IsLatest = ptr.Bool(xtv) } case strings.EqualFold("Key", t.Name.Local): @@ -15500,7 +15825,7 @@ func awsRestxml_deserializeDocumentGetObjectAttributesParts(v **types.GetObjectA if err != nil { return fmt.Errorf("expected IsTruncated to be of type *bool, got %T instead", val) } - sv.IsTruncated = xtv + sv.IsTruncated = ptr.Bool(xtv) } case strings.EqualFold("MaxParts", t.Name.Local): @@ -15517,7 +15842,7 @@ func awsRestxml_deserializeDocumentGetObjectAttributesParts(v **types.GetObjectA if err != nil { return err } - sv.MaxParts = int32(i64) + sv.MaxParts = ptr.Int32(int32(i64)) } case strings.EqualFold("NextPartNumberMarker", t.Name.Local): @@ -15566,7 +15891,7 @@ func awsRestxml_deserializeDocumentGetObjectAttributesParts(v **types.GetObjectA if err != nil { return err } - sv.TotalPartsCount = int32(i64) + sv.TotalPartsCount = ptr.Int32(int32(i64)) } default: @@ -16313,7 +16638,7 @@ func awsRestxml_deserializeDocumentInventoryConfiguration(v **types.InventoryCon if err != nil { return fmt.Errorf("expected IsEnabled to be of type *bool, got %T instead", val) } - sv.IsEnabled = xtv + sv.IsEnabled = ptr.Bool(xtv) } case strings.EqualFold("OptionalFields", t.Name.Local): @@ -16967,7 +17292,7 @@ func awsRestxml_deserializeDocumentLifecycleExpiration(v **types.LifecycleExpira if err != nil { return err } - sv.Days = int32(i64) + sv.Days = ptr.Int32(int32(i64)) } case strings.EqualFold("ExpiredObjectDeleteMarker", t.Name.Local): @@ -16983,7 +17308,7 @@ func awsRestxml_deserializeDocumentLifecycleExpiration(v **types.LifecycleExpira if err != nil { return fmt.Errorf("expected ExpiredObjectDeleteMarker to be of type *bool, got %T instead", val) } - sv.ExpiredObjectDeleteMarker = xtv + sv.ExpiredObjectDeleteMarker = ptr.Bool(xtv) } default: @@ -17147,7 +17472,7 @@ func awsRestxml_deserializeDocumentLifecycleRuleAndOperator(v **types.LifecycleR if err != nil { return err } - sv.ObjectSizeGreaterThan = i64 + sv.ObjectSizeGreaterThan = ptr.Int64(i64) } case strings.EqualFold("ObjectSizeLessThan", t.Name.Local): @@ -17164,7 +17489,7 @@ func awsRestxml_deserializeDocumentLifecycleRuleAndOperator(v **types.LifecycleR if err != nil { return err } - sv.ObjectSizeLessThan = i64 + sv.ObjectSizeLessThan = ptr.Int64(i64) } case strings.EqualFold("Prefix", t.Name.Local): @@ -17420,6 +17745,12 @@ func awsRestxml_deserializeDocumentLoggingEnabled(v **types.LoggingEnabled, deco return err } + case strings.EqualFold("TargetObjectKeyFormat", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsRestxml_deserializeDocumentTargetObjectKeyFormat(&sv.TargetObjectKeyFormat, nodeDecoder); err != nil { + return err + } + case strings.EqualFold("TargetPrefix", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -18001,7 +18332,7 @@ func awsRestxml_deserializeDocumentNoncurrentVersionExpiration(v **types.Noncurr if err != nil { return err } - sv.NewerNoncurrentVersions = int32(i64) + sv.NewerNoncurrentVersions = ptr.Int32(int32(i64)) } case strings.EqualFold("NoncurrentDays", t.Name.Local): @@ -18018,7 +18349,7 @@ func awsRestxml_deserializeDocumentNoncurrentVersionExpiration(v **types.Noncurr if err != nil { return err } - sv.NoncurrentDays = int32(i64) + sv.NoncurrentDays = ptr.Int32(int32(i64)) } default: @@ -18071,7 +18402,7 @@ func awsRestxml_deserializeDocumentNoncurrentVersionTransition(v **types.Noncurr if err != nil { return err } - sv.NewerNoncurrentVersions = int32(i64) + sv.NewerNoncurrentVersions = ptr.Int32(int32(i64)) } case strings.EqualFold("NoncurrentDays", t.Name.Local): @@ -18088,7 +18419,7 @@ func awsRestxml_deserializeDocumentNoncurrentVersionTransition(v **types.Noncurr if err != nil { return err } - sv.NoncurrentDays = int32(i64) + sv.NoncurrentDays = ptr.Int32(int32(i64)) } case strings.EqualFold("StorageClass", t.Name.Local): @@ -18469,7 +18800,7 @@ func awsRestxml_deserializeDocumentObject(v **types.Object, decoder smithyxml.No if err != nil { return err } - sv.Size = i64 + sv.Size = ptr.Int64(i64) } case strings.EqualFold("StorageClass", t.Name.Local): @@ -18939,7 +19270,7 @@ func awsRestxml_deserializeDocumentObjectPart(v **types.ObjectPart, decoder smit if err != nil { return err } - sv.PartNumber = int32(i64) + sv.PartNumber = ptr.Int32(int32(i64)) } case strings.EqualFold("Size", t.Name.Local): @@ -18956,7 +19287,7 @@ func awsRestxml_deserializeDocumentObjectPart(v **types.ObjectPart, decoder smit if err != nil { return err } - sv.Size = i64 + sv.Size = ptr.Int64(i64) } default: @@ -19027,7 +19358,7 @@ func awsRestxml_deserializeDocumentObjectVersion(v **types.ObjectVersion, decode if err != nil { return fmt.Errorf("expected IsLatest to be of type *bool, got %T instead", val) } - sv.IsLatest = xtv + sv.IsLatest = ptr.Bool(xtv) } case strings.EqualFold("Key", t.Name.Local): @@ -19086,7 +19417,7 @@ func awsRestxml_deserializeDocumentObjectVersion(v **types.ObjectVersion, decode if err != nil { return err } - sv.Size = i64 + sv.Size = ptr.Int64(i64) } case strings.EqualFold("StorageClass", t.Name.Local): @@ -19536,7 +19867,7 @@ func awsRestxml_deserializeDocumentPart(v **types.Part, decoder smithyxml.NodeDe if err != nil { return err } - sv.PartNumber = int32(i64) + sv.PartNumber = ptr.Int32(int32(i64)) } case strings.EqualFold("Size", t.Name.Local): @@ -19553,7 +19884,56 @@ func awsRestxml_deserializeDocumentPart(v **types.Part, decoder smithyxml.NodeDe if err != nil { return err } - sv.Size = i64 + sv.Size = ptr.Int64(i64) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsRestxml_deserializeDocumentPartitionedPrefix(v **types.PartitionedPrefix, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.PartitionedPrefix + if *v == nil { + sv = &types.PartitionedPrefix{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("PartitionDateSource", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.PartitionDateSource = types.PartitionDateSource(xtv) } default: @@ -19741,7 +20121,7 @@ func awsRestxml_deserializeDocumentPolicyStatus(v **types.PolicyStatus, decoder if err != nil { return fmt.Errorf("expected IsPublic to be of type *bool, got %T instead", val) } - sv.IsPublic = xtv + sv.IsPublic = ptr.Bool(xtv) } default: @@ -19793,7 +20173,7 @@ func awsRestxml_deserializeDocumentPublicAccessBlockConfiguration(v **types.Publ if err != nil { return fmt.Errorf("expected Setting to be of type *bool, got %T instead", val) } - sv.BlockPublicAcls = xtv + sv.BlockPublicAcls = ptr.Bool(xtv) } case strings.EqualFold("BlockPublicPolicy", t.Name.Local): @@ -19809,7 +20189,7 @@ func awsRestxml_deserializeDocumentPublicAccessBlockConfiguration(v **types.Publ if err != nil { return fmt.Errorf("expected Setting to be of type *bool, got %T instead", val) } - sv.BlockPublicPolicy = xtv + sv.BlockPublicPolicy = ptr.Bool(xtv) } case strings.EqualFold("IgnorePublicAcls", t.Name.Local): @@ -19825,7 +20205,7 @@ func awsRestxml_deserializeDocumentPublicAccessBlockConfiguration(v **types.Publ if err != nil { return fmt.Errorf("expected Setting to be of type *bool, got %T instead", val) } - sv.IgnorePublicAcls = xtv + sv.IgnorePublicAcls = ptr.Bool(xtv) } case strings.EqualFold("RestrictPublicBuckets", t.Name.Local): @@ -19841,7 +20221,7 @@ func awsRestxml_deserializeDocumentPublicAccessBlockConfiguration(v **types.Publ if err != nil { return fmt.Errorf("expected Setting to be of type *bool, got %T instead", val) } - sv.RestrictPublicBuckets = xtv + sv.RestrictPublicBuckets = ptr.Bool(xtv) } default: @@ -20353,7 +20733,7 @@ func awsRestxml_deserializeDocumentReplicationRule(v **types.ReplicationRule, de if err != nil { return err } - sv.Priority = int32(i64) + sv.Priority = ptr.Int32(int32(i64)) } case strings.EqualFold("SourceSelectionCriteria", t.Name.Local): @@ -20674,7 +21054,7 @@ func awsRestxml_deserializeDocumentReplicationTimeValue(v **types.ReplicationTim if err != nil { return err } - sv.Minutes = int32(i64) + sv.Minutes = ptr.Int32(int32(i64)) } default: @@ -20726,7 +21106,7 @@ func awsRestxml_deserializeDocumentRestoreStatus(v **types.RestoreStatus, decode if err != nil { return fmt.Errorf("expected IsRestoreInProgress to be of type *bool, got %T instead", val) } - sv.IsRestoreInProgress = xtv + sv.IsRestoreInProgress = ptr.Bool(xtv) } case strings.EqualFold("RestoreExpiryDate", t.Name.Local): @@ -21063,7 +21443,7 @@ func awsRestxml_deserializeDocumentServerSideEncryptionRule(v **types.ServerSide if err != nil { return fmt.Errorf("expected BucketKeyEnabled to be of type *bool, got %T instead", val) } - sv.BucketKeyEnabled = xtv + sv.BucketKeyEnabled = ptr.Bool(xtv) } default: @@ -21148,6 +21528,134 @@ func awsRestxml_deserializeDocumentServerSideEncryptionRulesUnwrapped(v *[]types *v = sv return nil } +func awsRestxml_deserializeDocumentSessionCredentials(v **types.SessionCredentials, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.SessionCredentials + if *v == nil { + sv = &types.SessionCredentials{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("AccessKeyId", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.AccessKeyId = ptr.String(xtv) + } + + case strings.EqualFold("Expiration", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + t, err := smithytime.ParseDateTime(xtv) + if err != nil { + return err + } + sv.Expiration = ptr.Time(t) + } + + case strings.EqualFold("SecretAccessKey", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.SecretAccessKey = ptr.String(xtv) + } + + case strings.EqualFold("SessionToken", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.SessionToken = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsRestxml_deserializeDocumentSimplePrefix(v **types.SimplePrefix, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.SimplePrefix + if *v == nil { + sv = &types.SimplePrefix{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsRestxml_deserializeDocumentSourceSelectionCriteria(v **types.SourceSelectionCriteria, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -21680,6 +22188,54 @@ func awsRestxml_deserializeDocumentTargetGrantsUnwrapped(v *[]types.TargetGrant, *v = sv return nil } +func awsRestxml_deserializeDocumentTargetObjectKeyFormat(v **types.TargetObjectKeyFormat, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.TargetObjectKeyFormat + if *v == nil { + sv = &types.TargetObjectKeyFormat{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("PartitionedPrefix", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsRestxml_deserializeDocumentPartitionedPrefix(&sv.PartitionedPrefix, nodeDecoder); err != nil { + return err + } + + case strings.EqualFold("SimplePrefix", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsRestxml_deserializeDocumentSimplePrefix(&sv.SimplePrefix, nodeDecoder); err != nil { + return err + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsRestxml_deserializeDocumentTiering(v **types.Tiering, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -21729,7 +22285,7 @@ func awsRestxml_deserializeDocumentTiering(v **types.Tiering, decoder smithyxml. if err != nil { return err } - sv.Days = int32(i64) + sv.Days = ptr.Int32(int32(i64)) } default: @@ -22009,7 +22565,7 @@ func awsRestxml_deserializeDocumentTransition(v **types.Transition, decoder smit if err != nil { return err } - sv.Days = int32(i64) + sv.Days = ptr.Int32(int32(i64)) } case strings.EqualFold("StorageClass", t.Name.Local): diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoint_auth_resolver.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoint_auth_resolver.go index c99455874..91af48fc0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoint_auth_resolver.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoint_auth_resolver.go @@ -23,7 +23,14 @@ func (r *endpointAuthResolver) ResolveAuthSchemes( return nil, err } - // a host of undocumented s3 operations can be done anonymously + // canonicalize sigv4-s3express ID + for _, opt := range opts { + if opt.SchemeID == "sigv4-s3express" { + opt.SchemeID = "com.amazonaws.s3#sigv4express" + } + } + + // preserve pre-SRA behavior where everything technically had anonymous return append(opts, &smithyauth.Option{ SchemeID: smithyauth.SchemeIDAnonymous, }), nil @@ -36,12 +43,12 @@ func (r *endpointAuthResolver) resolveAuthSchemes( ) { baseOpts, err := (&defaultAuthSchemeResolver{}).ResolveAuthSchemes(ctx, params) if err != nil { - return nil, fmt.Errorf("get base options: %v", err) + return nil, fmt.Errorf("get base options: %w", err) } endpt, err := r.EndpointResolver.ResolveEndpoint(ctx, *params.endpointParams) if err != nil { - return nil, fmt.Errorf("resolve endpoint: %v", err) + return nil, fmt.Errorf("resolve endpoint: %w", err) } endptOpts, ok := smithyauth.GetAuthOptions(&endpt.Properties) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go index 1e4266d14..a1f2e36d6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go @@ -9,8 +9,10 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" "github.com/aws/aws-sdk-go-v2/internal/endpoints" "github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn" + s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" internalendpoints "github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints" smithy "github.com/aws/smithy-go" smithyauth "github.com/aws/smithy-go/auth" @@ -303,6 +305,20 @@ type EndpointParameters struct { // Parameter is required. UseObjectLambdaEndpoint *bool + // The S3 Key used to send the request. This is an optional parameter that will be + // set automatically for operations that are scoped to an S3 Key. + // + // Parameter is + // required. + Key *string + + // The S3 Prefix used to send the request. This is an optional parameter that will + // be set automatically for operations that are scoped to an S3 Prefix. + // + // Parameter + // is required. + Prefix *string + // Internal parameter to disable Access Point Buckets // // Parameter is required. @@ -324,6 +340,18 @@ type EndpointParameters struct { // // AWS::S3::UseArnRegion UseArnRegion *bool + + // Internal parameter to indicate whether S3Express operation should use control + // plane, (ex. CreateBucket) + // + // Parameter is required. + UseS3ExpressControlEndpoint *bool + + // Parameter to indicate whether S3Express session auth should be + // disabled + // + // Parameter is required. + DisableS3ExpressSessionAuth *bool } // ValidateRequired validates required parameters are set. @@ -456,6 +484,816 @@ func (r *resolver) ResolveEndpoint( } } } + if exprVal := params.Bucket; exprVal != nil { + _Bucket := *exprVal + _ = _Bucket + if exprVal := rulesfn.SubString(_Bucket, 0, 6, true); exprVal != nil { + _bucketSuffix := *exprVal + _ = _bucketSuffix + if _bucketSuffix == "--x-s3" { + if _UseDualStack == true { + return endpoint, fmt.Errorf("endpoint rule error, %s", "S3Express does not support Dual-stack.") + } + if _Accelerate == true { + return endpoint, fmt.Errorf("endpoint rule error, %s", "S3Express does not support S3 Accelerate.") + } + if exprVal := params.Endpoint; exprVal != nil { + _Endpoint := *exprVal + _ = _Endpoint + if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil { + _url := *exprVal + _ = _url + if exprVal := params.DisableS3ExpressSessionAuth; exprVal != nil { + _DisableS3ExpressSessionAuth := *exprVal + _ = _DisableS3ExpressSessionAuth + if _DisableS3ExpressSessionAuth == true { + if _url.IsIp == true { + _uri_encoded_bucket := rulesfn.URIEncode(_Bucket) + _ = _uri_encoded_bucket + uriString := func() string { + var out strings.Builder + out.WriteString(_url.Scheme) + out.WriteString("://") + out.WriteString(_url.Authority) + out.WriteString("/") + out.WriteString(_uri_encoded_bucket) + out.WriteString(_url.Path) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + if awsrulesfn.IsVirtualHostableS3Bucket(_Bucket, false) { + uriString := func() string { + var out strings.Builder + out.WriteString(_url.Scheme) + out.WriteString("://") + out.WriteString(_Bucket) + out.WriteString(".") + out.WriteString(_url.Authority) + out.WriteString(_url.Path) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "S3Express bucket name is not a valid virtual hostable name.") + } + } + if _url.IsIp == true { + _uri_encoded_bucket := rulesfn.URIEncode(_Bucket) + _ = _uri_encoded_bucket + uriString := func() string { + var out strings.Builder + out.WriteString(_url.Scheme) + out.WriteString("://") + out.WriteString(_url.Authority) + out.WriteString("/") + out.WriteString(_uri_encoded_bucket) + out.WriteString(_url.Path) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4-s3express", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + if awsrulesfn.IsVirtualHostableS3Bucket(_Bucket, false) { + uriString := func() string { + var out strings.Builder + out.WriteString(_url.Scheme) + out.WriteString("://") + out.WriteString(_Bucket) + out.WriteString(".") + out.WriteString(_url.Authority) + out.WriteString(_url.Path) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4-s3express", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "S3Express bucket name is not a valid virtual hostable name.") + } + } + if exprVal := params.UseS3ExpressControlEndpoint; exprVal != nil { + _UseS3ExpressControlEndpoint := *exprVal + _ = _UseS3ExpressControlEndpoint + if _UseS3ExpressControlEndpoint == true { + _uri_encoded_bucket := rulesfn.URIEncode(_Bucket) + _ = _uri_encoded_bucket + if !(params.Endpoint != nil) { + if _UseFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://s3express-control-fips.") + out.WriteString(_Region) + out.WriteString(".amazonaws.com/") + out.WriteString(_uri_encoded_bucket) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://s3express-control.") + out.WriteString(_Region) + out.WriteString(".amazonaws.com/") + out.WriteString(_uri_encoded_bucket) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") + } + } + if awsrulesfn.IsVirtualHostableS3Bucket(_Bucket, false) { + if exprVal := params.DisableS3ExpressSessionAuth; exprVal != nil { + _DisableS3ExpressSessionAuth := *exprVal + _ = _DisableS3ExpressSessionAuth + if _DisableS3ExpressSessionAuth == true { + if exprVal := rulesfn.SubString(_Bucket, 6, 14, true); exprVal != nil { + _s3expressAvailabilityZoneId := *exprVal + _ = _s3expressAvailabilityZoneId + if exprVal := rulesfn.SubString(_Bucket, 14, 16, true); exprVal != nil { + _s3expressAvailabilityZoneDelim := *exprVal + _ = _s3expressAvailabilityZoneDelim + if _s3expressAvailabilityZoneDelim == "--" { + if _UseFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-fips-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + } + } + if exprVal := rulesfn.SubString(_Bucket, 6, 15, true); exprVal != nil { + _s3expressAvailabilityZoneId := *exprVal + _ = _s3expressAvailabilityZoneId + if exprVal := rulesfn.SubString(_Bucket, 15, 17, true); exprVal != nil { + _s3expressAvailabilityZoneDelim := *exprVal + _ = _s3expressAvailabilityZoneDelim + if _s3expressAvailabilityZoneDelim == "--" { + if _UseFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-fips-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + } + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "Unrecognized S3Express bucket name format.") + } + } + if exprVal := rulesfn.SubString(_Bucket, 6, 14, true); exprVal != nil { + _s3expressAvailabilityZoneId := *exprVal + _ = _s3expressAvailabilityZoneId + if exprVal := rulesfn.SubString(_Bucket, 14, 16, true); exprVal != nil { + _s3expressAvailabilityZoneDelim := *exprVal + _ = _s3expressAvailabilityZoneDelim + if _s3expressAvailabilityZoneDelim == "--" { + if _UseFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-fips-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4-s3express", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4-s3express", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + } + } + if exprVal := rulesfn.SubString(_Bucket, 6, 15, true); exprVal != nil { + _s3expressAvailabilityZoneId := *exprVal + _ = _s3expressAvailabilityZoneId + if exprVal := rulesfn.SubString(_Bucket, 15, 17, true); exprVal != nil { + _s3expressAvailabilityZoneDelim := *exprVal + _ = _s3expressAvailabilityZoneDelim + if _s3expressAvailabilityZoneDelim == "--" { + if _UseFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-fips-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4-s3express", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Bucket) + out.WriteString(".s3express-") + out.WriteString(_s3expressAvailabilityZoneId) + out.WriteString(".") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4-s3express", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + } + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "Unrecognized S3Express bucket name format.") + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "S3Express bucket name is not a valid virtual hostable name.") + } + } + } + if !(params.Bucket != nil) { + if exprVal := params.UseS3ExpressControlEndpoint; exprVal != nil { + _UseS3ExpressControlEndpoint := *exprVal + _ = _UseS3ExpressControlEndpoint + if _UseS3ExpressControlEndpoint == true { + if exprVal := params.Endpoint; exprVal != nil { + _Endpoint := *exprVal + _ = _Endpoint + if exprVal := rulesfn.ParseURL(_Endpoint); exprVal != nil { + _url := *exprVal + _ = _url + uriString := func() string { + var out strings.Builder + out.WriteString(_url.Scheme) + out.WriteString("://") + out.WriteString(_url.Authority) + out.WriteString(_url.Path) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + } + if _UseFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://s3express-control-fips.") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://s3express-control.") + out.WriteString(_Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + out.Set("backend", "S3Express") + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "aws.auth#sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetDisableDoubleEncoding(&sp, true) + + smithyhttp.SetSigV4SigningName(&sp, "s3express") + smithyhttp.SetSigV4ASigningName(&sp, "s3express") + + smithyhttp.SetSigV4SigningRegion(&sp, _Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + } + } + } if exprVal := params.Bucket; exprVal != nil { _Bucket := *exprVal _ = _Bucket @@ -2839,8 +3677,8 @@ func (r *resolver) ResolveEndpoint( return endpoint, fmt.Errorf("endpoint rule error, %s", "S3 Outposts does not support S3 Accelerate") } if exprVal := _bucketArn.ResourceId.Get(4); exprVal != nil { - _var_244 := *exprVal - _ = _var_244 + _var_275 := *exprVal + _ = _var_275 return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Arn: Outpost Access Point ARN contains sub resources") } if exprVal := _bucketArn.ResourceId.Get(1); exprVal != nil { @@ -3057,8 +3895,8 @@ func (r *resolver) ResolveEndpoint( } if _ForcePathStyle == true { if exprVal := awsrulesfn.ParseARN(_Bucket); exprVal != nil { - _var_257 := *exprVal - _ = _var_257 + _var_288 := *exprVal + _ = _var_288 return endpoint, fmt.Errorf("endpoint rule error, %s", "Path-style addressing cannot be used with ARN buckets") } } @@ -4839,6 +5677,8 @@ func bindEndpointParams(input interface{}, options Options) *EndpointParameters params.DisableMultiRegionAccessPoints = aws.Bool(options.DisableMultiRegionAccessPoints) params.UseArnRegion = aws.Bool(options.UseARNRegion) + params.DisableS3ExpressSessionAuth = options.DisableS3ExpressSessionAuth + if b, ok := input.(endpointParamsBinder); ok { b.bindEndpointParams(params) } @@ -4897,5 +5737,8 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid rscheme.SignerProperties.SetAll(&o.SignerProperties) } + backend := s3cust.GetPropertiesBackend(&endpt.Properties) + ctx = internalcontext.SetS3Backend(ctx, backend) + return next.HandleFinalize(ctx, in) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express.go new file mode 100644 index 000000000..bbac9ca27 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express.go @@ -0,0 +1,9 @@ +package s3 + +import ( + "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" +) + +// ExpressCredentialsProvider retrieves credentials for operations against the +// S3Express storage class. +type ExpressCredentialsProvider = customizations.S3ExpressCredentialsProvider diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go new file mode 100644 index 000000000..3b35a3e57 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go @@ -0,0 +1,170 @@ +package s3 + +import ( + "context" + "crypto/hmac" + "crypto/sha256" + "errors" + "fmt" + "sync" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/aws-sdk-go-v2/internal/sync/singleflight" + "github.com/aws/smithy-go/container/private/cache" + "github.com/aws/smithy-go/container/private/cache/lru" +) + +const s3ExpressCacheCap = 100 + +const s3ExpressRefreshWindow = 1 * time.Minute + +type cacheKey struct { + CredentialsHash string // hmac(sigv4 akid, sigv4 secret) + Bucket string +} + +func (c cacheKey) Slug() string { + return fmt.Sprintf("%s%s", c.CredentialsHash, c.Bucket) +} + +type sessionCredsCache struct { + mu sync.Mutex + cache cache.Cache +} + +func (c *sessionCredsCache) Get(key cacheKey) (*aws.Credentials, bool) { + c.mu.Lock() + defer c.mu.Unlock() + + if v, ok := c.cache.Get(key); ok { + return v.(*aws.Credentials), true + } + return nil, false +} + +func (c *sessionCredsCache) Put(key cacheKey, creds *aws.Credentials) { + c.mu.Lock() + defer c.mu.Unlock() + + c.cache.Put(key, creds) +} + +// The default S3Express provider uses an LRU cache with a capacity of 100. +// +// Credentials will be refreshed asynchronously when a Retrieve() call is made +// for cached credentials within an expiry window (1 minute, currently +// non-configurable). +type defaultS3ExpressCredentialsProvider struct { + sf singleflight.Group + + client createSessionAPIClient + cache *sessionCredsCache + refreshWindow time.Duration + v4creds aws.CredentialsProvider // underlying credentials used for CreateSession +} + +type createSessionAPIClient interface { + CreateSession(context.Context, *CreateSessionInput, ...func(*Options)) (*CreateSessionOutput, error) +} + +func newDefaultS3ExpressCredentialsProvider() *defaultS3ExpressCredentialsProvider { + return &defaultS3ExpressCredentialsProvider{ + cache: &sessionCredsCache{ + cache: lru.New(s3ExpressCacheCap), + }, + refreshWindow: s3ExpressRefreshWindow, + } +} + +// returns a cloned provider using new base credentials, used when per-op +// config mutations change the credentials provider +func (p *defaultS3ExpressCredentialsProvider) CloneWithBaseCredentials(v4creds aws.CredentialsProvider) *defaultS3ExpressCredentialsProvider { + return &defaultS3ExpressCredentialsProvider{ + client: p.client, + cache: p.cache, + refreshWindow: p.refreshWindow, + v4creds: v4creds, + } +} + +func (p *defaultS3ExpressCredentialsProvider) Retrieve(ctx context.Context, bucket string) (aws.Credentials, error) { + v4creds, err := p.v4creds.Retrieve(ctx) + if err != nil { + return aws.Credentials{}, fmt.Errorf("get sigv4 creds: %w", err) + } + + key := cacheKey{ + CredentialsHash: gethmac(v4creds.AccessKeyID, v4creds.SecretAccessKey), + Bucket: bucket, + } + creds, ok := p.cache.Get(key) + if !ok || creds.Expired() { + return p.awaitDoChanRetrieve(ctx, key) + } + + if creds.Expires.Sub(sdk.NowTime()) <= p.refreshWindow { + p.doChanRetrieve(ctx, key) + } + + return *creds, nil +} + +func (p *defaultS3ExpressCredentialsProvider) doChanRetrieve(ctx context.Context, key cacheKey) <-chan singleflight.Result { + return p.sf.DoChan(key.Slug(), func() (interface{}, error) { + return p.retrieve(ctx, key) + }) +} + +func (p *defaultS3ExpressCredentialsProvider) awaitDoChanRetrieve(ctx context.Context, key cacheKey) (aws.Credentials, error) { + ch := p.doChanRetrieve(ctx, key) + + select { + case r := <-ch: + return r.Val.(aws.Credentials), r.Err + case <-ctx.Done(): + return aws.Credentials{}, errors.New("s3express retrieve credentials canceled") + } +} + +func (p *defaultS3ExpressCredentialsProvider) retrieve(ctx context.Context, key cacheKey) (aws.Credentials, error) { + resp, err := p.client.CreateSession(ctx, &CreateSessionInput{ + Bucket: aws.String(key.Bucket), + }) + if err != nil { + return aws.Credentials{}, err + } + + creds, err := credentialsFromResponse(resp) + if err != nil { + return aws.Credentials{}, err + } + + p.cache.Put(key, creds) + return *creds, nil +} + +func credentialsFromResponse(o *CreateSessionOutput) (*aws.Credentials, error) { + if o.Credentials == nil { + return nil, errors.New("s3express session credentials unset") + } + + if o.Credentials.AccessKeyId == nil || o.Credentials.SecretAccessKey == nil || o.Credentials.SessionToken == nil || o.Credentials.Expiration == nil { + return nil, errors.New("s3express session credentials missing one or more required fields") + } + + return &aws.Credentials{ + AccessKeyID: *o.Credentials.AccessKeyId, + SecretAccessKey: *o.Credentials.SecretAccessKey, + SessionToken: *o.Credentials.SessionToken, + CanExpire: true, + Expires: *o.Credentials.Expiration, + }, nil +} + +func gethmac(p, key string) string { + hash := hmac.New(sha256.New, []byte(key)) + hash.Write([]byte(p)) + return string(hash.Sum(nil)) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_resolve.go new file mode 100644 index 000000000..18d6c06ad --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_resolve.go @@ -0,0 +1,44 @@ +package s3 + +import ( + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" +) + +// If the caller hasn't provided an S3Express provider, we use our default +// which will grab a reference to the S3 client itself in finalization. +func resolveExpressCredentials(o *Options) { + if o.ExpressCredentials == nil { + o.ExpressCredentials = newDefaultS3ExpressCredentialsProvider() + } +} + +// Config finalizer: if we're using the default S3Express implementation, grab +// a reference to the client for its CreateSession API, and the underlying +// sigv4 credentials provider for cache keying. +func finalizeExpressCredentials(o *Options, c *Client) { + if p, ok := o.ExpressCredentials.(*defaultS3ExpressCredentialsProvider); ok { + p.client = c + p.v4creds = o.Credentials + } +} + +// Operation config finalizer: update the sigv4 credentials on the default +// express provider if it changed to ensure different cache keys +func finalizeOperationExpressCredentials(o *Options, c Client) { + p, ok := o.ExpressCredentials.(*defaultS3ExpressCredentialsProvider) + if !ok { + return + } + + if c.options.Credentials != o.Credentials { + o.ExpressCredentials = p.CloneWithBaseCredentials(o.Credentials) + } +} + +// NewFromConfig resolver: pull from opaque sources if it exists. +func resolveDisableExpressAuth(cfg aws.Config, o *Options) { + if v, ok := customizations.ResolveDisableExpressAuth(cfg.ConfigSources); ok { + o.DisableS3ExpressSessionAuth = &v + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json index cdc6f0f1b..4e666764f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json @@ -20,6 +20,7 @@ "api_op_CopyObject.go", "api_op_CreateBucket.go", "api_op_CreateMultipartUpload.go", + "api_op_CreateSession.go", "api_op_DeleteBucket.go", "api_op_DeleteBucketAnalyticsConfiguration.go", "api_op_DeleteBucketCors.go", @@ -73,6 +74,7 @@ "api_op_ListBucketInventoryConfigurations.go", "api_op_ListBucketMetricsConfigurations.go", "api_op_ListBuckets.go", + "api_op_ListDirectoryBuckets.go", "api_op_ListMultipartUploads.go", "api_op_ListObjectVersions.go", "api_op_ListObjects.go", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go index 78ca85fb2..3b7c6ddca 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go @@ -3,4 +3,4 @@ package s3 // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.42.2" +const goModuleVersion = "1.47.5" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go index 3d0b25100..6aae79e7c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/handwritten_paginators.go @@ -3,6 +3,8 @@ package s3 import ( "context" "fmt" + + "github.com/aws/aws-sdk-go-v2/aws" ) // ListObjectVersionsAPIClient is a client that implements the ListObjectVersions @@ -42,7 +44,9 @@ func NewListObjectVersionsPaginator(client ListObjectVersionsAPIClient, params * } options := ListObjectVersionsPaginatorOptions{} - options.Limit = params.MaxKeys + if params.MaxKeys != nil { + options.Limit = aws.ToInt32(params.MaxKeys) + } for _, fn := range optFns { fn(&options) @@ -77,7 +81,9 @@ func (p *ListObjectVersionsPaginator) NextPage(ctx context.Context, optFns ...fu if p.options.Limit > 0 { limit = p.options.Limit } - params.MaxKeys = limit + if limit > 0 { + params.MaxKeys = aws.Int32(limit) + } result, err := p.client.ListObjectVersions(ctx, ¶ms, optFns...) if err != nil { @@ -86,10 +92,10 @@ func (p *ListObjectVersionsPaginator) NextPage(ctx context.Context, optFns ...fu p.firstPage = false prevToken := p.keyMarker - p.isTruncated = result.IsTruncated + p.isTruncated = aws.ToBool(result.IsTruncated) p.keyMarker = nil p.versionIDMarker = nil - if result.IsTruncated { + if aws.ToBool(result.IsTruncated) { p.keyMarker = result.NextKeyMarker p.versionIDMarker = result.NextVersionIdMarker } @@ -141,7 +147,9 @@ func NewListMultipartUploadsPaginator(client ListMultipartUploadsAPIClient, para } options := ListMultipartUploadsPaginatorOptions{} - options.Limit = params.MaxUploads + if params.MaxUploads != nil { + options.Limit = aws.ToInt32(params.MaxUploads) + } for _, fn := range optFns { fn(&options) @@ -176,7 +184,9 @@ func (p *ListMultipartUploadsPaginator) NextPage(ctx context.Context, optFns ... if p.options.Limit > 0 { limit = p.options.Limit } - params.MaxUploads = limit + if limit > 0 { + params.MaxUploads = aws.Int32(limit) + } result, err := p.client.ListMultipartUploads(ctx, ¶ms, optFns...) if err != nil { @@ -185,10 +195,10 @@ func (p *ListMultipartUploadsPaginator) NextPage(ctx context.Context, optFns ... p.firstPage = false prevToken := p.keyMarker - p.isTruncated = result.IsTruncated + p.isTruncated = aws.ToBool(result.IsTruncated) p.keyMarker = nil p.uploadIDMarker = nil - if result.IsTruncated { + if aws.ToBool(result.IsTruncated) { p.keyMarker = result.NextKeyMarker p.uploadIDMarker = result.NextUploadIdMarker } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/context.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/context.go new file mode 100644 index 000000000..91b8fde0d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/context.go @@ -0,0 +1,21 @@ +package customizations + +import ( + "context" + + "github.com/aws/smithy-go/middleware" +) + +type bucketKey struct{} + +// SetBucket stores a bucket name within the request context, which is required +// for a variety of custom S3 behaviors. +func SetBucket(ctx context.Context, bucket string) context.Context { + return middleware.WithStackValue(ctx, bucketKey{}, bucket) +} + +// GetBucket retrieves a stored bucket name within a context. +func GetBucket(ctx context.Context) string { + v, _ := middleware.GetStackValue(ctx, bucketKey{}).(string) + return v +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express.go new file mode 100644 index 000000000..8cc0b3624 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express.go @@ -0,0 +1,44 @@ +package customizations + +import ( + "context" + "fmt" + + "github.com/aws/aws-sdk-go-v2/aws" + internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + "github.com/aws/smithy-go" + "github.com/aws/smithy-go/auth" +) + +// S3ExpressCredentialsProvider retrieves credentials for the S3Express storage +// class. +type S3ExpressCredentialsProvider interface { + Retrieve(ctx context.Context, bucket string) (aws.Credentials, error) +} + +// ExpressIdentityResolver retrieves identity for the S3Express storage class. +type ExpressIdentityResolver struct { + Provider S3ExpressCredentialsProvider +} + +var _ (auth.IdentityResolver) = (*ExpressIdentityResolver)(nil) + +// GetIdentity retrieves AWS credentials using the underlying provider. +func (v *ExpressIdentityResolver) GetIdentity(ctx context.Context, props smithy.Properties) ( + auth.Identity, error, +) { + bucket, ok := GetIdentityPropertiesBucket(&props) + if !ok { + bucket = GetBucket(ctx) + } + if bucket == "" { + return nil, fmt.Errorf("bucket name is missing") + } + + creds, err := v.Provider.Retrieve(ctx, bucket) + if err != nil { + return nil, fmt.Errorf("get credentials: %v", err) + } + + return &internalauthsmithy.CredentialsAdapter{Credentials: creds}, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_config.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_config.go new file mode 100644 index 000000000..bb22d3474 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_config.go @@ -0,0 +1,18 @@ +package customizations + +type s3DisableExpressAuthProvider interface { + GetS3DisableExpressAuth() (bool, bool) +} + +// ResolveDisableExpressAuth pulls S3DisableExpressAuth setting from config +// sources. +func ResolveDisableExpressAuth(configs []interface{}) (value bool, exists bool) { + for _, cfg := range configs { + if p, ok := cfg.(s3DisableExpressAuthProvider); ok { + if value, exists = p.GetS3DisableExpressAuth(); exists { + break + } + } + } + return +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_default_checksum.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_default_checksum.go new file mode 100644 index 000000000..cf3ff5966 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_default_checksum.go @@ -0,0 +1,42 @@ +package customizations + +import ( + "context" + "fmt" + + ictx "github.com/aws/aws-sdk-go-v2/internal/context" + "github.com/aws/aws-sdk-go-v2/service/internal/checksum" + "github.com/aws/smithy-go/middleware" +) + +type expressDefaultChecksumMiddleware struct{} + +func (*expressDefaultChecksumMiddleware) ID() string { + return "expressDefaultChecksum" +} + +func (*expressDefaultChecksumMiddleware) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + if ictx.GetS3Backend(ctx) == ictx.S3BackendS3Express && ictx.GetChecksumInputAlgorithm(ctx) == "" { + ctx = ictx.SetChecksumInputAlgorithm(ctx, string(checksum.AlgorithmCRC32)) + } + return next.HandleFinalize(ctx, in) +} + +// AddExpressDefaultChecksumMiddleware appends a step to default to CRC32 for +// S3Express requests. This should only be applied to operations where a +// checksum is required (e.g. DeleteObject). +func AddExpressDefaultChecksumMiddleware(s *middleware.Stack) error { + err := s.Finalize.Insert( + &expressDefaultChecksumMiddleware{}, + "AWSChecksum:ComputeInputPayloadChecksum", + middleware.Before, + ) + if err != nil { + return fmt.Errorf("add expressDefaultChecksum: %v", err) + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_properties.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_properties.go new file mode 100644 index 000000000..171de4613 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_properties.go @@ -0,0 +1,21 @@ +package customizations + +import "github.com/aws/smithy-go" + +// GetPropertiesBackend returns a resolved endpoint backend from the property +// set. +func GetPropertiesBackend(p *smithy.Properties) string { + v, _ := p.Get("backend").(string) + return v +} + +// GetIdentityPropertiesBucket returns the S3 bucket from identity properties. +func GetIdentityPropertiesBucket(ip *smithy.Properties) (string, bool) { + v, ok := ip.Get(bucketKey{}).(string) + return v, ok +} + +// SetIdentityPropertiesBucket sets the S3 bucket to identity properties. +func SetIdentityPropertiesBucket(ip *smithy.Properties, bucket string) { + ip.Set(bucketKey{}, bucket) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer.go new file mode 100644 index 000000000..545e5b220 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer.go @@ -0,0 +1,109 @@ +package customizations + +import ( + "context" + "net/http" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/smithy-go/middleware" +) + +const ( + s3ExpressSignerVersion = "com.amazonaws.s3#sigv4express" + headerAmzSessionToken = "x-amz-s3session-token" +) + +// adapts a v4 signer for S3Express +type s3ExpressSignerAdapter struct { + v4 v4.HTTPSigner +} + +// SignHTTP performs S3Express signing on a request, which is identical to +// SigV4 signing save for an additional header containing the S3Express +// session token. +func (s *s3ExpressSignerAdapter) SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error { + r.Header.Set(headerAmzSessionToken, credentials.SessionToken) + optFns = append(optFns, func(o *v4.SignerOptions) { + o.DisableSessionToken = true + }) + return s.v4.SignHTTP(ctx, credentials, r, payloadHash, service, region, signingTime, optFns...) +} + +// adapts S3ExpressCredentialsProvider to the standard AWS +// CredentialsProvider interface +type s3ExpressCredentialsAdapter struct { + provider S3ExpressCredentialsProvider + bucket string +} + +func (c *s3ExpressCredentialsAdapter) Retrieve(ctx context.Context) (aws.Credentials, error) { + return c.provider.Retrieve(ctx, c.bucket) +} + +// S3ExpressSignHTTPRequestMiddleware signs S3 S3Express requests. +// +// This is NOT mutually exclusive with existing v4 or v4a signer handling on +// the stack itself, but only one handler will actually perform signing based +// on the provided signing version in the context. +type S3ExpressSignHTTPRequestMiddleware struct { + Credentials S3ExpressCredentialsProvider + Signer v4.HTTPSigner + LogSigning bool +} + +// ID identifies S3ExpressSignHTTPRequestMiddleware. +func (*S3ExpressSignHTTPRequestMiddleware) ID() string { + return "S3ExpressSigning" +} + +// HandleFinalize will sign the request if the S3Express signer has been +// selected. +func (m *S3ExpressSignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + if GetSignerVersion(ctx) != s3ExpressSignerVersion { + return next.HandleFinalize(ctx, in) + } + + mw := v4.NewSignHTTPRequestMiddleware(v4.SignHTTPRequestMiddlewareOptions{ + CredentialsProvider: m.credentialsAdapter(ctx), + Signer: m.signerAdapter(), + LogSigning: m.LogSigning, + }) + return mw.HandleFinalize(ctx, in, next) +} + +func (m *S3ExpressSignHTTPRequestMiddleware) credentialsAdapter(ctx context.Context) aws.CredentialsProvider { + return &s3ExpressCredentialsAdapter{ + provider: m.Credentials, + bucket: GetBucket(ctx), + } +} + +func (m *S3ExpressSignHTTPRequestMiddleware) signerAdapter() v4.HTTPSigner { + return &s3ExpressSignerAdapter{v4: m.Signer} +} + +type s3ExpressPresignerAdapter struct { + v4 v4.HTTPPresigner +} + +// SignHTTP performs S3Express signing on a request, which is identical to +// SigV4 signing save for an additional header containing the S3Express +// session token. +func (s *s3ExpressPresignerAdapter) PresignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) ( + string, http.Header, error, +) { + r.Header.Set(headerAmzSessionToken, credentials.SessionToken) + optFns = append(optFns, func(o *v4.SignerOptions) { + o.DisableSessionToken = true + }) + return s.v4.PresignHTTP(ctx, credentials, r, payloadHash, service, region, signingTime, optFns...) +} + +var ( + _ aws.CredentialsProvider = &s3ExpressCredentialsAdapter{} + _ v4.HTTPSigner = &s3ExpressSignerAdapter{} +) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer_smithy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer_smithy.go new file mode 100644 index 000000000..e3ec7f011 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/express_signer_smithy.go @@ -0,0 +1,61 @@ +package customizations + +import ( + "context" + "fmt" + + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/smithy-go" + "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/logging" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// ExpressSigner signs requests for the sigv4-s3express auth scheme. +// +// This signer respects the aws.auth#sigv4 properties for signing name and +// region. +type ExpressSigner struct { + Signer v4.HTTPSigner + Logger logging.Logger + LogSigning bool +} + +var _ (smithyhttp.Signer) = (*ExpressSigner)(nil) + +// SignRequest signs the request with the provided identity. +func (v *ExpressSigner) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error { + ca, ok := identity.(*internalauthsmithy.CredentialsAdapter) + if !ok { + return fmt.Errorf("unexpected identity type: %T", identity) + } + + name, ok := smithyhttp.GetSigV4SigningName(&props) + if !ok { + return fmt.Errorf("sigv4 signing name is required for s3express variant") + } + + region, ok := smithyhttp.GetSigV4SigningRegion(&props) + if !ok { + return fmt.Errorf("sigv4 signing region is required for s3express variant") + } + + hash := v4.GetPayloadHash(ctx) + + r.Header.Set(headerAmzSessionToken, ca.Credentials.SessionToken) + err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, region, sdk.NowTime(), func(o *v4.SignerOptions) { + o.DisableSessionToken = true + + o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props) + + o.Logger = v.Logger + o.LogSigning = v.LogSigning + }) + if err != nil { + return fmt.Errorf("sign http: %v", err) + } + + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go index c79a5aba4..cc2bf9c13 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations/signer_wrapper.go @@ -77,15 +77,21 @@ func (s *SignHTTPRequestMiddleware) ID() string { return "Signing" } -// HandleFinalize will take the provided input and sign the request using the SigV4 authentication scheme +// HandleFinalize will take the provided input and handle signing for either +// SigV4 or SigV4A as called for. func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( out middleware.FinalizeOutput, metadata middleware.Metadata, err error, ) { - // fetch signer type from context - signerVersion := GetSignerVersion(ctx) + sv := GetSignerVersion(ctx) - // SigV4a - if strings.EqualFold(signerVersion, v4a.Version) { + if strings.EqualFold(sv, v4.Version) { + mw := v4.NewSignHTTPRequestMiddleware(v4.SignHTTPRequestMiddlewareOptions{ + CredentialsProvider: s.credentialsProvider, + Signer: s.v4Signer, + LogSigning: s.logSigning, + }) + return mw.HandleFinalize(ctx, in, next) + } else if strings.EqualFold(sv, v4a.Version) { v4aCredentialProvider, ok := s.credentialsProvider.(v4a.CredentialsProvider) if !ok { return out, metadata, fmt.Errorf("invalid credential-provider provided for sigV4a Signer") @@ -98,13 +104,8 @@ func (s *SignHTTPRequestMiddleware) HandleFinalize(ctx context.Context, in middl }) return mw.HandleFinalize(ctx, in, next) } - // SigV4 - mw := v4.NewSignHTTPRequestMiddleware(v4.SignHTTPRequestMiddlewareOptions{ - CredentialsProvider: s.credentialsProvider, - Signer: s.v4Signer, - LogSigning: s.logSigning, - }) - return mw.HandleFinalize(ctx, in, next) + + return next.HandleFinalize(ctx, in) } // RegisterSigningMiddleware registers the wrapper signing middleware to the stack. If a signing middleware is already @@ -124,6 +125,7 @@ func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignH // PresignHTTPRequestMiddlewareOptions is the options for the PresignHTTPRequestMiddleware middleware. type PresignHTTPRequestMiddlewareOptions struct { CredentialsProvider aws.CredentialsProvider + ExpressCredentials S3ExpressCredentialsProvider V4Presigner v4.HTTPPresigner V4aPresigner v4a.HTTPPresigner LogSigning bool @@ -139,6 +141,9 @@ type PresignHTTPRequestMiddleware struct { // cred provider and signer for sigv4 credentialsProvider aws.CredentialsProvider + // s3Express credentials + expressCredentials S3ExpressCredentialsProvider + // sigV4 signer v4Signer v4.HTTPPresigner @@ -153,6 +158,7 @@ type PresignHTTPRequestMiddleware struct { func NewPresignHTTPRequestMiddleware(options PresignHTTPRequestMiddlewareOptions) *PresignHTTPRequestMiddleware { return &PresignHTTPRequestMiddleware{ credentialsProvider: options.CredentialsProvider, + expressCredentials: options.ExpressCredentials, v4Signer: options.V4Presigner, v4aSigner: options.V4aPresigner, logSigning: options.LogSigning, @@ -187,7 +193,6 @@ func (p *PresignHTTPRequestMiddleware) HandleFinalize( LogSigning: p.logSigning, }) return mw.HandleFinalize(ctx, in, next) - case "aws.auth#sigv4": mw := v4.NewPresignHTTPRequestMiddleware(v4.PresignHTTPRequestMiddlewareOptions{ CredentialsProvider: p.credentialsProvider, @@ -195,6 +200,16 @@ func (p *PresignHTTPRequestMiddleware) HandleFinalize( LogSigning: p.logSigning, }) return mw.HandleFinalize(ctx, in, next) + case s3ExpressSignerVersion: + mw := v4.NewPresignHTTPRequestMiddleware(v4.PresignHTTPRequestMiddlewareOptions{ + CredentialsProvider: &s3ExpressCredentialsAdapter{ + provider: p.expressCredentials, + bucket: GetBucket(ctx), + }, + Presigner: &s3ExpressPresignerAdapter{v4: p.v4Signer}, + LogSigning: p.logSigning, + }) + return mw.HandleFinalize(ctx, in, next) default: return out, metadata, fmt.Errorf("unsupported signer type \"%s\"", signerVersion) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go index 5afb64d63..064bcefb4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go @@ -9,6 +9,7 @@ import ( awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" "github.com/aws/aws-sdk-go-v2/internal/v4a" + s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" smithyauth "github.com/aws/smithy-go/auth" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/middleware" @@ -52,6 +53,10 @@ type Options struct { // Allows you to disable S3 Multi-Region access points feature. DisableMultiRegionAccessPoints bool + // Disables this client's usage of Session Auth for S3Express buckets and reverts + // to using conventional SigV4 for those. + DisableS3ExpressSessionAuth *bool + // The endpoint options to be used when attempting to resolve an endpoint. EndpointOptions EndpointResolverOptions @@ -68,6 +73,9 @@ type Options struct { // used over the deprecated EndpointResolver. EndpointResolverV2 EndpointResolverV2 + // The credentials provider for S3Express requests. + ExpressCredentials ExpressCredentialsProvider + // Signature Version 4 (SigV4) Signer HTTPSignerV4 HTTPSignerV4 @@ -80,11 +88,9 @@ type Options struct { // RetryMaxAttempts specifies the maximum number attempts an API client will call // an operation that fails with a retryable error. A value of 0 is ignored, and // will not be used to configure the API client created default retryer, or modify - // per operation call's retry max attempts. When creating a new API Clients this - // member will only be used if the Retryer Options member is nil. This value will - // be ignored if Retryer is not nil. If specified in an operation call's functional - // options with a value that is different than the constructed client's Options, - // the Client's Retryer will be wrapped to use the operation's specific + // per operation call's retry max attempts. If specified in an operation call's + // functional options with a value that is different than the constructed client's + // Options, the Client's Retryer will be wrapped to use the operation's specific // RetryMaxAttempts value. RetryMaxAttempts int @@ -164,6 +170,9 @@ func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolve if schemeID == "aws.auth#sigv4" { return getSigV4IdentityResolver(o) } + if schemeID == "com.amazonaws.s3#sigv4express" { + return getExpressIdentityResolver(o) + } if schemeID == "aws.auth#sigv4a" { return getSigV4AIdentityResolver(o) } @@ -292,7 +301,14 @@ func WithSigV4ASigningRegions(regions []string) func(*Options) { } func ignoreAnonymousAuth(options *Options) { - if _, ok := options.Credentials.(aws.AnonymousCredentials); ok { + if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil } } + +func getExpressIdentityResolver(o Options) smithyauth.IdentityResolver { + if o.ExpressCredentials != nil { + return &s3cust.ExpressIdentityResolver{Provider: o.ExpressCredentials} + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go index cb22779fb..4e34d1a22 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serialize_immutable_hostname_bucket.go @@ -3,9 +3,10 @@ package s3 import ( "context" "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "path" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn" smithy "github.com/aws/smithy-go" "github.com/aws/smithy-go/encoding/httpbinding" @@ -38,16 +39,20 @@ func (m *serializeImmutableHostnameBucketMiddleware) HandleSerialize( if !ok { return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} } - if !smithyhttp.GetHostnameImmutable(ctx) && - !(awsmiddleware.GetRequiresLegacyEndpoints(ctx) && m.UsePathStyle) { - return next.HandleSerialize(ctx, in) - } bucket, ok := bucketFromInput(in.Parameters) if !ok { return next.HandleSerialize(ctx, in) } + // a bucket being un-vhostable will also force us to use path style + usePathStyle := m.UsePathStyle || !awsrulesfn.IsVirtualHostableS3Bucket(bucket, request.URL.Scheme != "https") + + if !smithyhttp.GetHostnameImmutable(ctx) && + !(awsmiddleware.GetRequiresLegacyEndpoints(ctx) && usePathStyle) { + return next.HandleSerialize(ctx, in) + } + parsedBucket := awsrulesfn.ParseARN(bucket) // disallow ARN buckets except for MRAP arns diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go index 463f6b706..59524bdcb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go @@ -293,9 +293,9 @@ func awsRestxml_serializeOpHttpBindingsCopyObjectInput(v *CopyObjectInput, encod encoder.SetHeader(locationName).String(string(v.ACL)) } - if v.BucketKeyEnabled { + if v.BucketKeyEnabled != nil { locationName := "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled" - encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled) + encoder.SetHeader(locationName).Boolean(*v.BucketKeyEnabled) } if v.CacheControl != nil && len(*v.CacheControl) > 0 { @@ -606,9 +606,9 @@ func awsRestxml_serializeOpHttpBindingsCreateBucketInput(v *CreateBucketInput, e encoder.SetHeader(locationName).String(*v.GrantWriteACP) } - if v.ObjectLockEnabledForBucket { + if v.ObjectLockEnabledForBucket != nil { locationName := "X-Amz-Bucket-Object-Lock-Enabled" - encoder.SetHeader(locationName).Boolean(v.ObjectLockEnabledForBucket) + encoder.SetHeader(locationName).Boolean(*v.ObjectLockEnabledForBucket) } if len(v.ObjectOwnership) > 0 { @@ -677,9 +677,9 @@ func awsRestxml_serializeOpHttpBindingsCreateMultipartUploadInput(v *CreateMulti encoder.SetHeader(locationName).String(string(v.ACL)) } - if v.BucketKeyEnabled { + if v.BucketKeyEnabled != nil { locationName := "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled" - encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled) + encoder.SetHeader(locationName).Boolean(*v.BucketKeyEnabled) } if v.CacheControl != nil && len(*v.CacheControl) > 0 { @@ -828,6 +828,67 @@ func awsRestxml_serializeOpHttpBindingsCreateMultipartUploadInput(v *CreateMulti return nil } +type awsRestxml_serializeOpCreateSession struct { +} + +func (*awsRestxml_serializeOpCreateSession) ID() string { + return "OperationSerializer" +} + +func (m *awsRestxml_serializeOpCreateSession) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*CreateSessionInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/?session") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "GET" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if err := awsRestxml_serializeOpHttpBindingsCreateSessionInput(input, restEncoder); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} +func awsRestxml_serializeOpHttpBindingsCreateSessionInput(v *CreateSessionInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + if len(v.SessionMode) > 0 { + locationName := "X-Amz-Create-Session-Mode" + encoder.SetHeader(locationName).String(string(v.SessionMode)) + } + + return nil +} + type awsRestxml_serializeOpDeleteBucket struct { } @@ -1685,9 +1746,9 @@ func awsRestxml_serializeOpHttpBindingsDeleteObjectInput(v *DeleteObjectInput, e return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.BypassGovernanceRetention { + if v.BypassGovernanceRetention != nil { locationName := "X-Amz-Bypass-Governance-Retention" - encoder.SetHeader(locationName).Boolean(v.BypassGovernanceRetention) + encoder.SetHeader(locationName).Boolean(*v.BypassGovernanceRetention) } if v.ExpectedBucketOwner != nil && len(*v.ExpectedBucketOwner) > 0 { @@ -1798,9 +1859,9 @@ func awsRestxml_serializeOpHttpBindingsDeleteObjectsInput(v *DeleteObjectsInput, return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.BypassGovernanceRetention { + if v.BypassGovernanceRetention != nil { locationName := "X-Amz-Bypass-Governance-Retention" - encoder.SetHeader(locationName).Boolean(v.BypassGovernanceRetention) + encoder.SetHeader(locationName).Boolean(*v.BypassGovernanceRetention) } if len(v.ChecksumAlgorithm) > 0 { @@ -3289,8 +3350,8 @@ func awsRestxml_serializeOpHttpBindingsGetObjectInput(v *GetObjectInput, encoder } } - if v.PartNumber != 0 { - encoder.SetQuery("partNumber").Integer(v.PartNumber) + if v.PartNumber != nil { + encoder.SetQuery("partNumber").Integer(*v.PartNumber) } if v.Range != nil && len(*v.Range) > 0 { @@ -3495,9 +3556,9 @@ func awsRestxml_serializeOpHttpBindingsGetObjectAttributesInput(v *GetObjectAttr } } - if v.MaxParts != 0 { + if v.MaxParts != nil { locationName := "X-Amz-Max-Parts" - encoder.SetHeader(locationName).Integer(v.MaxParts) + encoder.SetHeader(locationName).Integer(*v.MaxParts) } if v.ObjectAttributes != nil { @@ -4133,8 +4194,8 @@ func awsRestxml_serializeOpHttpBindingsHeadObjectInput(v *HeadObjectInput, encod } } - if v.PartNumber != 0 { - encoder.SetQuery("partNumber").Integer(v.PartNumber) + if v.PartNumber != nil { + encoder.SetQuery("partNumber").Integer(*v.PartNumber) } if v.Range != nil && len(*v.Range) > 0 { @@ -4445,7 +4506,7 @@ func (m *awsRestxml_serializeOpListBuckets) HandleSerialize(ctx context.Context, return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} } - opPath, opQuery := httpbinding.SplitURI("/") + opPath, opQuery := httpbinding.SplitURI("/?x-id=ListBuckets") request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) request.Method = "GET" @@ -4476,6 +4537,70 @@ func awsRestxml_serializeOpHttpBindingsListBucketsInput(v *ListBucketsInput, enc return nil } +type awsRestxml_serializeOpListDirectoryBuckets struct { +} + +func (*awsRestxml_serializeOpListDirectoryBuckets) ID() string { + return "OperationSerializer" +} + +func (m *awsRestxml_serializeOpListDirectoryBuckets) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*ListDirectoryBucketsInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/?x-id=ListDirectoryBuckets") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "GET" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if err := awsRestxml_serializeOpHttpBindingsListDirectoryBucketsInput(input, restEncoder); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} +func awsRestxml_serializeOpHttpBindingsListDirectoryBucketsInput(v *ListDirectoryBucketsInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + if v.ContinuationToken != nil { + encoder.SetQuery("continuation-token").String(*v.ContinuationToken) + } + + if v.MaxDirectoryBuckets != nil { + encoder.SetQuery("max-directory-buckets").Integer(*v.MaxDirectoryBuckets) + } + + return nil +} + type awsRestxml_serializeOpListMultipartUploads struct { } @@ -4546,8 +4671,8 @@ func awsRestxml_serializeOpHttpBindingsListMultipartUploadsInput(v *ListMultipar encoder.SetQuery("key-marker").String(*v.KeyMarker) } - if v.MaxUploads != 0 { - encoder.SetQuery("max-uploads").Integer(v.MaxUploads) + if v.MaxUploads != nil { + encoder.SetQuery("max-uploads").Integer(*v.MaxUploads) } if v.Prefix != nil { @@ -4636,8 +4761,8 @@ func awsRestxml_serializeOpHttpBindingsListObjectsInput(v *ListObjectsInput, enc encoder.SetQuery("marker").String(*v.Marker) } - if v.MaxKeys != 0 { - encoder.SetQuery("max-keys").Integer(v.MaxKeys) + if v.MaxKeys != nil { + encoder.SetQuery("max-keys").Integer(*v.MaxKeys) } if v.OptionalObjectAttributes != nil { @@ -4736,12 +4861,12 @@ func awsRestxml_serializeOpHttpBindingsListObjectsV2Input(v *ListObjectsV2Input, encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner) } - if v.FetchOwner { - encoder.SetQuery("fetch-owner").Boolean(v.FetchOwner) + if v.FetchOwner != nil { + encoder.SetQuery("fetch-owner").Boolean(*v.FetchOwner) } - if v.MaxKeys != 0 { - encoder.SetQuery("max-keys").Integer(v.MaxKeys) + if v.MaxKeys != nil { + encoder.SetQuery("max-keys").Integer(*v.MaxKeys) } if v.OptionalObjectAttributes != nil { @@ -4844,8 +4969,8 @@ func awsRestxml_serializeOpHttpBindingsListObjectVersionsInput(v *ListObjectVers encoder.SetQuery("key-marker").String(*v.KeyMarker) } - if v.MaxKeys != 0 { - encoder.SetQuery("max-keys").Integer(v.MaxKeys) + if v.MaxKeys != nil { + encoder.SetQuery("max-keys").Integer(*v.MaxKeys) } if v.OptionalObjectAttributes != nil { @@ -4945,8 +5070,8 @@ func awsRestxml_serializeOpHttpBindingsListPartsInput(v *ListPartsInput, encoder } } - if v.MaxParts != 0 { - encoder.SetQuery("max-parts").Integer(v.MaxParts) + if v.MaxParts != nil { + encoder.SetQuery("max-parts").Integer(*v.MaxParts) } if v.PartNumberMarker != nil { @@ -6003,9 +6128,9 @@ func awsRestxml_serializeOpHttpBindingsPutBucketNotificationConfigurationInput(v encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner) } - if v.SkipDestinationValidation { + if v.SkipDestinationValidation != nil { locationName := "X-Amz-Skip-Destination-Validation" - encoder.SetHeader(locationName).Boolean(v.SkipDestinationValidation) + encoder.SetHeader(locationName).Boolean(*v.SkipDestinationValidation) } return nil @@ -6171,9 +6296,9 @@ func awsRestxml_serializeOpHttpBindingsPutBucketPolicyInput(v *PutBucketPolicyIn encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm)) } - if v.ConfirmRemoveSelfBucketAccess { + if v.ConfirmRemoveSelfBucketAccess != nil { locationName := "X-Amz-Confirm-Remove-Self-Bucket-Access" - encoder.SetHeader(locationName).Boolean(v.ConfirmRemoveSelfBucketAccess) + encoder.SetHeader(locationName).Boolean(*v.ConfirmRemoveSelfBucketAccess) } if v.ContentMD5 != nil && len(*v.ContentMD5) > 0 { @@ -6744,9 +6869,9 @@ func awsRestxml_serializeOpHttpBindingsPutObjectInput(v *PutObjectInput, encoder encoder.SetHeader(locationName).String(string(v.ACL)) } - if v.BucketKeyEnabled { + if v.BucketKeyEnabled != nil { locationName := "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled" - encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled) + encoder.SetHeader(locationName).Boolean(*v.BucketKeyEnabled) } if v.CacheControl != nil && len(*v.CacheControl) > 0 { @@ -6794,9 +6919,9 @@ func awsRestxml_serializeOpHttpBindingsPutObjectInput(v *PutObjectInput, encoder encoder.SetHeader(locationName).String(*v.ContentLanguage) } - if v.ContentLength != 0 { + if v.ContentLength != nil { locationName := "Content-Length" - encoder.SetHeader(locationName).Long(v.ContentLength) + encoder.SetHeader(locationName).Long(*v.ContentLength) } if v.ContentMD5 != nil && len(*v.ContentMD5) > 0 { @@ -7363,9 +7488,9 @@ func awsRestxml_serializeOpHttpBindingsPutObjectRetentionInput(v *PutObjectReten return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.BypassGovernanceRetention { + if v.BypassGovernanceRetention != nil { locationName := "X-Amz-Bypass-Governance-Retention" - encoder.SetHeader(locationName).Boolean(v.BypassGovernanceRetention) + encoder.SetHeader(locationName).Boolean(*v.BypassGovernanceRetention) } if len(v.ChecksumAlgorithm) > 0 { @@ -7992,9 +8117,9 @@ func awsRestxml_serializeOpHttpBindingsUploadPartInput(v *UploadPartInput, encod encoder.SetHeader(locationName).String(*v.ChecksumSHA256) } - if v.ContentLength != 0 { + if v.ContentLength != nil { locationName := "Content-Length" - encoder.SetHeader(locationName).Long(v.ContentLength) + encoder.SetHeader(locationName).Long(*v.ContentLength) } if v.ContentMD5 != nil && len(*v.ContentMD5) > 0 { @@ -8016,8 +8141,8 @@ func awsRestxml_serializeOpHttpBindingsUploadPartInput(v *UploadPartInput, encod } } - { - encoder.SetQuery("partNumber").Integer(v.PartNumber) + if v.PartNumber != nil { + encoder.SetQuery("partNumber").Integer(*v.PartNumber) } if len(v.RequestPayer) > 0 { @@ -8164,8 +8289,8 @@ func awsRestxml_serializeOpHttpBindingsUploadPartCopyInput(v *UploadPartCopyInpu } } - { - encoder.SetQuery("partNumber").Integer(v.PartNumber) + if v.PartNumber != nil { + encoder.SetQuery("partNumber").Integer(*v.PartNumber) } if len(v.RequestPayer) > 0 { @@ -8265,9 +8390,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(*v.AcceptRanges) } - if v.BucketKeyEnabled { + if v.BucketKeyEnabled != nil { locationName := "X-Amz-Fwd-Header-X-Amz-Server-Side-Encryption-Bucket-Key-Enabled" - encoder.SetHeader(locationName).Boolean(v.BucketKeyEnabled) + encoder.SetHeader(locationName).Boolean(*v.BucketKeyEnabled) } if v.CacheControl != nil && len(*v.CacheControl) > 0 { @@ -8310,9 +8435,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(*v.ContentLanguage) } - if v.ContentLength != 0 { + if v.ContentLength != nil { locationName := "Content-Length" - encoder.SetHeader(locationName).Long(v.ContentLength) + encoder.SetHeader(locationName).Long(*v.ContentLength) } if v.ContentRange != nil && len(*v.ContentRange) > 0 { @@ -8325,9 +8450,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(*v.ContentType) } - if v.DeleteMarker { + if v.DeleteMarker != nil { locationName := "X-Amz-Fwd-Header-X-Amz-Delete-Marker" - encoder.SetHeader(locationName).Boolean(v.DeleteMarker) + encoder.SetHeader(locationName).Boolean(*v.DeleteMarker) } if v.ErrorCode != nil && len(*v.ErrorCode) > 0 { @@ -8369,9 +8494,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb } } - if v.MissingMeta != 0 { + if v.MissingMeta != nil { locationName := "X-Amz-Fwd-Header-X-Amz-Missing-Meta" - encoder.SetHeader(locationName).Integer(v.MissingMeta) + encoder.SetHeader(locationName).Integer(*v.MissingMeta) } if len(v.ObjectLockLegalHoldStatus) > 0 { @@ -8389,9 +8514,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(smithytime.FormatDateTime(*v.ObjectLockRetainUntilDate)) } - if v.PartsCount != 0 { + if v.PartsCount != nil { locationName := "X-Amz-Fwd-Header-X-Amz-Mp-Parts-Count" - encoder.SetHeader(locationName).Integer(v.PartsCount) + encoder.SetHeader(locationName).Integer(*v.PartsCount) } if len(v.ReplicationStatus) > 0 { @@ -8439,9 +8564,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(*v.SSEKMSKeyId) } - if v.StatusCode != 0 { + if v.StatusCode != nil { locationName := "X-Amz-Fwd-Status" - encoder.SetHeader(locationName).Integer(v.StatusCode) + encoder.SetHeader(locationName).Integer(*v.StatusCode) } if len(v.StorageClass) > 0 { @@ -8449,9 +8574,9 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(string(v.StorageClass)) } - if v.TagCount != 0 { + if v.TagCount != nil { locationName := "X-Amz-Fwd-Header-X-Amz-Tagging-Count" - encoder.SetHeader(locationName).Integer(v.TagCount) + encoder.SetHeader(locationName).Integer(*v.TagCount) } if v.VersionId != nil && len(*v.VersionId) > 0 { @@ -8464,7 +8589,7 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb func awsRestxml_serializeDocumentAbortIncompleteMultipartUpload(v *types.AbortIncompleteMultipartUpload, value smithyxml.Value) error { defer value.Close() - if v.DaysAfterInitiation != 0 { + if v.DaysAfterInitiation != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -8473,7 +8598,7 @@ func awsRestxml_serializeDocumentAbortIncompleteMultipartUpload(v *types.AbortIn Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.DaysAfterInitiation) + el.Integer(*v.DaysAfterInitiation) } return nil } @@ -8765,6 +8890,33 @@ func awsRestxml_serializeDocumentAnalyticsS3BucketDestination(v *types.Analytics return nil } +func awsRestxml_serializeDocumentBucketInfo(v *types.BucketInfo, value smithyxml.Value) error { + defer value.Close() + if len(v.DataRedundancy) > 0 { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "DataRedundancy", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(string(v.DataRedundancy)) + } + if len(v.Type) > 0 { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "Type", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(string(v.Type)) + } + return nil +} + func awsRestxml_serializeDocumentBucketLifecycleConfiguration(v *types.BucketLifecycleConfiguration, value smithyxml.Value) error { defer value.Close() if v.Rules != nil { @@ -8876,7 +9028,7 @@ func awsRestxml_serializeDocumentCompletedPart(v *types.CompletedPart, value smi el := value.MemberElement(root) el.String(*v.ETag) } - if v.PartNumber != 0 { + if v.PartNumber != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -8885,7 +9037,7 @@ func awsRestxml_serializeDocumentCompletedPart(v *types.CompletedPart, value smi Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.PartNumber) + el.Integer(*v.PartNumber) } return nil } @@ -9015,7 +9167,7 @@ func awsRestxml_serializeDocumentCORSRule(v *types.CORSRule, value smithyxml.Val el := value.MemberElement(root) el.String(*v.ID) } - if v.MaxAgeSeconds != 0 { + if v.MaxAgeSeconds != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -9024,7 +9176,7 @@ func awsRestxml_serializeDocumentCORSRule(v *types.CORSRule, value smithyxml.Val Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.MaxAgeSeconds) + el.Integer(*v.MaxAgeSeconds) } return nil } @@ -9046,6 +9198,32 @@ func awsRestxml_serializeDocumentCORSRules(v []types.CORSRule, value smithyxml.V func awsRestxml_serializeDocumentCreateBucketConfiguration(v *types.CreateBucketConfiguration, value smithyxml.Value) error { defer value.Close() + if v.Bucket != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "Bucket", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + if err := awsRestxml_serializeDocumentBucketInfo(v.Bucket, el); err != nil { + return err + } + } + if v.Location != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "Location", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + if err := awsRestxml_serializeDocumentLocationInfo(v.Location, el); err != nil { + return err + } + } if len(v.LocationConstraint) > 0 { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ @@ -9062,7 +9240,7 @@ func awsRestxml_serializeDocumentCreateBucketConfiguration(v *types.CreateBucket func awsRestxml_serializeDocumentCSVInput(v *types.CSVInput, value smithyxml.Value) error { defer value.Close() - if v.AllowQuotedRecordDelimiter { + if v.AllowQuotedRecordDelimiter != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -9071,7 +9249,7 @@ func awsRestxml_serializeDocumentCSVInput(v *types.CSVInput, value smithyxml.Val Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.AllowQuotedRecordDelimiter) + el.Boolean(*v.AllowQuotedRecordDelimiter) } if v.Comments != nil { rootAttr := []smithyxml.Attr{} @@ -9204,7 +9382,7 @@ func awsRestxml_serializeDocumentCSVOutput(v *types.CSVOutput, value smithyxml.V func awsRestxml_serializeDocumentDefaultRetention(v *types.DefaultRetention, value smithyxml.Value) error { defer value.Close() - if v.Days != 0 { + if v.Days != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -9213,7 +9391,7 @@ func awsRestxml_serializeDocumentDefaultRetention(v *types.DefaultRetention, val Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Days) + el.Integer(*v.Days) } if len(v.Mode) > 0 { rootAttr := []smithyxml.Attr{} @@ -9226,7 +9404,7 @@ func awsRestxml_serializeDocumentDefaultRetention(v *types.DefaultRetention, val el := value.MemberElement(root) el.String(string(v.Mode)) } - if v.Years != 0 { + if v.Years != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -9235,7 +9413,7 @@ func awsRestxml_serializeDocumentDefaultRetention(v *types.DefaultRetention, val Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Years) + el.Integer(*v.Years) } return nil } @@ -9255,7 +9433,7 @@ func awsRestxml_serializeDocumentDelete(v *types.Delete, value smithyxml.Value) return err } } - if v.Quiet { + if v.Quiet != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -9264,7 +9442,7 @@ func awsRestxml_serializeDocumentDelete(v *types.Delete, value smithyxml.Value) Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.Quiet) + el.Boolean(*v.Quiet) } return nil } @@ -9901,7 +10079,7 @@ func awsRestxml_serializeDocumentInventoryConfiguration(v *types.InventoryConfig el := value.MemberElement(root) el.String(string(v.IncludedObjectVersions)) } - { + if v.IsEnabled != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -9910,7 +10088,7 @@ func awsRestxml_serializeDocumentInventoryConfiguration(v *types.InventoryConfig Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.IsEnabled) + el.Boolean(*v.IsEnabled) } if v.OptionalFields != nil { rootAttr := []smithyxml.Attr{} @@ -10217,7 +10395,7 @@ func awsRestxml_serializeDocumentLifecycleExpiration(v *types.LifecycleExpiratio el := value.MemberElement(root) el.String(smithytime.FormatDateTime(*v.Date)) } - if v.Days != 0 { + if v.Days != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10226,9 +10404,9 @@ func awsRestxml_serializeDocumentLifecycleExpiration(v *types.LifecycleExpiratio Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Days) + el.Integer(*v.Days) } - if v.ExpiredObjectDeleteMarker { + if v.ExpiredObjectDeleteMarker != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10237,7 +10415,7 @@ func awsRestxml_serializeDocumentLifecycleExpiration(v *types.LifecycleExpiratio Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.ExpiredObjectDeleteMarker) + el.Boolean(*v.ExpiredObjectDeleteMarker) } return nil } @@ -10360,7 +10538,7 @@ func awsRestxml_serializeDocumentLifecycleRule(v *types.LifecycleRule, value smi func awsRestxml_serializeDocumentLifecycleRuleAndOperator(v *types.LifecycleRuleAndOperator, value smithyxml.Value) error { defer value.Close() - if v.ObjectSizeGreaterThan != 0 { + if v.ObjectSizeGreaterThan != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10369,9 +10547,9 @@ func awsRestxml_serializeDocumentLifecycleRuleAndOperator(v *types.LifecycleRule Attr: rootAttr, } el := value.MemberElement(root) - el.Long(v.ObjectSizeGreaterThan) + el.Long(*v.ObjectSizeGreaterThan) } - if v.ObjectSizeLessThan != 0 { + if v.ObjectSizeLessThan != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10380,7 +10558,7 @@ func awsRestxml_serializeDocumentLifecycleRuleAndOperator(v *types.LifecycleRule Attr: rootAttr, } el := value.MemberElement(root) - el.Long(v.ObjectSizeLessThan) + el.Long(*v.ObjectSizeLessThan) } if v.Prefix != nil { rootAttr := []smithyxml.Attr{} @@ -10493,6 +10671,33 @@ func awsRestxml_serializeDocumentLifecycleRules(v []types.LifecycleRule, value s return nil } +func awsRestxml_serializeDocumentLocationInfo(v *types.LocationInfo, value smithyxml.Value) error { + defer value.Close() + if v.Name != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "Name", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.Name) + } + if len(v.Type) > 0 { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "Type", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(string(v.Type)) + } + return nil +} + func awsRestxml_serializeDocumentLoggingEnabled(v *types.LoggingEnabled, value smithyxml.Value) error { defer value.Close() if v.TargetBucket != nil { @@ -10519,6 +10724,19 @@ func awsRestxml_serializeDocumentLoggingEnabled(v *types.LoggingEnabled, value s return err } } + if v.TargetObjectKeyFormat != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "TargetObjectKeyFormat", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + if err := awsRestxml_serializeDocumentTargetObjectKeyFormat(v.TargetObjectKeyFormat, el); err != nil { + return err + } + } if v.TargetPrefix != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ @@ -10718,7 +10936,7 @@ func awsRestxml_serializeDocumentMetricsFilter(v types.MetricsFilter, value smit func awsRestxml_serializeDocumentNoncurrentVersionExpiration(v *types.NoncurrentVersionExpiration, value smithyxml.Value) error { defer value.Close() - if v.NewerNoncurrentVersions != 0 { + if v.NewerNoncurrentVersions != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10727,9 +10945,9 @@ func awsRestxml_serializeDocumentNoncurrentVersionExpiration(v *types.Noncurrent Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.NewerNoncurrentVersions) + el.Integer(*v.NewerNoncurrentVersions) } - if v.NoncurrentDays != 0 { + if v.NoncurrentDays != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10738,14 +10956,14 @@ func awsRestxml_serializeDocumentNoncurrentVersionExpiration(v *types.Noncurrent Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.NoncurrentDays) + el.Integer(*v.NoncurrentDays) } return nil } func awsRestxml_serializeDocumentNoncurrentVersionTransition(v *types.NoncurrentVersionTransition, value smithyxml.Value) error { defer value.Close() - if v.NewerNoncurrentVersions != 0 { + if v.NewerNoncurrentVersions != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10754,9 +10972,9 @@ func awsRestxml_serializeDocumentNoncurrentVersionTransition(v *types.Noncurrent Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.NewerNoncurrentVersions) + el.Integer(*v.NewerNoncurrentVersions) } - if v.NoncurrentDays != 0 { + if v.NoncurrentDays != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -10765,7 +10983,7 @@ func awsRestxml_serializeDocumentNoncurrentVersionTransition(v *types.Noncurrent Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.NoncurrentDays) + el.Integer(*v.NoncurrentDays) } if len(v.StorageClass) > 0 { rootAttr := []smithyxml.Attr{} @@ -11133,9 +11351,25 @@ func awsRestxml_serializeDocumentParquetInput(v *types.ParquetInput, value smith return nil } +func awsRestxml_serializeDocumentPartitionedPrefix(v *types.PartitionedPrefix, value smithyxml.Value) error { + defer value.Close() + if len(v.PartitionDateSource) > 0 { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "PartitionDateSource", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(string(v.PartitionDateSource)) + } + return nil +} + func awsRestxml_serializeDocumentPublicAccessBlockConfiguration(v *types.PublicAccessBlockConfiguration, value smithyxml.Value) error { defer value.Close() - if v.BlockPublicAcls { + if v.BlockPublicAcls != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11144,9 +11378,9 @@ func awsRestxml_serializeDocumentPublicAccessBlockConfiguration(v *types.PublicA Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.BlockPublicAcls) + el.Boolean(*v.BlockPublicAcls) } - if v.BlockPublicPolicy { + if v.BlockPublicPolicy != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11155,9 +11389,9 @@ func awsRestxml_serializeDocumentPublicAccessBlockConfiguration(v *types.PublicA Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.BlockPublicPolicy) + el.Boolean(*v.BlockPublicPolicy) } - if v.IgnorePublicAcls { + if v.IgnorePublicAcls != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11166,9 +11400,9 @@ func awsRestxml_serializeDocumentPublicAccessBlockConfiguration(v *types.PublicA Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.IgnorePublicAcls) + el.Boolean(*v.IgnorePublicAcls) } - if v.RestrictPublicBuckets { + if v.RestrictPublicBuckets != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11177,7 +11411,7 @@ func awsRestxml_serializeDocumentPublicAccessBlockConfiguration(v *types.PublicA Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.RestrictPublicBuckets) + el.Boolean(*v.RestrictPublicBuckets) } return nil } @@ -11458,7 +11692,7 @@ func awsRestxml_serializeDocumentReplicationRule(v *types.ReplicationRule, value el := value.MemberElement(root) el.String(*v.Prefix) } - if v.Priority != 0 { + if v.Priority != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11467,7 +11701,7 @@ func awsRestxml_serializeDocumentReplicationRule(v *types.ReplicationRule, value Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Priority) + el.Integer(*v.Priority) } if v.SourceSelectionCriteria != nil { rootAttr := []smithyxml.Attr{} @@ -11618,7 +11852,7 @@ func awsRestxml_serializeDocumentReplicationTime(v *types.ReplicationTime, value func awsRestxml_serializeDocumentReplicationTimeValue(v *types.ReplicationTimeValue, value smithyxml.Value) error { defer value.Close() - if v.Minutes != 0 { + if v.Minutes != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11627,7 +11861,7 @@ func awsRestxml_serializeDocumentReplicationTimeValue(v *types.ReplicationTimeVa Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Minutes) + el.Integer(*v.Minutes) } return nil } @@ -11650,7 +11884,7 @@ func awsRestxml_serializeDocumentRequestPaymentConfiguration(v *types.RequestPay func awsRestxml_serializeDocumentRequestProgress(v *types.RequestProgress, value smithyxml.Value) error { defer value.Close() - if v.Enabled { + if v.Enabled != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11659,14 +11893,14 @@ func awsRestxml_serializeDocumentRequestProgress(v *types.RequestProgress, value Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.Enabled) + el.Boolean(*v.Enabled) } return nil } func awsRestxml_serializeDocumentRestoreRequest(v *types.RestoreRequest, value smithyxml.Value) error { defer value.Close() - if v.Days != 0 { + if v.Days != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11675,7 +11909,7 @@ func awsRestxml_serializeDocumentRestoreRequest(v *types.RestoreRequest, value s Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Days) + el.Integer(*v.Days) } if v.Description != nil { rootAttr := []smithyxml.Attr{} @@ -11926,7 +12160,7 @@ func awsRestxml_serializeDocumentS3Location(v *types.S3Location, value smithyxml func awsRestxml_serializeDocumentScanRange(v *types.ScanRange, value smithyxml.Value) error { defer value.Close() - if v.End != 0 { + if v.End != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11935,9 +12169,9 @@ func awsRestxml_serializeDocumentScanRange(v *types.ScanRange, value smithyxml.V Attr: rootAttr, } el := value.MemberElement(root) - el.Long(v.End) + el.Long(*v.End) } - if v.Start != 0 { + if v.Start != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -11946,7 +12180,7 @@ func awsRestxml_serializeDocumentScanRange(v *types.ScanRange, value smithyxml.V Attr: rootAttr, } el := value.MemberElement(root) - el.Long(v.Start) + el.Long(*v.Start) } return nil } @@ -12064,7 +12298,7 @@ func awsRestxml_serializeDocumentServerSideEncryptionRule(v *types.ServerSideEnc return err } } - if v.BucketKeyEnabled { + if v.BucketKeyEnabled != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -12073,7 +12307,7 @@ func awsRestxml_serializeDocumentServerSideEncryptionRule(v *types.ServerSideEnc Attr: rootAttr, } el := value.MemberElement(root) - el.Boolean(v.BucketKeyEnabled) + el.Boolean(*v.BucketKeyEnabled) } return nil } @@ -12093,6 +12327,11 @@ func awsRestxml_serializeDocumentServerSideEncryptionRules(v []types.ServerSideE return nil } +func awsRestxml_serializeDocumentSimplePrefix(v *types.SimplePrefix, value smithyxml.Value) error { + defer value.Close() + return nil +} + func awsRestxml_serializeDocumentSourceSelectionCriteria(v *types.SourceSelectionCriteria, value smithyxml.Value) error { defer value.Close() if v.ReplicaModifications != nil { @@ -12332,6 +12571,37 @@ func awsRestxml_serializeDocumentTargetGrants(v []types.TargetGrant, value smith return nil } +func awsRestxml_serializeDocumentTargetObjectKeyFormat(v *types.TargetObjectKeyFormat, value smithyxml.Value) error { + defer value.Close() + if v.PartitionedPrefix != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "PartitionedPrefix", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + if err := awsRestxml_serializeDocumentPartitionedPrefix(v.PartitionedPrefix, el); err != nil { + return err + } + } + if v.SimplePrefix != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "SimplePrefix", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + if err := awsRestxml_serializeDocumentSimplePrefix(v.SimplePrefix, el); err != nil { + return err + } + } + return nil +} + func awsRestxml_serializeDocumentTiering(v *types.Tiering, value smithyxml.Value) error { defer value.Close() if len(v.AccessTier) > 0 { @@ -12345,7 +12615,7 @@ func awsRestxml_serializeDocumentTiering(v *types.Tiering, value smithyxml.Value el := value.MemberElement(root) el.String(string(v.AccessTier)) } - { + if v.Days != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -12354,7 +12624,7 @@ func awsRestxml_serializeDocumentTiering(v *types.Tiering, value smithyxml.Value Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Days) + el.Integer(*v.Days) } return nil } @@ -12455,7 +12725,7 @@ func awsRestxml_serializeDocumentTransition(v *types.Transition, value smithyxml el := value.MemberElement(root) el.String(smithytime.FormatDateTime(*v.Date)) } - if v.Days != 0 { + if v.Days != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ Name: smithyxml.Name{ @@ -12464,7 +12734,7 @@ func awsRestxml_serializeDocumentTransition(v *types.Transition, value smithyxml Attr: rootAttr, } el := value.MemberElement(root) - el.Integer(v.Days) + el.Integer(*v.Days) } if len(v.StorageClass) > 0 { rootAttr := []smithyxml.Attr{} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go index 613da169d..ea3b9c82a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go @@ -86,6 +86,7 @@ const ( BucketLocationConstraintApNortheast2 BucketLocationConstraint = "ap-northeast-2" BucketLocationConstraintApNortheast3 BucketLocationConstraint = "ap-northeast-3" BucketLocationConstraintApSouth1 BucketLocationConstraint = "ap-south-1" + BucketLocationConstraintApSouth2 BucketLocationConstraint = "ap-south-2" BucketLocationConstraintApSoutheast1 BucketLocationConstraint = "ap-southeast-1" BucketLocationConstraintApSoutheast2 BucketLocationConstraint = "ap-southeast-2" BucketLocationConstraintApSoutheast3 BucketLocationConstraint = "ap-southeast-3" @@ -96,6 +97,7 @@ const ( BucketLocationConstraintEuCentral1 BucketLocationConstraint = "eu-central-1" BucketLocationConstraintEuNorth1 BucketLocationConstraint = "eu-north-1" BucketLocationConstraintEuSouth1 BucketLocationConstraint = "eu-south-1" + BucketLocationConstraintEuSouth2 BucketLocationConstraint = "eu-south-2" BucketLocationConstraintEuWest1 BucketLocationConstraint = "eu-west-1" BucketLocationConstraintEuWest2 BucketLocationConstraint = "eu-west-2" BucketLocationConstraintEuWest3 BucketLocationConstraint = "eu-west-3" @@ -106,8 +108,6 @@ const ( BucketLocationConstraintUsGovWest1 BucketLocationConstraint = "us-gov-west-1" BucketLocationConstraintUsWest1 BucketLocationConstraint = "us-west-1" BucketLocationConstraintUsWest2 BucketLocationConstraint = "us-west-2" - BucketLocationConstraintApSouth2 BucketLocationConstraint = "ap-south-2" - BucketLocationConstraintEuSouth2 BucketLocationConstraint = "eu-south-2" ) // Values returns all known values for BucketLocationConstraint. Note that this @@ -121,6 +121,7 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint { "ap-northeast-2", "ap-northeast-3", "ap-south-1", + "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", @@ -131,6 +132,7 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint { "eu-central-1", "eu-north-1", "eu-south-1", + "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", @@ -141,8 +143,6 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint { "us-gov-west-1", "us-west-1", "us-west-2", - "ap-south-2", - "eu-south-2", } } @@ -166,6 +166,22 @@ func (BucketLogsPermission) Values() []BucketLogsPermission { } } +type BucketType string + +// Enum values for BucketType +const ( + BucketTypeDirectory BucketType = "Directory" +) + +// Values returns all known values for BucketType. Note that this can be expanded +// in the future, and so it is only as up to date as the client. The ordering of +// this slice is not guaranteed to be stable across updates. +func (BucketType) Values() []BucketType { + return []BucketType{ + "Directory", + } +} + type BucketVersioningStatus string // Enum values for BucketVersioningStatus @@ -242,6 +258,22 @@ func (CompressionType) Values() []CompressionType { } } +type DataRedundancy string + +// Enum values for DataRedundancy +const ( + DataRedundancySingleAvailabilityZone DataRedundancy = "SingleAvailabilityZone" +) + +// Values returns all known values for DataRedundancy. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (DataRedundancy) Values() []DataRedundancy { + return []DataRedundancy{ + "SingleAvailabilityZone", + } +} + type DeleteMarkerReplicationStatus string // Enum values for DeleteMarkerReplicationStatus @@ -592,6 +624,22 @@ func (JSONType) Values() []JSONType { } } +type LocationType string + +// Enum values for LocationType +const ( + LocationTypeAvailabilityZone LocationType = "AvailabilityZone" +) + +// Values returns all known values for LocationType. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (LocationType) Values() []LocationType { + return []LocationType{ + "AvailabilityZone", + } +} + type MetadataDirective string // Enum values for MetadataDirective @@ -820,6 +868,7 @@ const ( ObjectStorageClassOutposts ObjectStorageClass = "OUTPOSTS" ObjectStorageClassGlacierIr ObjectStorageClass = "GLACIER_IR" ObjectStorageClassSnow ObjectStorageClass = "SNOW" + ObjectStorageClassExpressOnezone ObjectStorageClass = "EXPRESS_ONEZONE" ) // Values returns all known values for ObjectStorageClass. Note that this can be @@ -837,6 +886,7 @@ func (ObjectStorageClass) Values() []ObjectStorageClass { "OUTPOSTS", "GLACIER_IR", "SNOW", + "EXPRESS_ONEZONE", } } @@ -888,6 +938,24 @@ func (OwnerOverride) Values() []OwnerOverride { } } +type PartitionDateSource string + +// Enum values for PartitionDateSource +const ( + PartitionDateSourceEventTime PartitionDateSource = "EventTime" + PartitionDateSourceDeliveryTime PartitionDateSource = "DeliveryTime" +) + +// Values returns all known values for PartitionDateSource. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (PartitionDateSource) Values() []PartitionDateSource { + return []PartitionDateSource{ + "EventTime", + "DeliveryTime", + } +} + type Payer string // Enum values for Payer @@ -1112,6 +1180,24 @@ func (ServerSideEncryption) Values() []ServerSideEncryption { } } +type SessionMode string + +// Enum values for SessionMode +const ( + SessionModeReadOnly SessionMode = "ReadOnly" + SessionModeReadWrite SessionMode = "ReadWrite" +) + +// Values returns all known values for SessionMode. Note that this can be expanded +// in the future, and so it is only as up to date as the client. The ordering of +// this slice is not guaranteed to be stable across updates. +func (SessionMode) Values() []SessionMode { + return []SessionMode{ + "ReadOnly", + "ReadWrite", + } +} + type SseKmsEncryptedObjectsStatus string // Enum values for SseKmsEncryptedObjectsStatus @@ -1145,6 +1231,7 @@ const ( StorageClassOutposts StorageClass = "OUTPOSTS" StorageClassGlacierIr StorageClass = "GLACIER_IR" StorageClassSnow StorageClass = "SNOW" + StorageClassExpressOnezone StorageClass = "EXPRESS_ONEZONE" ) // Values returns all known values for StorageClass. Note that this can be @@ -1162,6 +1249,7 @@ func (StorageClass) Values() []StorageClass { "OUTPOSTS", "GLACIER_IR", "SNOW", + "EXPRESS_ONEZONE", } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go index f3837866d..166484f4e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go @@ -64,7 +64,14 @@ func (e *BucketAlreadyOwnedByYou) ErrorCode() string { } func (e *BucketAlreadyOwnedByYou) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// Object is archived and inaccessible until restored. +// Object is archived and inaccessible until restored. If the object you are +// retrieving is stored in the S3 Glacier Flexible Retrieval storage class, the S3 +// Glacier Deep Archive storage class, the S3 Intelligent-Tiering Archive Access +// tier, or the S3 Intelligent-Tiering Deep Archive Access tier, before you can +// retrieve the object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) +// . Otherwise, this operation returns an InvalidObjectState error. For +// information about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. type InvalidObjectState struct { Message *string diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go index 3ddea0a24..d3f7593fe 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go @@ -16,7 +16,7 @@ type AbortIncompleteMultipartUpload struct { // Specifies the number of days after which Amazon S3 aborts an incomplete // multipart upload. - DaysAfterInitiation int32 + DaysAfterInitiation *int32 noSmithyDocumentSerde } @@ -173,9 +173,7 @@ type AnalyticsS3BucketDestination struct { noSmithyDocumentSerde } -// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name is -// globally unique, and the namespace is shared by all Amazon Web Services -// accounts. +// In terms of implementation, a Bucket is a resource. type Bucket struct { // Date the bucket was created. This date can change when making changes to your @@ -188,6 +186,21 @@ type Bucket struct { noSmithyDocumentSerde } +// Specifies the information about the bucket that will be created. For more +// information about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. This functionality is only supported by directory +// buckets. +type BucketInfo struct { + + // The number of Availability Zone that's used for redundancy for the bucket. + DataRedundancy DataRedundancy + + // The type of bucket. + Type BucketType + + noSmithyDocumentSerde +} + // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. For // more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) // in the Amazon S3 User Guide. @@ -216,30 +229,38 @@ type BucketLoggingStatus struct { type Checksum struct { // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string @@ -273,30 +294,38 @@ type CompletedMultipartUpload struct { type CompletedPart struct { // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string @@ -305,7 +334,15 @@ type CompletedPart struct { // Part number that identifies the part. This is a positive integer between 1 and // 10,000. - PartNumber int32 + // - General purpose buckets - In CompleteMultipartUpload , when a additional + // checksum (including x-amz-checksum-crc32 , x-amz-checksum-crc32c , + // x-amz-checksum-sha1 , or x-amz-checksum-sha256 ) is applied to each part, the + // PartNumber must start at 1 and the part numbers must be consecutive. + // Otherwise, Amazon S3 generates an HTTP 400 Bad Request status code and an + // InvalidPartOrder error code. + // - Directory buckets - In CompleteMultipartUpload , the PartNumber must start + // at 1 and the part numbers must be consecutive. + PartNumber *int32 noSmithyDocumentSerde } @@ -346,30 +383,26 @@ type ContinuationEvent struct { type CopyObjectResult struct { // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string @@ -387,30 +420,38 @@ type CopyObjectResult struct { type CopyPartResult struct { // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string @@ -466,7 +507,7 @@ type CORSRule struct { // The time in seconds that your browser is to cache the preflight response for // the specified resource. - MaxAgeSeconds int32 + MaxAgeSeconds *int32 noSmithyDocumentSerde } @@ -474,8 +515,23 @@ type CORSRule struct { // The configuration information for the bucket. type CreateBucketConfiguration struct { - // Specifies the Region where the bucket will be created. If you don't specify a - // Region, the bucket is created in the US East (N. Virginia) Region (us-east-1). + // Specifies the information about the bucket that will be created. This + // functionality is only supported by directory buckets. + Bucket *BucketInfo + + // Specifies the location where the bucket will be created. For directory buckets, + // the location type is Availability Zone. This functionality is only supported by + // directory buckets. + Location *LocationInfo + + // Specifies the Region where the bucket will be created. You might choose a + // Region to optimize latency, minimize costs, or address regulatory requirements. + // For example, if you reside in Europe, you will probably find it advantageous to + // create buckets in the Europe (Ireland) Region. For more information, see + // Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro) + // in the Amazon S3 User Guide. If you don't specify a Region, the bucket is + // created in the US East (N. Virginia) Region (us-east-1) by default. This + // functionality is not supported for directory buckets. LocationConstraint BucketLocationConstraint noSmithyDocumentSerde @@ -488,7 +544,7 @@ type CSVInput struct { // Specifies that CSV field values may contain quoted record delimiters and such // records should be allowed. Default value is FALSE. Setting this value to TRUE // may lower performance. - AllowQuotedRecordDelimiter bool + AllowQuotedRecordDelimiter *bool // A single character used to indicate that a row should be ignored when the // character is present at the start of that row. You can specify any character to @@ -563,7 +619,7 @@ type DefaultRetention struct { // The number of days that you want to specify for the default retention period. // Must be used with Mode . - Days int32 + Days *int32 // The default Object Lock retention mode you want to apply to new objects placed // in the specified bucket. Must be used with either Days or Years . @@ -571,7 +627,7 @@ type DefaultRetention struct { // The number of years that you want to specify for the default retention period. // Must be used with Mode . - Years int32 + Years *int32 noSmithyDocumentSerde } @@ -579,14 +635,17 @@ type DefaultRetention struct { // Container for the objects to delete. type Delete struct { - // The object to delete. + // The object to delete. Directory buckets - For directory buckets, an object + // that's composed entirely of whitespace characters is not supported by the + // DeleteObjects API operation. The request will receive a 400 Bad Request error + // and none of the objects in the request will be deleted. // // This member is required. Objects []ObjectIdentifier // Element to enable quiet mode for the request. When you add this element, you - // must set its value to true. - Quiet bool + // must set its value to true . + Quiet *bool noSmithyDocumentSerde } @@ -597,18 +656,21 @@ type DeletedObject struct { // Indicates whether the specified object version that was permanently deleted was // (true) or was not (false) a delete marker before deletion. In a simple DELETE, // this header indicates whether (true) or not (false) the current version of the - // object is a delete marker. - DeleteMarker bool + // object is a delete marker. This functionality is not supported for directory + // buckets. + DeleteMarker *bool // The version ID of the delete marker created as a result of the DELETE // operation. If you delete a specific object version, the value returned by this - // header is the version ID of the object version deleted. + // header is the version ID of the object version deleted. This functionality is + // not supported for directory buckets. DeleteMarkerVersionId *string // The name of the deleted object. Key *string - // The version ID of the deleted object. + // The version ID of the deleted object. This functionality is not supported for + // directory buckets. VersionId *string noSmithyDocumentSerde @@ -619,12 +681,12 @@ type DeleteMarkerEntry struct { // Specifies whether the object is (true) or is not (false) the latest version of // an object. - IsLatest bool + IsLatest *bool // The object key. Key *string - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time // The account that created the delete marker.> @@ -1178,7 +1240,8 @@ type Error struct { // error message. Message *string - // The version ID of the error. + // The version ID of the error. This functionality is not supported for directory + // buckets. VersionId *string noSmithyDocumentSerde @@ -1240,10 +1303,10 @@ type GetObjectAttributesParts struct { // Indicates whether the returned list of parts is truncated. A value of true // indicates that the list was truncated. A list can be truncated if the number of // parts exceeds the limit returned in the MaxParts element. - IsTruncated bool + IsTruncated *bool // The maximum number of parts allowed in the response. - MaxParts int32 + MaxParts *int32 // When a list is truncated, this element specifies the last part in the list, as // well as the value to use for the PartNumberMarker request parameter in a @@ -1255,10 +1318,17 @@ type GetObjectAttributesParts struct { // A container for elements related to a particular part. A response can contain // zero or more Parts elements. + // - General purpose buckets - For GetObjectAttributes , if a additional checksum + // (including x-amz-checksum-crc32 , x-amz-checksum-crc32c , x-amz-checksum-sha1 + // , or x-amz-checksum-sha256 ) isn't applied to the object specified in the + // request, the response doesn't return Part . + // - Directory buckets - For GetObjectAttributes , no matter whether a additional + // checksum is applied to the object specified in the request, the response returns + // Part . Parts []ObjectPart // The total number of parts. - TotalPartsCount int32 + TotalPartsCount *int32 noSmithyDocumentSerde } @@ -1342,11 +1412,15 @@ type IndexDocument struct { // Container element that identifies who initiated the multipart upload. type Initiator struct { - // Name of the Principal. + // Name of the Principal. This functionality is not supported for directory + // buckets. DisplayName *string // If the principal is an Amazon Web Services account, it provides the Canonical // User ID. If the principal is an IAM User, it provides a user ARN value. + // Directory buckets - If the principal is an Amazon Web Services account, it + // provides the Amazon Web Services account ID. If the principal is an IAM User, it + // provides a user ARN value. ID *string noSmithyDocumentSerde @@ -1463,7 +1537,7 @@ type InventoryConfiguration struct { // inventory list is generated. If set to False , no inventory list is generated. // // This member is required. - IsEnabled bool + IsEnabled *bool // Specifies the schedule for generating inventory results. // @@ -1617,13 +1691,13 @@ type LifecycleExpiration struct { // Indicates the lifetime, in days, of the objects that are subject to the rule. // The value must be a non-zero positive integer. - Days int32 + Days *int32 // Indicates whether Amazon S3 will remove a delete marker with no noncurrent // versions. If set to true, the delete marker will be expired; if set to false the // policy takes no action. This cannot be specified with Days or Date in a // Lifecycle Expiration Policy. - ExpiredObjectDeleteMarker bool + ExpiredObjectDeleteMarker *bool noSmithyDocumentSerde } @@ -1693,10 +1767,10 @@ type LifecycleRule struct { type LifecycleRuleAndOperator struct { // Minimum object size to which the rule applies. - ObjectSizeGreaterThan int64 + ObjectSizeGreaterThan *int64 // Maximum object size to which the rule applies. - ObjectSizeLessThan int64 + ObjectSizeLessThan *int64 // Prefix identifying one or more objects to which the rule applies. Prefix *string @@ -1773,6 +1847,24 @@ type LifecycleRuleFilterMemberTag struct { func (*LifecycleRuleFilterMemberTag) isLifecycleRuleFilter() {} +// Specifies the location where the bucket will be created. For directory buckets, +// the location type is Availability Zone. For more information about directory +// buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. This functionality is only supported by directory +// buckets. +type LocationInfo struct { + + // The name of the location where the bucket will be created. For directory + // buckets, the AZ ID of the Availability Zone where the bucket will be created. An + // example AZ ID value is usw2-az2 . + Name *string + + // The type of location where the bucket will be created. + Type LocationType + + noSmithyDocumentSerde +} + // Describes where logs are stored and the prefix that Amazon S3 assigns to all // log object keys for a bucket. For more information, see PUT Bucket logging (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) // in the Amazon S3 API Reference. @@ -1801,6 +1893,9 @@ type LoggingEnabled struct { // in the Amazon S3 User Guide. TargetGrants []TargetGrant + // Amazon S3 key format for log objects. + TargetObjectKeyFormat *TargetObjectKeyFormat + noSmithyDocumentSerde } @@ -1941,9 +2036,13 @@ type MultipartUpload struct { Key *string // Specifies the owner of the object that is part of the multipart upload. + // Directory buckets - The bucket owner is returned as the object owner for all the + // objects. Owner *Owner - // The class of storage used to store the object. + // The class of storage used to store the object. Directory buckets - Only the S3 + // Express One Zone storage class is supported by directory buckets to store + // objects. StorageClass StorageClass // Upload ID that identifies the multipart upload. @@ -1959,19 +2058,19 @@ type MultipartUpload struct { // the object's lifetime. type NoncurrentVersionExpiration struct { - // Specifies how many noncurrent versions Amazon S3 will retain. If there are this - // many more recent noncurrent versions, Amazon S3 will take the associated action. - // For more information about noncurrent versions, see Lifecycle configuration - // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) + // Specifies how many newer noncurrent versions must exist before Amazon S3 can + // perform the associated action on a given version. If there are this many more + // recent noncurrent versions, Amazon S3 will take the associated action. For more + // information about noncurrent versions, see Lifecycle configuration elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. - NewerNoncurrentVersions int32 + NewerNoncurrentVersions *int32 // Specifies the number of days an object is noncurrent before Amazon S3 can // perform the associated action. The value must be a non-zero positive integer. // For information about the noncurrent days calculations, see How Amazon S3 // Calculates When an Object Became Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) // in the Amazon S3 User Guide. - NoncurrentDays int32 + NoncurrentDays *int32 noSmithyDocumentSerde } @@ -1985,19 +2084,19 @@ type NoncurrentVersionExpiration struct { // specific period in the object's lifetime. type NoncurrentVersionTransition struct { - // Specifies how many noncurrent versions Amazon S3 will retain. If there are this - // many more recent noncurrent versions, Amazon S3 will take the associated action. - // For more information about noncurrent versions, see Lifecycle configuration - // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) + // Specifies how many newer noncurrent versions must exist before Amazon S3 can + // perform the associated action on a given version. If there are this many more + // recent noncurrent versions, Amazon S3 will take the associated action. For more + // information about noncurrent versions, see Lifecycle configuration elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. - NewerNoncurrentVersions int32 + NewerNoncurrentVersions *int32 // Specifies the number of days an object is noncurrent before Amazon S3 can // perform the associated action. For information about the noncurrent days // calculations, see How Amazon S3 Calculates How Long an Object Has Been // Noncurrent (https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations) // in the Amazon S3 User Guide. - NoncurrentDays int32 + NoncurrentDays *int32 // The class of storage used to store the object. StorageClass TransitionStorageClass @@ -2059,6 +2158,7 @@ type Object struct { // encryption. If an object is larger than 16 MB, the Amazon Web Services // Management Console will upload or copy that object as a Multipart Upload, and // therefore the ETag will not be an MD5 digest. + // Directory buckets - MD5 is not supported by directory buckets. ETag *string // The name that you assign to an object. You use the object key to retrieve the @@ -2068,20 +2168,25 @@ type Object struct { // Creation date of the object. LastModified *time.Time - // The owner of the object + // The owner of the object Directory buckets - The bucket owner is returned as the + // object owner. Owner *Owner // Specifies the restoration status of an object. Objects in certain storage // classes must be restored before they can be retrieved. For more information // about these storage classes and how to work with archived objects, see Working // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) - // in the Amazon S3 User Guide. + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. Only the S3 Express One Zone storage class is supported by directory + // buckets to store objects. RestoreStatus *RestoreStatus // Size in bytes of the object - Size int64 + Size *int64 - // The class of storage used to store the object. + // The class of storage used to store the object. Directory buckets - Only the S3 + // Express One Zone storage class is supported by directory buckets to store + // objects. StorageClass ObjectStorageClass noSmithyDocumentSerde @@ -2098,7 +2203,8 @@ type ObjectIdentifier struct { // This member is required. Key *string - // VersionId for the specific version of the object to delete. + // Version ID for the specific version of the object to delete. This functionality + // is not supported for directory buckets. VersionId *string noSmithyDocumentSerde @@ -2164,32 +2270,38 @@ type ObjectPart struct { ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string // The base64-encoded, 256-bit SHA-256 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string // The part number identifying the part. This value is a positive integer between // 1 and 10,000. - PartNumber int32 + PartNumber *int32 // The size of the uploaded part in bytes. - Size int64 + Size *int64 noSmithyDocumentSerde } @@ -2205,12 +2317,12 @@ type ObjectVersion struct { // Specifies whether the object is (true) or is not (false) the latest version of // an object. - IsLatest bool + IsLatest *bool // The object key. Key *string - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time // Specifies the owner of the object. @@ -2224,7 +2336,7 @@ type ObjectVersion struct { RestoreStatus *RestoreStatus // Size in bytes of the object. - Size int64 + Size *int64 // The class of storage used to store the object. StorageClass ObjectVersionStorageClass @@ -2269,6 +2381,7 @@ type Owner struct { // - Asia Pacific (Tokyo) // - Europe (Ireland) // - South America (São Paulo) + // This functionality is not supported for directory buckets. DisplayName *string // Container for the ID of the owner. @@ -2299,9 +2412,16 @@ type OwnershipControlsRule struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that don't - // specify an ACL or bucket owner full control ACLs, such as the - // bucket-owner-full-control canned ACL or an equivalent form of this ACL expressed - // in the XML format. + // specify an ACL or specify bucket owner full control ACLs (such as the predefined + // bucket-owner-full-control canned ACL or a custom ACL in XML format that grants + // the same permissions). By default, ObjectOwnership is set to BucketOwnerEnforced + // and ACLs are disabled. We recommend keeping ACLs disabled, except in uncommon + // use cases where you must control access for each object individually. For more + // information about S3 Object Ownership, see Controlling ownership of objects and + // disabling ACLs for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. This functionality is not supported for directory + // buckets. Directory buckets use the bucket owner enforced setting for S3 Object + // Ownership. // // This member is required. ObjectOwnership ObjectOwnership @@ -2325,16 +2445,20 @@ type Part struct { ChecksumCRC32 *string // The base64-encoded, 32-bit CRC32C checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this may not - // be a checksum value of the object. For more information about how checksums are - // calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation on an + // object that was uploaded using multipart uploads, this value may not be a direct + // checksum value of the full object. Instead, it's a calculation based on the + // checksum values of each individual part. For more information about how + // checksums are calculated with multipart uploads, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string @@ -2353,10 +2477,23 @@ type Part struct { // Part number identifying the part. This is a positive integer between 1 and // 10,000. - PartNumber int32 + PartNumber *int32 // Size in bytes of the uploaded part data. - Size int64 + Size *int64 + + noSmithyDocumentSerde +} + +// Amazon S3 keys for log objects are partitioned in the following format: +// [DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +// PartitionedPrefix defaults to EventTime delivery when server access logs are +// delivered. +type PartitionedPrefix struct { + + // Specifies the partition date source for the partitioned prefix. + // PartitionDateSource can be EventTime or DeliveryTime. + PartitionDateSource PartitionDateSource noSmithyDocumentSerde } @@ -2366,7 +2503,7 @@ type PolicyStatus struct { // The policy status for this bucket. TRUE indicates that this bucket is public. // FALSE indicates that the bucket is not public. - IsPublic bool + IsPublic *bool noSmithyDocumentSerde } @@ -2375,13 +2512,13 @@ type PolicyStatus struct { type Progress struct { // The current number of uncompressed object bytes processed. - BytesProcessed int64 + BytesProcessed *int64 // The current number of bytes of records payload data returned. - BytesReturned int64 + BytesReturned *int64 // The current number of object bytes scanned. - BytesScanned int64 + BytesScanned *int64 noSmithyDocumentSerde } @@ -2410,20 +2547,20 @@ type PublicAccessBlockConfiguration struct { // - PUT Object calls fail if the request includes a public ACL. // - PUT Bucket calls fail if the request includes a public ACL. // Enabling this setting doesn't affect existing policies or ACLs. - BlockPublicAcls bool + BlockPublicAcls *bool // Specifies whether Amazon S3 should block public bucket policies for this // bucket. Setting this element to TRUE causes Amazon S3 to reject calls to PUT // Bucket policy if the specified bucket policy allows public access. Enabling this // setting doesn't affect existing bucket policies. - BlockPublicPolicy bool + BlockPublicPolicy *bool // Specifies whether Amazon S3 should ignore public ACLs for this bucket and // objects in this bucket. Setting this element to TRUE causes Amazon S3 to ignore // all public ACLs on this bucket and objects in this bucket. Enabling this setting // doesn't affect the persistence of any existing ACLs and doesn't prevent new // public ACLs from being set. - IgnorePublicAcls bool + IgnorePublicAcls *bool // Specifies whether Amazon S3 should restrict public bucket policies for this // bucket. Setting this element to TRUE restricts access to this bucket to only @@ -2432,7 +2569,7 @@ type PublicAccessBlockConfiguration struct { // stored bucket policies, except that public and cross-account access within any // public bucket policy, including non-public delegation to specific accounts, is // blocked. - RestrictPublicBuckets bool + RestrictPublicBuckets *bool noSmithyDocumentSerde } @@ -2622,7 +2759,7 @@ type ReplicationRule struct { // rule with the highest priority. The higher the number, the higher the priority. // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 User Guide. - Priority int32 + Priority *int32 // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the @@ -2729,7 +2866,7 @@ type ReplicationTime struct { type ReplicationTimeValue struct { // Contains an integer specifying time in minutes. Valid value: 15 - Minutes int32 + Minutes *int32 noSmithyDocumentSerde } @@ -2750,7 +2887,7 @@ type RequestProgress struct { // Specifies whether periodic QueryProgress frames should be sent. Valid values: // TRUE, FALSE. Default value: FALSE. - Enabled bool + Enabled *bool noSmithyDocumentSerde } @@ -2761,7 +2898,7 @@ type RestoreRequest struct { // Lifetime of the active copy in days. Do not use with restores that specify // OutputLocation . The Days element is required for regular restores, and must not // be provided for select requests. - Days int32 + Days *int32 // The optional description for the job. Description *string @@ -2789,7 +2926,9 @@ type RestoreRequest struct { // classes must be restored before they can be retrieved. For more information // about these storage classes and how to work with archived objects, see Working // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) -// in the Amazon S3 User Guide. +// in the Amazon S3 User Guide. This functionality is not supported for directory +// buckets. Only the S3 Express One Zone storage class is supported by directory +// buckets to store objects. type RestoreStatus struct { // Specifies whether the object is currently being restored. If the object @@ -2799,7 +2938,7 @@ type RestoreStatus struct { // x-amz-optional-object-attributes: IsRestoreInProgress="false", // RestoreExpiryDate="2012-12-21T00:00:00.000Z" If the object hasn't been restored, // there is no header response. - IsRestoreInProgress bool + IsRestoreInProgress *bool // Indicates when the restored copy will expire. This value is populated only if // the object has already been restored. For example: @@ -2886,13 +3025,13 @@ type ScanRange struct { // non-negative integers. The default value is one less than the size of the object // being queried. If only the End parameter is supplied, it is interpreted to mean // scan the last N bytes of the file. For example, 50 means scan the last 50 bytes. - End int64 + End *int64 // Specifies the start of the byte range. This parameter is optional. Valid // values: non-negative integers. The default value is 0. If only start is // supplied, it means scan from that point to the end of the file. For example, 50 // means scan from byte 50 until the end of the file. - Start int64 + Start *int64 noSmithyDocumentSerde } @@ -3042,11 +3181,54 @@ type ServerSideEncryptionRule struct { // to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more // information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) // in the Amazon S3 User Guide. - BucketKeyEnabled bool + BucketKeyEnabled *bool noSmithyDocumentSerde } +// The established temporary security credentials of the session. Directory +// buckets - These session credentials are only supported for the authentication +// and authorization of Zonal endpoint APIs on directory buckets. +type SessionCredentials struct { + + // A unique identifier that's associated with a secret access key. The access key + // ID and the secret access key are used together to sign programmatic Amazon Web + // Services requests cryptographically. + // + // This member is required. + AccessKeyId *string + + // Temporary security credentials expire after a specified interval. After + // temporary credentials expire, any calls that you make with those credentials + // will fail. So you must generate a new set of temporary credentials. Temporary + // credentials cannot be extended or refreshed beyond the original specified + // interval. + // + // This member is required. + Expiration *time.Time + + // A key that's used with the access key ID to cryptographically sign programmatic + // Amazon Web Services requests. Signing a request identifies the sender and + // prevents the request from being altered. + // + // This member is required. + SecretAccessKey *string + + // A part of the temporary security credentials. The session token is used to + // validate the temporary security credentials. + // + // This member is required. + SessionToken *string + + noSmithyDocumentSerde +} + +// To use simple format for S3 keys for log objects, set SimplePrefix to an empty +// object. [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +type SimplePrefix struct { + noSmithyDocumentSerde +} + // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the // replication of these objects. Currently, Amazon S3 supports only the filter that @@ -3106,13 +3288,13 @@ type SSES3 struct { type Stats struct { // The total number of uncompressed object bytes processed. - BytesProcessed int64 + BytesProcessed *int64 // The total number of bytes of records payload data returned. - BytesReturned int64 + BytesReturned *int64 // The total number of object bytes scanned. - BytesScanned int64 + BytesScanned *int64 noSmithyDocumentSerde } @@ -3196,6 +3378,20 @@ type TargetGrant struct { noSmithyDocumentSerde } +// Amazon S3 key format for log objects. Only one format, PartitionedPrefix or +// SimplePrefix, is allowed. +type TargetObjectKeyFormat struct { + + // Partitioned S3 key for log objects. + PartitionedPrefix *PartitionedPrefix + + // To use the simple format for S3 keys for log objects. To specify SimplePrefix + // format, set SimplePrefix to {}. + SimplePrefix *SimplePrefix + + noSmithyDocumentSerde +} + // The S3 Intelligent-Tiering storage class is designed to optimize storage costs // by automatically moving data to the most cost-effective storage access tier, // without additional operational overhead. @@ -3215,7 +3411,7 @@ type Tiering struct { // days). // // This member is required. - Days int32 + Days *int32 noSmithyDocumentSerde } @@ -3262,7 +3458,7 @@ type Transition struct { // Indicates the number of days after creation when objects are transitioned to // the specified storage class. The value must be a positive integer. - Days int32 + Days *int32 // The storage class to which you want the object to transition. StorageClass TransitionStorageClass diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go index ccd845a71..e954b302d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go @@ -110,6 +110,26 @@ func (m *validateOpCreateMultipartUpload) HandleInitialize(ctx context.Context, return next.HandleInitialize(ctx, in) } +type validateOpCreateSession struct { +} + +func (*validateOpCreateSession) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpCreateSession) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CreateSessionInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpCreateSessionInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpDeleteBucketAnalyticsConfiguration struct { } @@ -1870,6 +1890,10 @@ func addOpCreateMultipartUploadValidationMiddleware(stack *middleware.Stack) err return stack.Initialize.Add(&validateOpCreateMultipartUpload{}, middleware.After) } +func addOpCreateSessionValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpCreateSession{}, middleware.After) +} + func addOpDeleteBucketAnalyticsConfigurationValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpDeleteBucketAnalyticsConfiguration{}, middleware.After) } @@ -2699,6 +2723,9 @@ func validateInventoryConfiguration(v *types.InventoryConfiguration) error { invalidParams.AddNested("Destination", err.(smithy.InvalidParamsError)) } } + if v.IsEnabled == nil { + invalidParams.Add(smithy.NewErrParamRequired("IsEnabled")) + } if v.Filter != nil { if err := validateInventoryFilter(v.Filter); err != nil { invalidParams.AddNested("Filter", err.(smithy.InvalidParamsError)) @@ -3735,6 +3762,9 @@ func validateTiering(v *types.Tiering) error { return nil } invalidParams := smithy.InvalidParamsError{Context: "Tiering"} + if v.Days == nil { + invalidParams.Add(smithy.NewErrParamRequired("Days")) + } if len(v.AccessTier) == 0 { invalidParams.Add(smithy.NewErrParamRequired("AccessTier")) } @@ -3925,6 +3955,21 @@ func validateOpCreateMultipartUploadInput(v *CreateMultipartUploadInput) error { } } +func validateOpCreateSessionInput(v *CreateSessionInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CreateSessionInput"} + if v.Bucket == nil { + invalidParams.Add(smithy.NewErrParamRequired("Bucket")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpDeleteBucketAnalyticsConfigurationInput(v *DeleteBucketAnalyticsConfigurationInput) error { if v == nil { return nil @@ -5444,6 +5489,9 @@ func validateOpUploadPartCopyInput(v *UploadPartCopyInput) error { if v.Key == nil { invalidParams.Add(smithy.NewErrParamRequired("Key")) } + if v.PartNumber == nil { + invalidParams.Add(smithy.NewErrParamRequired("PartNumber")) + } if v.UploadId == nil { invalidParams.Add(smithy.NewErrParamRequired("UploadId")) } @@ -5465,6 +5513,9 @@ func validateOpUploadPartInput(v *UploadPartInput) error { if v.Key == nil { invalidParams.Add(smithy.NewErrParamRequired("Key")) } + if v.PartNumber == nil { + invalidParams.Add(smithy.NewErrParamRequired("PartNumber")) + } if v.UploadId == nil { invalidParams.Add(smithy.NewErrParamRequired("UploadId")) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md index 6ae8318ac..7a4c30c59 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md @@ -1,3 +1,42 @@ +# v1.18.5 (2023-12-08) + +* **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein. + +# v1.18.4 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.3 (2023-12-06) + +* **Bug Fix**: Restore pre-refactor auth behavior where all operations could technically be performed anonymously. + +# v1.18.2 (2023-12-01) + +* **Bug Fix**: Correct wrapping of errors in authentication workflow. +* **Bug Fix**: Correctly recognize cache-wrapped instances of AnonymousCredentials at client construction. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.1 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.0 (2023-11-29) + +* **Feature**: Expose Options() accessor on service clients. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.4 (2023-11-28) + +* **Bug Fix**: Respect setting RetryMaxAttempts in functional options at client construction. + +# v1.17.3 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.17.2 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go index 7d4e6651e..e43969925 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go @@ -56,8 +56,12 @@ func New(options Options, optFns ...func(*Options)) *Client { fn(&options) } + finalizeRetryMaxAttempts(&options) + ignoreAnonymousAuth(&options) + wrapWithAnonymousAuth(&options) + resolveAuthSchemes(&options) client := &Client{ @@ -67,6 +71,15 @@ func New(options Options, optFns ...func(*Options)) *Client { return client } +// Options returns a copy of the client configuration. +// +// Callers SHOULD NOT perform mutations on any inner structures within client +// config. Config overrides should instead be made on a per-operation basis through +// functional options. +func (c *Client) Options() Options { + return c.options.Copy() +} + func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) { ctx = middleware.ClearStackValues(ctx) stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) @@ -76,7 +89,7 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf fn(&options) } - finalizeRetryMaxAttemptOptions(&options, *c) + finalizeOperationRetryMaxAttempts(&options, *c) finalizeClientEndpointResolverOptions(&options) @@ -130,7 +143,7 @@ func (m *setOperationInputMiddleware) HandleSerialize(ctx context.Context, in mi func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error { if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil { - return fmt.Errorf("add ResolveAuthScheme: %v", err) + return fmt.Errorf("add ResolveAuthScheme: %w", err) } if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil { return fmt.Errorf("add GetIdentity: %v", err) @@ -139,7 +152,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o return fmt.Errorf("add ResolveEndpointV2: %v", err) } if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil { - return fmt.Errorf("add Signing: %v", err) + return fmt.Errorf("add Signing: %w", err) } return nil } @@ -324,7 +337,15 @@ func resolveAWSRetryMaxAttempts(cfg aws.Config, o *Options) { o.RetryMaxAttempts = cfg.RetryMaxAttempts } -func finalizeRetryMaxAttemptOptions(o *Options, client Client) { +func finalizeRetryMaxAttempts(o *Options) { + if o.RetryMaxAttempts == 0 { + return + } + + o.Retryer = retry.AddWithMaxAttempts(o.Retryer, o.RetryMaxAttempts) +} + +func finalizeOperationRetryMaxAttempts(o *Options, client Client) { if v := o.RetryMaxAttempts; v == 0 || v == client.options.RetryMaxAttempts { return } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go index 292df01cf..3b28e825d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go @@ -52,6 +52,34 @@ func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before) } +type withAnonymous struct { + resolver AuthSchemeResolver +} + +var _ AuthSchemeResolver = (*withAnonymous)(nil) + +func (v *withAnonymous) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) { + opts, err := v.resolver.ResolveAuthSchemes(ctx, params) + if err != nil { + return nil, err + } + + opts = append(opts, &smithyauth.Option{ + SchemeID: smithyauth.SchemeIDAnonymous, + }) + return opts, nil +} + +func wrapWithAnonymousAuth(options *Options) { + if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok { + return + } + + options.AuthSchemeResolver = &withAnonymous{ + resolver: options.AuthSchemeResolver, + } +} + // AuthResolverParameters contains the set of inputs necessary for auth scheme // resolution. type AuthResolverParameters struct { @@ -144,7 +172,7 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options) options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { - return out, metadata, fmt.Errorf("resolve auth scheme: %v", err) + return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) } scheme, ok := m.selectScheme(options) @@ -224,7 +252,7 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties) if err != nil { - return out, metadata, fmt.Errorf("get identity: %v", err) + return out, metadata, fmt.Errorf("get identity: %w", err) } ctx = setIdentity(ctx, identity) @@ -273,7 +301,7 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar } if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil { - return out, metadata, fmt.Errorf("sign request: %v", err) + return out, metadata, fmt.Errorf("sign request: %w", err) } return next.HandleFinalize(ctx, in) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go index 9abc3e105..52495f1fb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go @@ -3,4 +3,4 @@ package sso // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.17.2" +const goModuleVersion = "1.18.5" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go index 555f383de..5dee7e53f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go @@ -70,11 +70,9 @@ type Options struct { // RetryMaxAttempts specifies the maximum number attempts an API client will call // an operation that fails with a retryable error. A value of 0 is ignored, and // will not be used to configure the API client created default retryer, or modify - // per operation call's retry max attempts. When creating a new API Clients this - // member will only be used if the Retryer Options member is nil. This value will - // be ignored if Retryer is not nil. If specified in an operation call's functional - // options with a value that is different than the constructed client's Options, - // the Client's Retryer will be wrapped to use the operation's specific + // per operation call's retry max attempts. If specified in an operation call's + // functional options with a value that is different than the constructed client's + // Options, the Client's Retryer will be wrapped to use the operation's specific // RetryMaxAttempts value. RetryMaxAttempts int @@ -213,7 +211,7 @@ func WithSigV4SigningRegion(region string) func(*Options) { } func ignoreAnonymousAuth(options *Options) { - if _, ok := options.Credentials.(aws.AnonymousCredentials); ok { + if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md index b357899a7..80df3bdde 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md @@ -1,3 +1,46 @@ +# v1.21.5 (2023-12-08) + +* **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein. + +# v1.21.4 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.21.3 (2023-12-06) + +* **Bug Fix**: Restore pre-refactor auth behavior where all operations could technically be performed anonymously. + +# v1.21.2 (2023-12-01) + +* **Bug Fix**: Correct wrapping of errors in authentication workflow. +* **Bug Fix**: Correctly recognize cache-wrapped instances of AnonymousCredentials at client construction. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.21.1 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.21.0 (2023-11-29) + +* **Feature**: Expose Options() accessor on service clients. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.20.3 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.20.2 (2023-11-28) + +* **Bug Fix**: Respect setting RetryMaxAttempts in functional options at client construction. + +# v1.20.1 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.20.0 (2023-11-17) + +* **Feature**: Adding support for `sso-oauth:CreateTokenWithIAM`. + # v1.19.2 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go index 027a67a57..fed089739 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go @@ -56,8 +56,12 @@ func New(options Options, optFns ...func(*Options)) *Client { fn(&options) } + finalizeRetryMaxAttempts(&options) + ignoreAnonymousAuth(&options) + wrapWithAnonymousAuth(&options) + resolveAuthSchemes(&options) client := &Client{ @@ -67,6 +71,15 @@ func New(options Options, optFns ...func(*Options)) *Client { return client } +// Options returns a copy of the client configuration. +// +// Callers SHOULD NOT perform mutations on any inner structures within client +// config. Config overrides should instead be made on a per-operation basis through +// functional options. +func (c *Client) Options() Options { + return c.options.Copy() +} + func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) { ctx = middleware.ClearStackValues(ctx) stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) @@ -76,7 +89,7 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf fn(&options) } - finalizeRetryMaxAttemptOptions(&options, *c) + finalizeOperationRetryMaxAttempts(&options, *c) finalizeClientEndpointResolverOptions(&options) @@ -130,7 +143,7 @@ func (m *setOperationInputMiddleware) HandleSerialize(ctx context.Context, in mi func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error { if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil { - return fmt.Errorf("add ResolveAuthScheme: %v", err) + return fmt.Errorf("add ResolveAuthScheme: %w", err) } if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil { return fmt.Errorf("add GetIdentity: %v", err) @@ -139,7 +152,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o return fmt.Errorf("add ResolveEndpointV2: %v", err) } if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil { - return fmt.Errorf("add Signing: %v", err) + return fmt.Errorf("add Signing: %w", err) } return nil } @@ -324,7 +337,15 @@ func resolveAWSRetryMaxAttempts(cfg aws.Config, o *Options) { o.RetryMaxAttempts = cfg.RetryMaxAttempts } -func finalizeRetryMaxAttemptOptions(o *Options, client Client) { +func finalizeRetryMaxAttempts(o *Options) { + if o.RetryMaxAttempts == 0 { + return + } + + o.Retryer = retry.AddWithMaxAttempts(o.Retryer, o.RetryMaxAttempts) +} + +func finalizeOperationRetryMaxAttempts(o *Options, client Client) { if v := o.RetryMaxAttempts; v == 0 || v == client.options.RetryMaxAttempts { return } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go index 73a49e699..424642941 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go @@ -10,9 +10,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates and returns an access token for the authorized client. The access token -// issued will be used to fetch short-term credentials for the assigned roles in -// the AWS account. +// Creates and returns access and refresh tokens for clients that are +// authenticated using client secrets. The access token can be used to fetch +// short-term credentials for the assigned AWS accounts or to access application +// APIs using bearer authentication. func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error) { if params == nil { params = &CreateTokenInput{} @@ -30,8 +31,8 @@ func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optF type CreateTokenInput struct { - // The unique identifier string for each client. This value should come from the - // persisted result of the RegisterClient API. + // The unique identifier string for the client or application. This value comes + // from the result of the RegisterClient API. // // This member is required. ClientId *string @@ -42,37 +43,42 @@ type CreateTokenInput struct { // This member is required. ClientSecret *string - // Supports grant types for the authorization code, refresh token, and device code - // request. For device code requests, specify the following value: - // urn:ietf:params:oauth:grant-type:device_code For information about how to - // obtain the device code, see the StartDeviceAuthorization topic. + // Supports the following OAuth grant types: Device Code and Refresh Token. + // Specify either of the following values, depending on the grant type that you + // want: * Device Code - urn:ietf:params:oauth:grant-type:device_code * Refresh + // Token - refresh_token For information about how to obtain the device code, see + // the StartDeviceAuthorization topic. // // This member is required. GrantType *string - // The authorization code received from the authorization service. This parameter - // is required to perform an authorization grant request to get access to a token. + // Used only when calling this API for the Authorization Code grant type. The + // short-term code is used to identify this authorization request. This grant type + // is currently unsupported for the CreateToken API. Code *string - // Used only when calling this API for the device code grant type. This short-term - // code is used to identify this authentication attempt. This should come from an - // in-memory reference to the result of the StartDeviceAuthorization API. + // Used only when calling this API for the Device Code grant type. This short-term + // code is used to identify this authorization request. This comes from the result + // of the StartDeviceAuthorization API. DeviceCode *string - // The location of the application that will receive the authorization code. Users - // authorize the service to send the request to this location. + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered to + // receive the authorization code. RedirectUri *string - // Currently, refreshToken is not yet implemented and is not supported. For more - // information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the IAM - // Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) - // . The token used to obtain an access token in the event that the access token is - // invalid or expired. + // Used only when calling this API for the Refresh Token grant type. This token is + // used to refresh short-term tokens, such as the access token, that might expire. + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide in + // the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) + // . RefreshToken *string - // The list of scopes that is defined by the client. Upon authorization, this list - // is used to restrict permissions when granting an access token. + // The list of scopes for which authorization is requested. The access token that + // is issued is limited to the scopes that are granted. If this value is not + // specified, IAM Identity Center authorizes all scopes that are configured for the + // client during the call to RegisterClient . Scope []string noSmithyDocumentSerde @@ -80,29 +86,30 @@ type CreateTokenInput struct { type CreateTokenOutput struct { - // An opaque token to access IAM Identity Center resources assigned to a user. + // A bearer token to access AWS accounts and applications assigned to a user. AccessToken *string // Indicates the time in seconds when an access token will expire. ExpiresIn int32 - // Currently, idToken is not yet implemented and is not supported. For more - // information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the IAM - // Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) - // . The identifier of the user that associated with the access token, if present. + // The idToken is not implemented or supported. For more information about the + // features and limitations of the current IAM Identity Center OIDC implementation, + // see Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) + // . A JSON Web Token (JWT) that identifies who is associated with the issued + // access token. IdToken *string - // Currently, refreshToken is not yet implemented and is not supported. For more - // information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the IAM - // Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) - // . A token that, if present, can be used to refresh a previously issued access - // token that might have expired. + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. For more information about the features and + // limitations of the current IAM Identity Center OIDC implementation, see + // Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) + // . RefreshToken *string // Used to notify the client that the returned token is an access token. The - // supported type is BearerToken . + // supported token type is Bearer . TokenType *string // Metadata pertaining to the operation's result. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go new file mode 100644 index 000000000..ed4b98f76 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go @@ -0,0 +1,230 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package ssooidc + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Creates and returns access and refresh tokens for clients and applications that +// are authenticated using IAM entities. The access token can be used to fetch +// short-term credentials for the assigned AWS accounts or to access application +// APIs using bearer authentication. +func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) { + if params == nil { + params = &CreateTokenWithIAMInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "CreateTokenWithIAM", params, optFns, c.addOperationCreateTokenWithIAMMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*CreateTokenWithIAMOutput) + out.ResultMetadata = metadata + return out, nil +} + +type CreateTokenWithIAMInput struct { + + // The unique identifier string for the client or application. This value is an + // application ARN that has OAuth grants configured. + // + // This member is required. + ClientId *string + + // Supports the following OAuth grant types: Authorization Code, Refresh Token, + // JWT Bearer, and Token Exchange. Specify one of the following values, depending + // on the grant type that you want: * Authorization Code - authorization_code * + // Refresh Token - refresh_token * JWT Bearer - + // urn:ietf:params:oauth:grant-type:jwt-bearer * Token Exchange - + // urn:ietf:params:oauth:grant-type:token-exchange + // + // This member is required. + GrantType *string + + // Used only when calling this API for the JWT Bearer grant type. This value + // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To + // authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the + // application. + Assertion *string + + // Used only when calling this API for the Authorization Code grant type. This + // short-term code is used to identify this authorization request. The code is + // obtained through a redirect from IAM Identity Center to a redirect URI persisted + // in the Authorization Code GrantOptions for the application. + Code *string + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered to + // receive the authorization code. + RedirectUri *string + + // Used only when calling this API for the Refresh Token grant type. This token is + // used to refresh short-term tokens, such as the access token, that might expire. + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide in + // the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) + // . + RefreshToken *string + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that the requester can receive. The following values + // are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token * + // Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + RequestedTokenType *string + + // The list of scopes for which authorization is requested. The access token that + // is issued is limited to the scopes that are granted. If the value is not + // specified, IAM Identity Center authorizes all scopes configured for the + // application, including the following default scopes: openid , aws , + // sts:identity_context . + Scope []string + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the subject of the exchange. The value of the subject token must be an + // access token issued by IAM Identity Center to a different client or application. + // The access token must have authorized scopes that indicate the requested + // application as a target audience. + SubjectToken *string + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that is passed as the subject of the exchange. The + // following value is supported: * Access Token - + // urn:ietf:params:oauth:token-type:access_token + SubjectTokenType *string + + noSmithyDocumentSerde +} + +type CreateTokenWithIAMOutput struct { + + // A bearer token to access AWS accounts and applications assigned to a user. + AccessToken *string + + // Indicates the time in seconds when an access token will expire. + ExpiresIn int32 + + // A JSON Web Token (JWT) that identifies the user associated with the issued + // access token. + IdToken *string + + // Indicates the type of tokens that are issued by IAM Identity Center. The + // following values are supported: * Access Token - + // urn:ietf:params:oauth:token-type:access_token * Refresh Token - + // urn:ietf:params:oauth:token-type:refresh_token + IssuedTokenType *string + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. For more information about the features and + // limitations of the current IAM Identity Center OIDC implementation, see + // Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html) + // . + RefreshToken *string + + // The list of scopes for which authorization is granted. The access token that is + // issued is limited to the scopes that are granted. + Scope []string + + // Used to notify the requester that the returned token is an access token. The + // supported token type is Bearer . + TokenType *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateTokenWithIAM{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateTokenWithIAM{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "CreateTokenWithIAM"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil { + return err + } + if err = awsmiddleware.AddRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opCreateTokenWithIAM(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "CreateTokenWithIAM", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go index 249c9418e..7aee90491 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go @@ -50,7 +50,7 @@ type RegisterClientInput struct { type RegisterClientOutput struct { - // The endpoint where the client can request authorization. + // An endpoint that the client can use to request authorization. AuthorizationEndpoint *string // The unique identifier string for each client. This client uses this identifier @@ -67,7 +67,7 @@ type RegisterClientOutput struct { // Indicates the time at which the clientId and clientSecret will become invalid. ClientSecretExpiresAt int64 - // The endpoint where the client can get an access token. + // An endpoint that the client can use to create tokens. TokenEndpoint *string // Metadata pertaining to the operation's result. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go index 65582f80d..d30349e6b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go @@ -42,8 +42,8 @@ type StartDeviceAuthorizationInput struct { // This member is required. ClientSecret *string - // The URL for the AWS access portal. For more information, see Using the AWS - // access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) + // The URL for the Amazon Web Services access portal. For more information, see + // Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) // in the IAM Identity Center User Guide. // // This member is required. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go index e9678e856..40b3becb9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go @@ -52,6 +52,34 @@ func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before) } +type withAnonymous struct { + resolver AuthSchemeResolver +} + +var _ AuthSchemeResolver = (*withAnonymous)(nil) + +func (v *withAnonymous) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) { + opts, err := v.resolver.ResolveAuthSchemes(ctx, params) + if err != nil { + return nil, err + } + + opts = append(opts, &smithyauth.Option{ + SchemeID: smithyauth.SchemeIDAnonymous, + }) + return opts, nil +} + +func wrapWithAnonymousAuth(options *Options) { + if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok { + return + } + + options.AuthSchemeResolver = &withAnonymous{ + resolver: options.AuthSchemeResolver, + } +} + // AuthResolverParameters contains the set of inputs necessary for auth scheme // resolution. type AuthResolverParameters struct { @@ -115,7 +143,7 @@ func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option { SchemeID: smithyauth.SchemeIDSigV4, SignerProperties: func() smithy.Properties { var props smithy.Properties - smithyhttp.SetSigV4SigningName(&props, "awsssooidc") + smithyhttp.SetSigV4SigningName(&props, "sso-oauth") smithyhttp.SetSigV4SigningRegion(&props, params.Region) return props }(), @@ -138,7 +166,7 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options) options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { - return out, metadata, fmt.Errorf("resolve auth scheme: %v", err) + return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) } scheme, ok := m.selectScheme(options) @@ -218,7 +246,7 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties) if err != nil { - return out, metadata, fmt.Errorf("get identity: %v", err) + return out, metadata, fmt.Errorf("get identity: %w", err) } ctx = setIdentity(ctx, identity) @@ -267,7 +295,7 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar } if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil { - return out, metadata, fmt.Errorf("sign request: %v", err) + return out, metadata, fmt.Errorf("sign request: %w", err) } return next.HandleFinalize(ctx, in) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go index ca30d22f9..76a1160ec 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go @@ -239,6 +239,244 @@ func awsRestjson1_deserializeOpDocumentCreateTokenOutput(v **CreateTokenOutput, return nil } +type awsRestjson1_deserializeOpCreateTokenWithIAM struct { +} + +func (*awsRestjson1_deserializeOpCreateTokenWithIAM) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpCreateTokenWithIAM) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorCreateTokenWithIAM(response, &metadata) + } + output := &CreateTokenWithIAMOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentCreateTokenWithIAMOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorCreateTokenWithIAM(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("AuthorizationPendingException", errorCode): + return awsRestjson1_deserializeErrorAuthorizationPendingException(response, errorBody) + + case strings.EqualFold("ExpiredTokenException", errorCode): + return awsRestjson1_deserializeErrorExpiredTokenException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("InvalidClientException", errorCode): + return awsRestjson1_deserializeErrorInvalidClientException(response, errorBody) + + case strings.EqualFold("InvalidGrantException", errorCode): + return awsRestjson1_deserializeErrorInvalidGrantException(response, errorBody) + + case strings.EqualFold("InvalidRequestException", errorCode): + return awsRestjson1_deserializeErrorInvalidRequestException(response, errorBody) + + case strings.EqualFold("InvalidRequestRegionException", errorCode): + return awsRestjson1_deserializeErrorInvalidRequestRegionException(response, errorBody) + + case strings.EqualFold("InvalidScopeException", errorCode): + return awsRestjson1_deserializeErrorInvalidScopeException(response, errorBody) + + case strings.EqualFold("SlowDownException", errorCode): + return awsRestjson1_deserializeErrorSlowDownException(response, errorBody) + + case strings.EqualFold("UnauthorizedClientException", errorCode): + return awsRestjson1_deserializeErrorUnauthorizedClientException(response, errorBody) + + case strings.EqualFold("UnsupportedGrantTypeException", errorCode): + return awsRestjson1_deserializeErrorUnsupportedGrantTypeException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentCreateTokenWithIAMOutput(v **CreateTokenWithIAMOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *CreateTokenWithIAMOutput + if *v == nil { + sv = &CreateTokenWithIAMOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "accessToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected AccessToken to be of type string, got %T instead", value) + } + sv.AccessToken = ptr.String(jtv) + } + + case "expiresIn": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected ExpirationInSeconds to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.ExpiresIn = int32(i64) + } + + case "idToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected IdToken to be of type string, got %T instead", value) + } + sv.IdToken = ptr.String(jtv) + } + + case "issuedTokenType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TokenTypeURI to be of type string, got %T instead", value) + } + sv.IssuedTokenType = ptr.String(jtv) + } + + case "refreshToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected RefreshToken to be of type string, got %T instead", value) + } + sv.RefreshToken = ptr.String(jtv) + } + + case "scope": + if err := awsRestjson1_deserializeDocumentScopes(&sv.Scope, value); err != nil { + return err + } + + case "tokenType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TokenType to be of type string, got %T instead", value) + } + sv.TokenType = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + type awsRestjson1_deserializeOpRegisterClient struct { } @@ -956,6 +1194,42 @@ func awsRestjson1_deserializeErrorInvalidRequestException(response *smithyhttp.R return output } +func awsRestjson1_deserializeErrorInvalidRequestRegionException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.InvalidRequestRegionException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentInvalidRequestRegionException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + func awsRestjson1_deserializeErrorInvalidScopeException(response *smithyhttp.Response, errorBody *bytes.Reader) error { output := &types.InvalidScopeException{} var buff [1024]byte @@ -1492,6 +1766,73 @@ func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRe return nil } +func awsRestjson1_deserializeDocumentInvalidRequestRegionException(v **types.InvalidRequestRegionException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidRequestRegionException + if *v == nil { + sv = &types.InvalidRequestRegionException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "endpoint": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Location to be of type string, got %T instead", value) + } + sv.Endpoint = ptr.String(jtv) + } + + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Error to be of type string, got %T instead", value) + } + sv.Error_ = ptr.String(jtv) + } + + case "error_description": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorDescription to be of type string, got %T instead", value) + } + sv.Error_description = ptr.String(jtv) + } + + case "region": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Region to be of type string, got %T instead", value) + } + sv.Region = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsRestjson1_deserializeDocumentInvalidScopeException(v **types.InvalidScopeException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -1541,6 +1882,42 @@ func awsRestjson1_deserializeDocumentInvalidScopeException(v **types.InvalidScop return nil } +func awsRestjson1_deserializeDocumentScopes(v *[]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []string + if *v == nil { + cv = []string{} + } else { + cv = *v + } + + for _, value := range shape { + var col string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Scope to be of type string, got %T instead", value) + } + col = jtv + } + cv = append(cv, col) + + } + *v = cv + return nil +} + func awsRestjson1_deserializeDocumentSlowDownException(v **types.SlowDownException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go index 2239427d8..53cd4f55a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go @@ -3,31 +3,33 @@ // Package ssooidc provides the API client, operations, and parameter types for // AWS SSO OIDC. // -// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect (OIDC) -// is a web service that enables a client (such as AWS CLI or a native application) -// to register with IAM Identity Center. The service also enables the client to -// fetch the user’s access token upon successful authentication and authorization -// with IAM Identity Center. Although AWS Single Sign-On was renamed, the sso and -// identitystore API namespaces will continue to retain their original name for -// backward compatibility purposes. For more information, see IAM Identity Center -// rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed) -// . Considerations for Using This Guide Before you begin using this guide, we -// recommend that you first review the following important information about how -// the IAM Identity Center OIDC service works. +// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a +// client (such as CLI or a native application) to register with IAM Identity +// Center. The service also enables the client to fetch the user’s access token +// upon successful authentication and authorization with IAM Identity Center. IAM +// Identity Center uses the sso and identitystore API namespaces. Considerations +// for Using This Guide Before you begin using this guide, we recommend that you +// first review the following important information about how the IAM Identity +// Center OIDC service works. // - The IAM Identity Center OIDC service currently implements only the portions // of the OAuth 2.0 Device Authorization Grant standard ( // https://tools.ietf.org/html/rfc8628 (https://tools.ietf.org/html/rfc8628) ) -// that are necessary to enable single sign-on authentication with the AWS CLI. -// Support for other OIDC flows frequently needed for native applications, such as -// Authorization Code Flow (+ PKCE), will be addressed in future releases. -// - The service emits only OIDC access tokens, such that obtaining a new token -// (For example, token refresh) requires explicit user re-authentication. -// - The access tokens provided by this service grant access to all AWS account -// entitlements assigned to an IAM Identity Center user, not just a particular -// application. +// that are necessary to enable single sign-on authentication with the CLI. +// - With older versions of the CLI, the service only emits OIDC access tokens, +// so to obtain a new token, users must explicitly re-authenticate. To access the +// OIDC flow that supports token refresh and doesn’t require re-authentication, +// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI V2) with +// support for OIDC token refresh and configurable IAM Identity Center session +// durations. For more information, see Configure Amazon Web Services access +// portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html) +// . +// - The access tokens provided by this service grant access to all Amazon Web +// Services account entitlements assigned to an IAM Identity Center user, not just +// a particular application. // - The documentation in this guide does not describe the mechanism to convert -// the access token into AWS Auth (“sigv4”) credentials for use with IAM-protected -// AWS service endpoints. For more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) +// the access token into Amazon Web Services Auth (“sigv4”) credentials for use +// with IAM-protected Amazon Web Services service endpoints. For more information, +// see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) // in the IAM Identity Center Portal API Reference Guide. // // For general information about IAM Identity Center, see What is IAM Identity diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go index 4205c95fc..85b870890 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go @@ -115,7 +115,7 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser if len(awsmiddleware.GetSigningName(ctx)) == 0 { signingName := endpoint.SigningName if len(signingName) == 0 { - signingName = "awsssooidc" + signingName = "sso-oauth" } ctx = awsmiddleware.SetSigningName(ctx, signingName) } @@ -366,8 +366,8 @@ func (r *resolver) ResolveEndpoint( } } if _UseFIPS == true { - if true == _PartitionResult.SupportsFIPS { - if "aws-us-gov" == _PartitionResult.Name { + if _PartitionResult.SupportsFIPS == true { + if _PartitionResult.Name == "aws-us-gov" { uriString := func() string { var out strings.Builder out.WriteString("https://oidc.") diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json index 90c752368..0a6b34935 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json @@ -10,6 +10,7 @@ "api_client.go", "api_client_test.go", "api_op_CreateToken.go", + "api_op_CreateTokenWithIAM.go", "api_op_RegisterClient.go", "api_op_StartDeviceAuthorization.go", "auth.go", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go index 252c401d0..98eaaa6d8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go @@ -3,4 +3,4 @@ package ssooidc // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.19.2" +const goModuleVersion = "1.21.5" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go index c1ba5619b..b964e7e10 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go @@ -70,11 +70,9 @@ type Options struct { // RetryMaxAttempts specifies the maximum number attempts an API client will call // an operation that fails with a retryable error. A value of 0 is ignored, and // will not be used to configure the API client created default retryer, or modify - // per operation call's retry max attempts. When creating a new API Clients this - // member will only be used if the Retryer Options member is nil. This value will - // be ignored if Retryer is not nil. If specified in an operation call's functional - // options with a value that is different than the constructed client's Options, - // the Client's Retryer will be wrapped to use the operation's specific + // per operation call's retry max attempts. If specified in an operation call's + // functional options with a value that is different than the constructed client's + // Options, the Client's Retryer will be wrapped to use the operation's specific // RetryMaxAttempts value. RetryMaxAttempts int @@ -213,7 +211,7 @@ func WithSigV4SigningRegion(region string) func(*Options) { } func ignoreAnonymousAuth(options *Options) { - if _, ok := options.Credentials.(aws.AnonymousCredentials); ok { + if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go index efca8b250..754218b78 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go @@ -125,6 +125,128 @@ func awsRestjson1_serializeOpDocumentCreateTokenInput(v *CreateTokenInput, value return nil } +type awsRestjson1_serializeOpCreateTokenWithIAM struct { +} + +func (*awsRestjson1_serializeOpCreateTokenWithIAM) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpCreateTokenWithIAM) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*CreateTokenWithIAMInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/token?aws_iam=t") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentCreateTokenWithIAMInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsCreateTokenWithIAMInput(v *CreateTokenWithIAMInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentCreateTokenWithIAMInput(v *CreateTokenWithIAMInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Assertion != nil { + ok := object.Key("assertion") + ok.String(*v.Assertion) + } + + if v.ClientId != nil { + ok := object.Key("clientId") + ok.String(*v.ClientId) + } + + if v.Code != nil { + ok := object.Key("code") + ok.String(*v.Code) + } + + if v.GrantType != nil { + ok := object.Key("grantType") + ok.String(*v.GrantType) + } + + if v.RedirectUri != nil { + ok := object.Key("redirectUri") + ok.String(*v.RedirectUri) + } + + if v.RefreshToken != nil { + ok := object.Key("refreshToken") + ok.String(*v.RefreshToken) + } + + if v.RequestedTokenType != nil { + ok := object.Key("requestedTokenType") + ok.String(*v.RequestedTokenType) + } + + if v.Scope != nil { + ok := object.Key("scope") + if err := awsRestjson1_serializeDocumentScopes(v.Scope, ok); err != nil { + return err + } + } + + if v.SubjectToken != nil { + ok := object.Key("subjectToken") + ok.String(*v.SubjectToken) + } + + if v.SubjectTokenType != nil { + ok := object.Key("subjectTokenType") + ok.String(*v.SubjectTokenType) + } + + return nil +} + type awsRestjson1_serializeOpRegisterClient struct { } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go index 115a51a9e..86b62049f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go @@ -247,6 +247,38 @@ func (e *InvalidRequestException) ErrorCode() string { } func (e *InvalidRequestException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// Indicates that a token provided as input to the request was issued by and is +// only usable by calling IAM Identity Center endpoints in another region. +type InvalidRequestRegionException struct { + Message *string + + ErrorCodeOverride *string + + Error_ *string + Error_description *string + Endpoint *string + Region *string + + noSmithyDocumentSerde +} + +func (e *InvalidRequestRegionException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *InvalidRequestRegionException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *InvalidRequestRegionException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "InvalidRequestRegionException" + } + return *e.ErrorCodeOverride +} +func (e *InvalidRequestRegionException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // Indicates that the scope provided in the request is invalid. type InvalidScopeException struct { Message *string diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/validators.go index 5a309484e..9c17e4c8e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/validators.go @@ -29,6 +29,26 @@ func (m *validateOpCreateToken) HandleInitialize(ctx context.Context, in middlew return next.HandleInitialize(ctx, in) } +type validateOpCreateTokenWithIAM struct { +} + +func (*validateOpCreateTokenWithIAM) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpCreateTokenWithIAM) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CreateTokenWithIAMInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpCreateTokenWithIAMInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpRegisterClient struct { } @@ -73,6 +93,10 @@ func addOpCreateTokenValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCreateToken{}, middleware.After) } +func addOpCreateTokenWithIAMValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpCreateTokenWithIAM{}, middleware.After) +} + func addOpRegisterClientValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpRegisterClient{}, middleware.After) } @@ -102,6 +126,24 @@ func validateOpCreateTokenInput(v *CreateTokenInput) error { } } +func validateOpCreateTokenWithIAMInput(v *CreateTokenWithIAMInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CreateTokenWithIAMInput"} + if v.ClientId == nil { + invalidParams.Add(smithy.NewErrParamRequired("ClientId")) + } + if v.GrantType == nil { + invalidParams.Add(smithy.NewErrParamRequired("GrantType")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpRegisterClientInput(v *RegisterClientInput) error { if v == nil { return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md index 5e15a873c..17dd41f35 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md @@ -1,3 +1,48 @@ +# v1.26.5 (2023-12-08) + +* **Bug Fix**: Reinstate presence of default Retryer in functional options, but still respect max attempts set therein. + +# v1.26.4 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.26.3 (2023-12-06) + +* **Bug Fix**: Restore pre-refactor auth behavior where all operations could technically be performed anonymously. +* **Bug Fix**: STS `AssumeRoleWithSAML` and `AssumeRoleWithWebIdentity` would incorrectly attempt to use SigV4 authentication. + +# v1.26.2 (2023-12-01) + +* **Bug Fix**: Correct wrapping of errors in authentication workflow. +* **Bug Fix**: Correctly recognize cache-wrapped instances of AnonymousCredentials at client construction. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.26.1 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.26.0 (2023-11-29) + +* **Feature**: Expose Options() accessor on service clients. +* **Documentation**: Documentation updates for AWS Security Token Service. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.6 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.5 (2023-11-28) + +* **Bug Fix**: Respect setting RetryMaxAttempts in functional options at client construction. + +# v1.25.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.3 (2023-11-17) + +* **Documentation**: API updates for the AWS Security Token Service + # v1.25.2 (2023-11-15) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go index 52e10270a..59cc4c70a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go @@ -60,8 +60,12 @@ func New(options Options, optFns ...func(*Options)) *Client { fn(&options) } + finalizeRetryMaxAttempts(&options) + ignoreAnonymousAuth(&options) + wrapWithAnonymousAuth(&options) + resolveAuthSchemes(&options) client := &Client{ @@ -71,6 +75,15 @@ func New(options Options, optFns ...func(*Options)) *Client { return client } +// Options returns a copy of the client configuration. +// +// Callers SHOULD NOT perform mutations on any inner structures within client +// config. Config overrides should instead be made on a per-operation basis through +// functional options. +func (c *Client) Options() Options { + return c.options.Copy() +} + func (c *Client) invokeOperation(ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error) (result interface{}, metadata middleware.Metadata, err error) { ctx = middleware.ClearStackValues(ctx) stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) @@ -80,7 +93,7 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf fn(&options) } - finalizeRetryMaxAttemptOptions(&options, *c) + finalizeOperationRetryMaxAttempts(&options, *c) finalizeClientEndpointResolverOptions(&options) @@ -134,7 +147,7 @@ func (m *setOperationInputMiddleware) HandleSerialize(ctx context.Context, in mi func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error { if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil { - return fmt.Errorf("add ResolveAuthScheme: %v", err) + return fmt.Errorf("add ResolveAuthScheme: %w", err) } if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil { return fmt.Errorf("add GetIdentity: %v", err) @@ -143,7 +156,7 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o return fmt.Errorf("add ResolveEndpointV2: %v", err) } if err := stack.Finalize.Insert(&signRequestMiddleware{}, "ResolveEndpointV2", middleware.After); err != nil { - return fmt.Errorf("add Signing: %v", err) + return fmt.Errorf("add Signing: %w", err) } return nil } @@ -328,7 +341,15 @@ func resolveAWSRetryMaxAttempts(cfg aws.Config, o *Options) { o.RetryMaxAttempts = cfg.RetryMaxAttempts } -func finalizeRetryMaxAttemptOptions(o *Options, client Client) { +func finalizeRetryMaxAttempts(o *Options) { + if o.RetryMaxAttempts == 0 { + return + } + + o.Retryer = retry.AddWithMaxAttempts(o.Retryer, o.RetryMaxAttempts) +} + +func finalizeOperationRetryMaxAttempts(o *Options, client Client) { if v := o.RetryMaxAttempts; v == 0 || v == client.options.RetryMaxAttempts { return } @@ -506,7 +527,7 @@ func (m *presignContextPolyfillMiddleware) HandleFinalize(ctx context.Context, i schemeID := rscheme.Scheme.SchemeID() - if schemeID == "aws.auth#sigv4" { + if schemeID == "aws.auth#sigv4" || schemeID == "com.amazonaws.s3#sigv4express" { if sn, ok := smithyhttp.GetSigV4SigningName(&rscheme.SignerProperties); ok { ctx = awsmiddleware.SetSigningName(ctx, sn) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go index 78bf380fa..2938dac8e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go @@ -200,7 +200,12 @@ type AssumeRoleInput struct { // in the IAM User Guide. PolicyArns []types.PolicyDescriptorType - // Reserved for future use. + // A list of previously acquired trusted context assertions in the format of a + // JSON array. The trusted context assertion is signed and encrypted by Amazon Web + // Services STS. The following is an example of a ProvidedContext value that + // includes a single trusted context assertion and the ARN of the context provider + // from which the trusted context assertion was generated. + // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}] ProvidedContexts []types.ProvidedContext // The identification number of the MFA device that is associated with the user diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go index d8b6f5357..9db5bfd43 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go @@ -52,6 +52,34 @@ func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before) } +type withAnonymous struct { + resolver AuthSchemeResolver +} + +var _ AuthSchemeResolver = (*withAnonymous)(nil) + +func (v *withAnonymous) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) { + opts, err := v.resolver.ResolveAuthSchemes(ctx, params) + if err != nil { + return nil, err + } + + opts = append(opts, &smithyauth.Option{ + SchemeID: smithyauth.SchemeIDAnonymous, + }) + return opts, nil +} + +func wrapWithAnonymousAuth(options *Options) { + if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok { + return + } + + options.AuthSchemeResolver = &withAnonymous{ + resolver: options.AuthSchemeResolver, + } +} + // AuthResolverParameters contains the set of inputs necessary for auth scheme // resolution. type AuthResolverParameters struct { @@ -92,34 +120,12 @@ func (*defaultAuthSchemeResolver) ResolveAuthSchemes(ctx context.Context, params var operationAuthOptions = map[string]func(*AuthResolverParameters) []*smithyauth.Option{ "AssumeRoleWithSAML": func(params *AuthResolverParameters) []*smithyauth.Option { return []*smithyauth.Option{ - { - SchemeID: smithyauth.SchemeIDSigV4, - SignerProperties: func() smithy.Properties { - var props smithy.Properties - smithyhttp.SetSigV4SigningName(&props, "sts") - smithyhttp.SetSigV4SigningRegion(&props, params.Region) - - return props - }(), - }, - {SchemeID: smithyauth.SchemeIDAnonymous}, } }, "AssumeRoleWithWebIdentity": func(params *AuthResolverParameters) []*smithyauth.Option { return []*smithyauth.Option{ - { - SchemeID: smithyauth.SchemeIDSigV4, - SignerProperties: func() smithy.Properties { - var props smithy.Properties - smithyhttp.SetSigV4SigningName(&props, "sts") - smithyhttp.SetSigV4SigningRegion(&props, params.Region) - - return props - }(), - }, - {SchemeID: smithyauth.SchemeIDAnonymous}, } }, @@ -154,7 +160,7 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid params := bindAuthResolverParams(m.operation, getOperationInput(ctx), m.options) options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { - return out, metadata, fmt.Errorf("resolve auth scheme: %v", err) + return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) } scheme, ok := m.selectScheme(options) @@ -234,7 +240,7 @@ func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middlewar identity, err := resolver.GetIdentity(ctx, rscheme.IdentityProperties) if err != nil { - return out, metadata, fmt.Errorf("get identity: %v", err) + return out, metadata, fmt.Errorf("get identity: %w", err) } ctx = setIdentity(ctx, identity) @@ -283,7 +289,7 @@ func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middlewar } if err := signer.SignRequest(ctx, req, identity, rscheme.SignerProperties); err != nil { - return out, metadata, fmt.Errorf("sign request: %v", err) + return out, metadata, fmt.Errorf("sign request: %w", err) } return next.HandleFinalize(ctx, in) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go index d0d3d8820..9f7932f9a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go @@ -916,8 +916,8 @@ func (r *resolver) ResolveEndpoint( } } if _UseFIPS == true { - if true == _PartitionResult.SupportsFIPS { - if "aws-us-gov" == _PartitionResult.Name { + if _PartitionResult.SupportsFIPS == true { + if _PartitionResult.Name == "aws-us-gov" { uriString := func() string { var out strings.Builder out.WriteString("https://sts.") diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go index 7b1ffe767..61667eb2c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go @@ -3,4 +3,4 @@ package sts // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.25.2" +const goModuleVersion = "1.26.5" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go index 1736c8355..5c1be79f8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go @@ -70,11 +70,9 @@ type Options struct { // RetryMaxAttempts specifies the maximum number attempts an API client will call // an operation that fails with a retryable error. A value of 0 is ignored, and // will not be used to configure the API client created default retryer, or modify - // per operation call's retry max attempts. When creating a new API Clients this - // member will only be used if the Retryer Options member is nil. This value will - // be ignored if Retryer is not nil. If specified in an operation call's functional - // options with a value that is different than the constructed client's Options, - // the Client's Retryer will be wrapped to use the operation's specific + // per operation call's retry max attempts. If specified in an operation call's + // functional options with a value that is different than the constructed client's + // Options, the Client's Retryer will be wrapped to use the operation's specific // RetryMaxAttempts value. RetryMaxAttempts int @@ -213,7 +211,7 @@ func WithSigV4SigningRegion(region string) func(*Options) { } func ignoreAnonymousAuth(options *Options) { - if _, ok := options.Credentials.(aws.AnonymousCredentials); ok { + if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go index 572a70512..e3701d11d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/types.go @@ -89,13 +89,17 @@ type PolicyDescriptorType struct { noSmithyDocumentSerde } -// Reserved for future use. +// Contains information about the provided context. This includes the signed and +// encrypted trusted context assertion and the context provider ARN from which the +// trusted context assertion was generated. type ProvidedContext struct { - // Reserved for future use. + // The signed and encrypted trusted context assertion generated by the context + // provider. The trusted context assertion is signed and encrypted by Amazon Web + // Services STS. ContextAssertion *string - // Reserved for future use. + // The context provider ARN from which the trusted context assertion was generated. ProviderArn *string noSmithyDocumentSerde diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 1a59bd2ed..cdf456abe 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -755,6 +755,13 @@ var awsPartition = partition{ }, }, }, + "agreement-marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "airflow": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -1040,6 +1047,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -3977,6 +3999,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -4001,6 +4029,51 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "il-central-1", }: endpoint{}, @@ -4016,15 +4089,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + }, }, }, "autoscaling-plans": service{ @@ -7653,6 +7750,18 @@ var awsPartition = partition{ }, }, }, + "cost-optimization-hub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "cost-optimization-hub.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "cur": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -11672,6 +11781,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11744,6 +11856,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -11790,6 +11905,9 @@ var awsPartition = partition{ }, "emr-serverless": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -11799,6 +11917,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -11808,6 +11929,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11823,6 +11947,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -17977,6 +18104,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -18270,6 +18400,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -18737,46 +18870,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "macie": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - }, - }, - }, "macie2": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -21342,12 +21435,21 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -22393,6 +22495,161 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "qbusiness.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "qbusiness.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "qbusiness.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "qbusiness.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "qbusiness.ca-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "qbusiness.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "qbusiness.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "qbusiness.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "qbusiness.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "qbusiness.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "qbusiness.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "qbusiness.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "qbusiness.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "qbusiness.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "qbusiness.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "qbusiness.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "qbusiness.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "qbusiness.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "qbusiness.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "qbusiness.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "qbusiness.us-west-2.api.aws", + }, + }, + }, "qldb": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -25586,55 +25843,123 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "fips-ca-central-1", }: endpoint{ @@ -25668,40 +25993,84 @@ var awsPartition = partition{ endpointKey{ Region: "il-central-1", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "sagemaker-geospatial": service{ @@ -25930,160 +26299,267 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "ca-central-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.ca-central-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "ca-central-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "il-central-1", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-east-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-east-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-2", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-west-2-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, + Deprecated: boxedTrue, }, }, @@ -26651,6 +27127,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27352,6 +27831,38 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "fips-verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -27394,6 +27905,166 @@ var awsPartition = partition{ }: endpoint{ Hostname: "signer-fips.us-west-2.amazonaws.com", }, + endpointKey{ + Region: "verification-af-south-1", + }: endpoint{ + Hostname: "verification.signer.af-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "af-south-1", + }, + }, + endpointKey{ + Region: "verification-ap-east-1", + }: endpoint{ + Hostname: "verification.signer.ap-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-east-1", + }, + }, + endpointKey{ + Region: "verification-ap-northeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "verification-ap-northeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "verification-ap-south-1", + }: endpoint{ + Hostname: "verification.signer.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, + endpointKey{ + Region: "verification-ap-southeast-1", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "verification-ap-southeast-2", + }: endpoint{ + Hostname: "verification.signer.ap-southeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-2", + }, + }, + endpointKey{ + Region: "verification-ca-central-1", + }: endpoint{ + Hostname: "verification.signer.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + }, + endpointKey{ + Region: "verification-eu-central-1", + }: endpoint{ + Hostname: "verification.signer.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "verification-eu-north-1", + }: endpoint{ + Hostname: "verification.signer.eu-north-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-north-1", + }, + }, + endpointKey{ + Region: "verification-eu-south-1", + }: endpoint{ + Hostname: "verification.signer.eu-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-1", + }, + }, + endpointKey{ + Region: "verification-eu-west-1", + }: endpoint{ + Hostname: "verification.signer.eu-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-1", + }, + }, + endpointKey{ + Region: "verification-eu-west-2", + }: endpoint{ + Hostname: "verification.signer.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, + endpointKey{ + Region: "verification-eu-west-3", + }: endpoint{ + Hostname: "verification.signer.eu-west-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-3", + }, + }, + endpointKey{ + Region: "verification-me-south-1", + }: endpoint{ + Hostname: "verification.signer.me-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-south-1", + }, + }, + endpointKey{ + Region: "verification-sa-east-1", + }: endpoint{ + Hostname: "verification.signer.sa-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "sa-east-1", + }, + }, + endpointKey{ + Region: "verification-us-east-1", + }: endpoint{ + Hostname: "verification.signer.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "verification-us-east-2", + }: endpoint{ + Hostname: "verification.signer.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + }, + endpointKey{ + Region: "verification-us-west-1", + }: endpoint{ + Hostname: "verification.signer.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + }, + endpointKey{ + Region: "verification-us-west-2", + }: endpoint{ + Hostname: "verification.signer.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, }, }, "simspaceweaver": service{ @@ -29869,6 +30540,31 @@ var awsPartition = partition{ }, }, }, + "thinclient": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "tnb": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32504,6 +33200,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -34100,6 +34799,31 @@ var awscnPartition = partition{ }, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "qbusiness.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "qbusiness.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34140,6 +34864,13 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "redshift-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -34352,9 +35083,17 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{}, }, }, "securityhub": service{ @@ -34441,6 +35180,22 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "verification-cn-north-1", + }: endpoint{ + Hostname: "verification.signer.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "verification-cn-northwest-1", + }: endpoint{ + Hostname: "verification.signer.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, }, }, "sms": service{ @@ -35504,6 +36259,16 @@ var awsusgovPartition = partition{ }, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36624,6 +37389,46 @@ var awsusgovPartition = partition{ }, }, }, + "drs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "ds": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37668,7 +38473,21 @@ var awsusgovPartition = partition{ }, }, "health": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + SSLCommonName: "health.us-gov-west-1.amazonaws.com", + Protocols: []string{"https"}, + }, + }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "aws-us-gov-global", + }: endpoint{ + Hostname: "global.health.us-gov.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, endpointKey{ Region: "fips-us-gov-west-1", }: endpoint{ @@ -39154,6 +39973,31 @@ var awsusgovPartition = partition{ }, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-west-1.api.aws", + }, + }, + }, "quicksight": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -39885,17 +40729,33 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, }, }, "secretsmanager": service{ @@ -39903,37 +40763,43 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-east-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-east-1", - }, + Deprecated: boxedTrue, }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, - }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - }, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{}, endpointKey{ Region: "us-gov-west-1-fips", }: endpoint{ - Hostname: "secretsmanager-fips.us-gov-west-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-gov-west-1", - }, + Deprecated: boxedTrue, }, }, @@ -40232,20 +41098,40 @@ var awsusgovPartition = partition{ "simspaceweaver": service{ Endpoints: serviceEndpoints{ endpointKey{ - Region: "us-gov-east-1", + Region: "fips-us-gov-east-1", }: endpoint{ Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-east-1", }, + Deprecated: boxedTrue, }, endpointKey{ - Region: "us-gov-west-1", + Region: "fips-us-gov-west-1", }: endpoint{ Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", CredentialScope: credentialScope{ Region: "us-gov-west-1", }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", }, }, }, @@ -41417,6 +42303,28 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -41539,6 +42447,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "ec2": service{ @@ -41930,22 +42841,136 @@ var awsisoPartition = partition{ }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-iso-east-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-iso-west-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "redshift-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-iso-east-1.c2s.ic.gov", + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-iso-west-1.c2s.ic.gov", + }, }, }, "resource-groups": service{ @@ -42665,16 +43690,73 @@ var awsisobPartition = partition{ }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-isob-east-1", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "resource-groups": service{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 423e11d67..ce20301dc 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.47.12" +const SDKVersion = "1.48.16" diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go index c743913c5..04f6c811b 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go @@ -56,9 +56,10 @@ func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Requ // CreateToken API operation for AWS SSO OIDC. // -// Creates and returns an access token for the authorized client. The access -// token issued will be used to fetch short-term credentials for the assigned -// roles in the AWS account. +// Creates and returns access and refresh tokens for clients that are authenticated +// using client secrets. The access token can be used to fetch short-term credentials +// for the assigned AWS accounts or to access application APIs using bearer +// authentication. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -133,6 +134,131 @@ func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInpu return out, req.Send() } +const opCreateTokenWithIAM = "CreateTokenWithIAM" + +// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the +// client's request for the CreateTokenWithIAM operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenWithIAMRequest method. +// req, resp := client.CreateTokenWithIAMRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) { + op := &request.Operation{ + Name: opCreateTokenWithIAM, + HTTPMethod: "POST", + HTTPPath: "/token?aws_iam=t", + } + + if input == nil { + input = &CreateTokenWithIAMInput{} + } + + output = &CreateTokenWithIAMOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTokenWithIAM API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients and applications +// that are authenticated using IAM entities. The access token can be used to +// fetch short-term credentials for the assigned AWS accounts or to access application +// APIs using bearer authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateTokenWithIAM for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// - InvalidRequestRegionException +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + return out, req.Send() +} + +// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTokenWithIAM for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRegisterClient = "RegisterClient" // RegisterClientRequest generates a "aws/request.Request" representing the @@ -331,8 +457,11 @@ type AccessDeniedException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be access_denied. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -400,8 +529,11 @@ type AuthorizationPendingException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be authorization_pending. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -466,8 +598,8 @@ func (s *AuthorizationPendingException) RequestID() string { type CreateTokenInput struct { _ struct{} `type:"structure"` - // The unique identifier string for each client. This value should come from - // the persisted result of the RegisterClient API. + // The unique identifier string for the client or application. This value comes + // from the result of the RegisterClient API. // // ClientId is a required field ClientId *string `locationName:"clientId" type:"string" required:"true"` @@ -475,23 +607,30 @@ type CreateTokenInput struct { // A secret string generated for the client. This value should come from the // persisted result of the RegisterClient API. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` - // The authorization code received from the authorization service. This parameter - // is required to perform an authorization grant request to get access to a - // token. + // Used only when calling this API for the Authorization Code grant type. The + // short-term code is used to identify this authorization request. This grant + // type is currently unsupported for the CreateToken API. Code *string `locationName:"code" type:"string"` - // Used only when calling this API for the device code grant type. This short-term - // code is used to identify this authentication attempt. This should come from - // an in-memory reference to the result of the StartDeviceAuthorization API. + // Used only when calling this API for the Device Code grant type. This short-term + // code is used to identify this authorization request. This comes from the + // result of the StartDeviceAuthorization API. DeviceCode *string `locationName:"deviceCode" type:"string"` - // Supports grant types for the authorization code, refresh token, and device - // code request. For device code requests, specify the following value: + // Supports the following OAuth grant types: Device Code and Refresh Token. + // Specify either of the following values, depending on the grant type that + // you want: // - // urn:ietf:params:oauth:grant-type:device_code + // * Device Code - urn:ietf:params:oauth:grant-type:device_code + // + // * Refresh Token - refresh_token // // For information about how to obtain the device code, see the StartDeviceAuthorization // topic. @@ -499,21 +638,28 @@ type CreateTokenInput struct { // GrantType is a required field GrantType *string `locationName:"grantType" type:"string" required:"true"` - // The location of the application that will receive the authorization code. - // Users authorize the service to send the request to this location. + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. RedirectUri *string `locationName:"redirectUri" type:"string"` - // Currently, refreshToken is not yet implemented and is not supported. For - // more information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. // - // The token used to obtain an access token in the event that the access token - // is invalid or expired. - RefreshToken *string `locationName:"refreshToken" type:"string"` + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` - // The list of scopes that is defined by the client. Upon authorization, this - // list is used to restrict permissions when granting an access token. + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If this value is + // not specified, IAM Identity Center authorizes all scopes that are configured + // for the client during the call to RegisterClient. Scope []*string `locationName:"scope" type:"list"` } @@ -605,31 +751,43 @@ func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput { type CreateTokenOutput struct { _ struct{} `type:"structure"` - // An opaque token to access IAM Identity Center resources assigned to a user. - AccessToken *string `locationName:"accessToken" type:"string"` + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` // Indicates the time in seconds when an access token will expire. ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` - // Currently, idToken is not yet implemented and is not supported. For more - // information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // The idToken is not implemented or supported. For more information about the + // features and limitations of the current IAM Identity Center OIDC implementation, + // see Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). // - // The identifier of the user that associated with the access token, if present. - IdToken *string `locationName:"idToken" type:"string"` + // A JSON Web Token (JWT) that identifies who is associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` - // Currently, refreshToken is not yet implemented and is not supported. For - // more information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). - // // A token that, if present, can be used to refresh a previously issued access // token that might have expired. - RefreshToken *string `locationName:"refreshToken" type:"string"` + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` // Used to notify the client that the returned token is an access token. The - // supported type is BearerToken. + // supported token type is Bearer. TokenType *string `locationName:"tokenType" type:"string"` } @@ -681,14 +839,312 @@ func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput { return s } +type CreateTokenWithIAMInput struct { + _ struct{} `type:"structure"` + + // Used only when calling this API for the JWT Bearer grant type. This value + // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize + // a trusted token issuer, configure the JWT Bearer GrantOptions for the application. + // + // Assertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + Assertion *string `locationName:"assertion" type:"string" sensitive:"true"` + + // The unique identifier string for the client or application. This value is + // an application ARN that has OAuth grants configured. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // short-term code is used to identify this authorization request. The code + // is obtained through a redirect from IAM Identity Center to a redirect URI + // persisted in the Authorization Code GrantOptions for the application. + Code *string `locationName:"code" type:"string"` + + // Supports the following OAuth grant types: Authorization Code, Refresh Token, + // JWT Bearer, and Token Exchange. Specify one of the following values, depending + // on the grant type that you want: + // + // * Authorization Code - authorization_code + // + // * Refresh Token - refresh_token + // + // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer + // + // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that the requester can receive. The following + // values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + RequestedTokenType *string `locationName:"requestedTokenType" type:"string"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If the value is + // not specified, IAM Identity Center authorizes all scopes configured for the + // application, including the following default scopes: openid, aws, sts:identity_context. + Scope []*string `locationName:"scope" type:"list"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the subject of the exchange. The value of the subject token must + // be an access token issued by IAM Identity Center to a different client or + // application. The access token must have authorized scopes that indicate the + // requested application as a target audience. + // + // SubjectToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that is passed as the subject of the exchange. + // The following value is supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + SubjectTokenType *string `locationName:"subjectTokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenWithIAMInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssertion sets the Assertion field's value. +func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput { + s.Assertion = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput { + s.ClientId = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput { + s.Code = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput { + s.RefreshToken = &v + return s +} + +// SetRequestedTokenType sets the RequestedTokenType field's value. +func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput { + s.RequestedTokenType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput { + s.Scope = v + return s +} + +// SetSubjectToken sets the SubjectToken field's value. +func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput { + s.SubjectToken = &v + return s +} + +// SetSubjectTokenType sets the SubjectTokenType field's value. +func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput { + s.SubjectTokenType = &v + return s +} + +type CreateTokenWithIAMOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // A JSON Web Token (JWT) that identifies the user associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // Indicates the type of tokens that are issued by IAM Identity Center. The + // following values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + IssuedTokenType *string `locationName:"issuedTokenType" type:"string"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is granted. The access token that + // is issued is limited to the scopes that are granted. + Scope []*string `locationName:"scope" type:"list"` + + // Used to notify the requester that the returned token is an access token. + // The supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput { + s.IdToken = &v + return s +} + +// SetIssuedTokenType sets the IssuedTokenType field's value. +func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput { + s.IssuedTokenType = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput { + s.Scope = v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput { + s.TokenType = &v + return s +} + // Indicates that the token issued by the service is expired and is no longer // valid. type ExpiredTokenException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be expired_token. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -756,8 +1212,11 @@ type InternalServerException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be server_error. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -826,8 +1285,11 @@ type InvalidClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_client. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -895,8 +1357,11 @@ type InvalidClientMetadataException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_client_metadata. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -964,8 +1429,11 @@ type InvalidGrantException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_grant. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1033,8 +1501,11 @@ type InvalidRequestException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_request. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1096,13 +1567,95 @@ func (s *InvalidRequestException) RequestID() string { return s.RespMetadata.RequestID } +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +type InvalidRequestRegionException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Indicates the IAM Identity Center endpoint which the requester may call with + // this token. + Endpoint *string `locationName:"endpoint" type:"string"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` + + // Indicates the region which the requester may call with this token. + Region *string `locationName:"region" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error { + return &InvalidRequestRegionException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestRegionException) Code() string { + return "InvalidRequestRegionException" +} + +// Message returns the exception's message. +func (s *InvalidRequestRegionException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestRegionException) OrigErr() error { + return nil +} + +func (s *InvalidRequestRegionException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestRegionException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestRegionException) RequestID() string { + return s.RespMetadata.RequestID +} + // Indicates that the scope provided in the request is invalid. type InvalidScopeException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_scope. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1238,7 +1791,7 @@ func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput { type RegisterClientOutput struct { _ struct{} `type:"structure"` - // The endpoint where the client can request authorization. + // An endpoint that the client can use to request authorization. AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` // The unique identifier string for each client. This client uses this identifier @@ -1250,12 +1803,16 @@ type RegisterClientOutput struct { // A secret string generated for the client. The client will use this string // to get authenticated by the service in subsequent calls. - ClientSecret *string `locationName:"clientSecret" type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RegisterClientOutput's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` // Indicates the time at which the clientId and clientSecret will become invalid. ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` - // The endpoint where the client can get an access token. + // An endpoint that the client can use to create tokens. TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` } @@ -1319,8 +1876,11 @@ type SlowDownException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be slow_down. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1395,11 +1955,15 @@ type StartDeviceAuthorizationInput struct { // A secret string that is generated for the client. This value should come // from the persisted result of the RegisterClient API operation. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` - // The URL for the AWS access portal. For more information, see Using the AWS - // access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) + // The URL for the Amazon Web Services access portal. For more information, + // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) // in the IAM Identity Center User Guide. // // StartUrl is a required field @@ -1550,8 +2114,11 @@ type UnauthorizedClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be unauthorized_client. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1618,8 +2185,11 @@ type UnsupportedGrantTypeException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be unsupported_grant_type. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go index 8b5ee6019..083568c61 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go @@ -3,15 +3,13 @@ // Package ssooidc provides the client and types for making API // requests to AWS SSO OIDC. // -// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect -// (OIDC) is a web service that enables a client (such as AWS CLI or a native -// application) to register with IAM Identity Center. The service also enables -// the client to fetch the user’s access token upon successful authentication -// and authorization with IAM Identity Center. +// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a +// client (such as CLI or a native application) to register with IAM Identity +// Center. The service also enables the client to fetch the user’s access +// token upon successful authentication and authorization with IAM Identity +// Center. // -// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces -// will continue to retain their original name for backward compatibility purposes. -// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed). +// IAM Identity Center uses the sso and identitystore API namespaces. // // # Considerations for Using This Guide // @@ -22,21 +20,24 @@ // - The IAM Identity Center OIDC service currently implements only the portions // of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 // (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single -// sign-on authentication with the AWS CLI. Support for other OIDC flows -// frequently needed for native applications, such as Authorization Code -// Flow (+ PKCE), will be addressed in future releases. +// sign-on authentication with the CLI. // -// - The service emits only OIDC access tokens, such that obtaining a new -// token (For example, token refresh) requires explicit user re-authentication. +// - With older versions of the CLI, the service only emits OIDC access tokens, +// so to obtain a new token, users must explicitly re-authenticate. To access +// the OIDC flow that supports token refresh and doesn’t require re-authentication, +// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI +// V2) with support for OIDC token refresh and configurable IAM Identity +// Center session durations. For more information, see Configure Amazon Web +// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html). // -// - The access tokens provided by this service grant access to all AWS account -// entitlements assigned to an IAM Identity Center user, not just a particular -// application. +// - The access tokens provided by this service grant access to all Amazon +// Web Services account entitlements assigned to an IAM Identity Center user, +// not just a particular application. // // - The documentation in this guide does not describe the mechanism to convert -// the access token into AWS Auth (“sigv4”) credentials for use with -// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials -// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) +// the access token into Amazon Web Services Auth (“sigv4”) credentials +// for use with IAM-protected Amazon Web Services service endpoints. For +// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) // in the IAM Identity Center Portal API Reference Guide. // // For general information about IAM Identity Center, see What is IAM Identity diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go index 698377012..e6242e492 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go @@ -64,6 +64,13 @@ const ( // a required parameter might be missing or out of range. ErrCodeInvalidRequestException = "InvalidRequestException" + // ErrCodeInvalidRequestRegionException for service response error code + // "InvalidRequestRegionException". + // + // Indicates that a token provided as input to the request was issued by and + // is only usable by calling IAM Identity Center endpoints in another region. + ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException" + // ErrCodeInvalidScopeException for service response error code // "InvalidScopeException". // @@ -100,6 +107,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "InvalidClientMetadataException": newErrorInvalidClientMetadataException, "InvalidGrantException": newErrorInvalidGrantException, "InvalidRequestException": newErrorInvalidRequestException, + "InvalidRequestRegionException": newErrorInvalidRequestRegionException, "InvalidScopeException": newErrorInvalidScopeException, "SlowDownException": newErrorSlowDownException, "UnauthorizedClientException": newErrorUnauthorizedClientException, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go index 969f33c37..782bae369 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go @@ -51,7 +51,7 @@ const ( func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC { c := p.ClientConfig(EndpointsID, cfgs...) if c.SigningNameDerived || len(c.SigningName) == 0 { - c.SigningName = "awsssooidc" + c.SigningName = "sso-oauth" } return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 11af63b4d..2c395f5f6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -1460,7 +1460,15 @@ type AssumeRoleInput struct { // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` - // Reserved for future use. + // A list of previously acquired trusted context assertions in the format of + // a JSON array. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + // + // The following is an example of a ProvidedContext value that includes a single + // trusted context assertion and the ARN of the context provider from which + // the trusted context assertion was generated. + // + // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}] ProvidedContexts []*ProvidedContext `type:"list"` // The Amazon Resource Name (ARN) of the role to assume. @@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { return s } -// Reserved for future use. +// Contains information about the provided context. This includes the signed +// and encrypted trusted context assertion and the context provider ARN from +// which the trusted context assertion was generated. type ProvidedContext struct { _ struct{} `type:"structure"` - // Reserved for future use. + // The signed and encrypted trusted context assertion generated by the context + // provider. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. ContextAssertion *string `min:"4" type:"string"` - // Reserved for future use. + // The context provider ARN from which the trusted context assertion was generated. ProviderArn *string `min:"20" type:"string"` } diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md index e6afaccfc..46b115083 100644 --- a/vendor/github.com/aws/smithy-go/CHANGELOG.md +++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md @@ -1,3 +1,19 @@ +# Release (2023-12-07) + +## Module Highlights +* `github.com/aws/smithy-go`: v1.19.0 + * **Feature**: Support modeled request compression. + +# Release (2023-11-30) + +* No change notes available for this release. + +# Release (2023-11-29) + +## Module Highlights +* `github.com/aws/smithy-go`: v1.18.0 + * **Feature**: Expose Options() method on generated service clients. + # Release (2023-11-15) ## Module Highlights diff --git a/vendor/github.com/aws/smithy-go/container/private/cache/cache.go b/vendor/github.com/aws/smithy-go/container/private/cache/cache.go new file mode 100644 index 000000000..69af87751 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/container/private/cache/cache.go @@ -0,0 +1,19 @@ +// Package cache defines the interface for a key-based data store. +// +// This package is designated as private and is intended for use only by the +// smithy client runtime. The exported API therein is not considered stable and +// is subject to breaking changes without notice. +package cache + +// Cache defines the interface for an opaquely-typed, key-based data store. +// +// The thread-safety of this interface is undefined and is dictated by +// implementations. +type Cache interface { + // Retrieve the value associated with the given key. The returned boolean + // indicates whether the cache held a value for the given key. + Get(k interface{}) (interface{}, bool) + + // Store a value under the given key. + Put(k interface{}, v interface{}) +} diff --git a/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go b/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go new file mode 100644 index 000000000..02ecb0a32 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go @@ -0,0 +1,63 @@ +// Package lru implements [cache.Cache] with an LRU eviction policy. +// +// This implementation is NOT thread-safe. +// +// This package is designated as private and is intended for use only by the +// smithy client runtime. The exported API therein is not considered stable and +// is subject to breaking changes without notice. +package lru + +import ( + "container/list" + + "github.com/aws/smithy-go/container/private/cache" +) + +// New creates a new LRU cache with the given capacity. +func New(cap int) cache.Cache { + return &lru{ + entries: make(map[interface{}]*list.Element, cap), + cap: cap, + mru: list.New(), + } +} + +type lru struct { + entries map[interface{}]*list.Element + cap int + + mru *list.List // least-recently used is at the back +} + +type element struct { + key interface{} + value interface{} +} + +func (l *lru) Get(k interface{}) (interface{}, bool) { + e, ok := l.entries[k] + if !ok { + return nil, false + } + + l.mru.MoveToFront(e) + return e.Value.(*element).value, true +} + +func (l *lru) Put(k interface{}, v interface{}) { + if len(l.entries) == l.cap { + l.evict() + } + + ev := &element{ + key: k, + value: v, + } + e := l.mru.PushFront(ev) + l.entries[k] = e +} + +func (l *lru) evict() { + e := l.mru.Remove(l.mru.Back()) + delete(l.entries, e.(*element).key) +} diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go index 8e230783e..5cf4a7b02 100644 --- a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/strings.go @@ -1,6 +1,5 @@ package rulesfn - // Substring returns the substring of the input provided. If the start or stop // indexes are not valid for the input nil will be returned. If errors occur // they will be added to the provided [ErrorCollector]. diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go index 184aaae1c..cd6f7fa45 100644 --- a/vendor/github.com/aws/smithy-go/go_module_metadata.go +++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go @@ -3,4 +3,4 @@ package smithy // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.17.0" +const goModuleVersion = "1.19.0" diff --git a/vendor/github.com/aws/smithy-go/private/requestcompression/gzip.go b/vendor/github.com/aws/smithy-go/private/requestcompression/gzip.go new file mode 100644 index 000000000..004d78f21 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/private/requestcompression/gzip.go @@ -0,0 +1,30 @@ +package requestcompression + +import ( + "bytes" + "compress/gzip" + "fmt" + "io" +) + +func gzipCompress(input io.Reader) ([]byte, error) { + var b bytes.Buffer + w, err := gzip.NewWriterLevel(&b, gzip.DefaultCompression) + if err != nil { + return nil, fmt.Errorf("failed to create gzip writer, %v", err) + } + + inBytes, err := io.ReadAll(input) + if err != nil { + return nil, fmt.Errorf("failed read payload to compress, %v", err) + } + + if _, err = w.Write(inBytes); err != nil { + return nil, fmt.Errorf("failed to write payload to be compressed, %v", err) + } + if err = w.Close(); err != nil { + return nil, fmt.Errorf("failed to flush payload being compressed, %v", err) + } + + return b.Bytes(), nil +} diff --git a/vendor/github.com/aws/smithy-go/private/requestcompression/middleware_capture_request_compression.go b/vendor/github.com/aws/smithy-go/private/requestcompression/middleware_capture_request_compression.go new file mode 100644 index 000000000..06c16afc1 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/private/requestcompression/middleware_capture_request_compression.go @@ -0,0 +1,52 @@ +package requestcompression + +import ( + "bytes" + "context" + "fmt" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" + "io" + "net/http" +) + +const captureUncompressedRequestID = "CaptureUncompressedRequest" + +// AddCaptureUncompressedRequestMiddleware captures http request before compress encoding for check +func AddCaptureUncompressedRequestMiddleware(stack *middleware.Stack, buf *bytes.Buffer) error { + return stack.Serialize.Insert(&captureUncompressedRequestMiddleware{ + buf: buf, + }, "RequestCompression", middleware.Before) +} + +type captureUncompressedRequestMiddleware struct { + req *http.Request + buf *bytes.Buffer + bytes []byte +} + +// ID returns id of the captureUncompressedRequestMiddleware +func (*captureUncompressedRequestMiddleware) ID() string { + return captureUncompressedRequestID +} + +// HandleSerialize captures request payload before it is compressed by request compression middleware +func (m *captureUncompressedRequestMiddleware) HandleSerialize(ctx context.Context, input middleware.SerializeInput, next middleware.SerializeHandler, +) ( + output middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := input.Request.(*smithyhttp.Request) + if !ok { + return output, metadata, fmt.Errorf("error when retrieving http request") + } + + _, err = io.Copy(m.buf, request.GetStream()) + if err != nil { + return output, metadata, fmt.Errorf("error when copying http request stream: %q", err) + } + if err = request.RewindStream(); err != nil { + return output, metadata, fmt.Errorf("error when rewinding request stream: %q", err) + } + + return next.HandleSerialize(ctx, input) +} diff --git a/vendor/github.com/aws/smithy-go/private/requestcompression/request_compression.go b/vendor/github.com/aws/smithy-go/private/requestcompression/request_compression.go new file mode 100644 index 000000000..7c4147603 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/private/requestcompression/request_compression.go @@ -0,0 +1,103 @@ +// Package requestcompression implements runtime support for smithy-modeled +// request compression. +// +// This package is designated as private and is intended for use only by the +// smithy client runtime. The exported API therein is not considered stable and +// is subject to breaking changes without notice. +package requestcompression + +import ( + "bytes" + "context" + "fmt" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/transport/http" + "io" +) + +const MaxRequestMinCompressSizeBytes = 10485760 + +// Enumeration values for supported compress Algorithms. +const ( + GZIP = "gzip" +) + +type compressFunc func(io.Reader) ([]byte, error) + +var allowedAlgorithms = map[string]compressFunc{ + GZIP: gzipCompress, +} + +// AddRequestCompression add requestCompression middleware to op stack +func AddRequestCompression(stack *middleware.Stack, disabled bool, minBytes int64, algorithms []string) error { + return stack.Serialize.Add(&requestCompression{ + disableRequestCompression: disabled, + requestMinCompressSizeBytes: minBytes, + compressAlgorithms: algorithms, + }, middleware.After) +} + +type requestCompression struct { + disableRequestCompression bool + requestMinCompressSizeBytes int64 + compressAlgorithms []string +} + +// ID returns the ID of the middleware +func (m requestCompression) ID() string { + return "RequestCompression" +} + +// HandleSerialize gzip compress the request's stream/body if enabled by config fields +func (m requestCompression) HandleSerialize( + ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler, +) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + if m.disableRequestCompression { + return next.HandleSerialize(ctx, in) + } + // still need to check requestMinCompressSizeBytes in case it is out of range after service client config + if m.requestMinCompressSizeBytes < 0 || m.requestMinCompressSizeBytes > MaxRequestMinCompressSizeBytes { + return out, metadata, fmt.Errorf("invalid range for min request compression size bytes %d, must be within 0 and 10485760 inclusively", m.requestMinCompressSizeBytes) + } + + req, ok := in.Request.(*http.Request) + if !ok { + return out, metadata, fmt.Errorf("unknown request type %T", req) + } + + for _, algorithm := range m.compressAlgorithms { + compressFunc := allowedAlgorithms[algorithm] + if compressFunc != nil { + if stream := req.GetStream(); stream != nil { + size, found, err := req.StreamLength() + if err != nil { + return out, metadata, fmt.Errorf("error while finding request stream length, %v", err) + } else if !found || size < m.requestMinCompressSizeBytes { + return next.HandleSerialize(ctx, in) + } + + compressedBytes, err := compressFunc(stream) + if err != nil { + return out, metadata, fmt.Errorf("failed to compress request stream, %v", err) + } + + var newReq *http.Request + if newReq, err = req.SetStream(bytes.NewReader(compressedBytes)); err != nil { + return out, metadata, fmt.Errorf("failed to set request stream, %v", err) + } + *req = *newReq + + if val := req.Header.Get("Content-Encoding"); val != "" { + req.Header.Set("Content-Encoding", fmt.Sprintf("%s, %s", val, algorithm)) + } else { + req.Header.Set("Content-Encoding", algorithm) + } + } + break + } + } + + return next.HandleSerialize(ctx, in) +} diff --git a/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md b/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md index 6ad1c22bb..ff9c57e1d 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md +++ b/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md @@ -17,7 +17,7 @@ and corresponding updates for existing programs. ## Parsing and Validation Options -Under the hood, a new `validator` struct takes care of validating the claims. A +Under the hood, a new `Validator` struct takes care of validating the claims. A long awaited feature has been the option to fine-tune the validation of tokens. This is now possible with several `ParserOption` functions that can be appended to most `Parse` functions, such as `ParseWithClaims`. The most important options @@ -68,6 +68,16 @@ type Claims interface { } ``` +Users that previously directly called the `Valid` function on their claims, +e.g., to perform validation independently of parsing/verifying a token, can now +use the `jwt.NewValidator` function to create a `Validator` independently of the +`Parser`. + +```go +var v = jwt.NewValidator(jwt.WithLeeway(5*time.Second)) +v.Validate(myClaims) +``` + ### Supported Claim Types and Removal of `StandardClaims` The two standard claim types supported by this library, `MapClaims` and @@ -169,7 +179,7 @@ be a drop-in replacement, if you're having troubles migrating, please open an issue. You can replace all occurrences of `github.com/dgrijalva/jwt-go` or -`github.com/golang-jwt/jwt` with `github.com/golang-jwt/jwt/v5`, either manually +`github.com/golang-jwt/jwt` with `github.com/golang-jwt/jwt/v4`, either manually or by using tools such as `sed` or `gofmt`. And then you'd typically run: diff --git a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go index 4ccae2a85..ca85659ba 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go +++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go @@ -62,7 +62,7 @@ func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interf case *ecdsa.PublicKey: ecdsaKey = k default: - return ErrInvalidKeyType + return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType) } if len(sig) != 2*m.KeySize { @@ -96,7 +96,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte case *ecdsa.PrivateKey: ecdsaKey = k default: - return nil, ErrInvalidKeyType + return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/vendor/github.com/golang-jwt/jwt/v5/ed25519.go b/vendor/github.com/golang-jwt/jwt/v5/ed25519.go index eb6bdf01d..c2138119e 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/ed25519.go +++ b/vendor/github.com/golang-jwt/jwt/v5/ed25519.go @@ -38,7 +38,7 @@ func (m *SigningMethodEd25519) Verify(signingString string, sig []byte, key inte var ok bool if ed25519Key, ok = key.(ed25519.PublicKey); !ok { - return ErrInvalidKeyType + return newError("Ed25519 verify expects ed25519.PublicKey", ErrInvalidKeyType) } if len(ed25519Key) != ed25519.PublicKeySize { @@ -60,7 +60,7 @@ func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) ([]by var ok bool if ed25519Key, ok = key.(crypto.Signer); !ok { - return nil, ErrInvalidKeyType + return nil, newError("Ed25519 sign expects crypto.Signer", ErrInvalidKeyType) } if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { diff --git a/vendor/github.com/golang-jwt/jwt/v5/hmac.go b/vendor/github.com/golang-jwt/jwt/v5/hmac.go index 91b688ba9..96c62722d 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/hmac.go +++ b/vendor/github.com/golang-jwt/jwt/v5/hmac.go @@ -59,7 +59,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa // Verify the key is the right type keyBytes, ok := key.([]byte) if !ok { - return ErrInvalidKeyType + return newError("HMAC verify expects []byte", ErrInvalidKeyType) } // Can we use the specified hashing method? @@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) { if keyBytes, ok := key.([]byte); ok { if !m.Hash.Available() { - return nil, ErrHashUnavailable + return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType) } hasher := hmac.New(m.Hash.New, keyBytes) diff --git a/vendor/github.com/golang-jwt/jwt/v5/parser.go b/vendor/github.com/golang-jwt/jwt/v5/parser.go index 1ed2e4e4d..ecf99af78 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/parser.go +++ b/vendor/github.com/golang-jwt/jwt/v5/parser.go @@ -18,7 +18,7 @@ type Parser struct { // Skip claims validation during token parsing. skipClaimsValidation bool - validator *validator + validator *Validator decodeStrict bool @@ -28,7 +28,7 @@ type Parser struct { // NewParser creates a new Parser with the specified options func NewParser(options ...ParserOption) *Parser { p := &Parser{ - validator: &validator{}, + validator: &Validator{}, } // Loop through our parsing options and apply them @@ -115,7 +115,7 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf if !p.skipClaimsValidation { // Make sure we have at least a default validator if p.validator == nil { - p.validator = newValidator() + p.validator = NewValidator() } if err := p.validator.Validate(claims); err != nil { diff --git a/vendor/github.com/golang-jwt/jwt/v5/rsa.go b/vendor/github.com/golang-jwt/jwt/v5/rsa.go index daff09431..83cbee6ae 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/rsa.go +++ b/vendor/github.com/golang-jwt/jwt/v5/rsa.go @@ -51,7 +51,7 @@ func (m *SigningMethodRSA) Verify(signingString string, sig []byte, key interfac var ok bool if rsaKey, ok = key.(*rsa.PublicKey); !ok { - return ErrInvalidKeyType + return newError("RSA verify expects *rsa.PublicKey", ErrInvalidKeyType) } // Create hasher @@ -73,7 +73,7 @@ func (m *SigningMethodRSA) Sign(signingString string, key interface{}) ([]byte, // Validate type of key if rsaKey, ok = key.(*rsa.PrivateKey); !ok { - return nil, ErrInvalidKey + return nil, newError("RSA sign expects *rsa.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go index 9599f0a46..28c386ec4 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go +++ b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go @@ -88,7 +88,7 @@ func (m *SigningMethodRSAPSS) Verify(signingString string, sig []byte, key inter case *rsa.PublicKey: rsaKey = k default: - return ErrInvalidKey + return newError("RSA-PSS verify expects *rsa.PublicKey", ErrInvalidKeyType) } // Create hasher @@ -115,7 +115,7 @@ func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) ([]byt case *rsa.PrivateKey: rsaKey = k default: - return nil, ErrInvalidKeyType + return nil, newError("RSA-PSS sign expects *rsa.PrivateKey", ErrInvalidKeyType) } // Create the hasher diff --git a/vendor/github.com/golang-jwt/jwt/v5/validator.go b/vendor/github.com/golang-jwt/jwt/v5/validator.go index 3082c8c7e..008ecd871 100644 --- a/vendor/github.com/golang-jwt/jwt/v5/validator.go +++ b/vendor/github.com/golang-jwt/jwt/v5/validator.go @@ -28,13 +28,12 @@ type ClaimsValidator interface { Validate() error } -// validator is the core of the new Validation API. It is automatically used by +// Validator is the core of the new Validation API. It is automatically used by // a [Parser] during parsing and can be modified with various parser options. // -// Note: This struct is intentionally not exported (yet) as we want to -// internally finalize its API. In the future, we might make it publicly -// available. -type validator struct { +// The [NewValidator] function should be used to create an instance of this +// struct. +type Validator struct { // leeway is an optional leeway that can be provided to account for clock skew. leeway time.Duration @@ -65,16 +64,28 @@ type validator struct { expectedSub string } -// newValidator can be used to create a stand-alone validator with the supplied +// NewValidator can be used to create a stand-alone validator with the supplied // options. This validator can then be used to validate already parsed claims. -func newValidator(opts ...ParserOption) *validator { +// +// Note: Under normal circumstances, explicitly creating a validator is not +// needed and can potentially be dangerous; instead functions of the [Parser] +// class should be used. +// +// The [Validator] is only checking the *validity* of the claims, such as its +// expiration time, but it does NOT perform *signature verification* of the +// token. +func NewValidator(opts ...ParserOption) *Validator { p := NewParser(opts...) return p.validator } // Validate validates the given claims. It will also perform any custom // validation if claims implements the [ClaimsValidator] interface. -func (v *validator) Validate(claims Claims) error { +// +// Note: It will NOT perform any *signature verification* on the token that +// contains the claims and expects that the [Claim] was already successfully +// verified. +func (v *Validator) Validate(claims Claims) error { var ( now time.Time errs []error = make([]error, 0, 6) @@ -153,7 +164,7 @@ func (v *validator) Validate(claims Claims) error { // // Additionally, if any error occurs while retrieving the claim, e.g., when its // the wrong type, an ErrTokenUnverifiable error will be returned. -func (v *validator) verifyExpiresAt(claims Claims, cmp time.Time, required bool) error { +func (v *Validator) verifyExpiresAt(claims Claims, cmp time.Time, required bool) error { exp, err := claims.GetExpirationTime() if err != nil { return err @@ -174,7 +185,7 @@ func (v *validator) verifyExpiresAt(claims Claims, cmp time.Time, required bool) // // Additionally, if any error occurs while retrieving the claim, e.g., when its // the wrong type, an ErrTokenUnverifiable error will be returned. -func (v *validator) verifyIssuedAt(claims Claims, cmp time.Time, required bool) error { +func (v *Validator) verifyIssuedAt(claims Claims, cmp time.Time, required bool) error { iat, err := claims.GetIssuedAt() if err != nil { return err @@ -195,7 +206,7 @@ func (v *validator) verifyIssuedAt(claims Claims, cmp time.Time, required bool) // // Additionally, if any error occurs while retrieving the claim, e.g., when its // the wrong type, an ErrTokenUnverifiable error will be returned. -func (v *validator) verifyNotBefore(claims Claims, cmp time.Time, required bool) error { +func (v *Validator) verifyNotBefore(claims Claims, cmp time.Time, required bool) error { nbf, err := claims.GetNotBefore() if err != nil { return err @@ -215,7 +226,7 @@ func (v *validator) verifyNotBefore(claims Claims, cmp time.Time, required bool) // // Additionally, if any error occurs while retrieving the claim, e.g., when its // the wrong type, an ErrTokenUnverifiable error will be returned. -func (v *validator) verifyAudience(claims Claims, cmp string, required bool) error { +func (v *Validator) verifyAudience(claims Claims, cmp string, required bool) error { aud, err := claims.GetAudience() if err != nil { return err @@ -251,7 +262,7 @@ func (v *validator) verifyAudience(claims Claims, cmp string, required bool) err // // Additionally, if any error occurs while retrieving the claim, e.g., when its // the wrong type, an ErrTokenUnverifiable error will be returned. -func (v *validator) verifyIssuer(claims Claims, cmp string, required bool) error { +func (v *Validator) verifyIssuer(claims Claims, cmp string, required bool) error { iss, err := claims.GetIssuer() if err != nil { return err @@ -271,7 +282,7 @@ func (v *validator) verifyIssuer(claims Claims, cmp string, required bool) error // // Additionally, if any error occurs while retrieving the claim, e.g., when its // the wrong type, an ErrTokenUnverifiable error will be returned. -func (v *validator) verifySubject(claims Claims, cmp string, required bool) error { +func (v *Validator) verifySubject(claims Claims, cmp string, required bool) error { sub, err := claims.GetSubject() if err != nil { return err diff --git a/vendor/github.com/klauspost/compress/gzhttp/transport.go b/vendor/github.com/klauspost/compress/gzhttp/transport.go index a199fbc6e..623aea2ed 100644 --- a/vendor/github.com/klauspost/compress/gzhttp/transport.go +++ b/vendor/github.com/klauspost/compress/gzhttp/transport.go @@ -14,7 +14,7 @@ import ( "github.com/klauspost/compress/zstd" ) -// Transport will wrap a transport with a custom handler +// Transport will wrap an HTTP transport with a custom handler // that will request gzip and automatically decompress it. // Using this is significantly faster than using the default transport. func Transport(parent http.RoundTripper, opts ...transportOption) http.RoundTripper { @@ -51,10 +51,21 @@ func TransportEnableGzip(b bool) transportOption { } } +// TransportCustomEval will send the header of a response to a custom function. +// If the function returns false, the response will be returned as-is, +// Otherwise it will be decompressed based on Content-Encoding field, regardless +// of whether the transport added the encoding. +func TransportCustomEval(fn func(header http.Header) bool) transportOption { + return func(c *gzRoundtripper) { + c.customEval = fn + } +} + type gzRoundtripper struct { parent http.RoundTripper acceptEncoding string withZstd, withGzip bool + customEval func(header http.Header) bool } func (g *gzRoundtripper) RoundTrip(req *http.Request) (*http.Response, error) { @@ -82,16 +93,22 @@ func (g *gzRoundtripper) RoundTrip(req *http.Request) (*http.Response, error) { if err != nil || !requestedComp { return resp, err } - + decompress := false + if g.customEval != nil { + if !g.customEval(resp.Header) { + return resp, nil + } + decompress = true + } // Decompress - if g.withGzip && asciiEqualFold(resp.Header.Get("Content-Encoding"), "gzip") { + if (decompress || g.withGzip) && asciiEqualFold(resp.Header.Get("Content-Encoding"), "gzip") { resp.Body = &gzipReader{body: resp.Body} resp.Header.Del("Content-Encoding") resp.Header.Del("Content-Length") resp.ContentLength = -1 resp.Uncompressed = true } - if g.withZstd && asciiEqualFold(resp.Header.Get("Content-Encoding"), "zstd") { + if (decompress || g.withZstd) && asciiEqualFold(resp.Header.Get("Content-Encoding"), "zstd") { resp.Body = &zstdReader{body: resp.Body} resp.Header.Del("Content-Encoding") resp.Header.Del("Content-Length") diff --git a/vendor/github.com/klauspost/compress/gzhttp/writer/gzkp/gzkp.go b/vendor/github.com/klauspost/compress/gzhttp/writer/gzkp/gzkp.go index e31c46c4c..1930af12e 100644 --- a/vendor/github.com/klauspost/compress/gzhttp/writer/gzkp/gzkp.go +++ b/vendor/github.com/klauspost/compress/gzhttp/writer/gzkp/gzkp.go @@ -24,6 +24,12 @@ func init() { // poolIndex maps a compression level to its index into gzipWriterPools. It // assumes that level is a valid gzip compression level. func poolIndex(level int) int { + if level > gzip.BestCompression { + level = gzip.BestCompression + } + if level < gzip.StatelessCompression { + level = gzip.BestSpeed + } return level - gzip.StatelessCompression } diff --git a/vendor/github.com/klauspost/compress/gzip/gunzip.go b/vendor/github.com/klauspost/compress/gzip/gunzip.go index dc2362a63..00a0a2c38 100644 --- a/vendor/github.com/klauspost/compress/gzip/gunzip.go +++ b/vendor/github.com/klauspost/compress/gzip/gunzip.go @@ -238,6 +238,11 @@ func (z *Reader) readHeader() (hdr Header, err error) { } } + // Reserved FLG bits must be zero. + if flg>>5 != 0 { + return hdr, ErrHeader + } + z.digest = 0 if z.decompressor == nil { z.decompressor = flate.NewReader(z.r) diff --git a/vendor/github.com/klauspost/compress/huff0/bytereader.go b/vendor/github.com/klauspost/compress/huff0/bytereader.go deleted file mode 100644 index 4dcab8d23..000000000 --- a/vendor/github.com/klauspost/compress/huff0/bytereader.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2018 Klaus Post. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. -// Based on work Copyright (c) 2013, Yann Collet, released under BSD License. - -package huff0 - -// byteReader provides a byte reader that reads -// little endian values from a byte stream. -// The input stream is manually advanced. -// The reader performs no bounds checks. -type byteReader struct { - b []byte - off int -} - -// init will initialize the reader and set the input. -func (b *byteReader) init(in []byte) { - b.b = in - b.off = 0 -} - -// Int32 returns a little endian int32 starting at current offset. -func (b byteReader) Int32() int32 { - v3 := int32(b.b[b.off+3]) - v2 := int32(b.b[b.off+2]) - v1 := int32(b.b[b.off+1]) - v0 := int32(b.b[b.off]) - return (v3 << 24) | (v2 << 16) | (v1 << 8) | v0 -} - -// Uint32 returns a little endian uint32 starting at current offset. -func (b byteReader) Uint32() uint32 { - v3 := uint32(b.b[b.off+3]) - v2 := uint32(b.b[b.off+2]) - v1 := uint32(b.b[b.off+1]) - v0 := uint32(b.b[b.off]) - return (v3 << 24) | (v2 << 16) | (v1 << 8) | v0 -} - -// remain will return the number of bytes remaining. -func (b byteReader) remain() int { - return len(b.b) - b.off -} diff --git a/vendor/github.com/klauspost/compress/huff0/compress.go b/vendor/github.com/klauspost/compress/huff0/compress.go index 518436cf3..84aa3d12f 100644 --- a/vendor/github.com/klauspost/compress/huff0/compress.go +++ b/vendor/github.com/klauspost/compress/huff0/compress.go @@ -350,6 +350,7 @@ func (s *Scratch) compress4Xp(src []byte) ([]byte, error) { // Does not update s.clearCount. func (s *Scratch) countSimple(in []byte) (max int, reuse bool) { reuse = true + _ = s.count // Assert that s != nil to speed up the following loop. for _, v := range in { s.count[v]++ } @@ -415,7 +416,7 @@ func (s *Scratch) validateTable(c cTable) bool { // minTableLog provides the minimum logSize to safely represent a distribution. func (s *Scratch) minTableLog() uint8 { - minBitsSrc := highBit32(uint32(s.br.remain())) + 1 + minBitsSrc := highBit32(uint32(s.srcLen)) + 1 minBitsSymbols := highBit32(uint32(s.symbolLen-1)) + 2 if minBitsSrc < minBitsSymbols { return uint8(minBitsSrc) @@ -427,7 +428,7 @@ func (s *Scratch) minTableLog() uint8 { func (s *Scratch) optimalTableLog() { tableLog := s.TableLog minBits := s.minTableLog() - maxBitsSrc := uint8(highBit32(uint32(s.br.remain()-1))) - 1 + maxBitsSrc := uint8(highBit32(uint32(s.srcLen-1))) - 1 if maxBitsSrc < tableLog { // Accuracy can be reduced tableLog = maxBitsSrc diff --git a/vendor/github.com/klauspost/compress/huff0/huff0.go b/vendor/github.com/klauspost/compress/huff0/huff0.go index e8ad17ad0..77ecd68e0 100644 --- a/vendor/github.com/klauspost/compress/huff0/huff0.go +++ b/vendor/github.com/klauspost/compress/huff0/huff0.go @@ -88,7 +88,7 @@ type Scratch struct { // Decoders will return ErrMaxDecodedSizeExceeded is this limit is exceeded. MaxDecodedSize int - br byteReader + srcLen int // MaxSymbolValue will override the maximum symbol value of the next block. MaxSymbolValue uint8 @@ -170,7 +170,7 @@ func (s *Scratch) prepare(in []byte) (*Scratch, error) { if s.fse == nil { s.fse = &fse.Scratch{} } - s.br.init(in) + s.srcLen = len(in) return s, nil } diff --git a/vendor/github.com/klauspost/compress/zstd/README.md b/vendor/github.com/klauspost/compress/zstd/README.md index bdd49c8b2..92e2347bb 100644 --- a/vendor/github.com/klauspost/compress/zstd/README.md +++ b/vendor/github.com/klauspost/compress/zstd/README.md @@ -259,7 +259,7 @@ nyc-taxi-data-10M.csv gzkp 1 3325605752 922273214 13929 227.68 ## Decompressor -Staus: STABLE - there may still be subtle bugs, but a wide variety of content has been tested. +Status: STABLE - there may still be subtle bugs, but a wide variety of content has been tested. This library is being continuously [fuzz-tested](https://github.com/klauspost/compress-fuzz), kindly supplied by [fuzzit.dev](https://fuzzit.dev/). diff --git a/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go b/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go index 221e9607c..3315d1922 100644 --- a/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go +++ b/vendor/github.com/prometheus/prometheus/tsdb/wlog/watcher.go @@ -65,7 +65,7 @@ type WriteTo interface { SeriesReset(int) } -// Used to notifier the watcher that data has been written so that it can read. +// Used to notify the watcher that data has been written so that it can read. type WriteNotified interface { Notify() } @@ -398,8 +398,16 @@ func (w *Watcher) watch(segmentNum int, tail bool) error { reader := NewLiveReader(w.logger, w.readerMetrics, segment) - readTicker := time.NewTicker(readTimeout) - defer readTicker.Stop() + size := int64(math.MaxInt64) + if !tail { + var err error + size, err = getSegmentSize(w.walDir, segmentNum) + if err != nil { + return errors.Wrap(err, "getSegmentSize") + } + + return w.readAndHandleError(reader, segmentNum, tail, size) + } checkpointTicker := time.NewTicker(checkpointPeriod) defer checkpointTicker.Stop() @@ -407,18 +415,8 @@ func (w *Watcher) watch(segmentNum int, tail bool) error { segmentTicker := time.NewTicker(segmentCheckPeriod) defer segmentTicker.Stop() - // If we're replaying the segment we need to know the size of the file to know - // when to return from watch and move on to the next segment. - size := int64(math.MaxInt64) - if !tail { - segmentTicker.Stop() - checkpointTicker.Stop() - var err error - size, err = getSegmentSize(w.walDir, segmentNum) - if err != nil { - return errors.Wrap(err, "getSegmentSize") - } - } + readTicker := time.NewTicker(readTimeout) + defer readTicker.Stop() gcSem := make(chan struct{}, 1) for { diff --git a/vendor/github.com/urfave/cli/v2/.gitignore b/vendor/github.com/urfave/cli/v2/.gitignore index d7d26b1fc..1ef91a60b 100644 --- a/vendor/github.com/urfave/cli/v2/.gitignore +++ b/vendor/github.com/urfave/cli/v2/.gitignore @@ -4,6 +4,7 @@ .*envrc .envrc .idea +# goimports is installed here if not available /.local/ /site/ coverage.txt diff --git a/vendor/github.com/urfave/cli/v2/app.go b/vendor/github.com/urfave/cli/v2/app.go index 19b76c9b6..f69a1939b 100644 --- a/vendor/github.com/urfave/cli/v2/app.go +++ b/vendor/github.com/urfave/cli/v2/app.go @@ -329,6 +329,9 @@ func (a *App) RunContext(ctx context.Context, arguments []string) (err error) { a.rootCommand = a.newRootCommand() cCtx.Command = a.rootCommand + if err := checkDuplicatedCmds(a.rootCommand); err != nil { + return err + } return a.rootCommand.Run(cCtx, arguments...) } @@ -455,30 +458,6 @@ func (a *App) handleExitCoder(cCtx *Context, err error) { } } -func (a *App) commandNames() []string { - var cmdNames []string - - for _, cmd := range a.Commands { - cmdNames = append(cmdNames, cmd.Names()...) - } - - return cmdNames -} - -func (a *App) validCommandName(checkCmdName string) bool { - valid := false - allCommandNames := a.commandNames() - - for _, cmdName := range allCommandNames { - if checkCmdName == cmdName { - valid = true - break - } - } - - return valid -} - func (a *App) argsWithDefaultCommand(oldArgs Args) Args { if a.DefaultCommand != "" { rawArgs := append([]string{a.DefaultCommand}, oldArgs.Slice()...) diff --git a/vendor/github.com/urfave/cli/v2/category.go b/vendor/github.com/urfave/cli/v2/category.go index ccc043c25..b1847eca1 100644 --- a/vendor/github.com/urfave/cli/v2/category.go +++ b/vendor/github.com/urfave/cli/v2/category.go @@ -111,7 +111,7 @@ func newFlagCategoriesFromFlags(fs []Flag) FlagCategories { } } - if categorized == true { + if categorized { for _, fl := range fs { if cf, ok := fl.(CategorizableFlag); ok { if cf.GetCategory() == "" { diff --git a/vendor/github.com/urfave/cli/v2/command.go b/vendor/github.com/urfave/cli/v2/command.go index 69a0fdf6d..c318da989 100644 --- a/vendor/github.com/urfave/cli/v2/command.go +++ b/vendor/github.com/urfave/cli/v2/command.go @@ -149,6 +149,9 @@ func (c *Command) Run(cCtx *Context, arguments ...string) (err error) { if !c.isRoot { c.setup(cCtx) + if err := checkDuplicatedCmds(c); err != nil { + return err + } } a := args(arguments) @@ -404,3 +407,16 @@ func hasCommand(commands []*Command, command *Command) bool { return false } + +func checkDuplicatedCmds(parent *Command) error { + seen := make(map[string]struct{}) + for _, c := range parent.Subcommands { + for _, name := range c.Names() { + if _, exists := seen[name]; exists { + return fmt.Errorf("parent command [%s] has duplicated subcommand name or alias: %s", parent.Name, name) + } + seen[name] = struct{}{} + } + } + return nil +} diff --git a/vendor/github.com/urfave/cli/v2/flag_bool.go b/vendor/github.com/urfave/cli/v2/flag_bool.go index 369d18b77..01862ea76 100644 --- a/vendor/github.com/urfave/cli/v2/flag_bool.go +++ b/vendor/github.com/urfave/cli/v2/flag_bool.go @@ -84,7 +84,10 @@ func (f *BoolFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return fmt.Sprintf("%v", f.defaultValue) + if f.defaultValueSet { + return fmt.Sprintf("%v", f.defaultValue) + } + return fmt.Sprintf("%v", f.Value) } // GetEnvVars returns the env vars for this flag @@ -105,6 +108,7 @@ func (f *BoolFlag) RunAction(c *Context) error { func (f *BoolFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { diff --git a/vendor/github.com/urfave/cli/v2/flag_duration.go b/vendor/github.com/urfave/cli/v2/flag_duration.go index eac4cb833..e600cc30a 100644 --- a/vendor/github.com/urfave/cli/v2/flag_duration.go +++ b/vendor/github.com/urfave/cli/v2/flag_duration.go @@ -32,7 +32,10 @@ func (f *DurationFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return f.defaultValue.String() + if f.defaultValueSet { + return f.defaultValue.String() + } + return f.Value.String() } // GetEnvVars returns the env vars for this flag @@ -44,6 +47,7 @@ func (f *DurationFlag) GetEnvVars() []string { func (f *DurationFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { diff --git a/vendor/github.com/urfave/cli/v2/flag_float64.go b/vendor/github.com/urfave/cli/v2/flag_float64.go index bce26c195..6a4de5c88 100644 --- a/vendor/github.com/urfave/cli/v2/flag_float64.go +++ b/vendor/github.com/urfave/cli/v2/flag_float64.go @@ -32,7 +32,10 @@ func (f *Float64Flag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return f.GetValue() + if f.defaultValueSet { + return fmt.Sprintf("%v", f.defaultValue) + } + return fmt.Sprintf("%v", f.Value) } // GetEnvVars returns the env vars for this flag @@ -42,6 +45,9 @@ func (f *Float64Flag) GetEnvVars() []string { // Apply populates the flag given the flag set and environment func (f *Float64Flag) Apply(set *flag.FlagSet) error { + f.defaultValue = f.Value + f.defaultValueSet = true + if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { valFloat, err := strconv.ParseFloat(val, 64) diff --git a/vendor/github.com/urfave/cli/v2/flag_generic.go b/vendor/github.com/urfave/cli/v2/flag_generic.go index 039ffdfee..7528c934c 100644 --- a/vendor/github.com/urfave/cli/v2/flag_generic.go +++ b/vendor/github.com/urfave/cli/v2/flag_generic.go @@ -53,9 +53,15 @@ func (f *GenericFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - if f.defaultValue != nil { - return f.defaultValue.String() + val := f.Value + if f.defaultValueSet { + val = f.defaultValue } + + if val != nil { + return val.String() + } + return "" } @@ -70,6 +76,7 @@ func (f *GenericFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it if f.Value != nil { f.defaultValue = &stringGeneric{value: f.Value.String()} + f.defaultValueSet = true } if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { diff --git a/vendor/github.com/urfave/cli/v2/flag_int.go b/vendor/github.com/urfave/cli/v2/flag_int.go index d681270a2..750e7ebfc 100644 --- a/vendor/github.com/urfave/cli/v2/flag_int.go +++ b/vendor/github.com/urfave/cli/v2/flag_int.go @@ -32,7 +32,10 @@ func (f *IntFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return fmt.Sprintf("%d", f.defaultValue) + if f.defaultValueSet { + return fmt.Sprintf("%d", f.defaultValue) + } + return fmt.Sprintf("%d", f.Value) } // GetEnvVars returns the env vars for this flag @@ -44,6 +47,7 @@ func (f *IntFlag) GetEnvVars() []string { func (f *IntFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { diff --git a/vendor/github.com/urfave/cli/v2/flag_int64.go b/vendor/github.com/urfave/cli/v2/flag_int64.go index 6f8c8d27d..688c26716 100644 --- a/vendor/github.com/urfave/cli/v2/flag_int64.go +++ b/vendor/github.com/urfave/cli/v2/flag_int64.go @@ -32,7 +32,10 @@ func (f *Int64Flag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return fmt.Sprintf("%d", f.defaultValue) + if f.defaultValueSet { + return fmt.Sprintf("%d", f.defaultValue) + } + return fmt.Sprintf("%d", f.Value) } // GetEnvVars returns the env vars for this flag @@ -44,6 +47,7 @@ func (f *Int64Flag) GetEnvVars() []string { func (f *Int64Flag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { diff --git a/vendor/github.com/urfave/cli/v2/flag_path.go b/vendor/github.com/urfave/cli/v2/flag_path.go index c4986779d..76cb35248 100644 --- a/vendor/github.com/urfave/cli/v2/flag_path.go +++ b/vendor/github.com/urfave/cli/v2/flag_path.go @@ -33,10 +33,14 @@ func (f *PathFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - if f.defaultValue == "" { - return f.defaultValue + val := f.Value + if f.defaultValueSet { + val = f.defaultValue } - return fmt.Sprintf("%q", f.defaultValue) + if val == "" { + return val + } + return fmt.Sprintf("%q", val) } // GetEnvVars returns the env vars for this flag @@ -48,6 +52,7 @@ func (f *PathFlag) GetEnvVars() []string { func (f *PathFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, _, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { f.Value = val diff --git a/vendor/github.com/urfave/cli/v2/flag_string.go b/vendor/github.com/urfave/cli/v2/flag_string.go index 4e55a2ca3..0f73e0621 100644 --- a/vendor/github.com/urfave/cli/v2/flag_string.go +++ b/vendor/github.com/urfave/cli/v2/flag_string.go @@ -31,10 +31,15 @@ func (f *StringFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - if f.defaultValue == "" { - return f.defaultValue + val := f.Value + if f.defaultValueSet { + val = f.defaultValue } - return fmt.Sprintf("%q", f.defaultValue) + + if val == "" { + return val + } + return fmt.Sprintf("%q", val) } // GetEnvVars returns the env vars for this flag @@ -46,6 +51,7 @@ func (f *StringFlag) GetEnvVars() []string { func (f *StringFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, _, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { f.Value = val diff --git a/vendor/github.com/urfave/cli/v2/flag_timestamp.go b/vendor/github.com/urfave/cli/v2/flag_timestamp.go index 83f750a31..b90123087 100644 --- a/vendor/github.com/urfave/cli/v2/flag_timestamp.go +++ b/vendor/github.com/urfave/cli/v2/flag_timestamp.go @@ -120,8 +120,13 @@ func (f *TimestampFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - if f.defaultValue != nil && f.defaultValue.timestamp != nil { - return f.defaultValue.timestamp.String() + val := f.Value + if f.defaultValueSet { + val = f.defaultValue + } + + if val != nil && val.timestamp != nil { + return val.timestamp.String() } return "" @@ -144,6 +149,7 @@ func (f *TimestampFlag) Apply(set *flag.FlagSet) error { f.Value.SetLocation(f.Timezone) f.defaultValue = f.Value.clone() + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if err := f.Value.Set(val); err != nil { diff --git a/vendor/github.com/urfave/cli/v2/flag_uint.go b/vendor/github.com/urfave/cli/v2/flag_uint.go index d11aa0a89..8d5b85458 100644 --- a/vendor/github.com/urfave/cli/v2/flag_uint.go +++ b/vendor/github.com/urfave/cli/v2/flag_uint.go @@ -25,6 +25,7 @@ func (f *UintFlag) GetCategory() string { func (f *UintFlag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { @@ -69,7 +70,10 @@ func (f *UintFlag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return fmt.Sprintf("%d", f.defaultValue) + if f.defaultValueSet { + return fmt.Sprintf("%d", f.defaultValue) + } + return fmt.Sprintf("%d", f.Value) } // GetEnvVars returns the env vars for this flag diff --git a/vendor/github.com/urfave/cli/v2/flag_uint64.go b/vendor/github.com/urfave/cli/v2/flag_uint64.go index ea73100a9..c356e533b 100644 --- a/vendor/github.com/urfave/cli/v2/flag_uint64.go +++ b/vendor/github.com/urfave/cli/v2/flag_uint64.go @@ -25,6 +25,7 @@ func (f *Uint64Flag) GetCategory() string { func (f *Uint64Flag) Apply(set *flag.FlagSet) error { // set default value so that environment wont be able to overwrite it f.defaultValue = f.Value + f.defaultValueSet = true if val, source, found := flagFromEnvOrFile(f.EnvVars, f.FilePath); found { if val != "" { @@ -69,7 +70,10 @@ func (f *Uint64Flag) GetDefaultText() string { if f.DefaultText != "" { return f.DefaultText } - return fmt.Sprintf("%d", f.defaultValue) + if f.defaultValueSet { + return fmt.Sprintf("%d", f.defaultValue) + } + return fmt.Sprintf("%d", f.Value) } // GetEnvVars returns the env vars for this flag diff --git a/vendor/github.com/urfave/cli/v2/help.go b/vendor/github.com/urfave/cli/v2/help.go index 885d7843c..84bd77bc1 100644 --- a/vendor/github.com/urfave/cli/v2/help.go +++ b/vendor/github.com/urfave/cli/v2/help.go @@ -69,7 +69,7 @@ var helpCommand = &Command{ } // Case 3, 5 - if (len(cCtx.Command.Subcommands) == 1 && !cCtx.Command.HideHelp) || + if (len(cCtx.Command.Subcommands) == 1 && !cCtx.Command.HideHelp && !cCtx.Command.HideHelpCommand) || (len(cCtx.Command.Subcommands) == 0 && cCtx.Command.HideHelp) { templ := cCtx.Command.CustomHelpTemplate if templ == "" { @@ -376,17 +376,26 @@ func printHelpCustom(out io.Writer, templ string, data interface{}, customFuncs w := tabwriter.NewWriter(out, 1, 8, 2, ' ', 0) t := template.Must(template.New("help").Funcs(funcMap).Parse(templ)) - t.New("helpNameTemplate").Parse(helpNameTemplate) - t.New("usageTemplate").Parse(usageTemplate) - t.New("descriptionTemplate").Parse(descriptionTemplate) - t.New("visibleCommandTemplate").Parse(visibleCommandTemplate) - t.New("copyrightTemplate").Parse(copyrightTemplate) - t.New("versionTemplate").Parse(versionTemplate) - t.New("visibleFlagCategoryTemplate").Parse(visibleFlagCategoryTemplate) - t.New("visibleFlagTemplate").Parse(visibleFlagTemplate) - t.New("visibleGlobalFlagCategoryTemplate").Parse(strings.Replace(visibleFlagCategoryTemplate, "OPTIONS", "GLOBAL OPTIONS", -1)) - t.New("authorsTemplate").Parse(authorsTemplate) - t.New("visibleCommandCategoryTemplate").Parse(visibleCommandCategoryTemplate) + templates := map[string]string{ + "helpNameTemplate": helpNameTemplate, + "usageTemplate": usageTemplate, + "descriptionTemplate": descriptionTemplate, + "visibleCommandTemplate": visibleCommandTemplate, + "copyrightTemplate": copyrightTemplate, + "versionTemplate": versionTemplate, + "visibleFlagCategoryTemplate": visibleFlagCategoryTemplate, + "visibleFlagTemplate": visibleFlagTemplate, + "visibleGlobalFlagCategoryTemplate": strings.Replace(visibleFlagCategoryTemplate, "OPTIONS", "GLOBAL OPTIONS", -1), + "authorsTemplate": authorsTemplate, + "visibleCommandCategoryTemplate": visibleCommandCategoryTemplate, + } + for name, value := range templates { + if _, err := t.New(name).Parse(value); err != nil { + if os.Getenv("CLI_TEMPLATE_ERROR_DEBUG") != "" { + _, _ = fmt.Fprintf(ErrWriter, "CLI TEMPLATE ERROR: %#v\n", err) + } + } + } err := t.Execute(w, data) if err != nil { @@ -415,6 +424,9 @@ func checkVersion(cCtx *Context) bool { } func checkHelp(cCtx *Context) bool { + if HelpFlag == nil { + return false + } found := false for _, name := range HelpFlag.Names() { if cCtx.Bool(name) { @@ -426,24 +438,6 @@ func checkHelp(cCtx *Context) bool { return found } -func checkCommandHelp(c *Context, name string) bool { - if c.Bool("h") || c.Bool("help") { - _ = ShowCommandHelp(c, name) - return true - } - - return false -} - -func checkSubcommandHelp(cCtx *Context) bool { - if cCtx.Bool("h") || cCtx.Bool("help") { - _ = ShowSubcommandHelp(cCtx) - return true - } - - return false -} - func checkShellCompleteFlag(a *App, arguments []string) (bool, []string) { if !a.EnableBashCompletion { return false, arguments diff --git a/vendor/github.com/urfave/cli/v2/mkdocs-requirements.txt b/vendor/github.com/urfave/cli/v2/mkdocs-reqs.txt similarity index 100% rename from vendor/github.com/urfave/cli/v2/mkdocs-requirements.txt rename to vendor/github.com/urfave/cli/v2/mkdocs-reqs.txt diff --git a/vendor/github.com/urfave/cli/v2/mkdocs.yml b/vendor/github.com/urfave/cli/v2/mkdocs.yml index 02657b9ed..f7bfd419e 100644 --- a/vendor/github.com/urfave/cli/v2/mkdocs.yml +++ b/vendor/github.com/urfave/cli/v2/mkdocs.yml @@ -1,7 +1,7 @@ # NOTE: the mkdocs dependencies will need to be installed out of # band until this whole thing gets more automated: # -# pip install -r mkdocs-requirements.txt +# pip install -r mkdocs-reqs.txt # site_name: urfave/cli diff --git a/vendor/github.com/urfave/cli/v2/suggestions.go b/vendor/github.com/urfave/cli/v2/suggestions.go index 87fa905dd..c73a0012d 100644 --- a/vendor/github.com/urfave/cli/v2/suggestions.go +++ b/vendor/github.com/urfave/cli/v2/suggestions.go @@ -21,7 +21,7 @@ func suggestFlag(flags []Flag, provided string, hideHelp bool) string { for _, flag := range flags { flagNames := flag.Names() - if !hideHelp { + if !hideHelp && HelpFlag != nil { flagNames = append(flagNames, HelpFlag.Names()...) } for _, name := range flagNames { diff --git a/vendor/github.com/urfave/cli/v2/zz_generated.flags.go b/vendor/github.com/urfave/cli/v2/zz_generated.flags.go index 73e771451..f2fc8c88b 100644 --- a/vendor/github.com/urfave/cli/v2/zz_generated.flags.go +++ b/vendor/github.com/urfave/cli/v2/zz_generated.flags.go @@ -23,7 +23,8 @@ type Float64SliceFlag struct { Aliases []string EnvVars []string - defaultValue *Float64Slice + defaultValue *Float64Slice + defaultValueSet bool separator separatorSpec @@ -69,7 +70,8 @@ type GenericFlag struct { Aliases []string EnvVars []string - defaultValue Generic + defaultValue Generic + defaultValueSet bool TakesFile bool @@ -120,7 +122,8 @@ type Int64SliceFlag struct { Aliases []string EnvVars []string - defaultValue *Int64Slice + defaultValue *Int64Slice + defaultValueSet bool separator separatorSpec @@ -166,7 +169,8 @@ type IntSliceFlag struct { Aliases []string EnvVars []string - defaultValue *IntSlice + defaultValue *IntSlice + defaultValueSet bool separator separatorSpec @@ -212,7 +216,8 @@ type PathFlag struct { Aliases []string EnvVars []string - defaultValue Path + defaultValue Path + defaultValueSet bool TakesFile bool @@ -263,7 +268,8 @@ type StringSliceFlag struct { Aliases []string EnvVars []string - defaultValue *StringSlice + defaultValue *StringSlice + defaultValueSet bool separator separatorSpec @@ -313,7 +319,8 @@ type TimestampFlag struct { Aliases []string EnvVars []string - defaultValue *Timestamp + defaultValue *Timestamp + defaultValueSet bool Layout string @@ -366,7 +373,8 @@ type Uint64SliceFlag struct { Aliases []string EnvVars []string - defaultValue *Uint64Slice + defaultValue *Uint64Slice + defaultValueSet bool separator separatorSpec @@ -412,7 +420,8 @@ type UintSliceFlag struct { Aliases []string EnvVars []string - defaultValue *UintSlice + defaultValue *UintSlice + defaultValueSet bool separator separatorSpec @@ -458,7 +467,8 @@ type BoolFlag struct { Aliases []string EnvVars []string - defaultValue bool + defaultValue bool + defaultValueSet bool Count *int @@ -511,7 +521,8 @@ type Float64Flag struct { Aliases []string EnvVars []string - defaultValue float64 + defaultValue float64 + defaultValueSet bool Action func(*Context, float64) error } @@ -560,7 +571,8 @@ type IntFlag struct { Aliases []string EnvVars []string - defaultValue int + defaultValue int + defaultValueSet bool Base int @@ -611,7 +623,8 @@ type Int64Flag struct { Aliases []string EnvVars []string - defaultValue int64 + defaultValue int64 + defaultValueSet bool Base int @@ -662,7 +675,8 @@ type StringFlag struct { Aliases []string EnvVars []string - defaultValue string + defaultValue string + defaultValueSet bool TakesFile bool @@ -713,7 +727,8 @@ type DurationFlag struct { Aliases []string EnvVars []string - defaultValue time.Duration + defaultValue time.Duration + defaultValueSet bool Action func(*Context, time.Duration) error } @@ -762,7 +777,8 @@ type UintFlag struct { Aliases []string EnvVars []string - defaultValue uint + defaultValue uint + defaultValueSet bool Base int @@ -813,7 +829,8 @@ type Uint64Flag struct { Aliases []string EnvVars []string - defaultValue uint64 + defaultValue uint64 + defaultValueSet bool Base int diff --git a/vendor/go.opentelemetry.io/collector/pdata/pcommon/slice.go b/vendor/go.opentelemetry.io/collector/pdata/pcommon/slice.go index 5352ff44d..7434f467a 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pcommon/slice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pcommon/slice.go @@ -137,7 +137,6 @@ func (es Slice) RemoveIf(f func(Value) bool) { (*es.getOrig())[newLen] = (*es.getOrig())[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.getOrig() = (*es.getOrig())[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exemplarslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exemplarslice.go index 733341c36..15d70a6ed 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exemplarslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exemplarslice.go @@ -117,7 +117,6 @@ func (es ExemplarSlice) RemoveIf(f func(Exemplar) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapoint.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapoint.go index 859a08b28..3d76368b3 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapoint.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapoint.go @@ -204,6 +204,17 @@ func (ms ExponentialHistogramDataPoint) RemoveMax() { ms.orig.Max_ = nil } +// ZeroThreshold returns the zerothreshold associated with this ExponentialHistogramDataPoint. +func (ms ExponentialHistogramDataPoint) ZeroThreshold() float64 { + return ms.orig.ZeroThreshold +} + +// SetZeroThreshold replaces the zerothreshold associated with this ExponentialHistogramDataPoint. +func (ms ExponentialHistogramDataPoint) SetZeroThreshold(v float64) { + ms.state.AssertMutable() + ms.orig.ZeroThreshold = v +} + // CopyTo copies all properties from the current struct overriding the destination. func (ms ExponentialHistogramDataPoint) CopyTo(dest ExponentialHistogramDataPoint) { dest.state.AssertMutable() @@ -229,4 +240,5 @@ func (ms ExponentialHistogramDataPoint) CopyTo(dest ExponentialHistogramDataPoin dest.SetMax(ms.Max()) } + dest.SetZeroThreshold(ms.ZeroThreshold()) } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapointslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapointslice.go index 94ec52656..a466a7c18 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapointslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_exponentialhistogramdatapointslice.go @@ -119,7 +119,6 @@ func (es ExponentialHistogramDataPointSlice) RemoveIf(f func(ExponentialHistogra (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_histogramdatapointslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_histogramdatapointslice.go index 47b02e17f..7ee6ef737 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_histogramdatapointslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_histogramdatapointslice.go @@ -119,7 +119,6 @@ func (es HistogramDataPointSlice) RemoveIf(f func(HistogramDataPoint) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_metricslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_metricslice.go index 30d2e0c1f..13f05a0ec 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_metricslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_metricslice.go @@ -119,7 +119,6 @@ func (es MetricSlice) RemoveIf(f func(Metric) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_numberdatapointslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_numberdatapointslice.go index 13cd71b72..57cdd1174 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_numberdatapointslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_numberdatapointslice.go @@ -119,7 +119,6 @@ func (es NumberDataPointSlice) RemoveIf(f func(NumberDataPoint) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_resourcemetricsslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_resourcemetricsslice.go index b25fdc721..55217ea27 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_resourcemetricsslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_resourcemetricsslice.go @@ -119,7 +119,6 @@ func (es ResourceMetricsSlice) RemoveIf(f func(ResourceMetrics) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_scopemetricsslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_scopemetricsslice.go index d2bbe6108..a86eb0b48 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_scopemetricsslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_scopemetricsslice.go @@ -119,7 +119,6 @@ func (es ScopeMetricsSlice) RemoveIf(f func(ScopeMetrics) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointslice.go index e8aa51de0..f91550096 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointslice.go @@ -119,7 +119,6 @@ func (es SummaryDataPointSlice) RemoveIf(f func(SummaryDataPoint) bool) { (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointvalueatquantileslice.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointvalueatquantileslice.go index 21343f8ce..ed899050a 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointvalueatquantileslice.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/generated_summarydatapointvalueatquantileslice.go @@ -119,7 +119,6 @@ func (es SummaryDataPointValueAtQuantileSlice) RemoveIf(f func(SummaryDataPointV (*es.orig)[newLen] = (*es.orig)[i] newLen++ } - // TODO: Prevent memory leak by erasing truncated values. *es.orig = (*es.orig)[:newLen] } diff --git a/vendor/go.opentelemetry.io/collector/pdata/pmetric/json.go b/vendor/go.opentelemetry.io/collector/pdata/pmetric/json.go index 3df234c20..3944bb027 100644 --- a/vendor/go.opentelemetry.io/collector/pdata/pmetric/json.go +++ b/vendor/go.opentelemetry.io/collector/pdata/pmetric/json.go @@ -17,8 +17,10 @@ import ( var _ Marshaler = (*JSONMarshaler)(nil) +// JSONMarshaler marshals pdata.Metrics to JSON bytes using the OTLP/JSON format. type JSONMarshaler struct{} +// MarshalMetrics to the OTLP/JSON format. func (*JSONMarshaler) MarshalMetrics(md Metrics) ([]byte, error) { buf := bytes.Buffer{} pb := internal.MetricsToProto(internal.Metrics(md)) @@ -26,8 +28,10 @@ func (*JSONMarshaler) MarshalMetrics(md Metrics) ([]byte, error) { return buf.Bytes(), err } +// JSONUnmarshaler unmarshals OTLP/JSON formatted-bytes to pdata.Metrics. type JSONUnmarshaler struct{} +// UnmarshalMetrics from OTLP/JSON format into pdata.Metrics. func (*JSONUnmarshaler) UnmarshalMetrics(buf []byte) (Metrics, error) { iter := jsoniter.ConfigFastest.BorrowIterator(buf) defer jsoniter.ConfigFastest.ReturnIterator(iter) diff --git a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go index 8a5cf07bd..bd41c1804 100644 --- a/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go +++ b/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/version.go @@ -16,7 +16,7 @@ package otelhttp // import "go.opentelemetry.io/contrib/instrumentation/net/http // Version is the current release version of the otelhttp instrumentation. func Version() string { - return "0.46.0" + return "0.46.1" // This string is updated by the pre_release.sh script during release } diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore index 924805565..895c7664b 100644 --- a/vendor/go.opentelemetry.io/otel/.gitignore +++ b/vendor/go.opentelemetry.io/otel/.gitignore @@ -14,13 +14,9 @@ go.work.sum gen/ /example/dice/dice -/example/fib/fib -/example/fib/traces.txt -/example/jaeger/jaeger /example/namedtracer/namedtracer /example/otel-collector/otel-collector /example/opencensus/opencensus /example/passthrough/passthrough /example/prometheus/prometheus -/example/view/view /example/zipkin/zipkin diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md index c4e7ad475..24874f856 100644 --- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md +++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md @@ -8,6 +8,20 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm ## [Unreleased] +## [1.21.0/0.44.0] 2023-11-16 + +### Removed + +- Remove the deprecated `go.opentelemetry.io/otel/bridge/opencensus.NewTracer`. (#4706) +- Remove the deprecated `go.opentelemetry.io/otel/exporters/otlp/otlpmetric` module. (#4707) +- Remove the deprecated `go.opentelemetry.io/otel/example/view` module. (#4708) +- Remove the deprecated `go.opentelemetry.io/otel/example/fib` module. (#4723) + +### Fixed + +- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#4719) +- Do not parse non-protobuf responses in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#4719) + ## [1.20.0/0.43.0] 2023-11-10 This release brings a breaking change for custom trace API implementations. Some interfaces (`TracerProvider`, `Tracer`, `Span`) now embed the `go.opentelemetry.io/otel/trace/embedded` types. Implementors need to update their implementations based on what they want the default behavior to be. See the "API Implementations" section of the [trace API] package documentation for more information about how to accomplish this. @@ -2721,7 +2735,8 @@ It contains api and sdk for trace and meter. - CircleCI build CI manifest files. - CODEOWNERS file to track owners of this project. -[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.20.0...HEAD +[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...HEAD +[1.21.0/0.44.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.21.0 [1.20.0/0.43.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.20.0 [1.19.0/0.42.0/0.0.7]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0 [1.19.0-rc.1/0.42.0-rc.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.19.0-rc.1 diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md index a00dbca7b..850606ae6 100644 --- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md +++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md @@ -90,6 +90,10 @@ git push Open a pull request against the main `opentelemetry-go` repo. Be sure to add the pull request ID to the entry you added to `CHANGELOG.md`. +Avoid rebasing and force-pushing to your branch to facilitate reviewing the pull request. +Rewriting Git history makes it difficult to keep track of iterations during code review. +All pull requests are squashed to a single commit upon merge to `main`. + ### How to Receive Comments * If the PR is not ready for review, please put `[WIP]` in the title, diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go index 5a92f1d4b..e2f743585 100644 --- a/vendor/go.opentelemetry.io/otel/version.go +++ b/vendor/go.opentelemetry.io/otel/version.go @@ -16,5 +16,5 @@ package otel // import "go.opentelemetry.io/otel" // Version is the current release version of OpenTelemetry in use. func Version() string { - return "1.20.0" + return "1.21.0" } diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml index 82366e799..3c153c9d6 100644 --- a/vendor/go.opentelemetry.io/otel/versions.yaml +++ b/vendor/go.opentelemetry.io/otel/versions.yaml @@ -14,13 +14,12 @@ module-sets: stable-v1: - version: v1.20.0 + version: v1.21.0 modules: - go.opentelemetry.io/otel - go.opentelemetry.io/otel/bridge/opentracing - go.opentelemetry.io/otel/bridge/opentracing/test - go.opentelemetry.io/otel/example/dice - - go.opentelemetry.io/otel/example/fib - go.opentelemetry.io/otel/example/namedtracer - go.opentelemetry.io/otel/example/otel-collector - go.opentelemetry.io/otel/example/passthrough @@ -35,14 +34,12 @@ module-sets: - go.opentelemetry.io/otel/sdk/metric - go.opentelemetry.io/otel/trace experimental-metrics: - version: v0.43.0 + version: v0.44.0 modules: - go.opentelemetry.io/otel/bridge/opencensus - go.opentelemetry.io/otel/bridge/opencensus/test - go.opentelemetry.io/otel/example/opencensus - go.opentelemetry.io/otel/example/prometheus - - go.opentelemetry.io/otel/example/view - - go.opentelemetry.io/otel/exporters/otlp/otlpmetric - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp - go.opentelemetry.io/otel/exporters/prometheus diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go index 6fc2838a3..2492f796a 100644 --- a/vendor/golang.org/x/crypto/cryptobyte/asn1.go +++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go @@ -733,13 +733,14 @@ func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag return true } -// ReadOptionalASN1Boolean sets *out to the value of the next ASN.1 BOOLEAN or, -// if the next bytes are not an ASN.1 BOOLEAN, to the value of defaultValue. -// It reports whether the operation was successful. -func (s *String) ReadOptionalASN1Boolean(out *bool, defaultValue bool) bool { +// ReadOptionalASN1Boolean attempts to read an optional ASN.1 BOOLEAN +// explicitly tagged with tag into out and advances. If no element with a +// matching tag is present, it sets "out" to defaultValue instead. It reports +// whether the read was successful. +func (s *String) ReadOptionalASN1Boolean(out *bool, tag asn1.Tag, defaultValue bool) bool { var present bool var child String - if !s.ReadOptionalASN1(&child, &present, asn1.BOOLEAN) { + if !s.ReadOptionalASN1(&child, &present, tag) { return false } @@ -748,7 +749,7 @@ func (s *String) ReadOptionalASN1Boolean(out *bool, defaultValue bool) bool { return true } - return s.ReadASN1Boolean(out) + return child.ReadASN1Boolean(out) } func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool { diff --git a/vendor/golang.org/x/time/rate/rate.go b/vendor/golang.org/x/time/rate/rate.go index f0e0cf3cb..8f6c7f493 100644 --- a/vendor/golang.org/x/time/rate/rate.go +++ b/vendor/golang.org/x/time/rate/rate.go @@ -52,6 +52,8 @@ func Every(interval time.Duration) Limit { // or its associated context.Context is canceled. // // The methods AllowN, ReserveN, and WaitN consume n tokens. +// +// Limiter is safe for simultaneous use by multiple goroutines. type Limiter struct { mu sync.Mutex limit Limit diff --git a/vendor/golang.org/x/xerrors/LICENSE b/vendor/golang.org/x/xerrors/LICENSE deleted file mode 100644 index e4a47e17f..000000000 --- a/vendor/golang.org/x/xerrors/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2019 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/xerrors/PATENTS b/vendor/golang.org/x/xerrors/PATENTS deleted file mode 100644 index 733099041..000000000 --- a/vendor/golang.org/x/xerrors/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the Go project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/xerrors/README b/vendor/golang.org/x/xerrors/README deleted file mode 100644 index aac7867a5..000000000 --- a/vendor/golang.org/x/xerrors/README +++ /dev/null @@ -1,2 +0,0 @@ -This repository holds the transition packages for the new Go 1.13 error values. -See golang.org/design/29934-error-values. diff --git a/vendor/golang.org/x/xerrors/adaptor.go b/vendor/golang.org/x/xerrors/adaptor.go deleted file mode 100644 index 4317f2483..000000000 --- a/vendor/golang.org/x/xerrors/adaptor.go +++ /dev/null @@ -1,193 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package xerrors - -import ( - "bytes" - "fmt" - "io" - "reflect" - "strconv" -) - -// FormatError calls the FormatError method of f with an errors.Printer -// configured according to s and verb, and writes the result to s. -func FormatError(f Formatter, s fmt.State, verb rune) { - // Assuming this function is only called from the Format method, and given - // that FormatError takes precedence over Format, it cannot be called from - // any package that supports errors.Formatter. It is therefore safe to - // disregard that State may be a specific printer implementation and use one - // of our choice instead. - - // limitations: does not support printing error as Go struct. - - var ( - sep = " " // separator before next error - p = &state{State: s} - direct = true - ) - - var err error = f - - switch verb { - // Note that this switch must match the preference order - // for ordinary string printing (%#v before %+v, and so on). - - case 'v': - if s.Flag('#') { - if stringer, ok := err.(fmt.GoStringer); ok { - io.WriteString(&p.buf, stringer.GoString()) - goto exit - } - // proceed as if it were %v - } else if s.Flag('+') { - p.printDetail = true - sep = "\n - " - } - case 's': - case 'q', 'x', 'X': - // Use an intermediate buffer in the rare cases that precision, - // truncation, or one of the alternative verbs (q, x, and X) are - // specified. - direct = false - - default: - p.buf.WriteString("%!") - p.buf.WriteRune(verb) - p.buf.WriteByte('(') - switch { - case err != nil: - p.buf.WriteString(reflect.TypeOf(f).String()) - default: - p.buf.WriteString("") - } - p.buf.WriteByte(')') - io.Copy(s, &p.buf) - return - } - -loop: - for { - switch v := err.(type) { - case Formatter: - err = v.FormatError((*printer)(p)) - case fmt.Formatter: - v.Format(p, 'v') - break loop - default: - io.WriteString(&p.buf, v.Error()) - break loop - } - if err == nil { - break - } - if p.needColon || !p.printDetail { - p.buf.WriteByte(':') - p.needColon = false - } - p.buf.WriteString(sep) - p.inDetail = false - p.needNewline = false - } - -exit: - width, okW := s.Width() - prec, okP := s.Precision() - - if !direct || (okW && width > 0) || okP { - // Construct format string from State s. - format := []byte{'%'} - if s.Flag('-') { - format = append(format, '-') - } - if s.Flag('+') { - format = append(format, '+') - } - if s.Flag(' ') { - format = append(format, ' ') - } - if okW { - format = strconv.AppendInt(format, int64(width), 10) - } - if okP { - format = append(format, '.') - format = strconv.AppendInt(format, int64(prec), 10) - } - format = append(format, string(verb)...) - fmt.Fprintf(s, string(format), p.buf.String()) - } else { - io.Copy(s, &p.buf) - } -} - -var detailSep = []byte("\n ") - -// state tracks error printing state. It implements fmt.State. -type state struct { - fmt.State - buf bytes.Buffer - - printDetail bool - inDetail bool - needColon bool - needNewline bool -} - -func (s *state) Write(b []byte) (n int, err error) { - if s.printDetail { - if len(b) == 0 { - return 0, nil - } - if s.inDetail && s.needColon { - s.needNewline = true - if b[0] == '\n' { - b = b[1:] - } - } - k := 0 - for i, c := range b { - if s.needNewline { - if s.inDetail && s.needColon { - s.buf.WriteByte(':') - s.needColon = false - } - s.buf.Write(detailSep) - s.needNewline = false - } - if c == '\n' { - s.buf.Write(b[k:i]) - k = i + 1 - s.needNewline = true - } - } - s.buf.Write(b[k:]) - if !s.inDetail { - s.needColon = true - } - } else if !s.inDetail { - s.buf.Write(b) - } - return len(b), nil -} - -// printer wraps a state to implement an xerrors.Printer. -type printer state - -func (s *printer) Print(args ...interface{}) { - if !s.inDetail || s.printDetail { - fmt.Fprint((*state)(s), args...) - } -} - -func (s *printer) Printf(format string, args ...interface{}) { - if !s.inDetail || s.printDetail { - fmt.Fprintf((*state)(s), format, args...) - } -} - -func (s *printer) Detail() bool { - s.inDetail = true - return s.printDetail -} diff --git a/vendor/golang.org/x/xerrors/codereview.cfg b/vendor/golang.org/x/xerrors/codereview.cfg deleted file mode 100644 index 3f8b14b64..000000000 --- a/vendor/golang.org/x/xerrors/codereview.cfg +++ /dev/null @@ -1 +0,0 @@ -issuerepo: golang/go diff --git a/vendor/golang.org/x/xerrors/doc.go b/vendor/golang.org/x/xerrors/doc.go deleted file mode 100644 index 2ef99f5a8..000000000 --- a/vendor/golang.org/x/xerrors/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2019 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package xerrors implements functions to manipulate errors. -// -// This package is based on the Go 2 proposal for error values: -// -// https://golang.org/design/29934-error-values -// -// These functions were incorporated into the standard library's errors package -// in Go 1.13: -// - Is -// - As -// - Unwrap -// -// Also, Errorf's %w verb was incorporated into fmt.Errorf. -// -// Use this package to get equivalent behavior in all supported Go versions. -// -// No other features of this package were included in Go 1.13, and at present -// there are no plans to include any of them. -package xerrors // import "golang.org/x/xerrors" diff --git a/vendor/golang.org/x/xerrors/errors.go b/vendor/golang.org/x/xerrors/errors.go deleted file mode 100644 index e88d3772d..000000000 --- a/vendor/golang.org/x/xerrors/errors.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package xerrors - -import "fmt" - -// errorString is a trivial implementation of error. -type errorString struct { - s string - frame Frame -} - -// New returns an error that formats as the given text. -// -// The returned error contains a Frame set to the caller's location and -// implements Formatter to show this information when printed with details. -func New(text string) error { - return &errorString{text, Caller(1)} -} - -func (e *errorString) Error() string { - return e.s -} - -func (e *errorString) Format(s fmt.State, v rune) { FormatError(e, s, v) } - -func (e *errorString) FormatError(p Printer) (next error) { - p.Print(e.s) - e.frame.Format(p) - return nil -} diff --git a/vendor/golang.org/x/xerrors/fmt.go b/vendor/golang.org/x/xerrors/fmt.go deleted file mode 100644 index 27a5d70bd..000000000 --- a/vendor/golang.org/x/xerrors/fmt.go +++ /dev/null @@ -1,190 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package xerrors - -import ( - "fmt" - "strings" - "unicode" - "unicode/utf8" - - "golang.org/x/xerrors/internal" -) - -const percentBangString = "%!" - -// Errorf formats according to a format specifier and returns the string as a -// value that satisfies error. -// -// The returned error includes the file and line number of the caller when -// formatted with additional detail enabled. If the last argument is an error -// the returned error's Format method will return it if the format string ends -// with ": %s", ": %v", or ": %w". If the last argument is an error and the -// format string ends with ": %w", the returned error implements an Unwrap -// method returning it. -// -// If the format specifier includes a %w verb with an error operand in a -// position other than at the end, the returned error will still implement an -// Unwrap method returning the operand, but the error's Format method will not -// return the wrapped error. -// -// It is invalid to include more than one %w verb or to supply it with an -// operand that does not implement the error interface. The %w verb is otherwise -// a synonym for %v. -// -// Note that as of Go 1.13, the fmt.Errorf function will do error formatting, -// but it will not capture a stack backtrace. -func Errorf(format string, a ...interface{}) error { - format = formatPlusW(format) - // Support a ": %[wsv]" suffix, which works well with xerrors.Formatter. - wrap := strings.HasSuffix(format, ": %w") - idx, format2, ok := parsePercentW(format) - percentWElsewhere := !wrap && idx >= 0 - if !percentWElsewhere && (wrap || strings.HasSuffix(format, ": %s") || strings.HasSuffix(format, ": %v")) { - err := errorAt(a, len(a)-1) - if err == nil { - return &noWrapError{fmt.Sprintf(format, a...), nil, Caller(1)} - } - // TODO: this is not entirely correct. The error value could be - // printed elsewhere in format if it mixes numbered with unnumbered - // substitutions. With relatively small changes to doPrintf we can - // have it optionally ignore extra arguments and pass the argument - // list in its entirety. - msg := fmt.Sprintf(format[:len(format)-len(": %s")], a[:len(a)-1]...) - frame := Frame{} - if internal.EnableTrace { - frame = Caller(1) - } - if wrap { - return &wrapError{msg, err, frame} - } - return &noWrapError{msg, err, frame} - } - // Support %w anywhere. - // TODO: don't repeat the wrapped error's message when %w occurs in the middle. - msg := fmt.Sprintf(format2, a...) - if idx < 0 { - return &noWrapError{msg, nil, Caller(1)} - } - err := errorAt(a, idx) - if !ok || err == nil { - // Too many %ws or argument of %w is not an error. Approximate the Go - // 1.13 fmt.Errorf message. - return &noWrapError{fmt.Sprintf("%sw(%s)", percentBangString, msg), nil, Caller(1)} - } - frame := Frame{} - if internal.EnableTrace { - frame = Caller(1) - } - return &wrapError{msg, err, frame} -} - -func errorAt(args []interface{}, i int) error { - if i < 0 || i >= len(args) { - return nil - } - err, ok := args[i].(error) - if !ok { - return nil - } - return err -} - -// formatPlusW is used to avoid the vet check that will barf at %w. -func formatPlusW(s string) string { - return s -} - -// Return the index of the only %w in format, or -1 if none. -// Also return a rewritten format string with %w replaced by %v, and -// false if there is more than one %w. -// TODO: handle "%[N]w". -func parsePercentW(format string) (idx int, newFormat string, ok bool) { - // Loosely copied from golang.org/x/tools/go/analysis/passes/printf/printf.go. - idx = -1 - ok = true - n := 0 - sz := 0 - var isW bool - for i := 0; i < len(format); i += sz { - if format[i] != '%' { - sz = 1 - continue - } - // "%%" is not a format directive. - if i+1 < len(format) && format[i+1] == '%' { - sz = 2 - continue - } - sz, isW = parsePrintfVerb(format[i:]) - if isW { - if idx >= 0 { - ok = false - } else { - idx = n - } - // "Replace" the last character, the 'w', with a 'v'. - p := i + sz - 1 - format = format[:p] + "v" + format[p+1:] - } - n++ - } - return idx, format, ok -} - -// Parse the printf verb starting with a % at s[0]. -// Return how many bytes it occupies and whether the verb is 'w'. -func parsePrintfVerb(s string) (int, bool) { - // Assume only that the directive is a sequence of non-letters followed by a single letter. - sz := 0 - var r rune - for i := 1; i < len(s); i += sz { - r, sz = utf8.DecodeRuneInString(s[i:]) - if unicode.IsLetter(r) { - return i + sz, r == 'w' - } - } - return len(s), false -} - -type noWrapError struct { - msg string - err error - frame Frame -} - -func (e *noWrapError) Error() string { - return fmt.Sprint(e) -} - -func (e *noWrapError) Format(s fmt.State, v rune) { FormatError(e, s, v) } - -func (e *noWrapError) FormatError(p Printer) (next error) { - p.Print(e.msg) - e.frame.Format(p) - return e.err -} - -type wrapError struct { - msg string - err error - frame Frame -} - -func (e *wrapError) Error() string { - return fmt.Sprint(e) -} - -func (e *wrapError) Format(s fmt.State, v rune) { FormatError(e, s, v) } - -func (e *wrapError) FormatError(p Printer) (next error) { - p.Print(e.msg) - e.frame.Format(p) - return e.err -} - -func (e *wrapError) Unwrap() error { - return e.err -} diff --git a/vendor/golang.org/x/xerrors/format.go b/vendor/golang.org/x/xerrors/format.go deleted file mode 100644 index 1bc9c26b9..000000000 --- a/vendor/golang.org/x/xerrors/format.go +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package xerrors - -// A Formatter formats error messages. -type Formatter interface { - error - - // FormatError prints the receiver's first error and returns the next error in - // the error chain, if any. - FormatError(p Printer) (next error) -} - -// A Printer formats error messages. -// -// The most common implementation of Printer is the one provided by package fmt -// during Printf (as of Go 1.13). Localization packages such as golang.org/x/text/message -// typically provide their own implementations. -type Printer interface { - // Print appends args to the message output. - Print(args ...interface{}) - - // Printf writes a formatted string. - Printf(format string, args ...interface{}) - - // Detail reports whether error detail is requested. - // After the first call to Detail, all text written to the Printer - // is formatted as additional detail, or ignored when - // detail has not been requested. - // If Detail returns false, the caller can avoid printing the detail at all. - Detail() bool -} diff --git a/vendor/golang.org/x/xerrors/frame.go b/vendor/golang.org/x/xerrors/frame.go deleted file mode 100644 index 0de628ec5..000000000 --- a/vendor/golang.org/x/xerrors/frame.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package xerrors - -import ( - "runtime" -) - -// A Frame contains part of a call stack. -type Frame struct { - // Make room for three PCs: the one we were asked for, what it called, - // and possibly a PC for skipPleaseUseCallersFrames. See: - // https://go.googlesource.com/go/+/032678e0fb/src/runtime/extern.go#169 - frames [3]uintptr -} - -// Caller returns a Frame that describes a frame on the caller's stack. -// The argument skip is the number of frames to skip over. -// Caller(0) returns the frame for the caller of Caller. -func Caller(skip int) Frame { - var s Frame - runtime.Callers(skip+1, s.frames[:]) - return s -} - -// location reports the file, line, and function of a frame. -// -// The returned function may be "" even if file and line are not. -func (f Frame) location() (function, file string, line int) { - frames := runtime.CallersFrames(f.frames[:]) - if _, ok := frames.Next(); !ok { - return "", "", 0 - } - fr, ok := frames.Next() - if !ok { - return "", "", 0 - } - return fr.Function, fr.File, fr.Line -} - -// Format prints the stack as error detail. -// It should be called from an error's Format implementation -// after printing any other error detail. -func (f Frame) Format(p Printer) { - if p.Detail() { - function, file, line := f.location() - if function != "" { - p.Printf("%s\n ", function) - } - if file != "" { - p.Printf("%s:%d\n", file, line) - } - } -} diff --git a/vendor/golang.org/x/xerrors/internal/internal.go b/vendor/golang.org/x/xerrors/internal/internal.go deleted file mode 100644 index 89f4eca5d..000000000 --- a/vendor/golang.org/x/xerrors/internal/internal.go +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package internal - -// EnableTrace indicates whether stack information should be recorded in errors. -var EnableTrace = true diff --git a/vendor/golang.org/x/xerrors/wrap.go b/vendor/golang.org/x/xerrors/wrap.go deleted file mode 100644 index 9842758ca..000000000 --- a/vendor/golang.org/x/xerrors/wrap.go +++ /dev/null @@ -1,112 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package xerrors - -import ( - "reflect" -) - -// A Wrapper provides context around another error. -type Wrapper interface { - // Unwrap returns the next error in the error chain. - // If there is no next error, Unwrap returns nil. - Unwrap() error -} - -// Opaque returns an error with the same error formatting as err -// but that does not match err and cannot be unwrapped. -func Opaque(err error) error { - return noWrapper{err} -} - -type noWrapper struct { - error -} - -func (e noWrapper) FormatError(p Printer) (next error) { - if f, ok := e.error.(Formatter); ok { - return f.FormatError(p) - } - p.Print(e.error) - return nil -} - -// Unwrap returns the result of calling the Unwrap method on err, if err implements -// Unwrap. Otherwise, Unwrap returns nil. -// -// Deprecated: As of Go 1.13, use errors.Unwrap instead. -func Unwrap(err error) error { - u, ok := err.(Wrapper) - if !ok { - return nil - } - return u.Unwrap() -} - -// Is reports whether any error in err's chain matches target. -// -// An error is considered to match a target if it is equal to that target or if -// it implements a method Is(error) bool such that Is(target) returns true. -// -// Deprecated: As of Go 1.13, use errors.Is instead. -func Is(err, target error) bool { - if target == nil { - return err == target - } - - isComparable := reflect.TypeOf(target).Comparable() - for { - if isComparable && err == target { - return true - } - if x, ok := err.(interface{ Is(error) bool }); ok && x.Is(target) { - return true - } - // TODO: consider supporing target.Is(err). This would allow - // user-definable predicates, but also may allow for coping with sloppy - // APIs, thereby making it easier to get away with them. - if err = Unwrap(err); err == nil { - return false - } - } -} - -// As finds the first error in err's chain that matches the type to which target -// points, and if so, sets the target to its value and returns true. An error -// matches a type if it is assignable to the target type, or if it has a method -// As(interface{}) bool such that As(target) returns true. As will panic if target -// is not a non-nil pointer to a type which implements error or is of interface type. -// -// The As method should set the target to its value and return true if err -// matches the type to which target points. -// -// Deprecated: As of Go 1.13, use errors.As instead. -func As(err error, target interface{}) bool { - if target == nil { - panic("errors: target cannot be nil") - } - val := reflect.ValueOf(target) - typ := val.Type() - if typ.Kind() != reflect.Ptr || val.IsNil() { - panic("errors: target must be a non-nil pointer") - } - if e := typ.Elem(); e.Kind() != reflect.Interface && !e.Implements(errorType) { - panic("errors: *target must be interface or implement error") - } - targetType := typ.Elem() - for err != nil { - if reflect.TypeOf(err).AssignableTo(targetType) { - val.Elem().Set(reflect.ValueOf(err)) - return true - } - if x, ok := err.(interface{ As(interface{}) bool }); ok && x.As(target) { - return true - } - err = Unwrap(err) - } - return false -} - -var errorType = reflect.TypeOf((*error)(nil)).Elem() diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go index 84f9302dc..3356fa97b 100644 --- a/vendor/google.golang.org/api/internal/settings.go +++ b/vendor/google.golang.org/api/internal/settings.go @@ -55,6 +55,8 @@ type DialSettings struct { EnableDirectPathXds bool EnableNewAuthLibrary bool AllowNonDefaultServiceAccount bool + UniverseDomain string + DefaultUniverseDomain string // Google API system parameters. For more information please read: // https://cloud.google.com/apis/docs/system-parameters diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go index 62a5a2386..a130609e5 100644 --- a/vendor/google.golang.org/api/internal/version.go +++ b/vendor/google.golang.org/api/internal/version.go @@ -5,4 +5,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.150.0" +const Version = "0.153.0" diff --git a/vendor/google.golang.org/api/option/internaloption/internaloption.go b/vendor/google.golang.org/api/option/internaloption/internaloption.go index b2b249eec..3fdee095c 100644 --- a/vendor/google.golang.org/api/option/internaloption/internaloption.go +++ b/vendor/google.golang.org/api/option/internaloption/internaloption.go @@ -126,6 +126,22 @@ func (w withDefaultScopes) Apply(o *internal.DialSettings) { copy(o.DefaultScopes, w) } +// WithDefaultUniverseDomain returns a ClientOption that sets the default universe domain. +// +// It should only be used internally by generated clients. +// +// This is similar to the public WithUniverse, but allows us to determine whether the user has +// overridden the default universe. +func WithDefaultUniverseDomain(ud string) option.ClientOption { + return withDefaultUniverseDomain(ud) +} + +type withDefaultUniverseDomain string + +func (w withDefaultUniverseDomain) Apply(o *internal.DialSettings) { + o.DefaultUniverseDomain = string(w) +} + // EnableJwtWithScope returns a ClientOption that specifies if scope can be used // with self-signed JWT. func EnableJwtWithScope() option.ClientOption { diff --git a/vendor/google.golang.org/api/option/option.go b/vendor/google.golang.org/api/option/option.go index b2085a194..c882c1eb4 100644 --- a/vendor/google.golang.org/api/option/option.go +++ b/vendor/google.golang.org/api/option/option.go @@ -343,3 +343,16 @@ func (w *withCreds) Apply(o *internal.DialSettings) { func WithCredentials(creds *google.Credentials) ClientOption { return (*withCreds)(creds) } + +// WithUniverseDomain returns a ClientOption that sets the universe domain. +// +// This is an EXPERIMENTAL API and may be changed or removed in the future. +func WithUniverseDomain(ud string) ClientOption { + return withUniverseDomain(ud) +} + +type withUniverseDomain string + +func (w withUniverseDomain) Apply(o *internal.DialSettings) { + o.UniverseDomain = string(w) +} diff --git a/vendor/google.golang.org/api/storage/v1/storage-api.json b/vendor/google.golang.org/api/storage/v1/storage-api.json index 5481a74cb..6c89799d5 100644 --- a/vendor/google.golang.org/api/storage/v1/storage-api.json +++ b/vendor/google.golang.org/api/storage/v1/storage-api.json @@ -26,7 +26,7 @@ "description": "Stores and retrieves potentially large, immutable data objects.", "discoveryVersion": "v1", "documentationLink": "https://developers.google.com/storage/docs/json_api/", - "etag": "\"39383633393336373936373236333033393737\"", + "etag": "\"38383938373230313033363637363637353533\"", "icons": { "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" @@ -215,7 +215,7 @@ "type": "string" } }, - "path": "b/{bucket}/anywhereCache", + "path": "b/{bucket}/anywhereCaches", "response": { "$ref": "AnywhereCaches" }, @@ -3799,7 +3799,7 @@ } } }, - "revision": "20231028", + "revision": "20231117", "rootUrl": "https://storage.googleapis.com/", "schemas": { "AnywhereCache": { diff --git a/vendor/google.golang.org/api/storage/v1/storage-gen.go b/vendor/google.golang.org/api/storage/v1/storage-gen.go index 90320fcc0..c4331c04d 100644 --- a/vendor/google.golang.org/api/storage/v1/storage-gen.go +++ b/vendor/google.golang.org/api/storage/v1/storage-gen.go @@ -3593,7 +3593,7 @@ func (c *AnywhereCacheListCall) doRequest(alt string) (*http.Response, error) { var body io.Reader = nil c.urlParams_.Set("alt", alt) c.urlParams_.Set("prettyPrint", "false") - urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/anywhereCache") + urls := googleapi.ResolveRelative(c.s.BasePath, "b/{bucket}/anywhereCaches") urls += "?" + c.urlParams_.Encode() req, err := http.NewRequest("GET", urls, body) if err != nil { @@ -3670,7 +3670,7 @@ func (c *AnywhereCacheListCall) Do(opts ...googleapi.CallOption) (*AnywhereCache // "type": "string" // } // }, - // "path": "b/{bucket}/anywhereCache", + // "path": "b/{bucket}/anywhereCaches", // "response": { // "$ref": "AnywhereCaches" // }, diff --git a/vendor/modules.txt b/vendor/modules.txt index 1a606d02c..46de80c82 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# cloud.google.com/go v0.110.10 +# cloud.google.com/go v0.111.0 ## explicit; go 1.19 cloud.google.com/go/internal cloud.google.com/go/internal/optional @@ -42,7 +42,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing # github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 ## explicit; go 1.18 github.com/Azure/azure-sdk-for-go/sdk/azidentity -# github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 +# github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 ## explicit; go 1.18 github.com/Azure/azure-sdk-for-go/sdk/internal/diag github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo @@ -107,10 +107,10 @@ github.com/VictoriaMetrics/metricsql/binaryop # github.com/VividCortex/ewma v1.2.0 ## explicit; go 1.12 github.com/VividCortex/ewma -# github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 +# github.com/alecthomas/units v0.0.0-20231202071711-9a357b53e9c9 ## explicit; go 1.15 github.com/alecthomas/units -# github.com/aws/aws-sdk-go v1.47.12 +# github.com/aws/aws-sdk-go v1.48.16 ## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/auth/bearer @@ -154,12 +154,13 @@ github.com/aws/aws-sdk-go/service/sso/ssoiface github.com/aws/aws-sdk-go/service/ssooidc github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts/stsiface -# github.com/aws/aws-sdk-go-v2 v1.23.0 +# github.com/aws/aws-sdk-go-v2 v1.24.0 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/aws github.com/aws/aws-sdk-go-v2/aws/arn github.com/aws/aws-sdk-go-v2/aws/defaults github.com/aws/aws-sdk-go-v2/aws/middleware +github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics github.com/aws/aws-sdk-go-v2/aws/protocol/query github.com/aws/aws-sdk-go-v2/aws/protocol/restjson github.com/aws/aws-sdk-go-v2/aws/protocol/xml @@ -171,6 +172,7 @@ github.com/aws/aws-sdk-go-v2/aws/transport/http github.com/aws/aws-sdk-go-v2/internal/auth github.com/aws/aws-sdk-go-v2/internal/auth/smithy github.com/aws/aws-sdk-go-v2/internal/awsutil +github.com/aws/aws-sdk-go-v2/internal/context github.com/aws/aws-sdk-go-v2/internal/endpoints github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn github.com/aws/aws-sdk-go-v2/internal/rand @@ -180,14 +182,14 @@ github.com/aws/aws-sdk-go-v2/internal/shareddefaults github.com/aws/aws-sdk-go-v2/internal/strings github.com/aws/aws-sdk-go-v2/internal/sync/singleflight github.com/aws/aws-sdk-go-v2/internal/timeconv -# github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1 +# github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi -# github.com/aws/aws-sdk-go-v2/config v1.25.1 +# github.com/aws/aws-sdk-go-v2/config v1.26.1 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/config -# github.com/aws/aws-sdk-go-v2/credentials v1.16.1 +# github.com/aws/aws-sdk-go-v2/credentials v1.16.12 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/credentials github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds @@ -196,68 +198,70 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client github.com/aws/aws-sdk-go-v2/credentials/processcreds github.com/aws/aws-sdk-go-v2/credentials/ssocreds github.com/aws/aws-sdk-go-v2/credentials/stscreds -# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 +# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config -# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.13.8 +# github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.7 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/feature/s3/manager -# github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 +# github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/internal/configsources -# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 +# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 -# github.com/aws/aws-sdk-go-v2/internal/ini v1.7.0 +# github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/internal/ini -# github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.3 +# github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/internal/v4a github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4 -# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 +# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding -# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.3 +# github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/internal/checksum -# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 +# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url -# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.3 +# github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/internal/s3shared github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config -# github.com/aws/aws-sdk-go-v2/service/s3 v1.42.2 +# github.com/aws/aws-sdk-go-v2/service/s3 v1.47.5 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/s3 github.com/aws/aws-sdk-go-v2/service/s3/internal/arn github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints github.com/aws/aws-sdk-go-v2/service/s3/types -# github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 +# github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/sso github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints github.com/aws/aws-sdk-go-v2/service/sso/types -# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.2 +# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/ssooidc github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints github.com/aws/aws-sdk-go-v2/service/ssooidc/types -# github.com/aws/aws-sdk-go-v2/service/sts v1.25.2 +# github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 ## explicit; go 1.19 github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints github.com/aws/aws-sdk-go-v2/service/sts/types -# github.com/aws/smithy-go v1.17.0 +# github.com/aws/smithy-go v1.19.0 ## explicit; go 1.19 github.com/aws/smithy-go github.com/aws/smithy-go/auth github.com/aws/smithy-go/auth/bearer +github.com/aws/smithy-go/container/private/cache +github.com/aws/smithy-go/container/private/cache/lru github.com/aws/smithy-go/context github.com/aws/smithy-go/document github.com/aws/smithy-go/encoding @@ -270,6 +274,7 @@ github.com/aws/smithy-go/internal/sync/singleflight github.com/aws/smithy-go/io github.com/aws/smithy-go/logging github.com/aws/smithy-go/middleware +github.com/aws/smithy-go/private/requestcompression github.com/aws/smithy-go/ptr github.com/aws/smithy-go/rand github.com/aws/smithy-go/sync @@ -327,7 +332,7 @@ github.com/gogo/protobuf/proto github.com/gogo/protobuf/protoc-gen-gogo/descriptor github.com/gogo/protobuf/sortkeys github.com/gogo/protobuf/types -# github.com/golang-jwt/jwt/v5 v5.1.0 +# github.com/golang-jwt/jwt/v5 v5.2.0 ## explicit; go 1.18 github.com/golang-jwt/jwt/v5 # github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da @@ -399,7 +404,7 @@ github.com/jpillora/backoff # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/klauspost/compress v1.17.3 +# github.com/klauspost/compress v1.17.4 ## explicit; go 1.19 github.com/klauspost/compress github.com/klauspost/compress/flate @@ -477,7 +482,7 @@ github.com/prometheus/common/sigv4 github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util -# github.com/prometheus/prometheus v0.48.0 +# github.com/prometheus/prometheus v0.48.1 ## explicit; go 1.20 github.com/prometheus/prometheus/config github.com/prometheus/prometheus/discovery @@ -528,7 +533,7 @@ github.com/russross/blackfriday/v2 ## explicit; go 1.20 github.com/stretchr/testify/assert github.com/stretchr/testify/require -# github.com/urfave/cli/v2 v2.25.7 +# github.com/urfave/cli/v2 v2.26.0 ## explicit; go 1.18 github.com/urfave/cli/v2 # github.com/valyala/bytebufferpool v1.0.0 @@ -575,7 +580,7 @@ go.opencensus.io/trace go.opencensus.io/trace/internal go.opencensus.io/trace/propagation go.opencensus.io/trace/tracestate -# go.opentelemetry.io/collector/pdata v1.0.0-rcv0018 +# go.opentelemetry.io/collector/pdata v1.0.0 ## explicit; go 1.20 go.opentelemetry.io/collector/pdata/internal go.opentelemetry.io/collector/pdata/internal/data @@ -592,14 +597,14 @@ go.opentelemetry.io/collector/pdata/internal/otlp go.opentelemetry.io/collector/pdata/pcommon go.opentelemetry.io/collector/pdata/pmetric go.opentelemetry.io/collector/pdata/pmetric/pmetricotlp -# go.opentelemetry.io/collector/semconv v0.89.0 +# go.opentelemetry.io/collector/semconv v0.90.1 ## explicit; go 1.20 go.opentelemetry.io/collector/semconv/v1.6.1 -# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.0 +# go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 ## explicit; go 1.20 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil -# go.opentelemetry.io/otel v1.20.0 +# go.opentelemetry.io/otel v1.21.0 ## explicit; go 1.20 go.opentelemetry.io/otel go.opentelemetry.io/otel/attribute @@ -612,11 +617,11 @@ go.opentelemetry.io/otel/internal/global go.opentelemetry.io/otel/propagation go.opentelemetry.io/otel/semconv/v1.17.0 go.opentelemetry.io/otel/semconv/v1.21.0 -# go.opentelemetry.io/otel/metric v1.20.0 +# go.opentelemetry.io/otel/metric v1.21.0 ## explicit; go 1.20 go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/metric/embedded -# go.opentelemetry.io/otel/trace v1.20.0 +# go.opentelemetry.io/otel/trace v1.21.0 ## explicit; go 1.20 go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded @@ -630,7 +635,7 @@ go.uber.org/goleak/internal/stack # go.uber.org/multierr v1.11.0 ## explicit; go 1.19 go.uber.org/multierr -# golang.org/x/crypto v0.15.0 +# golang.org/x/crypto v0.16.0 ## explicit; go 1.18 golang.org/x/crypto/chacha20 golang.org/x/crypto/chacha20poly1305 @@ -641,11 +646,11 @@ golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/poly1305 golang.org/x/crypto/pkcs12 golang.org/x/crypto/pkcs12/internal/rc2 -# golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa +# golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb ## explicit; go 1.20 golang.org/x/exp/constraints golang.org/x/exp/slices -# golang.org/x/net v0.18.0 +# golang.org/x/net v0.19.0 ## explicit; go 1.18 golang.org/x/net/http/httpguts golang.org/x/net/http/httpproxy @@ -656,7 +661,7 @@ golang.org/x/net/internal/socks golang.org/x/net/internal/timeseries golang.org/x/net/proxy golang.org/x/net/trace -# golang.org/x/oauth2 v0.14.0 +# golang.org/x/oauth2 v0.15.0 ## explicit; go 1.18 golang.org/x/oauth2 golang.org/x/oauth2/authhandler @@ -683,14 +688,12 @@ golang.org/x/text/secure/bidirule golang.org/x/text/transform golang.org/x/text/unicode/bidi golang.org/x/text/unicode/norm -# golang.org/x/time v0.4.0 +# golang.org/x/time v0.5.0 ## explicit; go 1.18 golang.org/x/time/rate # golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 ## explicit; go 1.18 -golang.org/x/xerrors -golang.org/x/xerrors/internal -# google.golang.org/api v0.150.0 +# google.golang.org/api v0.153.0 ## explicit; go 1.19 google.golang.org/api/googleapi google.golang.org/api/googleapi/transport @@ -720,16 +723,16 @@ google.golang.org/appengine/internal/modules google.golang.org/appengine/internal/remote_api google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch -# google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 +# google.golang.org/genproto v0.0.0-20231127180814-3a041ad873d4 ## explicit; go 1.19 google.golang.org/genproto/googleapis/type/date google.golang.org/genproto/googleapis/type/expr google.golang.org/genproto/internal -# google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 +# google.golang.org/genproto/googleapis/api v0.0.0-20231127180814-3a041ad873d4 ## explicit; go 1.19 google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations -# google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 ## explicit; go 1.19 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails