ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #21908 from ajayk/v-aws-sdk-go-v1.20.10 

deps: github.com/aws/aws-sdk-go@v1.20.10
This commit is contained in:
Brian Flad 2019-07-12 13:46:06 -04:00 committed by GitHub
parent d9a229a20e fd8aca539e
commit fdbabf9e23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 1277 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -16,7 +16,7 @@ require (
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/aws/aws-sdk-go v1.20.4
github.com/aws/aws-sdk-go v1.20.19
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
github.com/blang/semver v3.5.1+incompatible
github.com/boltdb/bolt v1.3.1 // indirect

4
go.sum
View File

@ -57,8 +57,8 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
github.com/aws/aws-sdk-go v1.16.36 h1:POeH34ZME++pr7GBGh+ZO6Y5kOwSMQpqp5BGUgooJ6k=
github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.20.4 h1:czX3oqFyqz/AELrK/tneNuyZgNIrWnyqP+iQXsQ32E0=
github.com/aws/aws-sdk-go v1.20.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.20.19 h1:RQDLGGlcffQzAceEXGdMu+uGGPGhNu+vNG3BrUZAMPI=
github.com/aws/aws-sdk-go v1.20.19/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=

65
vendor/github.com/aws/aws-sdk-go/aws/csm/doc.go generated vendored
View File

@ -1,30 +1,61 @@
// Package csm provides Client Side Monitoring (CSM) which enables sending metrics
// via UDP connection. Using the Start function will enable the reporting of
// metrics on a given port. If Start is called, with different parameters, again,
// a panic will occur.
// Package csm provides the Client Side Monitoring (CSM) client which enables
// sending metrics via UDP connection to the CSM agent. This package provides
// control options, and configuration for the CSM client. The client can be
// controlled manually, or automatically via the SDK's Session configuration.
//
// Pause can be called to pause any metrics publishing on a given port. Sessions
// that have had their handlers modified via InjectHandlers may still be used.
// However, the handlers will act as a no-op meaning no metrics will be published.
// Enabling CSM client via SDK's Session configuration
//
// The CSM client can be enabled automatically via SDK's Session configuration.
// The SDK's session configuration enables the CSM client if the AWS_CSM_PORT
// environment variable is set to a non-empty value.
//
// The configuration options for the CSM client via the SDK's session
// configuration are:
//
// * AWS_CSM_PORT=<port number>
// The port number the CSM agent will receive metrics on.
//
// * AWS_CSM_HOST=<hostname or ip>
// The hostname, or IP address the CSM agent will receive metrics on.
// Without port number.
//
// Manually enabling the CSM client
//
// The CSM client can be started, paused, and resumed manually. The Start
// function will enable the CSM client to publish metrics to the CSM agent. It
// is safe to call Start concurrently, but if Start is called additional times
// with different ClientID or address it will panic.
//
// Example:
// r, err := csm.Start("clientID", ":31000")
// if err != nil {
// panic(fmt.Errorf("failed starting CSM: %v", err))
// }
//
// When controlling the CSM client manually, you must also inject its request
// handlers into the SDK's Session configuration for the SDK's API clients to
// publish metrics.
//
// sess, err := session.NewSession(&aws.Config{})
// if err != nil {
// panic(fmt.Errorf("failed loading session: %v", err))
// }
//
// // Add CSM client's metric publishing request handlers to the SDK's
// // Session Configuration.
// r.InjectHandlers(&sess.Handlers)
//
// client := s3.New(sess)
// resp, err := client.GetObject(&s3.GetObjectInput{
// Bucket: aws.String("bucket"),
// Key: aws.String("key"),
// })
// Controlling CSM client
//
// Once the CSM client has been enabled the Get function will return a Reporter
// value that you can use to pause and resume the metrics published to the CSM
// agent. If Get function is called before the reporter is enabled with the
// Start function or via SDK's Session configuration nil will be returned.
//
// The Pause method can be called to stop the CSM client publishing metrics to
// the CSM agent. The Continue method will resume metric publishing.
//
// // Get the CSM client Reporter.
// r := csm.Get()
//
// // Will pause monitoring
// r.Pause()
@ -35,12 +66,4 @@
//
// // Resume monitoring
// r.Continue()
//
// Start returns a Reporter that is used to enable or disable monitoring. If
// access to the Reporter is required later, calling Get will return the Reporter
// singleton.
//
// Example:
// r := csm.Get()
// r.Continue()
package csm

34
vendor/github.com/aws/aws-sdk-go/aws/csm/enable.go generated vendored
View File

@ -2,6 +2,7 @@ package csm
import (
"fmt"
"strings"
"sync"
)
@ -9,19 +10,40 @@ var (
lock sync.Mutex
)
// Client side metric handler names
const (
APICallMetricHandlerName = "awscsm.SendAPICallMetric"
APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
// DefaultPort is used when no port is specified.
DefaultPort = "31000"
// DefaultHost is the host that will be used when none is specified.
DefaultHost = "127.0.0.1"
)
// Start will start the a long running go routine to capture
// AddressWithDefaults returns a CSM address built from the host and port
// values. If the host or port is not set, default values will be used
// instead. If host is "localhost" it will be replaced with "127.0.0.1".
func AddressWithDefaults(host, port string) string {
if len(host) == 0 || strings.EqualFold(host, "localhost") {
host = DefaultHost
}
if len(port) == 0 {
port = DefaultPort
}
// Only IP6 host can contain a colon
if strings.Contains(host, ":") {
return "[" + host + "]:" + port
}
return host + ":" + port
}
// Start will start a long running go routine to capture
// client side metrics. Calling start multiple time will only
// start the metric listener once and will panic if a different
// client ID or port is passed in.
//
// Example:
// r, err := csm.Start("clientID", "127.0.0.1:8094")
// r, err := csm.Start("clientID", "127.0.0.1:31000")
// if err != nil {
// panic(fmt.Errorf("expected no error, but received %v", err))
// }

25
vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go generated vendored
View File

@ -10,11 +10,6 @@ import (
"github.com/aws/aws-sdk-go/aws/request"
)
const (
// DefaultPort is used when no port is specified
DefaultPort = "31000"
)
// Reporter will gather metrics of API requests made and
// send those metrics to the CSM endpoint.
type Reporter struct {
@ -190,8 +185,9 @@ func (rep *Reporter) start() {
}
}
// Pause will pause the metric channel preventing any new metrics from
// being added.
// Pause will pause the metric channel preventing any new metrics from being
// added. It is safe to call concurrently with other calls to Pause, but if
// called concurently with Continue can lead to unexpected state.
func (rep *Reporter) Pause() {
lock.Lock()
defer lock.Unlock()
@ -203,8 +199,9 @@ func (rep *Reporter) Pause() {
rep.close()
}
// Continue will reopen the metric channel and allow for monitoring
// to be resumed.
// Continue will reopen the metric channel and allow for monitoring to be
// resumed. It is safe to call concurrently with other calls to Continue, but
// if called concurently with Pause can lead to unexpected state.
func (rep *Reporter) Continue() {
lock.Lock()
defer lock.Unlock()
@ -219,10 +216,18 @@ func (rep *Reporter) Continue() {
rep.metricsCh.Continue()
}
// Client side metric handler names
const (
APICallMetricHandlerName = "awscsm.SendAPICallMetric"
APICallAttemptMetricHandlerName = "awscsm.SendAPICallAttemptMetric"
)
// InjectHandlers will will enable client side metrics and inject the proper
// handlers to handle how metrics are sent.
//
// Example:
// InjectHandlers is NOT safe to call concurrently. Calling InjectHandlers
// multiple times may lead to unexpected behavior, (e.g. duplicate metrics).
//
// // Start must be called in order to inject the correct handlers
// r, err := csm.Start("clientID", "127.0.0.1:8094")
// if err != nil {

103
vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go generated vendored
View File

@ -478,6 +478,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
@ -536,17 +537,24 @@ var awsPartition = partition{
"backup": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"batch": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@ -1179,6 +1187,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"sa-east-1": endpoint{},
@ -1555,7 +1564,9 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
@ -1616,9 +1627,11 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@ -1632,10 +1645,15 @@ var awsPartition = partition{
},
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
@ -1712,6 +1730,7 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{},
@ -1732,11 +1751,16 @@ var awsPartition = partition{
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
@ -1831,12 +1855,6 @@ var awsPartition = partition{
"kms": service{
Endpoints: endpoints{
"ProdFips": endpoint{
Hostname: "kms-fips.ca-central-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "ca-central-1",
},
},
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
@ -1881,6 +1899,7 @@ var awsPartition = partition{
"license-manager": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@ -2000,6 +2019,7 @@ var awsPartition = partition{
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
@ -2115,12 +2135,14 @@ var awsPartition = partition{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
@ -2176,6 +2198,12 @@ var awsPartition = partition{
Region: "eu-central-1",
},
},
"eu-north-1": endpoint{
Hostname: "rds.eu-north-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "eu-north-1",
},
},
"eu-west-1": endpoint{
Hostname: "rds.eu-west-1.amazonaws.com",
CredentialScope: credentialScope{
@ -2313,6 +2341,7 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
@ -2939,6 +2968,7 @@ var awsPartition = partition{
"sms": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@ -3243,9 +3273,15 @@ var awsPartition = partition{
},
},
"support": service{
PartitionEndpoint: "aws-global",
Endpoints: endpoints{
"aws-global": endpoint{},
"aws-global": endpoint{
Hostname: "support.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
},
},
"swf": service{
@ -3416,6 +3452,7 @@ var awsPartition = partition{
"xray": service{
Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
@ -3692,6 +3729,15 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
"greengrass": service{
IsRegionalized: boxedTrue,
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
"cn-north-1": endpoint{},
},
},
"iam": service{
PartitionEndpoint: "aws-cn-global",
IsRegionalized: boxedFalse,
@ -3736,6 +3782,13 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
"license-manager": service{
Endpoints: endpoints{
"cn-north-1": endpoint{},
"cn-northwest-1": endpoint{},
},
},
"logs": service{
Endpoints: endpoints{
@ -3886,6 +3939,18 @@ var awscnPartition = partition{
"cn-northwest-1": endpoint{},
},
},
"support": service{
PartitionEndpoint: "aws-cn-global",
Endpoints: endpoints{
"aws-cn-global": endpoint{
Hostname: "support.cn-north-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "cn-north-1",
},
},
},
},
"swf": service{
Endpoints: endpoints{
@ -4046,6 +4111,7 @@ var awsusgovPartition = partition{
"codebuild": service{
Endpoints: endpoints{
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
@ -4090,6 +4156,12 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{},
},
},
"datasync": service{
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
},
},
"directconnect": service{
Endpoints: endpoints{
@ -4222,6 +4294,7 @@ var awsusgovPartition = partition{
"firehose": service{
Endpoints: endpoints{
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
@ -4236,6 +4309,16 @@ var awsusgovPartition = partition{
},
"glue": service{
Endpoints: endpoints{
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{},
},
},
"greengrass": service{
IsRegionalized: boxedTrue,
Defaults: endpoint{
Protocols: []string{"https"},
},
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
},
@ -4362,6 +4445,12 @@ var awsusgovPartition = partition{
"us-gov-west-1": endpoint{},
},
},
"ram": service{
Endpoints: endpoints{
"us-gov-west-1": endpoint{},
},
},
"rds": service{
Endpoints: endpoints{

12
vendor/github.com/aws/aws-sdk-go/aws/request/request.go generated vendored
View File

@ -4,6 +4,7 @@ import (
"bytes"
"fmt"
"io"
"net"
"net/http"
"net/url"
"reflect"
@ -484,7 +485,7 @@ func (r *Request) Send() error {
if err := r.sendRequest(); err == nil {
return nil
} else if !shouldRetryCancel(r.Error) {
} else if !shouldRetryError(r.Error) {
return err
} else {
r.Handlers.Retry.Run(r)
@ -576,13 +577,13 @@ type temporary interface {
Temporary() bool
}
func shouldRetryCancel(origErr error) bool {
func shouldRetryError(origErr error) bool {
switch err := origErr.(type) {
case awserr.Error:
if err.Code() == CanceledErrorCode {
return false
}
return shouldRetryCancel(err.OrigErr())
return shouldRetryError(err.OrigErr())
case *url.Error:
if strings.Contains(err.Error(), "connection refused") {
// Refused connections should be retried as the service may not yet
@ -592,8 +593,11 @@ func shouldRetryCancel(origErr error) bool {
}
// *url.Error only implements Temporary after golang 1.6 but since
// url.Error only wraps the error:
return shouldRetryCancel(err.Err)
return shouldRetryError(err.Err)
case temporary:
if netErr, ok := err.(*net.OpError); ok && netErr.Op == "dial" {
return true
}
// If the error is temporary, we want to allow continuation of the
// retry process
return err.Temporary() || isErrConnectionReset(origErr)

14
vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go generated vendored
View File

@ -64,11 +64,15 @@ func resolveCredsFromProfile(cfg *aws.Config,
), nil
} else if len(sharedCfg.CredentialProcess) > 0 {
// Credential Process credentials from Shared Config/Credentials file.
return processcreds.NewCredentials(
sharedCfg.CredentialProcess,
), nil
// Get credentials from CredentialProcess
cred := processcreds.NewCredentials(sharedCfg.CredentialProcess)
// if RoleARN is provided, so the obtained cred from the Credential Process to assume the role using RoleARN
if len(sharedCfg.AssumeRole.RoleARN) > 0 {
cfgCp := *cfg
cfgCp.Credentials = cred
return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts)
}
return cred, nil
} else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 {
// Assume IAM Role with specific credential source.
return resolveCredsFromSource(cfg, envCfg, sharedCfg, handlers, sessOpts)

5
vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go generated vendored
View File

@ -102,6 +102,7 @@ type envConfig struct {
CSMEnabled bool
CSMPort string
CSMClientID string
CSMHost string
enableEndpointDiscovery string
// Enables endpoint discovery via environment variables.
@ -114,6 +115,9 @@ var (
csmEnabledEnvKey = []string{
"AWS_CSM_ENABLED",
}
csmHostEnvKey = []string{
"AWS_CSM_HOST",
}
csmPortEnvKey = []string{
"AWS_CSM_PORT",
}
@ -184,6 +188,7 @@ func envConfigLoad(enableSharedConfig bool) envConfig {
// CSM environment variables
setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey)
setFromEnvVal(&cfg.CSMHost, csmHostEnvKey)
setFromEnvVal(&cfg.CSMPort, csmPortEnvKey)
setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey)
cfg.CSMEnabled = len(cfg.csmEnabled) > 0

33
vendor/github.com/aws/aws-sdk-go/aws/session/session.go generated vendored
View File

@ -3,6 +3,7 @@ package session
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"io/ioutil"
"net/http"
@ -104,7 +105,15 @@ func New(cfgs ...*aws.Config) *Session {
s := deprecatedNewSession(cfgs...)
if envCfg.CSMEnabled {
enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger)
err := enableCSM(&s.Handlers, envCfg.CSMClientID,
envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger)
if err != nil {
err = fmt.Errorf("failed to enable CSM, %v", err)
s.Config.Logger.Log("ERROR:", err.Error())
s.Handlers.Validate.PushBack(func(r *request.Request) {
r.Error = err
})
}
}
return s
@ -338,17 +347,21 @@ func deprecatedNewSession(cfgs ...*aws.Config) *Session {
return s
}
func enableCSM(handlers *request.Handlers, clientID string, port string, logger aws.Logger) {
logger.Log("Enabling CSM")
if len(port) == 0 {
port = csm.DefaultPort
func enableCSM(handlers *request.Handlers,
clientID, host, port string,
logger aws.Logger,
) error {
if logger != nil {
logger.Log("Enabling CSM")
}
r, err := csm.Start(clientID, "127.0.0.1:"+port)
r, err := csm.Start(clientID, csm.AddressWithDefaults(host, port))
if err != nil {
return
return err
}
r.InjectHandlers(handlers)
return nil
}
func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, error) {
@ -395,7 +408,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session,
initHandlers(s)
if envCfg.CSMEnabled {
enableCSM(&s.Handlers, envCfg.CSMClientID, envCfg.CSMPort, s.Config.Logger)
err := enableCSM(&s.Handlers, envCfg.CSMClientID,
envCfg.CSMHost, envCfg.CSMPort, s.Config.Logger)
if err != nil {
return nil, err
}
}
// Setup HTTP client with custom cert bundle if enabled

8
vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go generated vendored
View File

@ -5,7 +5,6 @@ import (
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/internal/ini"
)
@ -167,7 +166,8 @@ func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedC
}
if cfg.AssumeRole.SourceProfile == origProfile || len(assumeRoleSrc.AssumeRole.SourceProfile) == 0 {
if len(assumeRoleSrc.AssumeRole.CredentialSource) == 0 && len(assumeRoleSrc.Creds.AccessKeyID) == 0 {
//Check if at least either Credential Source, static creds, or credential process is set to retain credentials.
if len(assumeRoleSrc.AssumeRole.CredentialSource) == 0 && len(assumeRoleSrc.Creds.AccessKeyID) == 0 && len(assumeRoleSrc.CredentialProcess) == 0 {
return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN}
}
}
@ -226,7 +226,9 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e
roleArn := section.String(roleArnKey)
srcProfile := section.String(sourceProfileKey)
credentialSource := section.String(credentialSourceKey)
hasSource := len(srcProfile) > 0 || len(credentialSource) > 0
credentialProcess := section.String(credentialProcessKey)
//Has source to make sure the Assume Role has at least either srcProfile, credential Source, or credential Process.
hasSource := len(srcProfile) > 0 || len(credentialSource) > 0 || len(credentialProcess) > 0
if len(roleArn) > 0 && hasSource {
cfg.AssumeRole = assumeRoleConfig{
RoleARN: roleArn,

2
vendor/github.com/aws/aws-sdk-go/aws/version.go generated vendored
View File

@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
const SDKVersion = "1.20.4"
const SDKVersion = "1.20.19"

421
vendor/github.com/aws/aws-sdk-go/service/dynamodb/api.go generated vendored
View File

File diff suppressed because it is too large Load Diff

2
vendor/github.com/aws/aws-sdk-go/service/dynamodb/doc_custom.go generated vendored
View File

@ -3,7 +3,7 @@ AttributeValue Marshaling and Unmarshaling Helpers
Utility helpers to marshal and unmarshal AttributeValue to and
from Go types can be found in the dynamodbattribute sub package. This package
provides has specialized functions for the common ways of working with
provides specialized functions for the common ways of working with
AttributeValues. Such as map[string]*AttributeValue, []*AttributeValue, and
directly with *AttributeValue. This is helpful for marshaling Go types for API
operations such as PutItem, and unmarshaling Query and Scan APIs' responses.

4
vendor/github.com/aws/aws-sdk-go/service/dynamodb/errors.go generated vendored
View File

@ -184,6 +184,8 @@ const (
// index (LSI) becomes too large, or a similar validation error occurs because
// of changes made by the transaction.
//
// * The aggregate size of the items in the transaction exceeds 4 MBs.
//
// * There is a user error, such as an invalid data format.
//
// DynamoDB cancels a TransactGetItems request under the following circumstances:
@ -198,6 +200,8 @@ const (
// * There is insufficient provisioned capacity for the transaction to be
// completed.
//
// * The aggregate size of the items in the transaction exceeds 4 MBs.
//
// * There is a user error, such as an invalid data format.
//
// If using Java, DynamoDB lists the cancellation reasons on the CancellationReasons

765
vendor/github.com/aws/aws-sdk-go/service/iam/api.go generated vendored
View File

@ -5040,6 +5040,199 @@ func (c *IAM) GenerateCredentialReportWithContext(ctx aws.Context, input *Genera
return out, req.Send()
}
const opGenerateOrganizationsAccessReport = "GenerateOrganizationsAccessReport"
// GenerateOrganizationsAccessReportRequest generates a "aws/request.Request" representing the
// client's request for the GenerateOrganizationsAccessReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GenerateOrganizationsAccessReport for more information on using the GenerateOrganizationsAccessReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GenerateOrganizationsAccessReportRequest method.
// req, resp := client.GenerateOrganizationsAccessReportRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport
func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizationsAccessReportInput) (req *request.Request, output *GenerateOrganizationsAccessReportOutput) {
op := &request.Operation{
Name: opGenerateOrganizationsAccessReport,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &GenerateOrganizationsAccessReportInput{}
}
output = &GenerateOrganizationsAccessReportOutput{}
req = c.newRequest(op, input, output)
return
}
// GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management.
//
// Generates a report for service last accessed data for AWS Organizations.
// You can generate a report for any entities (organization root, organizational
// unit, or account) or policies in your organization.
//
// To call this operation, you must be signed in using your AWS Organizations
// master account credentials. You can use your long-term IAM user or root user
// credentials, or temporary credentials from assuming an IAM role. SCPs must
// be enabled for your organization root. You must have the required IAM and
// AWS Organizations permissions. For more information, see Refining Permissions
// Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// You can generate a service last accessed data report for entities by specifying
// only the entity's path. This data includes a list of services that are allowed
// by any service control policies (SCPs) that apply to the entity.
//
// You can generate a service last accessed data report for a policy by specifying
// an entity's path and an optional AWS Organizations policy ID. This data includes
// a list of services that are allowed by the specified SCP.
//
// For each service in both report types, the data includes the most recent
// account activity that the policy allows to account principals in the entity
// or the entity's children. For important information about the data, reporting
// period, permissions required, troubleshooting, and supported Regions see
// Reducing Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// The data includes all attempts to access AWS, not just the successful ones.
// This includes all attempts that were made using the AWS Management Console,
// the AWS API through any of the SDKs, or any of the command line tools. An
// unexpected entry in the service last accessed data does not mean that an
// account has been compromised, because the request might have been denied.
// Refer to your CloudTrail logs as the authoritative source for information
// about all API calls and whether they were successful or denied access. For
// more information, see Logging IAM Events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
// in the IAM User Guide.
//
// This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport
// operation to check the status of the report generation. To check the status
// of this request, use the JobId parameter in the GetOrganizationsAccessReport
// operation and test the JobStatus response parameter. When the job is complete,
// you can retrieve the report.
//
// To generate a service last accessed data report for entities, specify an
// entity path without specifying the optional AWS Organizations policy ID.
// The type of entity that you specify determines the data returned in the report.
//
// * Root When you specify the organizations root as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached
// to your root. For each service, the report includes data for all accounts
// in your organization except the master account, because the master account
// is not limited by SCPs.
//
// * OU When you specify an organizational unit (OU) as the entity, the
// resulting report lists all of the services allowed by SCPs that are attached
// to the OU and its parents. For each service, the report includes data
// for all accounts in the OU or its children. This data excludes the master
// account, because the master account is not limited by SCPs.
//
// * Master account When you specify the master account, the resulting
// report lists all AWS services, because the master account is not limited
// by SCPs. For each service, the report includes data for only the master
// account.
//
// * Account When you specify another account as the entity, the resulting
// report lists all of the services allowed by SCPs that are attached to
// the account and its parents. For each service, the report includes data
// for only the specified account.
//
// To generate a service last accessed data report for policies, specify an
// entity path and the optional AWS Organizations policy ID. The type of entity
// that you specify determines the data returned for each service.
//
// * Root When you specify the root entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP.
// For each service, the report includes data for all accounts in your organization
// to which the SCP applies. This data excludes the master account, because
// the master account is not limited by SCPs. If the SCP is not attached
// to any entities in the organization, then the report will return a list
// of services with no data.
//
// * OU When you specify an OU entity and a policy ID, the resulting
// report lists all of the services that are allowed by the specified SCP.
// For each service, the report includes data for all accounts in the OU
// or its children to which the SCP applies. This means that other accounts
// outside the OU that are affected by the SCP might not be included in the
// data. This data excludes the master account, because the master account
// is not limited by SCPs. If the SCP is not attached to the OU or one of
// its children, the report will return a list of services with no data.
//
// * Master account When you specify the master account, the resulting
// report lists all AWS services, because the master account is not limited
// by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored.
// For each service, the report includes data for only the master account.
//
// * Account When you specify another account entity and a policy ID,
// the resulting report lists all of the services that are allowed by the
// specified SCP. For each service, the report includes data for only the
// specified account. This means that other accounts in the organization
// that are affected by the SCP might not be included in the data. If the
// SCP is not attached to the account, the report will return a list of services
// with no data.
//
// Service last accessed data does not use other policy types when determining
// whether a principal could access a service. These other policy types include
// identity-based policies, resource-based policies, access control lists, IAM
// permissions boundaries, and STS assume role policies. It only applies SCP
// logic. For more about the evaluation of policy types, see Evaluating Policies
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics)
// in the IAM User Guide.
//
// For more information about service last accessed data, see Reducing Policy
// Scope by Viewing User Activity (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GenerateOrganizationsAccessReport for usage and error information.
//
// Returned Error Codes:
// * ErrCodeReportGenerationLimitExceededException "ReportGenerationLimitExceeded"
// The request failed because the maximum number of concurrent requests for
// this account are already running.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateOrganizationsAccessReport
func (c *IAM) GenerateOrganizationsAccessReport(input *GenerateOrganizationsAccessReportInput) (*GenerateOrganizationsAccessReportOutput, error) {
req, out := c.GenerateOrganizationsAccessReportRequest(input)
return out, req.Send()
}
// GenerateOrganizationsAccessReportWithContext is the same as GenerateOrganizationsAccessReport with the addition of
// the ability to pass a context and additional request options.
//
// See GenerateOrganizationsAccessReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GenerateOrganizationsAccessReportWithContext(ctx aws.Context, input *GenerateOrganizationsAccessReportInput, opts ...request.Option) (*GenerateOrganizationsAccessReportOutput, error) {
req, out := c.GenerateOrganizationsAccessReportRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opGenerateServiceLastAccessedDetails = "GenerateServiceLastAccessedDetails"
// GenerateServiceLastAccessedDetailsRequest generates a "aws/request.Request" representing the
@ -5084,12 +5277,11 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa
// GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management.
//
// Generates a request for a report that includes details about when an IAM
// resource (user, group, role, or policy) was last used in an attempt to access
// AWS services. Recent activity usually appears within four hours. IAM reports
// activity for the last 365 days, or less if your Region began supporting this
// feature within the last year. For more information, see Regions Where Data
// Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period).
// Generates a report that includes details about when an IAM resource (user,
// group, role, or policy) was last used in an attempt to access AWS services.
// Recent activity usually appears within four hours. IAM reports activity for
// the last 365 days, or less if your Region began supporting this feature within
// the last year. For more information, see Regions Where Data Is Tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period).
//
// The service last accessed data includes all attempts to access an AWS API,
// not just the successful ones. This includes all attempts that were made using
@ -6361,6 +6553,105 @@ func (c *IAM) GetOpenIDConnectProviderWithContext(ctx aws.Context, input *GetOpe
return out, req.Send()
}
const opGetOrganizationsAccessReport = "GetOrganizationsAccessReport"
// GetOrganizationsAccessReportRequest generates a "aws/request.Request" representing the
// client's request for the GetOrganizationsAccessReport operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetOrganizationsAccessReport for more information on using the GetOrganizationsAccessReport
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
//
// // Example sending a request using the GetOrganizationsAccessReportRequest method.
// req, resp := client.GetOrganizationsAccessReportRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport
func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessReportInput) (req *request.Request, output *GetOrganizationsAccessReportOutput) {
op := &request.Operation{
Name: opGetOrganizationsAccessReport,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &GetOrganizationsAccessReportInput{}
}
output = &GetOrganizationsAccessReportOutput{}
req = c.newRequest(op, input, output)
return
}
// GetOrganizationsAccessReport API operation for AWS Identity and Access Management.
//
// Retrieves the service last accessed data report for AWS Organizations that
// was previously generated using the GenerateOrganizationsAccessReport operation.
// This operation retrieves the status of your report job and the report contents.
//
// Depending on the parameters that you passed when you generated the report,
// the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
//
// To call this operation, you must be signed in to the master account in your
// organization. SCPs must be enabled for your organization root. You must have
// permissions to perform this operation. For more information, see Refining
// Permissions Using Service Last Accessed Data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html)
// in the IAM User Guide.
//
// For each service that principals in an account (root users, IAM users, or
// IAM roles) could access using SCPs, the operation returns details about the
// most recent access attempt. If there was no attempt, the service is listed
// without details about the most recent attempt to access the service. If the
// operation fails, it returns the reason that it failed.
//
// By default, the list is sorted by service namespace.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Identity and Access Management's
// API operation GetOrganizationsAccessReport for usage and error information.
//
// Returned Error Codes:
// * ErrCodeNoSuchEntityException "NoSuchEntity"
// The request was rejected because it referenced a resource entity that does
// not exist. The error message describes the resource.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetOrganizationsAccessReport
func (c *IAM) GetOrganizationsAccessReport(input *GetOrganizationsAccessReportInput) (*GetOrganizationsAccessReportOutput, error) {
req, out := c.GetOrganizationsAccessReportRequest(input)
return out, req.Send()
}
// GetOrganizationsAccessReportWithContext is the same as GetOrganizationsAccessReport with the addition of
// the ability to pass a context and additional request options.
//
// See GetOrganizationsAccessReport for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *IAM) GetOrganizationsAccessReportWithContext(ctx aws.Context, input *GetOrganizationsAccessReportInput, opts ...request.Option) (*GetOrganizationsAccessReportOutput, error) {
req, out := c.GetOrganizationsAccessReportRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opGetPolicy = "GetPolicy"
// GetPolicyRequest generates a "aws/request.Request" representing the
@ -7080,10 +7371,11 @@ func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessed
// GetServiceLastAccessedDetails API operation for AWS Identity and Access Management.
//
// After you generate a user, group, role, or policy report using the GenerateServiceLastAccessedDetails
// operation, you can use the JobId parameter in GetServiceLastAccessedDetails.
// This operation retrieves the status of your report job and a list of AWS
// services that the resource (user, group, role, or managed policy) can access.
// Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails
// operation. You can use the JobId parameter in GetServiceLastAccessedDetails
// to retrieve the status of your report job. When the report is complete, you
// can retrieve the generated report. The report includes a list of AWS services
// that the resource (user, group, role, or managed policy) can access.
//
// Service last accessed data does not use other policy types when determining
// whether a resource could access a service. These other policy types include
@ -15036,6 +15328,108 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload
return out, req.Send()
}
// An object that contains details about when a principal in the reported AWS
// Organizations entity last attempted to access an AWS service. A principal
// can be an IAM user, an IAM role, or the AWS account root user within the
// reported Organizations entity.
//
// This data type is a response element in the GetOrganizationsAccessReport
// operation.
type AccessDetail struct {
_ struct{} `type:"structure"`
// The path of the Organizations entity (root, organizational unit, or account)
// from which an authenticated principal last attempted to access the service.
// AWS does not report unauthenticated requests.
//
// This field is null if no principals (IAM users, IAM roles, or root users)
// in the reported Organizations entity attempted to access the service within
// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
EntityPath *string `min:"19" type:"string"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when an authenticated principal most recently attempted to access the service.
// AWS does not report unauthenticated requests.
//
// This field is null if no principals in the reported Organizations entity
// attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
LastAuthenticatedTime *time.Time `type:"timestamp"`
// The Region where the last service access attempt occurred.
//
// This field is null if no principals in the reported Organizations entity
// attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
Region *string `type:"string"`
// The name of the service in which access was attempted.
//
// ServiceName is a required field
ServiceName *string `type:"string" required:"true"`
// The namespace of the service in which access was attempted.
//
// To learn the service namespace of a service, go to Actions, Resources, and
// Condition Keys for AWS Services (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html)
// in the IAM User Guide. Choose the name of the service to view details for
// that service. In the first paragraph, find the service prefix. For example,
// (service prefix: a4b). For more information about service namespaces, see
// AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces)
// in the AWS General Reference.
//
// ServiceNamespace is a required field
ServiceNamespace *string `min:"1" type:"string" required:"true"`
// The number of accounts with authenticated principals (root users, IAM users,
// and IAM roles) that attempted to access the service in the reporting period.
TotalAuthenticatedEntities *int64 `type:"integer"`
}
// String returns the string representation
func (s AccessDetail) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s AccessDetail) GoString() string {
return s.String()
}
// SetEntityPath sets the EntityPath field's value.
func (s *AccessDetail) SetEntityPath(v string) *AccessDetail {
s.EntityPath = &v
return s
}
// SetLastAuthenticatedTime sets the LastAuthenticatedTime field's value.
func (s *AccessDetail) SetLastAuthenticatedTime(v time.Time) *AccessDetail {
s.LastAuthenticatedTime = &v
return s
}
// SetRegion sets the Region field's value.
func (s *AccessDetail) SetRegion(v string) *AccessDetail {
s.Region = &v
return s
}
// SetServiceName sets the ServiceName field's value.
func (s *AccessDetail) SetServiceName(v string) *AccessDetail {
s.ServiceName = &v
return s
}
// SetServiceNamespace sets the ServiceNamespace field's value.
func (s *AccessDetail) SetServiceNamespace(v string) *AccessDetail {
s.ServiceNamespace = &v
return s
}
// SetTotalAuthenticatedEntities sets the TotalAuthenticatedEntities field's value.
func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail {
s.TotalAuthenticatedEntities = &v
return s
}
// Contains information about an AWS access key.
//
// This data type is used as a response element in the CreateAccessKey and ListAccessKeys
@ -15130,12 +15524,12 @@ type AccessKeyLastUsed struct {
// * An access key exists but has not been used since IAM began tracking
// this information.
//
// * There is no sign-in data associated with the user
// * There is no sign-in data associated with the user.
//
// LastUsedDate is a required field
LastUsedDate *time.Time `type:"timestamp" required:"true"`
// The AWS region where this access key was most recently used. The value for
// The AWS Region where this access key was most recently used. The value for
// this field is "N/A" in the following situations:
//
// * The user does not have an access key.
@ -15143,9 +15537,9 @@ type AccessKeyLastUsed struct {
// * An access key exists but has not been used since IAM began tracking
// this information.
//
// * There is no sign-in data associated with the user
// * There is no sign-in data associated with the user.
//
// For more information about AWS regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html)
// For more information about AWS Regions, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html)
// in the Amazon Web Services General Reference.
//
// Region is a required field
@ -15159,7 +15553,7 @@ type AccessKeyLastUsed struct {
// * An access key exists but has not been used since IAM started tracking
// this information.
//
// * There is no sign-in data associated with the user
// * There is no sign-in data associated with the user.
//
// ServiceName is a required field
ServiceName *string `type:"string" required:"true"`
@ -16778,7 +17172,7 @@ type CreateRoleInput struct {
// The trust relationship policy document that grants an entity permission to
// assume the role.
//
// in IAM, you must provide a JSON policy that has been converted to a string.
// In IAM, you must provide a JSON policy that has been converted to a string.
// However, for AWS CloudFormation templates formatted in YAML, you can provide
// the policy in JSON or YAML format. AWS CloudFormation always converts a YAML
// policy to JSON format before submitting it to IAM.
@ -19072,7 +19466,7 @@ type DeletionTaskFailureReasonType struct {
// role has active sessions or if any resources that were used by the role have
// not been deleted from the linked service, the role can't be deleted. This
// parameter includes a list of the resources that are associated with the role
// and the region in which the resources are being used.
// and the Region in which the resources are being used.
RoleUsageList []*RoleUsageType `type:"list"`
}
@ -19593,8 +19987,9 @@ func (s *EntityInfo) SetType(v string) *EntityInfo {
// Contains information about the reason that the operation failed.
//
// This data type is used as a response element in the GetServiceLastAccessedDetails
// operation and the GetServiceLastAccessedDetailsWithEntities operation.
// This data type is used as a response element in the GetOrganizationsAccessReport,
// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities
// operations.
type ErrorDetails struct {
_ struct{} `type:"structure"`
@ -19662,7 +20057,7 @@ type EvaluationResult struct {
// A list of the statements in the input policies that determine the result
// for this scenario. Remember that even if multiple statements allow the operation
// on the resource, if only one statement denies that operation, then the explicit
// deny overrides any allow. Inaddition, the deny statement is the only entry
// deny overrides any allow. In addition, the deny statement is the only entry
// included in the result.
MatchedStatements []*Statement `type:"list"`
@ -19675,7 +20070,7 @@ type EvaluationResult struct {
// call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
MissingContextValues []*string `type:"list"`
// A structure that details how AWS Organizations and its service control policies
// A structure that details how Organizations and its service control policies
// affect the results of the simulation. Only applies if the simulated user's
// account is part of an organization.
OrganizationsDecisionDetail *OrganizationsDecisionDetail `type:"structure"`
@ -19790,6 +20185,87 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR
return s
}
type GenerateOrganizationsAccessReportInput struct {
_ struct{} `type:"structure"`
// The path of the AWS Organizations entity (root, OU, or account). You can
// build an entity path using the known structure of your organization. For
// example, assume that your account ID is 123456789012 and its parent OU ID
// is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and
// your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.
//
// EntityPath is a required field
EntityPath *string `min:"19" type:"string" required:"true"`
// The identifier of the AWS Organizations service control policy (SCP). This
// parameter is optional.
//
// This ID is used to generate information about when an account principal that
// is limited by the SCP attempted to access an AWS service.
OrganizationsPolicyId *string `type:"string"`
}
// String returns the string representation
func (s GenerateOrganizationsAccessReportInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GenerateOrganizationsAccessReportInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GenerateOrganizationsAccessReportInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "GenerateOrganizationsAccessReportInput"}
if s.EntityPath == nil {
invalidParams.Add(request.NewErrParamRequired("EntityPath"))
}
if s.EntityPath != nil && len(*s.EntityPath) < 19 {
invalidParams.Add(request.NewErrParamMinLen("EntityPath", 19))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetEntityPath sets the EntityPath field's value.
func (s *GenerateOrganizationsAccessReportInput) SetEntityPath(v string) *GenerateOrganizationsAccessReportInput {
s.EntityPath = &v
return s
}
// SetOrganizationsPolicyId sets the OrganizationsPolicyId field's value.
func (s *GenerateOrganizationsAccessReportInput) SetOrganizationsPolicyId(v string) *GenerateOrganizationsAccessReportInput {
s.OrganizationsPolicyId = &v
return s
}
type GenerateOrganizationsAccessReportOutput struct {
_ struct{} `type:"structure"`
// The job identifier that you can use in the GetOrganizationsAccessReport operation.
JobId *string `min:"36" type:"string"`
}
// String returns the string representation
func (s GenerateOrganizationsAccessReportOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GenerateOrganizationsAccessReportOutput) GoString() string {
return s.String()
}
// SetJobId sets the JobId field's value.
func (s *GenerateOrganizationsAccessReportOutput) SetJobId(v string) *GenerateOrganizationsAccessReportOutput {
s.JobId = &v
return s
}
type GenerateServiceLastAccessedDetailsInput struct {
_ struct{} `type:"structure"`
@ -20878,6 +21354,211 @@ func (s *GetOpenIDConnectProviderOutput) SetUrl(v string) *GetOpenIDConnectProvi
return s
}
type GetOrganizationsAccessReportInput struct {
_ struct{} `type:"structure"`
// The identifier of the request generated by the GenerateOrganizationsAccessReport
// operation.
//
// JobId is a required field
JobId *string `min:"36" type:"string" required:"true"`
// Use this parameter only when paginating results and only after you receive
// a response indicating that the results are truncated. Set it to the value
// of the Marker element in the response that you received to indicate where
// the next call should start.
Marker *string `min:"1" type:"string"`
// Use this only when paginating results to indicate the maximum number of items
// you want in the response. If additional items exist beyond the maximum you
// specify, the IsTruncated response element is true.
//
// If you do not include this parameter, the number of items defaults to 100.
// Note that IAM might return fewer results, even when there are more results
// available. In that case, the IsTruncated response element returns true, and
// Marker contains a value to include in the subsequent call that tells the
// service where to continue from.
MaxItems *int64 `min:"1" type:"integer"`
// The key that is used to sort the results. If you choose the namespace key,
// the results are returned in alphabetical order. If you choose the time key,
// the results are sorted numerically by the date and time.
SortKey *string `type:"string" enum:"sortKeyType"`
}
// String returns the string representation
func (s GetOrganizationsAccessReportInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GetOrganizationsAccessReportInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *GetOrganizationsAccessReportInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "GetOrganizationsAccessReportInput"}
if s.JobId == nil {
invalidParams.Add(request.NewErrParamRequired("JobId"))
}
if s.JobId != nil && len(*s.JobId) < 36 {
invalidParams.Add(request.NewErrParamMinLen("JobId", 36))
}
if s.Marker != nil && len(*s.Marker) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Marker", 1))
}
if s.MaxItems != nil && *s.MaxItems < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxItems", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetJobId sets the JobId field's value.
func (s *GetOrganizationsAccessReportInput) SetJobId(v string) *GetOrganizationsAccessReportInput {
s.JobId = &v
return s
}
// SetMarker sets the Marker field's value.
func (s *GetOrganizationsAccessReportInput) SetMarker(v string) *GetOrganizationsAccessReportInput {
s.Marker = &v
return s
}
// SetMaxItems sets the MaxItems field's value.
func (s *GetOrganizationsAccessReportInput) SetMaxItems(v int64) *GetOrganizationsAccessReportInput {
s.MaxItems = &v
return s
}
// SetSortKey sets the SortKey field's value.
func (s *GetOrganizationsAccessReportInput) SetSortKey(v string) *GetOrganizationsAccessReportInput {
s.SortKey = &v
return s
}
type GetOrganizationsAccessReportOutput struct {
_ struct{} `type:"structure"`
// An object that contains details about the most recent attempt to access the
// service.
AccessDetails []*AccessDetail `type:"list"`
// Contains information about the reason that the operation failed.
//
// This data type is used as a response element in the GetOrganizationsAccessReport,
// GetServiceLastAccessedDetails, and GetServiceLastAccessedDetailsWithEntities
// operations.
ErrorDetails *ErrorDetails `type:"structure"`
// A flag that indicates whether there are more items to return. If your results
// were truncated, you can make a subsequent pagination request using the Marker
// request parameter to retrieve more items. Note that IAM might return fewer
// than the MaxItems number of results even when there are more results available.
// We recommend that you check IsTruncated after every call to ensure that you
// receive all your results.
IsTruncated *bool `type:"boolean"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the generated report job was completed or failed.
//
// This field is null if the job is still in progress, as indicated by a job
// status value of IN_PROGRESS.
JobCompletionDate *time.Time `type:"timestamp"`
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the report job was created.
//
// JobCreationDate is a required field
JobCreationDate *time.Time `type:"timestamp" required:"true"`
// The status of the job.
//
// JobStatus is a required field
JobStatus *string `type:"string" required:"true" enum:"jobStatusType"`
// When IsTruncated is true, this element is present and contains the value
// to use for the Marker parameter in a subsequent pagination request.
Marker *string `min:"1" type:"string"`
// The number of services that the applicable SCPs allow account principals
// to access.
NumberOfServicesAccessible *int64 `type:"integer"`
// The number of services that account principals are allowed but did not attempt
// to access.
NumberOfServicesNotAccessed *int64 `type:"integer"`
}
// String returns the string representation
func (s GetOrganizationsAccessReportOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation
func (s GetOrganizationsAccessReportOutput) GoString() string {
return s.String()
}
// SetAccessDetails sets the AccessDetails field's value.
func (s *GetOrganizationsAccessReportOutput) SetAccessDetails(v []*AccessDetail) *GetOrganizationsAccessReportOutput {
s.AccessDetails = v
return s
}
// SetErrorDetails sets the ErrorDetails field's value.
func (s *GetOrganizationsAccessReportOutput) SetErrorDetails(v *ErrorDetails) *GetOrganizationsAccessReportOutput {
s.ErrorDetails = v
return s
}
// SetIsTruncated sets the IsTruncated field's value.
func (s *GetOrganizationsAccessReportOutput) SetIsTruncated(v bool) *GetOrganizationsAccessReportOutput {
s.IsTruncated = &v
return s
}
// SetJobCompletionDate sets the JobCompletionDate field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobCompletionDate(v time.Time) *GetOrganizationsAccessReportOutput {
s.JobCompletionDate = &v
return s
}
// SetJobCreationDate sets the JobCreationDate field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobCreationDate(v time.Time) *GetOrganizationsAccessReportOutput {
s.JobCreationDate = &v
return s
}
// SetJobStatus sets the JobStatus field's value.
func (s *GetOrganizationsAccessReportOutput) SetJobStatus(v string) *GetOrganizationsAccessReportOutput {
s.JobStatus = &v
return s
}
// SetMarker sets the Marker field's value.
func (s *GetOrganizationsAccessReportOutput) SetMarker(v string) *GetOrganizationsAccessReportOutput {
s.Marker = &v
return s
}
// SetNumberOfServicesAccessible sets the NumberOfServicesAccessible field's value.
func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesAccessible(v int64) *GetOrganizationsAccessReportOutput {
s.NumberOfServicesAccessible = &v
return s
}
// SetNumberOfServicesNotAccessed sets the NumberOfServicesNotAccessed field's value.
func (s *GetOrganizationsAccessReportOutput) SetNumberOfServicesNotAccessed(v int64) *GetOrganizationsAccessReportOutput {
s.NumberOfServicesNotAccessed = &v
return s
}
type GetPolicyInput struct {
_ struct{} `type:"structure"`
@ -21585,8 +22266,8 @@ type GetServiceLastAccessedDetailsOutput struct {
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the generated report job was completed or failed.
//
// This field is null if the job is still in progress, as indicated by a JobStatus
// value of IN_PROGRESS.
// This field is null if the job is still in progress, as indicated by a job
// status value of IN_PROGRESS.
//
// JobCompletionDate is a required field
JobCompletionDate *time.Time `type:"timestamp" required:"true"`
@ -21792,6 +22473,9 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct {
// The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),
// when the generated report job was completed or failed.
//
// This field is null if the job is still in progress, as indicated by a job
// status value of IN_PROGRESS.
//
// JobCompletionDate is a required field
JobCompletionDate *time.Time `type:"timestamp" required:"true"`
@ -26271,11 +26955,12 @@ func (s *OpenIDConnectProviderListEntry) SetArn(v string) *OpenIDConnectProvider
return s
}
// Contains information about AWS Organizations's effect on a policy simulation.
// Contains information about the effect that Organizations has on a policy
// simulation.
type OrganizationsDecisionDetail struct {
_ struct{} `type:"structure"`
// Specifies whether the simulated operation is allowed by the AWS Organizations
// Specifies whether the simulated operation is allowed by the Organizations
// service control policies that impact the simulated user's account.
AllowedByOrganizations *bool `type:"boolean"`
}
@ -26914,7 +27599,9 @@ type PutGroupPolicyInput struct {
// The name of the group to associate the policy with.
//
// ®ex-name;.
// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
// a string of characters consisting of upper and lowercase alphanumeric characters
// with no spaces. You can also include any of the following characters: _+=,.@-.
//
// GroupName is a required field
GroupName *string `min:"1" type:"string" required:"true"`
@ -28201,7 +28888,7 @@ func (s *RoleDetail) SetTags(v []*Tag) *RoleDetail {
type RoleUsageType struct {
_ struct{} `type:"structure"`
// The name of the region where the service-linked role is being used.
// The name of the Region where the service-linked role is being used.
Region *string `min:"1" type:"string"`
// The name of the resource that is using the service-linked role.
@ -28599,10 +29286,10 @@ type ServiceLastAccessed struct {
// ServiceNamespace is a required field
ServiceNamespace *string `min:"1" type:"string" required:"true"`
// The total number of authenticated entities that have attempted to access
// the service.
// The total number of authenticated principals (root user, IAM users, or IAM
// roles) that have attempted to access the service.
//
// This field is null if no IAM entities attempted to access the service within
// This field is null if no principals attempted to access the service within
// the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period).
TotalAuthenticatedEntities *int64 `type:"integer"`
}
@ -29379,7 +30066,7 @@ type SimulatePrincipalPolicyInput struct {
CallerArn *string `min:"1" type:"string"`
// A list of context keys and corresponding values for the simulation to use.
// Whenever a context key is evaluated in one of the simulated IAM permission
// Whenever a context key is evaluated in one of the simulated IAM permissions
// policies, the corresponding value is supplied.
ContextEntries []*ContextEntry `type:"list"`
@ -31837,7 +32524,7 @@ type User struct {
// * A password exists but has not been used since IAM started tracking this
// information on October 20, 2014.
//
// A null valuedoes not mean that the user never had a password. Also, if the
// A null value does not mean that the user never had a password. Also, if the
// user does not currently have a password, but had one in the past, then this
// field contains the date and time the most recent password was used.
//
@ -32334,6 +33021,20 @@ const (
PolicyTypeManaged = "MANAGED"
)
const (
// SortKeyTypeServiceNamespaceAscending is a sortKeyType enum value
SortKeyTypeServiceNamespaceAscending = "SERVICE_NAMESPACE_ASCENDING"
// SortKeyTypeServiceNamespaceDescending is a sortKeyType enum value
SortKeyTypeServiceNamespaceDescending = "SERVICE_NAMESPACE_DESCENDING"
// SortKeyTypeLastAuthenticatedTimeAscending is a sortKeyType enum value
SortKeyTypeLastAuthenticatedTimeAscending = "LAST_AUTHENTICATED_TIME_ASCENDING"
// SortKeyTypeLastAuthenticatedTimeDescending is a sortKeyType enum value
SortKeyTypeLastAuthenticatedTimeDescending = "LAST_AUTHENTICATED_TIME_DESCENDING"
)
const (
// StatusTypeActive is a statusType enum value
StatusTypeActive = "Active"

7
vendor/github.com/aws/aws-sdk-go/service/iam/errors.go generated vendored
View File

@ -162,6 +162,13 @@ const (
// to the service-linked role for that service.
ErrCodePolicyNotAttachableException = "PolicyNotAttachable"
// ErrCodeReportGenerationLimitExceededException for service response error code
// "ReportGenerationLimitExceeded".
//
// The request failed because the maximum number of concurrent requests for
// this account are already running.
ErrCodeReportGenerationLimitExceededException = "ReportGenerationLimitExceeded"
// ErrCodeServiceFailureException for service response error code
// "ServiceFailure".
//

66
vendor/github.com/aws/aws-sdk-go/service/s3/api.go generated vendored
View File

@ -8516,6 +8516,11 @@ type CopyObjectInput struct {
// key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Specifies the AWS KMS Encryption Context to use for object encryption. The
// value of this header is a base64-encoded UTF-8 string holding JSON with the
// encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
// requests for an object protected by AWS KMS will fail if not made via SSL
// or using SigV4. Documentation on configuring any of the officially supported
@ -8780,6 +8785,12 @@ func (s *CopyObjectInput) SetSSECustomerKeyMD5(v string) *CopyObjectInput {
return s
}
// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
func (s *CopyObjectInput) SetSSEKMSEncryptionContext(v string) *CopyObjectInput {
s.SSEKMSEncryptionContext = &v
return s
}
// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
func (s *CopyObjectInput) SetSSEKMSKeyId(v string) *CopyObjectInput {
s.SSEKMSKeyId = &v
@ -8840,6 +8851,11 @@ type CopyObjectOutput struct {
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the AWS KMS Encryption Context to use for object encryption.
// The value of this header is a base64-encoded UTF-8 string holding JSON with
// the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// If present, specifies the ID of the AWS Key Management Service (KMS) master
// encryption key that was used for the object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
@ -8898,6 +8914,12 @@ func (s *CopyObjectOutput) SetSSECustomerKeyMD5(v string) *CopyObjectOutput {
return s
}
// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
func (s *CopyObjectOutput) SetSSEKMSEncryptionContext(v string) *CopyObjectOutput {
s.SSEKMSEncryptionContext = &v
return s
}
// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
func (s *CopyObjectOutput) SetSSEKMSKeyId(v string) *CopyObjectOutput {
s.SSEKMSKeyId = &v
@ -9220,6 +9242,11 @@ type CreateMultipartUploadInput struct {
// key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Specifies the AWS KMS Encryption Context to use for object encryption. The
// value of this header is a base64-encoded UTF-8 string holding JSON with the
// encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
// requests for an object protected by AWS KMS will fail if not made via SSL
// or using SigV4. Documentation on configuring any of the officially supported
@ -9414,6 +9441,12 @@ func (s *CreateMultipartUploadInput) SetSSECustomerKeyMD5(v string) *CreateMulti
return s
}
// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
func (s *CreateMultipartUploadInput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadInput {
s.SSEKMSEncryptionContext = &v
return s
}
// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
func (s *CreateMultipartUploadInput) SetSSEKMSKeyId(v string) *CreateMultipartUploadInput {
s.SSEKMSKeyId = &v
@ -9474,6 +9507,11 @@ type CreateMultipartUploadOutput struct {
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the AWS KMS Encryption Context to use for object encryption.
// The value of this header is a base64-encoded UTF-8 string holding JSON with
// the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// If present, specifies the ID of the AWS Key Management Service (KMS) master
// encryption key that was used for the object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
@ -9545,6 +9583,12 @@ func (s *CreateMultipartUploadOutput) SetSSECustomerKeyMD5(v string) *CreateMult
return s
}
// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
func (s *CreateMultipartUploadOutput) SetSSEKMSEncryptionContext(v string) *CreateMultipartUploadOutput {
s.SSEKMSEncryptionContext = &v
return s
}
// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
func (s *CreateMultipartUploadOutput) SetSSEKMSKeyId(v string) *CreateMultipartUploadOutput {
s.SSEKMSKeyId = &v
@ -20372,6 +20416,11 @@ type PutObjectInput struct {
// key was transmitted without error.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// Specifies the AWS KMS Encryption Context to use for object encryption. The
// value of this header is a base64-encoded UTF-8 string holding JSON with the
// encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// Specifies the AWS KMS key ID to use for object encryption. All GET and PUT
// requests for an object protected by AWS KMS will fail if not made via SSL
// or using SigV4. Documentation on configuring any of the officially supported
@ -20585,6 +20634,12 @@ func (s *PutObjectInput) SetSSECustomerKeyMD5(v string) *PutObjectInput {
return s
}
// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
func (s *PutObjectInput) SetSSEKMSEncryptionContext(v string) *PutObjectInput {
s.SSEKMSEncryptionContext = &v
return s
}
// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
func (s *PutObjectInput) SetSSEKMSKeyId(v string) *PutObjectInput {
s.SSEKMSKeyId = &v
@ -20861,6 +20916,11 @@ type PutObjectOutput struct {
// verification of the customer-provided encryption key.
SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"`
// If present, specifies the AWS KMS Encryption Context to use for object encryption.
// The value of this header is a base64-encoded UTF-8 string holding JSON with
// the encryption context key-value pairs.
SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"`
// If present, specifies the ID of the AWS Key Management Service (KMS) master
// encryption key that was used for the object.
SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
@ -20913,6 +20973,12 @@ func (s *PutObjectOutput) SetSSECustomerKeyMD5(v string) *PutObjectOutput {
return s
}
// SetSSEKMSEncryptionContext sets the SSEKMSEncryptionContext field's value.
func (s *PutObjectOutput) SetSSEKMSEncryptionContext(v string) *PutObjectOutput {
s.SSEKMSEncryptionContext = &v
return s
}
// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
func (s *PutObjectOutput) SetSSEKMSKeyId(v string) *PutObjectOutput {
s.SSEKMSKeyId = &v

2
vendor/modules.txt vendored
View File

@ -79,7 +79,7 @@ github.com/apparentlymart/go-textseg/textseg
github.com/armon/circbuf
# github.com/armon/go-radix v1.0.0
github.com/armon/go-radix
# github.com/aws/aws-sdk-go v1.20.4
# github.com/aws/aws-sdk-go v1.20.19
github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/awserr
github.com/aws/aws-sdk-go/service/dynamodb