diff --git a/go.mod b/go.mod index 62fadcd9e87..97140c01d05 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,7 @@ module github.com/terraform-providers/terraform-provider-aws require ( - github.com/aws/aws-sdk-go v1.20.21 + github.com/aws/aws-sdk-go v1.21.2 github.com/beevik/etree v1.1.0 github.com/bflad/tfproviderlint v0.4.0 github.com/client9/misspell v0.3.4 diff --git a/go.sum b/go.sum index 400cb5dabb7..202b59a1738 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3A github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.4/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.21 h1:22vHWL9rur+SRTYPHAXlxJMFIA9OSYsYDIAHFDhQ7Z0= -github.com/aws/aws-sdk-go v1.20.21/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.21.2 h1:CqbWrQzi7s8J2F0TRRdLvTr0+bt5Zxo2IDoFNGsAiUg= +github.com/aws/aws-sdk-go v1.21.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs= github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go index a2c5817c48f..9cf7eaf4007 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awserr/types.go @@ -208,7 +208,7 @@ func (e errorList) Error() string { // How do we want to handle the array size being zero if size := len(e); size > 0 { for i := 0; i < size; i++ { - msg += fmt.Sprintf("%s", e[i].Error()) + msg += e[i].Error() // We check the next index to see if it is within the slice. // If it is, then we append a newline. We do this, because unit tests // could be broken with the additional '\n' diff --git a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go index 11c52c38968..285e54d6799 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/awsutil/path_value.go @@ -185,13 +185,12 @@ func ValuesAtPath(i interface{}, path string) ([]interface{}, error) { // SetValueAtPath sets a value at the case insensitive lexical path inside // of a structure. func SetValueAtPath(i interface{}, path string, v interface{}) { - if rvals := rValuesAtPath(i, path, true, false, v == nil); rvals != nil { - for _, rval := range rvals { - if rval.Kind() == reflect.Ptr && rval.IsNil() { - continue - } - setValue(rval, v) + rvals := rValuesAtPath(i, path, true, false, v == nil) + for _, rval := range rvals { + if rval.Kind() == reflect.Ptr && rval.IsNil() { + continue } + setValue(rval, v) } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go index 7b5e1276acf..8958c32d4e9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/client/logger.go @@ -67,10 +67,14 @@ func logRequest(r *request.Request) { if !bodySeekable { r.SetReaderBody(aws.ReadSeekCloser(r.HTTPRequest.Body)) } - // Reset the request body because dumpRequest will re-wrap the r.HTTPRequest's - // Body as a NoOpCloser and will not be reset after read by the HTTP - // client reader. - r.ResetBody() + // Reset the request body because dumpRequest will re-wrap the + // r.HTTPRequest's Body as a NoOpCloser and will not be reset after + // read by the HTTP client reader. + if err := r.Error; err != nil { + r.Config.Logger.Log(fmt.Sprintf(logReqErrMsg, + r.ClientInfo.ServiceName, r.Operation.Name, err)) + return + } } r.Config.Logger.Log(fmt.Sprintf(logReqMsg, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go index 83bbc311b4d..4af59215814 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/credentials.go @@ -84,6 +84,12 @@ type Value struct { ProviderName string } +// HasKeys returns if the credentials Value has both AccessKeyID and +// SecretAccessKey value set. +func (v Value) HasKeys() bool { + return len(v.AccessKeyID) != 0 && len(v.SecretAccessKey) != 0 +} + // A Provider is the interface for any component which will provide credentials // Value. A provider is required to manage its own Expired state, and what to // be expired means. diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go new file mode 100644 index 00000000000..20510d9aec8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/stscreds/web_identity_provider.go @@ -0,0 +1,97 @@ +package stscreds + +import ( + "fmt" + "io/ioutil" + "strconv" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/service/sts" + "github.com/aws/aws-sdk-go/service/sts/stsiface" +) + +const ( + // ErrCodeWebIdentity will be used as an error code when constructing + // a new error to be returned during session creation or retrieval. + ErrCodeWebIdentity = "WebIdentityErr" + + // WebIdentityProviderName is the web identity provider name + WebIdentityProviderName = "WebIdentityCredentials" +) + +// now is used to return a time.Time object representing +// the current time. This can be used to easily test and +// compare test values. +var now = time.Now + +// WebIdentityRoleProvider is used to retrieve credentials using +// an OIDC token. +type WebIdentityRoleProvider struct { + credentials.Expiry + + client stsiface.STSAPI + ExpiryWindow time.Duration + + tokenFilePath string + roleARN string + roleSessionName string +} + +// NewWebIdentityCredentials will return a new set of credentials with a given +// configuration, role arn, and token file path. +func NewWebIdentityCredentials(c client.ConfigProvider, roleARN, roleSessionName, path string) *credentials.Credentials { + svc := sts.New(c) + p := NewWebIdentityRoleProvider(svc, roleARN, roleSessionName, path) + return credentials.NewCredentials(p) +} + +// NewWebIdentityRoleProvider will return a new WebIdentityRoleProvider with the +// provided stsiface.STSAPI +func NewWebIdentityRoleProvider(svc stsiface.STSAPI, roleARN, roleSessionName, path string) *WebIdentityRoleProvider { + return &WebIdentityRoleProvider{ + client: svc, + tokenFilePath: path, + roleARN: roleARN, + roleSessionName: roleSessionName, + } +} + +// Retrieve will attempt to assume a role from a token which is located at +// 'WebIdentityTokenFilePath' specified destination and if that is empty an +// error will be returned. +func (p *WebIdentityRoleProvider) Retrieve() (credentials.Value, error) { + b, err := ioutil.ReadFile(p.tokenFilePath) + if err != nil { + errMsg := fmt.Sprintf("unable to read file at %s", p.tokenFilePath) + return credentials.Value{}, awserr.New(ErrCodeWebIdentity, errMsg, err) + } + + sessionName := p.roleSessionName + if len(sessionName) == 0 { + // session name is used to uniquely identify a session. This simply + // uses unix time in nanoseconds to uniquely identify sessions. + sessionName = strconv.FormatInt(now().UnixNano(), 10) + } + resp, err := p.client.AssumeRoleWithWebIdentity(&sts.AssumeRoleWithWebIdentityInput{ + RoleArn: &p.roleARN, + RoleSessionName: &sessionName, + WebIdentityToken: aws.String(string(b)), + }) + if err != nil { + return credentials.Value{}, awserr.New(ErrCodeWebIdentity, "failed to retrieve credentials", err) + } + + p.SetExpiration(aws.TimeValue(resp.Credentials.Expiration), p.ExpiryWindow) + + value := credentials.Value{ + AccessKeyID: aws.StringValue(resp.Credentials.AccessKeyId), + SecretAccessKey: aws.StringValue(resp.Credentials.SecretAccessKey), + SessionToken: aws.StringValue(resp.Credentials.SessionToken), + ProviderName: WebIdentityProviderName, + } + return value, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go index 0d3684914d6..c7008d8c3fc 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/csm/reporter.go @@ -118,7 +118,7 @@ func (rep *Reporter) sendAPICallMetric(r *request.Request) { Type: aws.String("ApiCall"), AttemptCount: aws.Int(r.RetryCount + 1), Region: r.Config.Region, - Latency: aws.Int(int(time.Now().Sub(r.Time) / time.Millisecond)), + Latency: aws.Int(int(time.Since(r.Time) / time.Millisecond)), XAmzRequestID: aws.String(r.RequestID), MaxRetriesExceeded: aws.Int(boolIntValue(r.RetryCount >= r.MaxRetries())), } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 5e6346d83bf..d01fe2408ba 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -1157,6 +1157,12 @@ var awsPartition = partition{ Region: "eu-west-1", }, }, + "eu-west-2": endpoint{ + Hostname: "rds.eu-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-west-2", + }, + }, "us-east-1": endpoint{ Hostname: "rds.us-east-1.amazonaws.com", CredentialScope: credentialScope{ @@ -1776,6 +1782,30 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "iotevents": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, + "ioteventsdata": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "iotthingsgraph": service{ Defaults: endpoint{ CredentialScope: credentialScope{ @@ -3401,12 +3431,16 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-1": endpoint{}, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go index b0c2ef4fe67..9370fa50c38 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/offset_reader.go @@ -15,12 +15,15 @@ type offsetReader struct { closed bool } -func newOffsetReader(buf io.ReadSeeker, offset int64) *offsetReader { +func newOffsetReader(buf io.ReadSeeker, offset int64) (*offsetReader, error) { reader := &offsetReader{} - buf.Seek(offset, sdkio.SeekStart) + _, err := buf.Seek(offset, sdkio.SeekStart) + if err != nil { + return nil, err + } reader.buf = buf - return reader + return reader, nil } // Close will close the instance of the offset reader's access to @@ -54,7 +57,9 @@ func (o *offsetReader) Seek(offset int64, whence int) (int64, error) { // CloseAndCopy will return a new offsetReader with a copy of the old buffer // and close the old buffer. -func (o *offsetReader) CloseAndCopy(offset int64) *offsetReader { - o.Close() +func (o *offsetReader) CloseAndCopy(offset int64) (*offsetReader, error) { + if err := o.Close(); err != nil { + return nil, err + } return newOffsetReader(o.buf, offset) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go index 2f0c4a90efd..e7c9b2b61af 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request.go @@ -264,7 +264,18 @@ func (r *Request) SetStringBody(s string) { // SetReaderBody will set the request's body reader. func (r *Request) SetReaderBody(reader io.ReadSeeker) { r.Body = reader - r.BodyStart, _ = reader.Seek(0, sdkio.SeekCurrent) // Get the Bodies current offset. + + if aws.IsReaderSeekable(reader) { + var err error + // Get the Bodies current offset so retries will start from the same + // initial position. + r.BodyStart, err = reader.Seek(0, sdkio.SeekCurrent) + if err != nil { + r.Error = awserr.New(ErrCodeSerialization, + "failed to determine start of request body", err) + return + } + } r.ResetBody() } @@ -336,9 +347,7 @@ func getPresignedURL(r *Request, expire time.Duration) (string, http.Header, err } const ( - willRetry = "will retry" notRetrying = "not retrying" - retryCount = "retry %v/%v" ) func debugLogReqError(r *Request, stage, retryStr string, err error) { @@ -393,12 +402,16 @@ func (r *Request) Sign() error { return r.Error } -func (r *Request) getNextRequestBody() (io.ReadCloser, error) { +func (r *Request) getNextRequestBody() (body io.ReadCloser, err error) { if r.safeBody != nil { r.safeBody.Close() } - r.safeBody = newOffsetReader(r.Body, r.BodyStart) + r.safeBody, err = newOffsetReader(r.Body, r.BodyStart) + if err != nil { + return nil, awserr.New(ErrCodeSerialization, + "failed to get next request body reader", err) + } // Go 1.8 tightened and clarified the rules code needs to use when building // requests with the http package. Go 1.8 removed the automatic detection @@ -415,10 +428,10 @@ func (r *Request) getNextRequestBody() (io.ReadCloser, error) { // Related golang/go#18257 l, err := aws.SeekerLen(r.Body) if err != nil { - return nil, awserr.New(ErrCodeSerialization, "failed to compute request body size", err) + return nil, awserr.New(ErrCodeSerialization, + "failed to compute request body size", err) } - var body io.ReadCloser if l == 0 { body = NoBody } else if l > 0 { @@ -495,13 +508,16 @@ func (r *Request) Send() error { return r.Error } - r.prepareRetry() + if err := r.prepareRetry(); err != nil { + r.Error = err + return err + } continue } } } -func (r *Request) prepareRetry() { +func (r *Request) prepareRetry() error { if r.Config.LogLevel.Matches(aws.LogDebugWithRequestRetries) { r.Config.Logger.Log(fmt.Sprintf("DEBUG: Retrying Request %s/%s, attempt %d", r.ClientInfo.ServiceName, r.Operation.Name, r.RetryCount)) @@ -512,12 +528,19 @@ func (r *Request) prepareRetry() { // the request's body even though the Client's Do returned. r.HTTPRequest = copyHTTPRequest(r.HTTPRequest, nil) r.ResetBody() + if err := r.Error; err != nil { + return awserr.New(ErrCodeSerialization, + "failed to prepare body for retry", err) + + } // Closing response body to ensure that no response body is leaked // between retry attempts. if r.HTTPResponse != nil && r.HTTPResponse.Body != nil { r.HTTPResponse.Body.Close() } + + return nil } func (r *Request) sendRequest() (sendErr error) { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go index 7c6a8000f67..de1292f45a2 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_1_8.go @@ -4,6 +4,8 @@ package request import ( "net/http" + + "github.com/aws/aws-sdk-go/aws/awserr" ) // NoBody is a http.NoBody reader instructing Go HTTP client to not include @@ -24,7 +26,8 @@ var NoBody = http.NoBody func (r *Request) ResetBody() { body, err := r.getNextRequestBody() if err != nil { - r.Error = err + r.Error = awserr.New(ErrCodeSerialization, + "failed to reset request body", err) return } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go index a633ed5acfa..f093fc542df 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/request/request_pagination.go @@ -146,7 +146,7 @@ func (r *Request) nextPageTokens() []interface{} { return nil } case bool: - if v == false { + if !v { return nil } } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go index 9fd66368173..ce4151826f9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/credentials.go @@ -14,123 +14,175 @@ import ( "github.com/aws/aws-sdk-go/internal/shareddefaults" ) -// valid credential source values -const ( - credSourceEc2Metadata = "Ec2InstanceMetadata" - credSourceEnvironment = "Environment" - credSourceECSContainer = "EcsContainer" -) - func resolveCredentials(cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options, ) (*credentials.Credentials, error) { - // Credentials from Assume Role with specific credentials source. - if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 { - return resolveCredsFromSource(cfg, envCfg, sharedCfg, handlers, sessOpts) - } - // Credentials from environment variables - if len(envCfg.Creds.AccessKeyID) > 0 { + switch { + case len(envCfg.Profile) != 0: + // User explicitly provided an Profile, so load from shared config + // first. + return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) + + case envCfg.Creds.HasKeys(): + // Environment credentials return credentials.NewStaticCredentialsFromCreds(envCfg.Creds), nil + + case len(envCfg.WebIdentityTokenFilePath) != 0: + // Web identity token from environment, RoleARN required to also be + // set. + return assumeWebIdentity(cfg, handlers, + envCfg.WebIdentityTokenFilePath, + envCfg.RoleARN, + envCfg.RoleSessionName, + ) + + default: + // Fallback to the "default" credential resolution chain. + return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) + } +} + +// WebIdentityEmptyRoleARNErr will occur if 'AWS_WEB_IDENTITY_TOKEN_FILE' was set but +// 'AWS_IAM_ROLE_ARN' was not set. +var WebIdentityEmptyRoleARNErr = awserr.New(stscreds.ErrCodeWebIdentity, "role ARN is not set", nil) + +// WebIdentityEmptyTokenFilePathErr will occur if 'AWS_IAM_ROLE_ARN' was set but +// 'AWS_WEB_IDENTITY_TOKEN_FILE' was not set. +var WebIdentityEmptyTokenFilePathErr = awserr.New(stscreds.ErrCodeWebIdentity, "token file path is not set", nil) + +func assumeWebIdentity(cfg *aws.Config, handlers request.Handlers, + filepath string, + roleARN, sessionName string, +) (*credentials.Credentials, error) { + + if len(filepath) == 0 { + return nil, WebIdentityEmptyTokenFilePathErr + } + + if len(roleARN) == 0 { + return nil, WebIdentityEmptyRoleARNErr } - // Fallback to the "default" credential resolution chain. - return resolveCredsFromProfile(cfg, envCfg, sharedCfg, handlers, sessOpts) + creds := stscreds.NewWebIdentityCredentials( + &Session{ + Config: cfg, + Handlers: handlers.Copy(), + }, + roleARN, + sessionName, + filepath, + ) + + return creds, nil } func resolveCredsFromProfile(cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options, -) (*credentials.Credentials, error) { +) (creds *credentials.Credentials, err error) { - if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.RoleARN) > 0 && sharedCfg.AssumeRoleSource != nil { + switch { + case sharedCfg.SourceProfile != nil: // Assume IAM role with credentials source from a different profile. - cred, err := resolveCredsFromProfile(cfg, envCfg, *sharedCfg.AssumeRoleSource, handlers, sessOpts) - if err != nil { - return nil, err - } + creds, err = resolveCredsFromProfile(cfg, envCfg, + *sharedCfg.SourceProfile, handlers, sessOpts, + ) - cfgCp := *cfg - cfgCp.Credentials = cred - return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) - - } else if len(sharedCfg.Creds.AccessKeyID) > 0 { + case sharedCfg.Creds.HasKeys(): // Static Credentials from Shared Config/Credentials file. - return credentials.NewStaticCredentialsFromCreds( + creds = credentials.NewStaticCredentialsFromCreds( sharedCfg.Creds, - ), nil + ) - } else if len(sharedCfg.CredentialProcess) > 0 { + case len(sharedCfg.CredentialProcess) != 0: // Get credentials from CredentialProcess - cred := processcreds.NewCredentials(sharedCfg.CredentialProcess) - // if RoleARN is provided, so the obtained cred from the Credential Process to assume the role using RoleARN - if len(sharedCfg.AssumeRole.RoleARN) > 0 { - cfgCp := *cfg - cfgCp.Credentials = cred - return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) - } - return cred, nil - } else if envCfg.EnableSharedConfig && len(sharedCfg.AssumeRole.CredentialSource) > 0 { - // Assume IAM Role with specific credential source. - return resolveCredsFromSource(cfg, envCfg, sharedCfg, handlers, sessOpts) - } + creds = processcreds.NewCredentials(sharedCfg.CredentialProcess) - // Fallback to default credentials provider, include mock errors - // for the credential chain so user can identify why credentials - // failed to be retrieved. - return credentials.NewCredentials(&credentials.ChainProvider{ - VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), - Providers: []credentials.Provider{ - &credProviderError{ - Err: awserr.New("EnvAccessKeyNotFound", - "failed to find credentials in the environment.", nil), - }, - &credProviderError{ - Err: awserr.New("SharedCredsLoad", - fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil), + case len(sharedCfg.CredentialSource) != 0: + creds, err = resolveCredsFromSource(cfg, envCfg, + sharedCfg, handlers, sessOpts, + ) + + case len(sharedCfg.WebIdentityTokenFile) != 0: + // Credentials from Assume Web Identity token require an IAM Role, and + // that roll will be assumed. May be wrapped with another assume role + // via SourceProfile. + return assumeWebIdentity(cfg, handlers, + sharedCfg.WebIdentityTokenFile, + sharedCfg.RoleARN, + sharedCfg.RoleSessionName, + ) + + default: + // Fallback to default credentials provider, include mock errors for + // the credential chain so user can identify why credentials failed to + // be retrieved. + creds = credentials.NewCredentials(&credentials.ChainProvider{ + VerboseErrors: aws.BoolValue(cfg.CredentialsChainVerboseErrors), + Providers: []credentials.Provider{ + &credProviderError{ + Err: awserr.New("EnvAccessKeyNotFound", + "failed to find credentials in the environment.", nil), + }, + &credProviderError{ + Err: awserr.New("SharedCredsLoad", + fmt.Sprintf("failed to load profile, %s.", envCfg.Profile), nil), + }, + defaults.RemoteCredProvider(*cfg, handlers), }, - defaults.RemoteCredProvider(*cfg, handlers), - }, - }), nil + }) + } + if err != nil { + return nil, err + } + + if len(sharedCfg.RoleARN) > 0 { + cfgCp := *cfg + cfgCp.Credentials = creds + return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) + } + + return creds, nil } +// valid credential source values +const ( + credSourceEc2Metadata = "Ec2InstanceMetadata" + credSourceEnvironment = "Environment" + credSourceECSContainer = "EcsContainer" +) + func resolveCredsFromSource(cfg *aws.Config, envCfg envConfig, sharedCfg sharedConfig, handlers request.Handlers, sessOpts Options, -) (*credentials.Credentials, error) { - // if both credential_source and source_profile have been set, return an - // error as this is undefined behavior. Only one can be used at a time - // within a profile. - if len(sharedCfg.AssumeRole.SourceProfile) > 0 { - return nil, ErrSharedConfigSourceCollision - } +) (creds *credentials.Credentials, err error) { - cfgCp := *cfg - switch sharedCfg.AssumeRole.CredentialSource { + switch sharedCfg.CredentialSource { case credSourceEc2Metadata: - p := defaults.RemoteCredProvider(cfgCp, handlers) - cfgCp.Credentials = credentials.NewCredentials(p) + p := defaults.RemoteCredProvider(*cfg, handlers) + creds = credentials.NewCredentials(p) case credSourceEnvironment: - cfgCp.Credentials = credentials.NewStaticCredentialsFromCreds(envCfg.Creds) + creds = credentials.NewStaticCredentialsFromCreds(envCfg.Creds) case credSourceECSContainer: if len(os.Getenv(shareddefaults.ECSCredsProviderEnvVar)) == 0 { return nil, ErrSharedConfigECSContainerEnvVarEmpty } - p := defaults.RemoteCredProvider(cfgCp, handlers) - cfgCp.Credentials = credentials.NewCredentials(p) + p := defaults.RemoteCredProvider(*cfg, handlers) + creds = credentials.NewCredentials(p) default: return nil, ErrSharedConfigInvalidCredSource } - return credsFromAssumeRole(cfgCp, handlers, sharedCfg, sessOpts) + return creds, nil } func credsFromAssumeRole(cfg aws.Config, @@ -138,7 +190,8 @@ func credsFromAssumeRole(cfg aws.Config, sharedCfg sharedConfig, sessOpts Options, ) (*credentials.Credentials, error) { - if len(sharedCfg.AssumeRole.MFASerial) > 0 && sessOpts.AssumeRoleTokenProvider == nil { + + if len(sharedCfg.MFASerial) != 0 && sessOpts.AssumeRoleTokenProvider == nil { // AssumeRole Token provider is required if doing Assume Role // with MFA. return nil, AssumeRoleTokenProviderNotSetError{} @@ -149,28 +202,28 @@ func credsFromAssumeRole(cfg aws.Config, Config: &cfg, Handlers: handlers.Copy(), }, - sharedCfg.AssumeRole.RoleARN, + sharedCfg.RoleARN, func(opt *stscreds.AssumeRoleProvider) { - opt.RoleSessionName = sharedCfg.AssumeRole.RoleSessionName + opt.RoleSessionName = sharedCfg.RoleSessionName opt.Duration = sessOpts.AssumeRoleDuration // Assume role with external ID - if len(sharedCfg.AssumeRole.ExternalID) > 0 { - opt.ExternalID = aws.String(sharedCfg.AssumeRole.ExternalID) + if len(sharedCfg.ExternalID) > 0 { + opt.ExternalID = aws.String(sharedCfg.ExternalID) } // Assume role with MFA - if len(sharedCfg.AssumeRole.MFASerial) > 0 { - opt.SerialNumber = aws.String(sharedCfg.AssumeRole.MFASerial) + if len(sharedCfg.MFASerial) > 0 { + opt.SerialNumber = aws.String(sharedCfg.MFASerial) opt.TokenProvider = sessOpts.AssumeRoleTokenProvider } }, ), nil } -// AssumeRoleTokenProviderNotSetError is an error returned when creating a session when the -// MFAToken option is not set when shared config is configured load assume a -// role with an MFA token. +// AssumeRoleTokenProviderNotSetError is an error returned when creating a +// session when the MFAToken option is not set when shared config is configured +// load assume a role with an MFA token. type AssumeRoleTokenProviderNotSetError struct{} // Code is the short id of the error. @@ -197,8 +250,6 @@ type credProviderError struct { Err error } -var emptyCreds = credentials.Value{} - func (c credProviderError) Retrieve() (credentials.Value, error) { return credentials.Value{}, c.Err } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index cdb42497e76..3a998d5bd62 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -104,11 +104,27 @@ type envConfig struct { CSMClientID string CSMHost string - enableEndpointDiscovery string // Enables endpoint discovery via environment variables. // // AWS_ENABLE_ENDPOINT_DISCOVERY=true EnableEndpointDiscovery *bool + enableEndpointDiscovery string + + // Specifies the WebIdentity token the SDK should use to assume a role + // with. + // + // AWS_WEB_IDENTITY_TOKEN_FILE=file_path + WebIdentityTokenFilePath string + + // Specifies the IAM role arn to use when assuming an role. + // + // AWS_ROLE_ARN=role_arn + RoleARN string + + // Specifies the IAM role session name to use when assuming a role. + // + // AWS_ROLE_SESSION_NAME=session_name + RoleSessionName string } var ( @@ -154,6 +170,15 @@ var ( sharedConfigFileEnvKey = []string{ "AWS_CONFIG_FILE", } + webIdentityTokenFilePathEnvKey = []string{ + "AWS_WEB_IDENTITY_TOKEN_FILE", + } + roleARNEnvKey = []string{ + "AWS_ROLE_ARN", + } + roleSessionNameEnvKey = []string{ + "AWS_ROLE_SESSION_NAME", + } ) // loadEnvConfig retrieves the SDK's environment configuration. @@ -182,9 +207,23 @@ func envConfigLoad(enableSharedConfig bool) envConfig { cfg.EnableSharedConfig = enableSharedConfig - setFromEnvVal(&cfg.Creds.AccessKeyID, credAccessEnvKey) - setFromEnvVal(&cfg.Creds.SecretAccessKey, credSecretEnvKey) - setFromEnvVal(&cfg.Creds.SessionToken, credSessionEnvKey) + // Static environment credentials + var creds credentials.Value + setFromEnvVal(&creds.AccessKeyID, credAccessEnvKey) + setFromEnvVal(&creds.SecretAccessKey, credSecretEnvKey) + setFromEnvVal(&creds.SessionToken, credSessionEnvKey) + if creds.HasKeys() { + // Require logical grouping of credentials + creds.ProviderName = EnvProviderName + cfg.Creds = creds + } + + // Role Metadata + setFromEnvVal(&cfg.RoleARN, roleARNEnvKey) + setFromEnvVal(&cfg.RoleSessionName, roleSessionNameEnvKey) + + // Web identity environment variables + setFromEnvVal(&cfg.WebIdentityTokenFilePath, webIdentityTokenFilePathEnvKey) // CSM environment variables setFromEnvVal(&cfg.csmEnabled, csmEnabledEnvKey) @@ -193,13 +232,6 @@ func envConfigLoad(enableSharedConfig bool) envConfig { setFromEnvVal(&cfg.CSMClientID, csmClientIDEnvKey) cfg.CSMEnabled = len(cfg.csmEnabled) > 0 - // Require logical grouping of credentials - if len(cfg.Creds.AccessKeyID) == 0 || len(cfg.Creds.SecretAccessKey) == 0 { - cfg.Creds = credentials.Value{} - } else { - cfg.Creds.ProviderName = EnvProviderName - } - regionKeys := regionEnvKeys profileKeys := profileEnvKeys if !cfg.EnableSharedConfig { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 5da98abe750..3a28da5a8a5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -376,6 +376,7 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, // credentials were. userCfg := &aws.Config{} userCfg.MergeIn(cfgs...) + cfg.MergeIn(userCfg) // Ordered config files will be loaded in with later files overwriting // previous config file values. @@ -392,9 +393,11 @@ func newSession(opts Options, envCfg envConfig, cfgs ...*aws.Config) (*Session, } // Load additional config from file(s) - sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles) + sharedCfg, err := loadSharedConfig(envCfg.Profile, cfgFiles, envCfg.EnableSharedConfig) if err != nil { - return nil, err + if _, ok := err.(SharedConfigProfileNotExistsError); !ok { + return nil, err + } } if err := mergeConfigSrcs(cfg, userCfg, envCfg, sharedCfg, handlers, opts); err != nil { @@ -478,8 +481,6 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, handlers request.Handlers, sessOpts Options, ) error { - // Merge in user provided configuration - cfg.MergeIn(userCfg) // Region if not already set by user if len(aws.StringValue(cfg.Region)) == 0 { diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index 324927f56aa..5170b4982e0 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -27,8 +27,12 @@ const ( // endpoint discovery group enableEndpointDiscoveryKey = `endpoint_discovery_enabled` // optional + // External Credential Process - credentialProcessKey = `credential_process` + credentialProcessKey = `credential_process` // optional + + // Web Identity Token File + webIdentityTokenFileKey = `web_identity_token_file` // optional // DefaultSharedConfigProfile is the default profile to be used when // loading configuration from the config files if another profile name @@ -36,36 +40,33 @@ const ( DefaultSharedConfigProfile = `default` ) -type assumeRoleConfig struct { - RoleARN string - SourceProfile string - CredentialSource string - ExternalID string - MFASerial string - RoleSessionName string -} - // sharedConfig represents the configuration fields of the SDK config files. type sharedConfig struct { - // Credentials values from the config file. Both aws_access_key_id - // and aws_secret_access_key must be provided together in the same file - // to be considered valid. The values will be ignored if not a complete group. - // aws_session_token is an optional field that can be provided if both of the - // other two fields are also provided. + // Credentials values from the config file. Both aws_access_key_id and + // aws_secret_access_key must be provided together in the same file to be + // considered valid. The values will be ignored if not a complete group. + // aws_session_token is an optional field that can be provided if both of + // the other two fields are also provided. // // aws_access_key_id // aws_secret_access_key // aws_session_token Creds credentials.Value - AssumeRole assumeRoleConfig - AssumeRoleSource *sharedConfig + CredentialSource string + CredentialProcess string + WebIdentityTokenFile string + + RoleARN string + RoleSessionName string + ExternalID string + MFASerial string - // An external process to request credentials - CredentialProcess string + SourceProfileName string + SourceProfile *sharedConfig - // Region is the region the SDK should use for looking up AWS service endpoints - // and signing requests. + // Region is the region the SDK should use for looking up AWS service + // endpoints and signing requests. // // region Region string @@ -82,17 +83,18 @@ type sharedConfigFile struct { IniData ini.Sections } -// loadSharedConfig retrieves the configuration from the list of files -// using the profile provided. The order the files are listed will determine +// loadSharedConfig retrieves the configuration from the list of files using +// the profile provided. The order the files are listed will determine // precedence. Values in subsequent files will overwrite values defined in // earlier files. // // For example, given two files A and B. Both define credentials. If the order -// of the files are A then B, B's credential values will be used instead of A's. +// of the files are A then B, B's credential values will be used instead of +// A's. // // See sharedConfig.setFromFile for information how the config files // will be loaded. -func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) { +func loadSharedConfig(profile string, filenames []string, exOpts bool) (sharedConfig, error) { if len(profile) == 0 { profile = DefaultSharedConfigProfile } @@ -103,16 +105,11 @@ func loadSharedConfig(profile string, filenames []string) (sharedConfig, error) } cfg := sharedConfig{} - if err = cfg.setFromIniFiles(profile, files); err != nil { + profiles := map[string]struct{}{} + if err = cfg.setFromIniFiles(profiles, profile, files, exOpts); err != nil { return sharedConfig{}, err } - if len(cfg.AssumeRole.SourceProfile) > 0 { - if err := cfg.setAssumeRoleSource(profile, files); err != nil { - return sharedConfig{}, err - } - } - return cfg, nil } @@ -136,71 +133,88 @@ func loadSharedConfigIniFiles(filenames []string) ([]sharedConfigFile, error) { return files, nil } -func (cfg *sharedConfig) setAssumeRoleSource(origProfile string, files []sharedConfigFile) error { - var assumeRoleSrc sharedConfig - - if len(cfg.AssumeRole.CredentialSource) > 0 { - // setAssumeRoleSource is only called when source_profile is found. - // If both source_profile and credential_source are set, then - // ErrSharedConfigSourceCollision will be returned - return ErrSharedConfigSourceCollision +func (cfg *sharedConfig) setFromIniFiles(profiles map[string]struct{}, profile string, files []sharedConfigFile, exOpts bool) error { + // Trim files from the list that don't exist. + var skippedFiles int + var profileNotFoundErr error + for _, f := range files { + if err := cfg.setFromIniFile(profile, f, exOpts); err != nil { + if _, ok := err.(SharedConfigProfileNotExistsError); ok { + // Ignore profiles not defined in individual files. + profileNotFoundErr = err + skippedFiles++ + continue + } + return err + } + } + if skippedFiles == len(files) { + // If all files were skipped because the profile is not found, return + // the original profile not found error. + return profileNotFoundErr } - // Multiple level assume role chains are not support - if cfg.AssumeRole.SourceProfile == origProfile { - assumeRoleSrc = *cfg - assumeRoleSrc.AssumeRole = assumeRoleConfig{} + if _, ok := profiles[profile]; ok { + // if this is the second instance of the profile the Assume Role + // options must be cleared because they are only valid for the + // first reference of a profile. The self linked instance of the + // profile only have credential provider options. + cfg.clearAssumeRoleOptions() } else { - err := assumeRoleSrc.setFromIniFiles(cfg.AssumeRole.SourceProfile, files) - if err != nil { + // First time a profile has been seen, It must either be a assume role + // or credentials. Assert if the credential type requires a role ARN, + // the ARN is also set. + if err := cfg.validateCredentialsRequireARN(profile); err != nil { return err } - - // Chain if profile depends of other profiles - if len(assumeRoleSrc.AssumeRole.SourceProfile) > 0 { - err := assumeRoleSrc.setAssumeRoleSource(cfg.AssumeRole.SourceProfile, files) - if err != nil { - return err - } - } } + profiles[profile] = struct{}{} - if cfg.AssumeRole.SourceProfile == origProfile || len(assumeRoleSrc.AssumeRole.SourceProfile) == 0 { - //Check if at least either Credential Source, static creds, or credential process is set to retain credentials. - if len(assumeRoleSrc.AssumeRole.CredentialSource) == 0 && len(assumeRoleSrc.Creds.AccessKeyID) == 0 && len(assumeRoleSrc.CredentialProcess) == 0 { - return SharedConfigAssumeRoleError{RoleARN: cfg.AssumeRole.RoleARN} - } + if err := cfg.validateCredentialType(); err != nil { + return err } - cfg.AssumeRoleSource = &assumeRoleSrc + // Link source profiles for assume roles + if len(cfg.SourceProfileName) != 0 { + // Linked profile via source_profile ignore credential provider + // options, the source profile must provide the credentials. + cfg.clearCredentialOptions() - return nil -} - -func (cfg *sharedConfig) setFromIniFiles(profile string, files []sharedConfigFile) error { - // Trim files from the list that don't exist. - for _, f := range files { - if err := cfg.setFromIniFile(profile, f); err != nil { + srcCfg := &sharedConfig{} + err := srcCfg.setFromIniFiles(profiles, cfg.SourceProfileName, files, exOpts) + if err != nil { + // SourceProfile that doesn't exist is an error in configuration. if _, ok := err.(SharedConfigProfileNotExistsError); ok { - // Ignore proviles missings - continue + err = SharedConfigAssumeRoleError{ + RoleARN: cfg.RoleARN, + SourceProfile: cfg.SourceProfileName, + } } return err } + + if !srcCfg.hasCredentials() { + return SharedConfigAssumeRoleError{ + RoleARN: cfg.RoleARN, + SourceProfile: cfg.SourceProfileName, + } + } + + cfg.SourceProfile = srcCfg } return nil } -// setFromFile loads the configuration from the file using -// the profile provided. A sharedConfig pointer type value is used so that -// multiple config file loadings can be chained. +// setFromFile loads the configuration from the file using the profile +// provided. A sharedConfig pointer type value is used so that multiple config +// file loadings can be chained. // // Only loads complete logically grouped values, and will not set fields in cfg -// for incomplete grouped values in the config. Such as credentials. For example -// if a config file only includes aws_access_key_id but no aws_secret_access_key -// the aws_access_key_id will be ignored. -func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) error { +// for incomplete grouped values in the config. Such as credentials. For +// example if a config file only includes aws_access_key_id but no +// aws_secret_access_key the aws_access_key_id will be ignored. +func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, exOpts bool) error { section, ok := file.IniData.GetSection(profile) if !ok { // Fallback to to alternate profile name: profile @@ -210,44 +224,30 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e } } - // Shared Credentials - akid := section.String(accessKeyIDKey) - secret := section.String(secretAccessKey) - if len(akid) > 0 && len(secret) > 0 { - cfg.Creds = credentials.Value{ - AccessKeyID: akid, - SecretAccessKey: secret, - SessionToken: section.String(sessionTokenKey), - ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename), - } - } + if exOpts { + // Assume Role Parameters + updateString(&cfg.RoleARN, section, roleArnKey) + updateString(&cfg.ExternalID, section, externalIDKey) + updateString(&cfg.MFASerial, section, mfaSerialKey) + updateString(&cfg.RoleSessionName, section, roleSessionNameKey) + updateString(&cfg.SourceProfileName, section, sourceProfileKey) + updateString(&cfg.CredentialSource, section, credentialSourceKey) - // Assume Role - roleArn := section.String(roleArnKey) - srcProfile := section.String(sourceProfileKey) - credentialSource := section.String(credentialSourceKey) - credentialProcess := section.String(credentialProcessKey) - //Has source to make sure the Assume Role has at least either srcProfile, credential Source, or credential Process. - hasSource := len(srcProfile) > 0 || len(credentialSource) > 0 || len(credentialProcess) > 0 - if len(roleArn) > 0 && hasSource { - cfg.AssumeRole = assumeRoleConfig{ - RoleARN: roleArn, - SourceProfile: srcProfile, - CredentialSource: credentialSource, - ExternalID: section.String(externalIDKey), - MFASerial: section.String(mfaSerialKey), - RoleSessionName: section.String(roleSessionNameKey), - } + updateString(&cfg.Region, section, regionKey) } - // `credential_process` - if credProc := section.String(credentialProcessKey); len(credProc) > 0 { - cfg.CredentialProcess = credProc - } + updateString(&cfg.CredentialProcess, section, credentialProcessKey) + updateString(&cfg.WebIdentityTokenFile, section, webIdentityTokenFileKey) - // Region - if v := section.String(regionKey); len(v) > 0 { - cfg.Region = v + // Shared Credentials + creds := credentials.Value{ + AccessKeyID: section.String(accessKeyIDKey), + SecretAccessKey: section.String(secretAccessKey), + SessionToken: section.String(sessionTokenKey), + ProviderName: fmt.Sprintf("SharedConfigCredentials: %s", file.Filename), + } + if creds.HasKeys() { + cfg.Creds = creds } // Endpoint discovery @@ -259,6 +259,95 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile) e return nil } +func (cfg *sharedConfig) validateCredentialsRequireARN(profile string) error { + var credSource string + + switch { + case len(cfg.SourceProfileName) != 0: + credSource = sourceProfileKey + case len(cfg.CredentialSource) != 0: + credSource = credentialSourceKey + case len(cfg.WebIdentityTokenFile) != 0: + credSource = webIdentityTokenFileKey + } + + if len(credSource) != 0 && len(cfg.RoleARN) == 0 { + return CredentialRequiresARNError{ + Type: credSource, + Profile: profile, + } + } + + return nil +} + +func (cfg *sharedConfig) validateCredentialType() error { + // Only one or no credential type can be defined. + if !oneOrNone( + len(cfg.SourceProfileName) != 0, + len(cfg.CredentialSource) != 0, + len(cfg.CredentialProcess) != 0, + len(cfg.WebIdentityTokenFile) != 0, + ) { + return ErrSharedConfigSourceCollision + } + + return nil +} + +func (cfg *sharedConfig) hasCredentials() bool { + switch { + case len(cfg.SourceProfileName) != 0: + case len(cfg.CredentialSource) != 0: + case len(cfg.CredentialProcess) != 0: + case len(cfg.WebIdentityTokenFile) != 0: + case cfg.Creds.HasKeys(): + default: + return false + } + + return true +} + +func (cfg *sharedConfig) clearCredentialOptions() { + cfg.CredentialSource = "" + cfg.CredentialProcess = "" + cfg.WebIdentityTokenFile = "" + cfg.Creds = credentials.Value{} +} + +func (cfg *sharedConfig) clearAssumeRoleOptions() { + cfg.RoleARN = "" + cfg.ExternalID = "" + cfg.MFASerial = "" + cfg.RoleSessionName = "" + cfg.SourceProfileName = "" +} + +func oneOrNone(bs ...bool) bool { + var count int + + for _, b := range bs { + if b { + count++ + if count > 1 { + return false + } + } + } + + return true +} + +// updateString will only update the dst with the value in the section key, key +// is present in the section. +func updateString(dst *string, section ini.Section, key string) { + if !section.Has(key) { + return + } + *dst = section.String(key) +} + // SharedConfigLoadError is an error for the shared config file failed to load. type SharedConfigLoadError struct { Filename string @@ -316,7 +405,8 @@ func (e SharedConfigProfileNotExistsError) Error() string { // profile contains assume role information, but that information is invalid // or not complete. type SharedConfigAssumeRoleError struct { - RoleARN string + RoleARN string + SourceProfile string } // Code is the short id of the error. @@ -326,8 +416,10 @@ func (e SharedConfigAssumeRoleError) Code() string { // Message is the description of the error func (e SharedConfigAssumeRoleError) Message() string { - return fmt.Sprintf("failed to load assume role for %s, source profile has no shared credentials", - e.RoleARN) + return fmt.Sprintf( + "failed to load assume role for %s, source profile %s has no shared credentials", + e.RoleARN, e.SourceProfile, + ) } // OrigErr is the underlying error that caused the failure. @@ -339,3 +431,36 @@ func (e SharedConfigAssumeRoleError) OrigErr() error { func (e SharedConfigAssumeRoleError) Error() string { return awserr.SprintError(e.Code(), e.Message(), "", nil) } + +// CredentialRequiresARNError provides the error for shared config credentials +// that are incorrectly configured in the shared config or credentials file. +type CredentialRequiresARNError struct { + // type of credentials that were configured. + Type string + + // Profile name the credentials were in. + Profile string +} + +// Code is the short id of the error. +func (e CredentialRequiresARNError) Code() string { + return "CredentialRequiresARNError" +} + +// Message is the description of the error +func (e CredentialRequiresARNError) Message() string { + return fmt.Sprintf( + "credential type %s requires role_arn, profile %s", + e.Type, e.Profile, + ) +} + +// OrigErr is the underlying error that caused the failure. +func (e CredentialRequiresARNError) OrigErr() error { + return nil +} + +// Error satisfies the error interface. +func (e CredentialRequiresARNError) Error() string { + return awserr.SprintError(e.Code(), e.Message(), "", nil) +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 523db79f8d2..8104793aa5b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -687,7 +687,11 @@ func (ctx *signingCtx) buildBodyDigest() error { if !aws.IsReaderSeekable(ctx.Body) { return fmt.Errorf("cannot use unseekable request body %T, for signed request with body", ctx.Body) } - hash = hex.EncodeToString(makeSha256Reader(ctx.Body)) + hashBytes, err := makeSha256Reader(ctx.Body) + if err != nil { + return err + } + hash = hex.EncodeToString(hashBytes) } if includeSHA256Header { @@ -734,10 +738,16 @@ func makeSha256(data []byte) []byte { return hash.Sum(nil) } -func makeSha256Reader(reader io.ReadSeeker) []byte { +func makeSha256Reader(reader io.ReadSeeker) (hashBytes []byte, err error) { hash := sha256.New() - start, _ := reader.Seek(0, sdkio.SeekCurrent) - defer reader.Seek(start, sdkio.SeekStart) + start, err := reader.Seek(0, sdkio.SeekCurrent) + if err != nil { + return nil, err + } + defer func() { + // ensure error is return if unable to seek back to start of payload. + _, err = reader.Seek(start, sdkio.SeekStart) + }() // Use CopyN to avoid allocating the 32KB buffer in io.Copy for bodies // smaller than 32KB. Fall back to io.Copy if we fail to determine the size. @@ -748,7 +758,7 @@ func makeSha256Reader(reader io.ReadSeeker) []byte { io.CopyN(hash, reader, size) } - return hash.Sum(nil) + return hash.Sum(nil), nil } const doubleSpace = " " diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index af9549986d3..050b49f5fdb 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.20.21" +const SDKVersion = "1.21.2" diff --git a/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go b/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go index 74b74c0e35a..de8c21179c7 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/codedeploy/api.go @@ -5938,7 +5938,8 @@ func (s *BlueGreenDeploymentConfiguration) SetTerminateBlueInstancesOnDeployment } // Information about whether instances in the original environment are terminated -// when a blue/green deployment is successful. +// when a blue/green deployment is successful. BlueInstanceTerminationOption +// does not apply to Lambda deployments. type BlueInstanceTerminationOption struct { _ struct{} `type:"structure"` @@ -5951,9 +5952,14 @@ type BlueInstanceTerminationOption struct { // the load balancer and removed from the deployment group. Action *string `locationName:"action" type:"string" enum:"InstanceAction"` - // The number of minutes to wait after a successful blue/green deployment before - // terminating instances from the original environment. The maximum setting - // is 2880 minutes (2 days). + // For an Amazon EC2 deployment, the number of minutes to wait after a successful + // blue/green deployment before terminating instances from the original environment. + // + // For an Amazon ECS deployment, the number of minutes before deleting the original + // (blue) task set. During an Amazon ECS deployment, CodeDeploy shifts traffic + // from the original (blue) task set to a replacement (green) task set. + // + // The maximum setting is 2880 minutes (2 days). TerminationWaitTimeInMinutes *int64 `locationName:"terminationWaitTimeInMinutes" type:"integer"` } @@ -9982,7 +9988,13 @@ type ListDeploymentTargetsInput struct { // It can be used to return the next set of deployment targets in the list. NextToken *string `locationName:"nextToken" type:"string"` - // A key used to filter the returned targets. + // A key used to filter the returned targets. The two valid values are: + // + // * TargetStatus - A TargetStatus filter string can be Failed, InProgress, + // Pending, Ready, Skipped, Succeeded, or Unknown. + // + // * ServerInstanceLabel - A ServerInstanceLabel filter string can be Blue + // or Green. TargetFilters map[string][]*string `locationName:"targetFilters" type:"map"` } diff --git a/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go b/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go index 6a50ef822fc..493f71971a6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ecs/api.go @@ -3016,19 +3016,20 @@ func (c *ECS) PutAccountSettingRequest(input *PutAccountSettingInput) (req *requ // PutAccountSetting API operation for Amazon EC2 Container Service. // -// Modifies an account setting. For more information, see Account Settings (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html) +// Modifies an account setting. If you change the account setting for the root +// user, the default settings for all of the IAM users and roles for which no +// individual account setting has been specified are reset. For more information, +// see Account Settings (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html) // in the Amazon Elastic Container Service Developer Guide. // // When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat -// are specified, the ARN and resource ID format of the resource type for a -// specified IAM user, IAM role, or the root user for an account is changed. -// If you change the account setting for the root user, the default settings -// for all of the IAM users and roles for which no individual account setting -// has been specified are reset. The opt-in and opt-out account setting can -// be specified for each Amazon ECS resource separately. The ARN and resource -// ID format of a resource will be defined by the opt-in status of the IAM user -// or role that created the resource. You must enable this setting to use Amazon -// ECS features such as resource tagging. +// are specified, the Amazon Resource Name (ARN) and resource ID format of the +// resource type for a specified IAM user, IAM role, or the root user for an +// account is affected. The opt-in and opt-out account setting must be set for +// each Amazon ECS resource separately. The ARN and resource ID format of a +// resource will be defined by the opt-in status of the IAM user or role that +// created the resource. You must enable this setting to use Amazon ECS features +// such as resource tagging. // // When awsvpcTrunking is specified, the elastic network interface (ENI) limit // for any new container instances that support the feature is changed. If awsvpcTrunking @@ -3037,6 +3038,13 @@ func (c *ECS) PutAccountSettingRequest(input *PutAccountSettingInput) (req *requ // Elastic Network Interface Trunking (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html) // in the Amazon Elastic Container Service Developer Guide. // +// When containerInsights is specified, the default setting indicating whether +// CloudWatch Container Insights is enabled for your clusters is changed. If +// containerInsights is enabled, any new clusters that are created will have +// Container Insights enabled unless you disable it during cluster creation. +// For more information, see CloudWatch Container Insights (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html) +// in the Amazon Elastic Container Service Developer Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5243,6 +5251,10 @@ type Cluster struct { // The number of tasks in the cluster that are in the RUNNING state. RunningTasksCount *int64 `locationName:"runningTasksCount" type:"integer"` + // The settings for the cluster. This parameter indicates whether CloudWatch + // Container Insights is enabled or disabled for a cluster. + Settings []*ClusterSetting `locationName:"settings" type:"list"` + // Additional information about your clusters that are separated by launch type, // including: // @@ -5321,6 +5333,12 @@ func (s *Cluster) SetRunningTasksCount(v int64) *Cluster { return s } +// SetSettings sets the Settings field's value. +func (s *Cluster) SetSettings(v []*ClusterSetting) *Cluster { + s.Settings = v + return s +} + // SetStatistics sets the Statistics field's value. func (s *Cluster) SetStatistics(v []*KeyValuePair) *Cluster { s.Statistics = v @@ -5339,6 +5357,44 @@ func (s *Cluster) SetTags(v []*Tag) *Cluster { return s } +// The settings to use when creating a cluster. This parameter is used to enable +// CloudWatch Container Insights for a cluster. +type ClusterSetting struct { + _ struct{} `type:"structure"` + + // The name of the cluster setting. The only supported value is containerInsights. + Name *string `locationName:"name" type:"string" enum:"ClusterSettingName"` + + // The value to set for the cluster setting. The supported values are enabled + // and disabled. If enabled is specified, CloudWatch Container Insights will + // be enabled for the cluster, otherwise it will be disabled unless the containerInsights + // account setting is enabled. If a cluster value is specified, it will override + // the containerInsights value set with PutAccountSetting or PutAccountSettingDefault. + Value *string `locationName:"value" type:"string"` +} + +// String returns the string representation +func (s ClusterSetting) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ClusterSetting) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *ClusterSetting) SetName(v string) *ClusterSetting { + s.Name = &v + return s +} + +// SetValue sets the Value field's value. +func (s *ClusterSetting) SetValue(v string) *ClusterSetting { + s.Value = &v + return s +} + // A Docker container that is part of a task. type Container struct { _ struct{} `type:"structure"` @@ -6809,6 +6865,12 @@ type CreateClusterInput struct { // numbers, and hyphens are allowed. ClusterName *string `locationName:"clusterName" type:"string"` + // The setting to use when creating a cluster. This parameter is used to enable + // CloudWatch Container Insights for a cluster. If this value is specified, + // it will override the containerInsights value set with PutAccountSetting or + // PutAccountSettingDefault. + Settings []*ClusterSetting `locationName:"settings" type:"list"` + // The metadata that you apply to the cluster to help you categorize and organize // them. Each tag consists of a key and an optional value, both of which you // define. Tag keys can have a maximum character length of 128 characters, and @@ -6852,6 +6914,12 @@ func (s *CreateClusterInput) SetClusterName(v string) *CreateClusterInput { return s } +// SetSettings sets the Settings field's value. +func (s *CreateClusterInput) SetSettings(v []*ClusterSetting) *CreateClusterInput { + s.Settings = v + return s +} + // SetTags sets the Tags field's value. func (s *CreateClusterInput) SetTags(v []*Tag) *CreateClusterInput { s.Tags = v @@ -11213,7 +11281,9 @@ type PutAccountSettingDefaultInput struct { // is specified, the ARN and resource ID for your Amazon ECS tasks is affected. // If containerInstanceLongArnFormat is specified, the ARN and resource ID for // your Amazon ECS container instances is affected. If awsvpcTrunking is specified, - // the ENI limit for your Amazon ECS container instances is affected. + // the ENI limit for your Amazon ECS container instances is affected. If containerInsights + // is specified, the default setting for CloudWatch Container Insights for your + // clusters is affected. // // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` @@ -11289,12 +11359,15 @@ func (s *PutAccountSettingDefaultOutput) SetSetting(v *Setting) *PutAccountSetti type PutAccountSettingInput struct { _ struct{} `type:"structure"` - // The resource name for which to modify the account setting. If serviceLongArnFormat - // is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat - // is specified, the ARN and resource ID for your Amazon ECS tasks is affected. - // If containerInstanceLongArnFormat is specified, the ARN and resource ID for - // your Amazon ECS container instances is affected. If awsvpcTrunking is specified, - // the ENI limit for your Amazon ECS container instances is affected. + // The Amazon ECS resource name for which to modify the account setting. If + // serviceLongArnFormat is specified, the ARN for your Amazon ECS services is + // affected. If taskLongArnFormat is specified, the ARN and resource ID for + // your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, + // the ARN and resource ID for your Amazon ECS container instances is affected. + // If awsvpcTrunking is specified, the elastic network interface (ENI) limit + // for your Amazon ECS container instances is affected. If containerInsights + // is specified, the default setting for CloudWatch Container Insights for your + // clusters is affected. // // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` @@ -12979,17 +13052,14 @@ func (s *ServiceRegistry) SetRegistryArn(v string) *ServiceRegistry { type Setting struct { _ struct{} `type:"structure"` - // The account resource name. + // The Amazon ECS resource name. Name *string `locationName:"name" type:"string" enum:"SettingName"` // The ARN of the principal, which can be an IAM user, IAM role, or the root // user. If this field is omitted, the authenticated user is assumed. PrincipalArn *string `locationName:"principalArn" type:"string"` - // The current account setting for the resource name. If enabled, the resource - // receives the new Amazon Resource Name (ARN) and resource identifier (ID) - // format. If disabled, the resource receives the old Amazon Resource Name (ARN) - // and resource identifier (ID) format. + // Whether the account setting is enabled or disabled for the specified resource. Value *string `locationName:"value" type:"string"` } @@ -15809,6 +15879,11 @@ const ( ClusterFieldTags = "TAGS" ) +const ( + // ClusterSettingNameContainerInsights is a ClusterSettingName enum value + ClusterSettingNameContainerInsights = "containerInsights" +) + const ( // CompatibilityEc2 is a Compatibility enum value CompatibilityEc2 = "EC2" @@ -16049,6 +16124,9 @@ const ( // SettingNameAwsvpcTrunking is a SettingName enum value SettingNameAwsvpcTrunking = "awsvpcTrunking" + + // SettingNameContainerInsights is a SettingName enum value + SettingNameContainerInsights = "containerInsights" ) const ( diff --git a/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go b/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go index c135e764e28..8ed98cc1ca6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elasticache/api.go @@ -463,19 +463,19 @@ func (c *ElastiCache) CopySnapshotRequest(input *CopySnapshotInput) (req *reques // * Error Message: ElastiCache has not been granted READ permissions %s // on the S3 Bucket. Solution: Add List and Read permissions on the bucket. // For more information, see Step 2: Grant ElastiCache Access to Your Amazon -// S3 Bucket (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access.html) +// S3 Bucket (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access) // in the ElastiCache User Guide. // // * Error Message: ElastiCache has not been granted WRITE permissions %s // on the S3 Bucket. Solution: Add Upload/Delete permissions on the bucket. // For more information, see Step 2: Grant ElastiCache Access to Your Amazon -// S3 Bucket (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access.html) +// S3 Bucket (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access) // in the ElastiCache User Guide. // // * Error Message: ElastiCache has not been granted READ_ACP permissions // %s on the S3 Bucket. Solution: Add View Permissions on the bucket. For // more information, see Step 2: Grant ElastiCache Access to Your Amazon -// S3 Bucket (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access.html) +// S3 Bucket (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-exporting.html#backups-exporting-grant-access) // in the ElastiCache User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1006,7 +1006,7 @@ func (c *ElastiCache) CreateReplicationGroupRequest(input *CreateReplicationGrou // replicas. Writes to the primary are asynchronously propagated to the replicas. // // A Redis (cluster mode enabled) replication group is a collection of 1 to -// 15 node groups (shards). Each node group (shard) has one read/write primary +// 90 node groups (shards). Each node group (shard) has one read/write primary // node and up to 5 read-only replica nodes. Writes to the primary are asynchronously // propagated to the replicas. Redis (cluster mode enabled) replication groups // partition the data across node groups (shards). @@ -1079,7 +1079,7 @@ func (c *ElastiCache) CreateReplicationGroupRequest(input *CreateReplicationGrou // * ErrCodeNodeGroupsPerReplicationGroupQuotaExceededFault "NodeGroupsPerReplicationGroupQuotaExceeded" // The request cannot be processed because it would exceed the maximum allowed // number of node groups (shards) in a single replication group. The default -// maximum is 15 +// maximum is 90 // // * ErrCodeInvalidParameterValueException "InvalidParameterValue" // The value for a parameter is invalid. @@ -1305,7 +1305,7 @@ func (c *ElastiCache) DecreaseReplicaCountRequest(input *DecreaseReplicaCountInp // * ErrCodeNodeGroupsPerReplicationGroupQuotaExceededFault "NodeGroupsPerReplicationGroupQuotaExceeded" // The request cannot be processed because it would exceed the maximum allowed // number of node groups (shards) in a single replication group. The default -// maximum is 15 +// maximum is 90 // // * ErrCodeNodeQuotaForCustomerExceededFault "NodeQuotaForCustomerExceeded" // The request cannot be processed because it would exceed the allowed number @@ -4025,7 +4025,7 @@ func (c *ElastiCache) IncreaseReplicaCountRequest(input *IncreaseReplicaCountInp // * ErrCodeNodeGroupsPerReplicationGroupQuotaExceededFault "NodeGroupsPerReplicationGroupQuotaExceeded" // The request cannot be processed because it would exceed the maximum allowed // number of node groups (shards) in a single replication group. The default -// maximum is 15 +// maximum is 90 // // * ErrCodeNodeQuotaForCustomerExceededFault "NodeQuotaForCustomerExceeded" // The request cannot be processed because it would exceed the allowed number @@ -4756,7 +4756,7 @@ func (c *ElastiCache) ModifyReplicationGroupShardConfigurationRequest(input *Mod // * ErrCodeNodeGroupsPerReplicationGroupQuotaExceededFault "NodeGroupsPerReplicationGroupQuotaExceeded" // The request cannot be processed because it would exceed the maximum allowed // number of node groups (shards) in a single replication group. The default -// maximum is 15 +// maximum is 90 // // * ErrCodeNodeQuotaForCustomerExceededFault "NodeQuotaForCustomerExceeded" // The request cannot be processed because it would exceed the allowed number @@ -5750,7 +5750,7 @@ type CacheCluster struct { // to true when you create a cluster. // // Required: Only available when creating a replication group in an Amazon VPC - // using redis version 3.2.6 or 4.x. + // using redis version 3.2.6, 4.x or later. // // Default: false AtRestEncryptionEnabled *bool `type:"boolean"` @@ -5912,7 +5912,7 @@ type CacheCluster struct { // to true when you create a cluster. // // Required: Only available when creating a replication group in an Amazon VPC - // using redis version 3.2.6 or 4.x. + // using redis version 3.2.6, 4.x or later. // // Default: false TransitEncryptionEnabled *bool `type:"boolean"` @@ -7571,7 +7571,7 @@ type CreateReplicationGroupInput struct { // group. // // Required: Only available when creating a replication group in an Amazon VPC - // using redis version 3.2.6 or 4.x. + // using redis version 3.2.6, 4.x or later. // // Default: false AtRestEncryptionEnabled *bool `type:"boolean"` @@ -7872,7 +7872,7 @@ type CreateReplicationGroupInput struct { // If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup. // // Required: Only available when creating a replication group in an Amazon VPC - // using redis version 3.2.6 or 4.x. + // using redis version 3.2.6, 4.x or later. // // Default: false // @@ -10725,7 +10725,7 @@ type ModifyCacheClusterInput struct { // Only newly created nodes are located in different Availability Zones. For // instructions on how to move existing Memcached nodes to different Availability // Zones, see the Availability Zone Considerations section of Cache Node Considerations - // for Memcached (https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNode.Memcached.html). + // for Memcached (https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNodes.SupportedTypes.html). AZMode *string `type:"string" enum:"AZMode"` // If true, this parameter causes the modifications in this request and any @@ -10821,7 +10821,7 @@ type ModifyCacheClusterInput struct { // Availability Zone. Only newly created nodes can be located in different Availability // Zones. For guidance on how to move existing Memcached nodes to different // Availability Zones, see the Availability Zone Considerations section of Cache - // Node Considerations for Memcached (https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNode.Memcached.html). + // Node Considerations for Memcached (https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNodes.SupportedTypes.html). // // Impact of new add/remove requests upon pending requests // @@ -11679,8 +11679,8 @@ type NodeGroup struct { // The identifier for the node group (shard). A Redis (cluster mode disabled) // replication group contains only 1 node group; therefore, the node group ID - // is 0001. A Redis (cluster mode enabled) replication group contains 1 to 15 - // node groups numbered 0001 to 0015. Optionally, the user can provide the id + // is 0001. A Redis (cluster mode enabled) replication group contains 1 to 90 + // node groups numbered 0001 to 0090. Optionally, the user can provide the id // for a node group. NodeGroupId *string `type:"string"` @@ -12640,7 +12640,7 @@ type ReplicationGroup struct { // to true when you create a cluster. // // Required: Only available when creating a replication group in an Amazon VPC - // using redis version 3.2.6 or 4.x. + // using redis version 3.2.6, 4.x or later. // // Default: false AtRestEncryptionEnabled *bool `type:"boolean"` @@ -12731,7 +12731,7 @@ type ReplicationGroup struct { // to true when you create a cluster. // // Required: Only available when creating a replication group in an Amazon VPC - // using redis version 3.2.6 or 4.x. + // using redis version 3.2.6, 4.x or later. // // Default: false TransitEncryptionEnabled *bool `type:"boolean"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/elasticache/errors.go b/vendor/github.com/aws/aws-sdk-go/service/elasticache/errors.go index 28d799c78da..4ce99d3b0df 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/elasticache/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/elasticache/errors.go @@ -206,7 +206,7 @@ const ( // // The request cannot be processed because it would exceed the maximum allowed // number of node groups (shards) in a single replication group. The default - // maximum is 15 + // maximum is 90 ErrCodeNodeGroupsPerReplicationGroupQuotaExceededFault = "NodeGroupsPerReplicationGroupQuotaExceeded" // ErrCodeNodeQuotaForClusterExceededFault for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/kafka/api.go b/vendor/github.com/aws/aws-sdk-go/service/kafka/api.go index 28b8752e5dd..bef73a71c73 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/kafka/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/kafka/api.go @@ -2683,7 +2683,7 @@ type CreateClusterInput struct { // KafkaVersion is a required field KafkaVersion *string `locationName:"kafkaVersion" min:"1" type:"string" required:"true"` - // The number of broker nodes in the cluster. + // The number of Kafka broker nodes in the Amazon MSK cluster. // // NumberOfBrokerNodes is a required field NumberOfBrokerNodes *int64 `locationName:"numberOfBrokerNodes" min:"1" type:"integer" required:"true"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/mq/api.go b/vendor/github.com/aws/aws-sdk-go/service/mq/api.go index aedf340b292..16a45caea22 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/mq/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/mq/api.go @@ -2421,6 +2421,9 @@ type CreateBrokerRequest struct { // The deployment mode of the broker. DeploymentMode *string `locationName:"deploymentMode" type:"string" enum:"DeploymentMode"` + // Encryption options for the broker. + EncryptionOptions *EncryptionOptions `locationName:"encryptionOptions" type:"structure"` + // The type of broker engine. Note: Currently, Amazon MQ supports only ActiveMQ. EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` @@ -2456,6 +2459,21 @@ func (s CreateBrokerRequest) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateBrokerRequest) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateBrokerRequest"} + if s.EncryptionOptions != nil { + if err := s.EncryptionOptions.Validate(); err != nil { + invalidParams.AddNested("EncryptionOptions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetAutoMinorVersionUpgrade sets the AutoMinorVersionUpgrade field's value. func (s *CreateBrokerRequest) SetAutoMinorVersionUpgrade(v bool) *CreateBrokerRequest { s.AutoMinorVersionUpgrade = &v @@ -2486,6 +2504,12 @@ func (s *CreateBrokerRequest) SetDeploymentMode(v string) *CreateBrokerRequest { return s } +// SetEncryptionOptions sets the EncryptionOptions field's value. +func (s *CreateBrokerRequest) SetEncryptionOptions(v *EncryptionOptions) *CreateBrokerRequest { + s.EncryptionOptions = v + return s +} + // SetEngineType sets the EngineType field's value. func (s *CreateBrokerRequest) SetEngineType(v string) *CreateBrokerRequest { s.EngineType = &v @@ -3274,6 +3298,9 @@ type DescribeBrokerResponse struct { // The deployment mode of the broker. DeploymentMode *string `locationName:"deploymentMode" type:"string" enum:"DeploymentMode"` + // Encryption options for the broker. + EncryptionOptions *EncryptionOptions `locationName:"encryptionOptions" type:"structure"` + // The type of broker engine. Note: Currently, Amazon MQ supports only ActiveMQ. EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` @@ -3366,6 +3393,12 @@ func (s *DescribeBrokerResponse) SetDeploymentMode(v string) *DescribeBrokerResp return s } +// SetEncryptionOptions sets the EncryptionOptions field's value. +func (s *DescribeBrokerResponse) SetEncryptionOptions(v *EncryptionOptions) *DescribeBrokerResponse { + s.EncryptionOptions = v + return s +} + // SetEngineType sets the EngineType field's value. func (s *DescribeBrokerResponse) SetEngineType(v string) *DescribeBrokerResponse { s.EngineType = &v @@ -3769,6 +3802,56 @@ func (s *DescribeUserResponse) SetUsername(v string) *DescribeUserResponse { return s } +// Encryption options for the broker. +type EncryptionOptions struct { + _ struct{} `type:"structure"` + + // The customer master key (CMK) to use for the AWS Key Management Service (KMS). + // This key is used to encrypt your data at rest. If not provided, Amazon MQ + // will use a default CMK to encrypt your data. + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // Enables the use of an AWS owned CMK using AWS Key Management Service (KMS). + // + // UseAwsOwnedKey is a required field + UseAwsOwnedKey *bool `locationName:"useAwsOwnedKey" type:"boolean" required:"true"` +} + +// String returns the string representation +func (s EncryptionOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EncryptionOptions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EncryptionOptions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EncryptionOptions"} + if s.UseAwsOwnedKey == nil { + invalidParams.Add(request.NewErrParamRequired("UseAwsOwnedKey")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *EncryptionOptions) SetKmsKeyId(v string) *EncryptionOptions { + s.KmsKeyId = &v + return s +} + +// SetUseAwsOwnedKey sets the UseAwsOwnedKey field's value. +func (s *EncryptionOptions) SetUseAwsOwnedKey(v bool) *EncryptionOptions { + s.UseAwsOwnedKey = &v + return s +} + // Id of the engine version. type EngineVersion struct { _ struct{} `type:"structure"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/shield/api.go b/vendor/github.com/aws/aws-sdk-go/service/shield/api.go index ab37c53cc7e..aa23ff9860e 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/shield/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/shield/api.go @@ -59,8 +59,8 @@ func (c *Shield) AssociateDRTLogBucketRequest(input *AssociateDRTLogBucketInput) // AssociateDRTLogBucket API operation for AWS Shield. // // Authorizes the DDoS Response team (DRT) to access the specified Amazon S3 -// bucket containing your flow logs. You can associate up to 10 Amazon S3 buckets -// with your subscription. +// bucket containing your AWS WAF logs. You can associate up to 10 Amazon S3 +// buckets with your subscription. // // To use the services of the DRT and make an AssociateDRTLogBucket request, // you must be subscribed to the Business Support plan (https://aws.amazon.com/premiumsupport/business-support/) @@ -424,6 +424,10 @@ func (c *Shield) CreateSubscriptionRequest(input *CreateSubscriptionInput) (req // a suspected DDoS attack. For more information see Authorize the DDoS Response // Team to Create Rules and Web ACLs on Your Behalf (https://docs.aws.amazon.com/waf/latest/developerguide/authorize-DRT.html). // +// To use the services of the DRT, you must be subscribed to the Business Support +// plan (https://aws.amazon.com/premiumsupport/business-support/) or the Enterprise +// Support plan (https://aws.amazon.com/premiumsupport/enterprise-support/). +// // When you initally create a subscription, your subscription is set to be automatically // renewed at the end of the existing subscription period. You can change this // by submitting an UpdateSubscription request. @@ -1122,7 +1126,7 @@ func (c *Shield) DisassociateDRTLogBucketRequest(input *DisassociateDRTLogBucket // DisassociateDRTLogBucket API operation for AWS Shield. // // Removes the DDoS Response team's (DRT) access to the specified Amazon S3 -// bucket containing your flow logs. +// bucket containing your AWS WAF logs. // // To make a DisassociateDRTLogBucket request, you must be subscribed to the // Business Support plan (https://aws.amazon.com/premiumsupport/business-support/) @@ -1732,7 +1736,7 @@ func (c *Shield) UpdateSubscriptionWithContext(ctx aws.Context, input *UpdateSub type AssociateDRTLogBucketInput struct { _ struct{} `type:"structure"` - // The Amazon S3 bucket that contains your flow logs. + // The Amazon S3 bucket that contains your AWS WAF logs. // // LogBucket is a required field LogBucket *string `min:"3" type:"string" required:"true"` @@ -1939,11 +1943,14 @@ func (s *AttackDetail) SetSubResources(v []*SubResourceSummary) *AttackDetail { type AttackProperty struct { _ struct{} `type:"structure"` - // The type of DDoS event that was observed. NETWORK indicates layer 3 and layer - // 4 events and APPLICATION indicates layer 7 events. + // The type of distributed denial of service (DDoS) event that was observed. + // NETWORK indicates layer 3 and layer 4 events and APPLICATION indicates layer + // 7 events. AttackLayer *string `type:"string" enum:"AttackLayer"` - // Defines the DDoS attack property information that is provided. + // Defines the DDoS attack property information that is provided. The WORDPRESS_PINGBACK_REFLECTOR + // and WORDPRESS_PINGBACK_SOURCE values are valid only for WordPress reflective + // pingback DDoS attacks. AttackPropertyIdentifier *string `type:"string" enum:"AttackPropertyIdentifier"` // The array of Contributor objects that includes the top five contributors @@ -2096,6 +2103,12 @@ type AttackVectorDescription struct { // // * REQUEST_FLOOD // + // * HTTP_REFLECTION + // + // * UDS_REFLECTION + // + // * MEMCACHED_REFLECTION + // // VectorType is a required field VectorType *string `type:"string" required:"true"` } @@ -2624,7 +2637,7 @@ func (s *DescribeSubscriptionOutput) SetSubscription(v *Subscription) *DescribeS type DisassociateDRTLogBucketInput struct { _ struct{} `type:"structure"` - // The Amazon S3 bucket that contains your flow logs. + // The Amazon S3 bucket that contains your AWS WAF logs. // // LogBucket is a required field LogBucket *string `min:"3" type:"string" required:"true"` @@ -3486,6 +3499,12 @@ const ( // AttackPropertyIdentifierSourceUserAgent is a AttackPropertyIdentifier enum value AttackPropertyIdentifierSourceUserAgent = "SOURCE_USER_AGENT" + + // AttackPropertyIdentifierWordpressPingbackReflector is a AttackPropertyIdentifier enum value + AttackPropertyIdentifierWordpressPingbackReflector = "WORDPRESS_PINGBACK_REFLECTOR" + + // AttackPropertyIdentifierWordpressPingbackSource is a AttackPropertyIdentifier enum value + AttackPropertyIdentifierWordpressPingbackSource = "WORDPRESS_PINGBACK_SOURCE" ) const ( diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go index 673014f0594..8d71f726548 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/api.go @@ -57,22 +57,25 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // AddPermission API operation for Amazon Simple Queue Service. // -// Adds a permission to a queue for a specific principal (http://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P). +// Adds a permission to a queue for a specific principal (https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P). // This allows sharing access to the queue. // // When you create a queue, you have full control access rights for the queue. // Only you, the owner of the queue, can grant or deny permissions to the queue. // For more information about these permissions, see Allow Developers to Write -// Messages to a Shared Queue (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) +// Messages to a Shared Queue (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) // in the Amazon Simple Queue Service Developer Guide. // -// AddPermission writes an Amazon-SQS-generated policy. If you want to write -// your own policy, use SetQueueAttributes to upload your policy. For more information -// about writing your own policy, see Using Custom Policies with the Amazon -// SQS Access Policy Language (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-creating-custom-policies.html) -// in the Amazon Simple Queue Service Developer Guide. +// * AddPermission generates a policy for you. You can use SetQueueAttributes +// to upload your policy. For more information, see Using Custom Policies +// with the Amazon SQS Access Policy Language (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-creating-custom-policies.html) +// in the Amazon Simple Queue Service Developer Guide. // -// An Amazon SQS policy can have a maximum of 7 actions. +// * An Amazon SQS policy can have a maximum of 7 actions. +// +// * To remove the ability to change queue permissions, you must deny permission +// to the AddPermission, RemovePermission, and SetQueueAttributes actions +// in your IAM policy. // // Some actions take lists of parameters. These lists are specified using the // param.n notation. Values of n are integers starting from 1. For example, @@ -83,7 +86,7 @@ func (c *SQS) AddPermissionRequest(input *AddPermissionInput) (req *request.Requ // &Attribute.2=second // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -168,27 +171,46 @@ func (c *SQS) ChangeMessageVisibilityRequest(input *ChangeMessageVisibilityInput // ChangeMessageVisibility API operation for Amazon Simple Queue Service. // // Changes the visibility timeout of a specified message in a queue to a new -// value. The maximum allowed timeout value is 12 hours. For more information, -// see Visibility Timeout (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) +// value. The default visibility timeout for a message is 30 seconds. The minimum +// is 0 seconds. The maximum is 12 hours. For more information, see Visibility +// Timeout (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon Simple Queue Service Developer Guide. // // For example, you have a message with a visibility timeout of 5 minutes. After // 3 minutes, you call ChangeMessageVisibility with a timeout of 10 minutes. // You can continue to call ChangeMessageVisibility to extend the visibility -// timeout to a maximum of 12 hours. If you try to extend the visibility timeout -// beyond 12 hours, your request is rejected. +// timeout to the maximum allowed time. If you try to extend the visibility +// timeout beyond the maximum, your request is rejected. +// +// An Amazon SQS message has three basic states: +// +// Sent to a queue by a producer. +// +// Received from the queue by a consumer. +// +// Deleted from the queue. // -// A message is considered to be in flight after it's received from a queue -// by a consumer, but not yet deleted from the queue. +// A message is considered to be stored after it is sent to a queue by a producer, +// but not yet received from the queue by a consumer (that is, between states +// 1 and 2). There is no limit to the number of stored messages. A message is +// considered to be in flight after it is received from a queue by a consumer, +// but not yet deleted from the queue (that is, between states 2 and 3). There +// is a limit to the number of inflight messages. // -// For standard queues, there can be a maximum of 120,000 inflight messages -// per queue. If you reach this limit, Amazon SQS returns the OverLimit error -// message. To avoid reaching the limit, you should delete messages from the -// queue after they're processed. You can also increase the number of queues -// you use to process your messages. +// Limits that apply to inflight messages are unrelated to the unlimited number +// of stored messages. // -// For FIFO queues, there can be a maximum of 20,000 inflight messages per queue. -// If you reach this limit, Amazon SQS returns no error messages. +// For most standard queues (depending on queue traffic and message backlog), +// there can be a maximum of approximately 120,000 inflight messages (received +// from a queue by a consumer, but not yet deleted from the queue). If you reach +// this limit, Amazon SQS returns the OverLimit error message. To avoid reaching +// the limit, you should delete messages from the queue after they're processed. +// You can also increase the number of queues you use to process your messages. +// To request a limit increase, file a support request (https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&limitType=service-code-sqs). +// +// For FIFO queues, there can be a maximum of 20,000 inflight messages (received +// from a queue by a consumer, but not yet deleted from the queue). If you reach +// this limit, Amazon SQS returns no error messages. // // If you attempt to set the VisibilityTimeout to a value greater than the maximum // time left, Amazon SQS returns an error. Amazon SQS doesn't automatically @@ -392,7 +414,7 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // convert an existing standard queue into a FIFO queue. You must either // create a new FIFO queue for your application or delete your existing standard // queue and recreate it as a FIFO queue. For more information, see Moving -// From a Standard Queue to a FIFO Queue (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-moving) +// From a Standard Queue to a FIFO Queue (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-moving) // in the Amazon Simple Queue Service Developer Guide. // // * If you don't provide a value for an attribute, the queue is created @@ -402,7 +424,7 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // a queue with the same name. // // To successfully create a new queue, you must provide a queue name that adheres -// to the limits related to queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) +// to the limits related to queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) // and is unique within the scope of your queues. // // To get the queue URL, use the GetQueueUrl action. GetQueueUrl requires only @@ -424,7 +446,7 @@ func (c *SQS) CreateQueueRequest(input *CreateQueueInput) (req *request.Request, // &Attribute.2=second // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -730,7 +752,7 @@ func (c *SQS) DeleteQueueRequest(input *DeleteQueueInput) (req *request.Request, // a queue with the same name. // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -807,7 +829,7 @@ func (c *SQS) GetQueueAttributesRequest(input *GetQueueAttributesInput) (req *re // // Gets attributes for the specified queue. // -// To determine whether a queue is FIFO (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html), +// To determine whether a queue is FIFO (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html), // you can check whether QueueName ends with the .fifo suffix. // // Some actions take lists of parameters. These lists are specified using the @@ -901,7 +923,7 @@ func (c *SQS) GetQueueUrlRequest(input *GetQueueUrlInput) (req *request.Request, // parameter to specify the account ID of the queue's owner. The queue's owner // must grant you permission to access the queue. For more information about // shared queue access, see AddPermission or see Allow Developers to Write Messages -// to a Shared Queue (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) +// to a Shared Queue (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -985,7 +1007,7 @@ func (c *SQS) ListDeadLetterSourceQueuesRequest(input *ListDeadLetterSourceQueue // configured with a dead-letter queue. // // For more information about using dead-letter queues, see Using Amazon SQS -// Dead-Letter Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) +// Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1066,29 +1088,11 @@ func (c *SQS) ListQueueTagsRequest(input *ListQueueTagsInput) (req *request.Requ // ListQueueTags API operation for Amazon Simple Queue Service. // // List all cost allocation tags added to the specified Amazon SQS queue. For -// an overview, see Tagging Your Amazon SQS Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) -// in the Amazon Simple Queue Service Developer Guide. -// -// When you use queue tags, keep the following guidelines in mind: -// -// * Adding more than 50 tags to a queue isn't recommended. -// -// * Tags don't have any semantic meaning. Amazon SQS interprets tags as -// character strings. -// -// * Tags are case-sensitive. -// -// * A new tag with a key identical to that of an existing tag overwrites -// the existing tag. -// -// * Tagging actions are limited to 5 TPS per AWS account. If your application -// requires a higher throughput, file a technical support request (https://console.aws.amazon.com/support/home#/case/create?issueType=technical). -// -// For a full list of tag restrictions, see Limits Related to Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) +// an overview, see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) // in the Amazon Simple Queue Service Developer Guide. // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1168,7 +1172,7 @@ func (c *SQS) ListQueuesRequest(input *ListQueuesInput) (req *request.Request, o // only queues with a name that begins with the specified value are returned. // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1342,7 +1346,7 @@ func (c *SQS) ReceiveMessageRequest(input *ReceiveMessageInput) (req *request.Re // // Retrieves one or more messages (up to 10), from the specified queue. Using // the WaitTimeSeconds parameter enables long-poll support. For more information, -// see Amazon SQS Long Polling (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-long-polling.html) +// see Amazon SQS Long Polling (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-long-polling.html) // in the Amazon Simple Queue Service Developer Guide. // // Short poll is the default behavior where a weighted random set of machines @@ -1369,14 +1373,14 @@ func (c *SQS) ReceiveMessageRequest(input *ReceiveMessageInput) (req *request.Re // * An MD5 digest of the message attributes. // // The receipt handle is the identifier you must provide when deleting the message. -// For more information, see Queue and Message Identifiers (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-message-identifiers.html) +// For more information, see Queue and Message Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-message-identifiers.html) // in the Amazon Simple Queue Service Developer Guide. // // You can provide the VisibilityTimeout parameter in your request. The parameter // is applied to the messages that Amazon SQS returns in the response. If you // don't include the parameter, the overall visibility timeout for the queue // is used for the returned messages. For more information, see Visibility Timeout -// (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) +// (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon Simple Queue Service Developer Guide. // // A message that isn't deleted or a message whose visibility isn't extended @@ -1472,11 +1476,15 @@ func (c *SQS) RemovePermissionRequest(input *RemovePermissionInput) (req *reques // Revokes any permissions in the queue policy that matches the specified Label // parameter. // -// Only the owner of a queue can remove permissions from it. +// * Only the owner of a queue can remove permissions from it. // -// Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// * Cross-account permissions don't apply to this action. For more information, +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// in the Amazon Simple Queue Service Developer Guide. +// +// * To remove the ability to change queue permissions, you must deny permission +// to the AddPermission, RemovePermission, and SetQueueAttributes actions +// in your IAM policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1770,13 +1778,17 @@ func (c *SQS) SetQueueAttributesRequest(input *SetQueueAttributesInput) (req *re // to propagate throughout the Amazon SQS system. Changes made to the MessageRetentionPeriod // attribute can take up to 15 minutes. // -// In the future, new attributes might be added. If you write code that calls -// this action, we recommend that you structure your code so that it can handle -// new attributes gracefully. +// * In the future, new attributes might be added. If you write code that +// calls this action, we recommend that you structure your code so that it +// can handle new attributes gracefully. // -// Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) -// in the Amazon Simple Queue Service Developer Guide. +// * Cross-account permissions don't apply to this action. For more information, +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// in the Amazon Simple Queue Service Developer Guide. +// +// * To remove the ability to change queue permissions, you must deny permission +// to the AddPermission, RemovePermission, and SetQueueAttributes actions +// in your IAM policy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1857,7 +1869,7 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu // TagQueue API operation for Amazon Simple Queue Service. // // Add cost allocation tags to the specified Amazon SQS queue. For an overview, -// see Tagging Your Amazon SQS Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) +// see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) // in the Amazon Simple Queue Service Developer Guide. // // When you use queue tags, keep the following guidelines in mind: @@ -1875,11 +1887,11 @@ func (c *SQS) TagQueueRequest(input *TagQueueInput) (req *request.Request, outpu // * Tagging actions are limited to 5 TPS per AWS account. If your application // requires a higher throughput, file a technical support request (https://console.aws.amazon.com/support/home#/case/create?issueType=technical). // -// For a full list of tag restrictions, see Limits Related to Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) +// For a full list of tag restrictions, see Limits Related to Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) // in the Amazon Simple Queue Service Developer Guide. // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1956,29 +1968,11 @@ func (c *SQS) UntagQueueRequest(input *UntagQueueInput) (req *request.Request, o // UntagQueue API operation for Amazon Simple Queue Service. // // Remove cost allocation tags from the specified Amazon SQS queue. For an overview, -// see Tagging Your Amazon SQS Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) -// in the Amazon Simple Queue Service Developer Guide. -// -// When you use queue tags, keep the following guidelines in mind: -// -// * Adding more than 50 tags to a queue isn't recommended. -// -// * Tags don't have any semantic meaning. Amazon SQS interprets tags as -// character strings. -// -// * Tags are case-sensitive. -// -// * A new tag with a key identical to that of an existing tag overwrites -// the existing tag. -// -// * Tagging actions are limited to 5 TPS per AWS account. If your application -// requires a higher throughput, file a technical support request (https://console.aws.amazon.com/support/home#/case/create?issueType=technical). -// -// For a full list of tag restrictions, see Limits Related to Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-limits.html#limits-queues) +// see Tagging Your Amazon SQS Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-tags.html) // in the Amazon Simple Queue Service Developer Guide. // // Cross-account permissions don't apply to this action. For more information, -// see see Grant Cross-Account Permissions to a Role and a User Name (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) +// see Grant Cross-Account Permissions to a Role and a User Name (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) // in the Amazon Simple Queue Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2012,10 +2006,10 @@ func (c *SQS) UntagQueueWithContext(ctx aws.Context, input *UntagQueueInput, opt type AddPermissionInput struct { _ struct{} `type:"structure"` - // The AWS account number of the principal (http://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P) + // The AWS account number of the principal (https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P) // who is given permission. The principal must have an AWS account, but does // not need to be signed up for Amazon SQS. For information about locating the - // AWS account identification, see Your AWS Identifiers (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication) + // AWS account identification, see Your AWS Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication) // in the Amazon Simple Queue Service Developer Guide. // // AWSAccountIds is a required field @@ -2025,7 +2019,7 @@ type AddPermissionInput struct { // the name of any action or *. // // For more information about these actions, see Overview of Managing Access - // Permissions to Your Amazon Simple Queue Service Resource (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-overview-of-managing-access.html) + // Permissions to Your Amazon Simple Queue Service Resource (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-overview-of-managing-access.html) // in the Amazon Simple Queue Service Developer Guide. // // Specifying SendMessage, DeleteMessage, or ChangeMessageVisibility for ActionName.n @@ -2488,7 +2482,7 @@ type CreateQueueInput struct { // to 1,209,600 seconds (14 days). Default: 345,600 (4 days). // // * Policy - The queue's policy. A valid AWS policy. For more information - // about policy structure, see Overview of AWS IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) + // about policy structure, see Overview of AWS IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) // in the Amazon IAM User Guide. // // * ReceiveMessageWaitTimeSeconds - The length of time, in seconds, for @@ -2498,7 +2492,7 @@ type CreateQueueInput struct { // * RedrivePolicy - The string that includes the parameters for the dead-letter // queue functionality of the source queue. For more information about the // redrive policy and dead-letter queues, see Using Amazon SQS Dead-Letter - // Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) + // Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) // in the Amazon Simple Queue Service Developer Guide. deadLetterTargetArn // - The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon // SQS moves messages after the value of maxReceiveCount is exceeded. maxReceiveCount @@ -2512,39 +2506,40 @@ type CreateQueueInput struct { // * VisibilityTimeout - The visibility timeout for the queue, in seconds. // Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For // more information about the visibility timeout, see Visibility Timeout - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon Simple Queue Service Developer Guide. // - // The following attributes apply only to server-side-encryption (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): + // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // // * KmsMasterKeyId - The ID of an AWS-managed customer master key (CMK) - // for Amazon SQS or a custom CMK. For more information, see Key Terms (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). + // for Amazon SQS or a custom CMK. For more information, see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). // While the alias of the AWS-managed CMK for Amazon SQS is always alias/aws/sqs, // the alias of a custom CMK can, for example, be alias/MyAlias . For more - // examples, see KeyId (http://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) + // examples, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) // in the AWS Key Management Service API Reference. // // * KmsDataKeyReusePeriodSeconds - The length of time, in seconds, for which - // Amazon SQS can reuse a data key (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) + // Amazon SQS can reuse a data key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) // to encrypt or decrypt messages before calling AWS KMS again. An integer // representing seconds, between 60 seconds (1 minute) and 86,400 seconds // (24 hours). Default: 300 (5 minutes). A shorter time period provides better // security but results in more calls to KMS which might incur charges after // Free Tier. For more information, see How Does the Data Key Reuse Period - // Work? (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). + // Work? (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). // - // The following attributes apply only to FIFO (first-in-first-out) queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): + // The following attributes apply only to FIFO (first-in-first-out) queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): // - // * FifoQueue - Designates a queue as FIFO. Valid values: true, false. You - // can provide this attribute only during queue creation. You can't change - // it for an existing queue. When you set this attribute, you must also provide - // the MessageGroupId for your messages explicitly. For more information, - // see FIFO Queue Logic (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic) + // * FifoQueue - Designates a queue as FIFO. Valid values: true, false. If + // you don't specify the FifoQueue attribute, Amazon SQS creates a standard + // queue. You can provide this attribute only during queue creation. You + // can't change it for an existing queue. When you set this attribute, you + // must also provide the MessageGroupId for your messages explicitly. For + // more information, see FIFO Queue Logic (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic) // in the Amazon Simple Queue Service Developer Guide. // // * ContentBasedDeduplication - Enables content-based deduplication. Valid // values: true, false. For more information, see Exactly-Once Processing - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) // in the Amazon Simple Queue Service Developer Guide. Every message must // have a unique MessageDeduplicationId, You may provide a MessageDeduplicationId // explicitly. If you aren't able to provide a MessageDeduplicationId and @@ -2993,7 +2988,7 @@ type GetQueueAttributesInput struct { // * RedrivePolicy - Returns the string that includes the parameters for // dead-letter queue functionality of the source queue. For more information // about the redrive policy and dead-letter queues, see Using Amazon SQS - // Dead-Letter Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) + // Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) // in the Amazon Simple Queue Service Developer Guide. deadLetterTargetArn // - The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon // SQS moves messages after the value of maxReceiveCount is exceeded. maxReceiveCount @@ -3004,31 +2999,31 @@ type GetQueueAttributesInput struct { // // * VisibilityTimeout - Returns the visibility timeout for the queue. For // more information about the visibility timeout, see Visibility Timeout - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon Simple Queue Service Developer Guide. // - // The following attributes apply only to server-side-encryption (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): + // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // // * KmsMasterKeyId - Returns the ID of an AWS-managed customer master key // (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). // // * KmsDataKeyReusePeriodSeconds - Returns the length of time, in seconds, // for which Amazon SQS can reuse a data key to encrypt or decrypt messages // before calling AWS KMS again. For more information, see How Does the Data - // Key Reuse Period Work? (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). + // Key Reuse Period Work? (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). // - // The following attributes apply only to FIFO (first-in-first-out) queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): + // The following attributes apply only to FIFO (first-in-first-out) queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): // // * FifoQueue - Returns whether the queue is FIFO. For more information, - // see FIFO Queue Logic (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic) + // see FIFO Queue Logic (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic) // in the Amazon Simple Queue Service Developer Guide. To determine whether - // a queue is FIFO (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html), + // a queue is FIFO (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html), // you can check whether QueueName ends with the .fifo suffix. // // * ContentBasedDeduplication - Returns whether content-based deduplication // is enabled for the queue. For more information, see Exactly-Once Processing - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) // in the Amazon Simple Queue Service Developer Guide. AttributeNames []*string `locationNameList:"AttributeName" type:"list" flattened:"true"` @@ -3149,7 +3144,7 @@ func (s *GetQueueUrlInput) SetQueueOwnerAWSAccountId(v string) *GetQueueUrlInput return s } -// For more information, see Interpreting Responses (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-api-responses.html) +// For more information, see Interpreting Responses (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-api-responses.html) // in the Amazon Simple Queue Service Developer Guide. type GetQueueUrlOutput struct { _ struct{} `type:"structure"` @@ -3391,7 +3386,7 @@ type Message struct { MD5OfMessageAttributes *string `type:"string"` // Each message attribute consists of a Name, Type, and Value. For more information, - // see Amazon SQS Message Attributes (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) + // see Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) // in the Amazon Simple Queue Service Developer Guide. MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` @@ -3480,7 +3475,7 @@ type MessageAttributeValue struct { // Binary. For the Number data type, you must use StringValue. // // You can also append custom labels. For more information, see Amazon SQS Message - // Attributes (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) + // Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) // in the Amazon Simple Queue Service Developer Guide. // // DataType is a required field @@ -3604,8 +3599,8 @@ func (s PurgeQueueOutput) GoString() string { type ReceiveMessageInput struct { _ struct{} `type:"structure"` - // A list of s that need to be returned along with each message. These attributes - // include: + // A list of attributes that need to be returned along with each message. These + // attributes include: // // * All - Returns all values. // @@ -3690,7 +3685,7 @@ type ReceiveMessageInput struct { // * During a visibility timeout, subsequent calls with the same ReceiveRequestAttemptId // return the same messages and receipt handles. If a retry occurs within // the deduplication interval, it resets the visibility timeout. For more - // information, see Visibility Timeout (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) + // information, see Visibility Timeout (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon Simple Queue Service Developer Guide. If a caller of the // ReceiveMessage action still processes messages when the visibility timeout // expires and messages become visible, another worker consuming from the @@ -3714,7 +3709,7 @@ type ReceiveMessageInput struct { // can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~). // // For best practices of using ReceiveRequestAttemptId, see Using the ReceiveRequestAttemptId - // Request Parameter (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-receiverequestattemptid-request-parameter.html) + // Request Parameter (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-receiverequestattemptid-request-parameter.html) // in the Amazon Simple Queue Service Developer Guide. ReceiveRequestAttemptId *string `type:"string"` @@ -4015,7 +4010,7 @@ type SendMessageBatchRequestEntry struct { Id *string `type:"string" required:"true"` // Each message attribute consists of a Name, Type, and Value. For more information, - // see Amazon SQS Message Attributes (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) + // see Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) // in the Amazon Simple Queue Service Developer Guide. MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` @@ -4029,7 +4024,7 @@ type SendMessageBatchRequestEntry struct { // The token used for deduplication of messages within a 5-minute minimum deduplication // interval. If a message with a particular MessageDeduplicationId is sent successfully, // subsequent messages with the same MessageDeduplicationId are accepted successfully - // but aren't delivered. For more information, see Exactly-Once Processing (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) + // but aren't delivered. For more information, see Exactly-Once Processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) // in the Amazon Simple Queue Service Developer Guide. // // * Every message must have a unique MessageDeduplicationId, You may provide @@ -4064,7 +4059,7 @@ type SendMessageBatchRequestEntry struct { // can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~). // // For best practices of using MessageDeduplicationId, see Using the MessageDeduplicationId - // Property (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagededuplicationid-property.html) + // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagededuplicationid-property.html) // in the Amazon Simple Queue Service Developer Guide. MessageDeduplicationId *string `type:"string"` @@ -4089,7 +4084,7 @@ type SendMessageBatchRequestEntry struct { // characters and punctuation (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~). // // For best practices of using MessageGroupId, see Using the MessageGroupId - // Property (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagegroupid-property.html) + // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagegroupid-property.html) // in the Amazon Simple Queue Service Developer Guide. // // MessageGroupId is required for FIFO queues. You can't use it for Standard @@ -4259,7 +4254,7 @@ type SendMessageInput struct { DelaySeconds *int64 `type:"integer"` // Each message attribute consists of a Name, Type, and Value. For more information, - // see Amazon SQS Message Attributes (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) + // see Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) // in the Amazon Simple Queue Service Developer Guide. MessageAttributes map[string]*MessageAttributeValue `locationName:"MessageAttribute" locationNameKey:"Name" locationNameValue:"Value" type:"map" flattened:"true"` @@ -4282,7 +4277,7 @@ type SendMessageInput struct { // MessageDeduplicationId is sent successfully, any messages sent with the same // MessageDeduplicationId are accepted successfully but aren't delivered during // the 5-minute deduplication interval. For more information, see Exactly-Once - // Processing (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) + // Processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) // in the Amazon Simple Queue Service Developer Guide. // // * Every message must have a unique MessageDeduplicationId, You may provide @@ -4317,7 +4312,7 @@ type SendMessageInput struct { // can contain alphanumeric characters (a-z, A-Z, 0-9) and punctuation (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~). // // For best practices of using MessageDeduplicationId, see Using the MessageDeduplicationId - // Property (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagededuplicationid-property.html) + // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagededuplicationid-property.html) // in the Amazon Simple Queue Service Developer Guide. MessageDeduplicationId *string `type:"string"` @@ -4342,7 +4337,7 @@ type SendMessageInput struct { // characters and punctuation (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~). // // For best practices of using MessageGroupId, see Using the MessageGroupId - // Property (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagegroupid-property.html) + // Property (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/using-messagegroupid-property.html) // in the Amazon Simple Queue Service Developer Guide. // // MessageGroupId is required for FIFO queues. You can't use it for Standard @@ -4446,7 +4441,7 @@ type SendMessageOutput struct { MD5OfMessageBody *string `type:"string"` // An attribute containing the MessageId of the message sent to the queue. For - // more information, see Queue and Message Identifiers (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-message-identifiers.html) + // more information, see Queue and Message Identifiers (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-queue-message-identifiers.html) // in the Amazon Simple Queue Service Developer Guide. MessageId *string `type:"string"` @@ -4514,7 +4509,7 @@ type SetQueueAttributesInput struct { // from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). // // * Policy - The queue's policy. A valid AWS policy. For more information - // about policy structure, see Overview of AWS IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) + // about policy structure, see Overview of AWS IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html) // in the Amazon IAM User Guide. // // * ReceiveMessageWaitTimeSeconds - The length of time, in seconds, for @@ -4524,7 +4519,7 @@ type SetQueueAttributesInput struct { // * RedrivePolicy - The string that includes the parameters for the dead-letter // queue functionality of the source queue. For more information about the // redrive policy and dead-letter queues, see Using Amazon SQS Dead-Letter - // Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) + // Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) // in the Amazon Simple Queue Service Developer Guide. deadLetterTargetArn // - The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon // SQS moves messages after the value of maxReceiveCount is exceeded. maxReceiveCount @@ -4538,32 +4533,32 @@ type SetQueueAttributesInput struct { // * VisibilityTimeout - The visibility timeout for the queue, in seconds. // Valid values: an integer from 0 to 43,200 (12 hours). Default: 30. For // more information about the visibility timeout, see Visibility Timeout - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) // in the Amazon Simple Queue Service Developer Guide. // - // The following attributes apply only to server-side-encryption (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): + // The following attributes apply only to server-side-encryption (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html): // // * KmsMasterKeyId - The ID of an AWS-managed customer master key (CMK) - // for Amazon SQS or a custom CMK. For more information, see Key Terms (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). + // for Amazon SQS or a custom CMK. For more information, see Key Terms (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms). // While the alias of the AWS-managed CMK for Amazon SQS is always alias/aws/sqs, // the alias of a custom CMK can, for example, be alias/MyAlias . For more - // examples, see KeyId (http://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) + // examples, see KeyId (https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) // in the AWS Key Management Service API Reference. // // * KmsDataKeyReusePeriodSeconds - The length of time, in seconds, for which - // Amazon SQS can reuse a data key (http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) + // Amazon SQS can reuse a data key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) // to encrypt or decrypt messages before calling AWS KMS again. An integer // representing seconds, between 60 seconds (1 minute) and 86,400 seconds // (24 hours). Default: 300 (5 minutes). A shorter time period provides better // security but results in more calls to KMS which might incur charges after // Free Tier. For more information, see How Does the Data Key Reuse Period - // Work? (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). + // Work? (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work). // // The following attribute applies only to FIFO (first-in-first-out) queues - // (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): + // (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html): // // * ContentBasedDeduplication - Enables content-based deduplication. For - // more information, see Exactly-Once Processing (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) + // more information, see Exactly-Once Processing (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing) // in the Amazon Simple Queue Service Developer Guide. Every message must // have a unique MessageDeduplicationId, You may provide a MessageDeduplicationId // explicitly. If you aren't able to provide a MessageDeduplicationId and diff --git a/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go index 8f7b21f9ccb..3a3f55f0980 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sqs/doc.go @@ -10,11 +10,6 @@ // Amazon SQS moves data between distributed application components and helps // you decouple these components. // -// Standard queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/standard-queues.html) -// are available in all regions. FIFO queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) -// are available in the US East (N. Virginia), US East (Ohio), US West (Oregon), -// and EU (Ireland) regions. -// // You can use AWS SDKs (http://aws.amazon.com/tools/#sdk) to access Amazon // SQS using your favorite programming language. The SDKs perform tasks such // as the following automatically: @@ -29,13 +24,13 @@ // // * Amazon SQS Product Page (http://aws.amazon.com/sqs/) // -// * Amazon Simple Queue Service Developer Guide Making API Requests (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html) -// Amazon SQS Message Attributes (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) -// Amazon SQS Dead-Letter Queues (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) +// * Amazon Simple Queue Service Developer Guide Making API Requests (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html) +// Amazon SQS Message Attributes (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-message-attributes.html) +// Amazon SQS Dead-Letter Queues (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) // // * Amazon SQS in the AWS CLI Command Reference (http://docs.aws.amazon.com/cli/latest/reference/sqs/index.html) // -// * Amazon Web Services General Reference Regions and Endpoints (http://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region) +// * Amazon Web Services General Reference Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#sqs_region) // // See https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go new file mode 100644 index 00000000000..1eba20b0025 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go @@ -0,0 +1,92 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package stsiface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/sts" +) + +// STSAPI provides an interface to enable mocking the +// sts.STS service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // AWS Security Token Service. +// func myFunc(svc stsiface.STSAPI) bool { +// // Make svc.AssumeRole request +// } +// +// func main() { +// sess := session.New() +// svc := sts.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockSTSClient struct { +// stsiface.STSAPI +// } +// func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockSTSClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type STSAPI interface { + AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) + AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error) + AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput) + + AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error) + AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error) + AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput) + + AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error) + AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error) + AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput) + + DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error) + DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error) + DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput) + + GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error) + GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error) + GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput) + + GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error) + GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error) + GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput) + + GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) + GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error) + GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput) +} + +var _ STSAPI = (*sts.STS)(nil) diff --git a/vendor/modules.txt b/vendor/modules.txt index 03aaeeb018d..2e6fcb820e3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -21,7 +21,7 @@ github.com/apparentlymart/go-cidr/cidr github.com/apparentlymart/go-textseg/textseg # github.com/armon/go-radix v1.0.0 github.com/armon/go-radix -# github.com/aws/aws-sdk-go v1.20.21 +# github.com/aws/aws-sdk-go v1.21.2 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn github.com/aws/aws-sdk-go/aws/awserr @@ -178,6 +178,7 @@ github.com/aws/aws-sdk-go/internal/s3err github.com/aws/aws-sdk-go/private/signer/v2 github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds github.com/aws/aws-sdk-go/aws/ec2metadata +github.com/aws/aws-sdk-go/service/sts/stsiface github.com/aws/aws-sdk-go/aws/credentials/endpointcreds github.com/aws/aws-sdk-go/private/protocol/query/queryutil github.com/aws/aws-sdk-go/internal/sdkuri