Update aws-sdk-go to 1.48.7

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/.changelog/6b25cc1a38cf4e229728e8e169b9152b.json

@@ -0,0 +1,8 @@
+{
+    "id": "6b25cc1a-38cf-4e22-9728-e8e169b9152b",
+    "type": "feature",
+    "description": "Add awsQueryCompatible error code translation support",
+    "modules": [
+        "."
+    ]
+}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/.changelog/6eb0ebebe73b422a969ea440174c3e83.json

@@ -0,0 +1,8 @@
+{
+    "id": "6eb0ebeb-e73b-422a-969e-a440174c3e83",
+    "type": "bugfix",
+    "description": "Removes old model file for ssm sap and uses the new model file to regenerate client",
+    "modules": [
+        "."
+    ]
+}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/.changelog/74c9af99629e453b97a0af6251efd414.json

@@ -0,0 +1,8 @@
+{
+    "id": "74c9af99-629e-453b-97a0-af6251efd414",
+    "type": "bugfix",
+    "description": "endpoints were incorrect for kendra-ranking. this fixes that",
+    "modules": [
+        "."
+    ]
+}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/.gitignore

@@ -0,0 +1,11 @@
+dist
+/doc
+/doc-staging
+.yardoc
+Gemfile.lock
+awstesting/integration/smoke/**/importmarker__.go
+awstesting/integration/smoke/_test/
+/vendor/bin/
+/vendor/pkg/
+/vendor/src/
+/private/model/cli/gen-api/gen-api

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/.godoc_config

@@ -0,0 +1,14 @@
+{
+	"PkgHandler": {
+		"Pattern":          "/sdk-for-go/api/",
+		"StripPrefix":     "/sdk-for-go/api",
+		"Include":         ["/src/k8s.io/autoscaler/cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws", "/src/k8s.io/autoscaler/cluster-autoscaler/cloudprovider/aws/aws-sdk-go/service"],
+		"Exclude":         ["/src/cmd", "/src/k8s.io/autoscaler/cluster-autoscaler/cloudprovider/aws/aws-sdk-go/awstesting", "/src/k8s.io/autoscaler/cluster-autoscaler/cloudprovider/aws/aws-sdk-go/awsmigrate", "/src/k8s.io/autoscaler/cluster-autoscaler/cloudprovider/aws/aws-sdk-go/private"],
+		"IgnoredSuffixes": ["iface"]
+	},
+	"Github": {
+		"Tag": "master",
+		"Repo": "/aws/aws-sdk-go",
+		"UseGithub": true
+	}
+}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/auth/bearer/token.go

@@ -0,0 +1,50 @@
+package bearer
+
+import (
+	"k8s.io/autoscaler/cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws"
+	"time"
+)
+
+// Token provides a type wrapping a bearer token and expiration metadata.
+type Token struct {
+	Value string
+
+	CanExpire bool
+	Expires   time.Time
+}
+
+// Expired returns if the token's Expires time is before or equal to the time
+// provided. If CanExpire is false, Expired will always return false.
+func (t Token) Expired(now time.Time) bool {
+	if !t.CanExpire {
+		return false
+	}
+	now = now.Round(0)
+	return now.Equal(t.Expires) || now.After(t.Expires)
+}
+
+// TokenProvider provides interface for retrieving bearer tokens.
+type TokenProvider interface {
+	RetrieveBearerToken(aws.Context) (Token, error)
+}
+
+// TokenProviderFunc provides a helper utility to wrap a function as a type
+// that implements the TokenProvider interface.
+type TokenProviderFunc func(aws.Context) (Token, error)
+
+// RetrieveBearerToken calls the wrapped function, returning the Token or
+// error.
+func (fn TokenProviderFunc) RetrieveBearerToken(ctx aws.Context) (Token, error) {
+	return fn(ctx)
+}
+
+// StaticTokenProvider provides a utility for wrapping a static bearer token
+// value within an implementation of a token provider.
+type StaticTokenProvider struct {
+	Token Token
+}
+
+// RetrieveBearerToken returns the static token specified.
+func (s StaticTokenProvider) RetrieveBearerToken(aws.Context) (Token, error) {
+	return s.Token, nil
+}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/awserr/error.go

@@ -10,23 +10,24 @@ package awserr
 //
 // Example:
 //
-//	output, err := s3manage.Upload(svc, input, opts)
-//	if err != nil {
-//	    if awsErr, ok := err.(awserr.Error); ok {
-//	        // Get error details
-//	        log.Println("Error:", awsErr.Code(), awsErr.Message())
-//
-//	        // Prints out full error message, including original error if there was one.
-//	        log.Println("Error:", awsErr.Error())
-//
-//	        // Get original error
-//	        if origErr := awsErr.OrigErr(); origErr != nil {
-//	            // operate on original error.
-//	        }
-//	    } else {
-//	        fmt.Println(err.Error())
-//	    }
-//	}
+//     output, err := s3manage.Upload(svc, input, opts)
+//     if err != nil {
+//         if awsErr, ok := err.(awserr.Error); ok {
+//             // Get error details
+//             log.Println("Error:", awsErr.Code(), awsErr.Message())
+//
+//             // Prints out full error message, including original error if there was one.
+//             log.Println("Error:", awsErr.Error())
+//
+//             // Get original error
+//             if origErr := awsErr.OrigErr(); origErr != nil {
+//                 // operate on original error.
+//             }
+//         } else {
+//             fmt.Println(err.Error())
+//         }
+//     }
+//
 type Error interface {
 	// Satisfy the generic error interface.
 	error
@@ -99,31 +100,32 @@ func NewBatchError(code, message string, errs []error) BatchedErrors {
 //
 // Example:
 //
-//	output, err := s3manage.Upload(svc, input, opts)
-//	if err != nil {
-//	    if reqerr, ok := err.(RequestFailure); ok {
-//	        log.Println("Request failed", reqerr.Code(), reqerr.Message(), reqerr.RequestID())
-//	    } else {
-//	        log.Println("Error:", err.Error())
-//	    }
-//	}
+//     output, err := s3manage.Upload(svc, input, opts)
+//     if err != nil {
+//         if reqerr, ok := err.(RequestFailure); ok {
+//             log.Println("Request failed", reqerr.Code(), reqerr.Message(), reqerr.RequestID())
+//         } else {
+//             log.Println("Error:", err.Error())
+//         }
+//     }
 //
 // Combined with awserr.Error:
 //
-//	output, err := s3manage.Upload(svc, input, opts)
-//	if err != nil {
-//	    if awsErr, ok := err.(awserr.Error); ok {
-//	        // Generic AWS Error with Code, Message, and original error (if any)
-//	        fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr())
-//
-//	        if reqErr, ok := err.(awserr.RequestFailure); ok {
-//	            // A service error occurred
-//	            fmt.Println(reqErr.StatusCode(), reqErr.RequestID())
-//	        }
-//	    } else {
-//	        fmt.Println(err.Error())
-//	    }
-//	}
+//    output, err := s3manage.Upload(svc, input, opts)
+//    if err != nil {
+//        if awsErr, ok := err.(awserr.Error); ok {
+//            // Generic AWS Error with Code, Message, and original error (if any)
+//            fmt.Println(awsErr.Code(), awsErr.Message(), awsErr.OrigErr())
+//
+//            if reqErr, ok := err.(awserr.RequestFailure); ok {
+//                // A service error occurred
+//                fmt.Println(reqErr.StatusCode(), reqErr.RequestID())
+//            }
+//        } else {
+//            fmt.Println(err.Error())
+//        }
+//    }
+//
 type RequestFailure interface {
 	Error
 

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/client/default_retryer.go

@@ -12,6 +12,7 @@ import (
 // DefaultRetryer implements basic retry logic using exponential backoff for
 // most services. If you want to implement custom retry logic, you can implement the
 // request.Retryer interface.
+//
 type DefaultRetryer struct {
 	// Num max Retries is the number of max retries that will be performed.
 	// By default, this is zero.

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/config.go

@@ -192,6 +192,23 @@ type Config struct {
 	//
 	EC2MetadataDisableTimeoutOverride *bool
 
+	// Set this to `false` to disable EC2Metadata client from falling back to IMDSv1.
+	// By default, EC2 role credentials will fall back to IMDSv1 as needed for backwards compatibility.
+	// You can disable this behavior by explicitly setting this flag to `false`. When false, the EC2Metadata
+	// client will return any errors encountered from attempting to fetch a token instead of silently
+	// using the insecure data flow of IMDSv1.
+	//
+	// Example:
+	//    sess := session.Must(session.NewSession(aws.NewConfig()
+	//       .WithEC2MetadataEnableFallback(false)))
+	//
+	//    svc := s3.New(sess)
+	//
+	// See [configuring IMDS] for more information.
+	//
+	// [configuring IMDS]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
+	EC2MetadataEnableFallback *bool
+
 	// Instructs the endpoint to be generated for a service client to
 	// be the dual stack endpoint. The dual stack endpoint will support
 	// both IPv4 and IPv6 addressing.
@@ -432,6 +449,13 @@ func (c *Config) WithEC2MetadataDisableTimeoutOverride(enable bool) *Config {
 	return c
 }
 
+// WithEC2MetadataEnableFallback sets a config EC2MetadataEnableFallback value
+// returning a Config pointer for chaining.
+func (c *Config) WithEC2MetadataEnableFallback(v bool) *Config {
+	c.EC2MetadataEnableFallback = &v
+	return c
+}
+
 // WithSleepDelay overrides the function used to sleep while waiting for the
 // next retry. Defaults to time.Sleep.
 func (c *Config) WithSleepDelay(fn func(time.Duration)) *Config {
@@ -576,6 +600,10 @@ func mergeInConfig(dst *Config, other *Config) {
 		dst.EC2MetadataDisableTimeoutOverride = other.EC2MetadataDisableTimeoutOverride
 	}
 
+	if other.EC2MetadataEnableFallback != nil {
+		dst.EC2MetadataEnableFallback = other.EC2MetadataEnableFallback
+	}
+
 	if other.SleepDelay != nil {
 		dst.SleepDelay = other.SleepDelay
 	}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/corehandlers/awsinternal.go

@@ -0,0 +1,4 @@
+// DO NOT EDIT
+package corehandlers
+
+const isAwsInternal = ""

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/corehandlers/user_agent.go

@@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{
 		request.AddToUserAgent(r, execEnvUAKey+"/"+v)
 	},
 }
+
+var AddAwsInternal = request.NamedHandler{
+	Name: "core.AddAwsInternal",
+	Fn: func(r *request.Request) {
+		if len(isAwsInternal) == 0 {
+			return
+		}
+		request.AddToUserAgent(r, isAwsInternal)
+	},
+}

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/credentials/chain_provider.go

@@ -37,18 +37,19 @@ var (
 // does not return any credentials ChainProvider will return the error
 // ErrNoValidProvidersFoundInChain
 //
-//	creds := credentials.NewChainCredentials(
-//	    []credentials.Provider{
-//	        &credentials.EnvProvider{},
-//	        &ec2rolecreds.EC2RoleProvider{
-//	            Client: ec2metadata.New(sess),
-//	        },
-//	    })
+//     creds := credentials.NewChainCredentials(
+//         []credentials.Provider{
+//             &credentials.EnvProvider{},
+//             &ec2rolecreds.EC2RoleProvider{
+//                 Client: ec2metadata.New(sess),
+//             },
+//         })
+//
+//     // Usage of ChainCredentials with aws.Config
+//     svc := ec2.New(session.Must(session.NewSession(&aws.Config{
+//       Credentials: creds,
+//     })))
 //
-//	// Usage of ChainCredentials with aws.Config
-//	svc := ec2.New(session.Must(session.NewSession(&aws.Config{
-//	  Credentials: creds,
-//	})))
 type ChainProvider struct {
 	Providers     []Provider
 	curr          Provider

cluster-autoscaler/cloudprovider/aws/aws-sdk-go/aws/credentials/credentials.go

@@ -14,36 +14,38 @@
 //
 // Example of using the environment variable credentials.
 //
-//	creds := credentials.NewEnvCredentials()
+//     creds := credentials.NewEnvCredentials()
 //
-//	// Retrieve the credentials value
-//	credValue, err := creds.Get()
-//	if err != nil {
-//	    // handle error
-//	}
+//     // Retrieve the credentials value
+//     credValue, err := creds.Get()
+//     if err != nil {
+//         // handle error
+//     }
 //
 // Example of forcing credentials to expire and be refreshed on the next Get().
 // This may be helpful to proactively expire credentials and refresh them sooner
 // than they would naturally expire on their own.
 //
-//	creds := credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{})
-//	creds.Expire()
-//	credsValue, err := creds.Get()
-//	// New credentials will be retrieved instead of from cache.
+//     creds := credentials.NewCredentials(&ec2rolecreds.EC2RoleProvider{})
+//     creds.Expire()
+//     credsValue, err := creds.Get()
+//     // New credentials will be retrieved instead of from cache.
 //
-// # Custom Provider
+//
+// Custom Provider
 //
 // Each Provider built into this package also provides a helper method to generate
 // a Credentials pointer setup with the provider. To use a custom Provider just
 // create a type which satisfies the Provider interface and pass it to the
 // NewCredentials method.
 //
-//	type MyProvider struct{}
-//	func (m *MyProvider) Retrieve() (Value, error) {...}
-//	func (m *MyProvider) IsExpired() bool {...}
+//     type MyProvider struct{}
+//     func (m *MyProvider) Retrieve() (Value, error) {...}
+//     func (m *MyProvider) IsExpired() bool {...}
+//
+//     creds := credentials.NewCredentials(&MyProvider{})
+//     credValue, err := creds.Get()
 //
-//	creds := credentials.NewCredentials(&MyProvider{})
-//	credValue, err := creds.Get()
 package credentials
 
 import (
@@ -62,10 +64,10 @@ import (
 // when making service API calls. For example, when accessing public
 // s3 buckets.
 //
-//	svc := s3.New(session.Must(session.NewSession(&aws.Config{
-//	  Credentials: credentials.AnonymousCredentials,
-//	})))
-//	// Access public S3 buckets.
+//     svc := s3.New(session.Must(session.NewSession(&aws.Config{
+//       Credentials: credentials.AnonymousCredentials,
+//     })))
+//     // Access public S3 buckets.
 var AnonymousCredentials = NewStaticCredentials("", "", "")
 
 // A Value is the AWS credentials value for individual credential fields.
@@ -148,11 +150,10 @@ func (p ErrorProvider) IsExpired() bool {
 // provider's struct.
 //
 // Example:
-//
-//	type EC2RoleProvider struct {
-//	    Expiry
-//	    ...
-//	}
+//     type EC2RoleProvider struct {
+//         Expiry
+//         ...
+//     }
 type Expiry struct {
 	// The date/time when to expire on
 	expiration time.Time