diff --git a/go.mod b/go.mod index 47dd883b..b696c0b2 100644 --- a/go.mod +++ b/go.mod @@ -8,9 +8,9 @@ require ( github.com/Oudwins/zog v0.22.2 github.com/amacneil/dbmate/v2 v2.33.0 github.com/aws/aws-sdk-go-v2 v1.42.1 - github.com/aws/aws-sdk-go-v2/config v1.32.28 - github.com/aws/aws-sdk-go-v2/credentials v1.19.27 - github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.14 + github.com/aws/aws-sdk-go-v2/config v1.32.29 + github.com/aws/aws-sdk-go-v2/credentials v1.19.28 + github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.3.1 github.com/aws/aws-sdk-go-v2/service/s3 v1.105.0 github.com/aws/smithy-go v1.27.3 github.com/cbergoon/merkletree v0.2.0 @@ -84,7 +84,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.23 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.30 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.31 // indirect - github.com/aws/aws-sdk-go-v2/service/signin v1.3.0 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.4.0 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.32.0 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.37.0 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.44.0 // indirect diff --git a/go.sum b/go.sum index cacb760b..dd57e426 100644 --- a/go.sum +++ b/go.sum @@ -44,6 +44,8 @@ github.com/aws/aws-sdk-go-v2/config v1.32.27 h1:SJwJ9Q4kM7v5QVSYYyXj3znRr6lNyZEh github.com/aws/aws-sdk-go-v2/config v1.32.27/go.mod h1:uBfrzTRedDmB2u+b6+UlaKJy2O6VSH5un2jP24t/KvQ= github.com/aws/aws-sdk-go-v2/config v1.32.28 h1:qY6afygxK5c2PPU3Sz8W6yB5W44RF1vnmPdBwViDN+Y= github.com/aws/aws-sdk-go-v2/config v1.32.28/go.mod h1:WeS/wN1IDs8YC+BxTrFz9ZyJ1rufRBQfirOcDusEpmQ= +github.com/aws/aws-sdk-go-v2/config v1.32.29 h1:BcMHHnpiWKogf+gGfpj3K1w+Sktz29XDo/cPSAPO3FU= +github.com/aws/aws-sdk-go-v2/config v1.32.29/go.mod h1:+Kbhn8Es4kPUph3F/0W7avykytc+Jh2Ld9/msv9ljV4= github.com/aws/aws-sdk-go-v2/credentials v1.19.19 h1:yuFzSV1U0aRNYCQGVaTY2zW2M/L93pYHnXnrJUphYhU= github.com/aws/aws-sdk-go-v2/credentials v1.19.19/go.mod h1:7y63L1kGzeoDlJaQ3Z578KrnmfBut96JjvJUzGwR+YE= github.com/aws/aws-sdk-go-v2/credentials v1.19.24 h1:2hQqYCV9yqyePQ9o6dCrZc/zO8U3TwPr9mIKlZnPu/I= @@ -52,6 +54,8 @@ github.com/aws/aws-sdk-go-v2/credentials v1.19.26 h1:Si8kk1kyJnuJWCEgiwpBtTdtgSd github.com/aws/aws-sdk-go-v2/credentials v1.19.26/go.mod h1:lBckz+W9SAdNtSDw3pYgQUJDJFcBBWry0GSzw+bK0TY= github.com/aws/aws-sdk-go-v2/credentials v1.19.27 h1:cFksKkdaBGGmpe6XJpvrxFNWkbXY5/gwFqZNB2O9WCM= github.com/aws/aws-sdk-go-v2/credentials v1.19.27/go.mod h1:20CoObBgNhFfl8/ggDQu2IZmItxDhkLcWSy4C3alDPI= +github.com/aws/aws-sdk-go-v2/credentials v1.19.28 h1:zTXJSsNcoO91/mTXsZoYf0AK8dvNPiA58/VtyGXR+wM= +github.com/aws/aws-sdk-go-v2/credentials v1.19.28/go.mod h1:Kd9E0JzDBW/q1xbsHFrev/GnbAf5J0Ng8xoyc7HZ91Q= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.25 h1:0w6dCiO8iez+YKwRhRBlL1CH/E3GTfdkuzrwj1by8vo= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.25/go.mod h1:9FDWUothyr5RCRAHc45XOiVCzUR8n/IhCYX+uVqw6vk= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29 h1:r6qZHbT+wxgWO/e9vYNUEtg7lv5+UN3pRqKhLXvnArg= @@ -70,6 +74,8 @@ github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.13 h1:zHi0z+ZT207/Q github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.13/go.mod h1:ycxBs1ztF7RbxNWiJoIegPCvsfuO7dCvtyyloQvRgNs= github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.14 h1:oBzlDywQsCbpL0+GRlS5ycXQkR7lmuzeHcLl0ycAQ0Q= github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.14/go.mod h1:ED1gaDLOD0VEAEQiJgobHSM/iFRTeH++5wjV3IwvoQ4= +github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.3.1 h1:in1rmZHNBr3OntzYxPRKnjW7eCYLrTExI0VQXR+C8AY= +github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.3.1/go.mod h1:KYWha/ENCwaAgWraz9liTvWPx59WRs3yJDSu1cjk5io= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.25 h1:Uii3frf9ztec/ABM2/FSH9/z7PLzxfpG8h4RpkUFflQ= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.25/go.mod h1:G6kntsA2GorAxDPbap6xgB2F+amSLUF8GJTi7PUoX44= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29 h1:f3vKqSo13fhTYb+JEcXwXefZQE26I1FB5eTSniU67ko= @@ -130,6 +136,8 @@ github.com/aws/aws-sdk-go-v2/service/signin v1.2.2 h1:69JEZSDTQ+UNbTWQJCZMmbpQb5 github.com/aws/aws-sdk-go-v2/service/signin v1.2.2/go.mod h1:mxC0nT/C8wMMS97DemZPzvUZxvIt+2Iq+eS3JdFZGgg= github.com/aws/aws-sdk-go-v2/service/signin v1.3.0 h1:i0+tbB9QBnzL5NrF2WR/zk8q2s+1N+RaDYr2627E8UI= github.com/aws/aws-sdk-go-v2/service/signin v1.3.0/go.mod h1:mxC0nT/C8wMMS97DemZPzvUZxvIt+2Iq+eS3JdFZGgg= +github.com/aws/aws-sdk-go-v2/service/signin v1.4.0 h1:sLzmJGCMv+C8KqiJgEqDLB6vxaJGmobRh4rr//ZpA3w= +github.com/aws/aws-sdk-go-v2/service/signin v1.4.0/go.mod h1:mxC0nT/C8wMMS97DemZPzvUZxvIt+2Iq+eS3JdFZGgg= github.com/aws/aws-sdk-go-v2/service/sso v1.30.19 h1:N6pIsdFOW1Kd9S4KyFKXdGRBojPPxkP32+uHFWLv4Hc= github.com/aws/aws-sdk-go-v2/service/sso v1.30.19/go.mod h1:3gt5WJArFooNmyLONS+h/R4J+o86II8du38IgCwj9dE= github.com/aws/aws-sdk-go-v2/service/sso v1.31.3 h1:ey1XLTYXb9PcLt4535632o5kCGXNXEhNb620Dqwuylo= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index 8df8986e..2e151eb0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.32.29 (2026-07-08.2) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.32.28 (2026-07-06) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index 7ec444d5..839c388c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.32.28" +const goModuleVersion = "1.32.29" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md index ad8092ed..6a6d7bde 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.19.28 (2026-07-08.2) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.19.27 (2026-07-06) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go index e5dd696d..bae1ba5d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go @@ -3,4 +3,4 @@ package credentials // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.19.27" +const goModuleVersion = "1.19.28" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/CHANGELOG.md index da3ccb86..0885edc7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/CHANGELOG.md @@ -1,3 +1,11 @@ +# v0.3.1 (2026-07-08.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v0.3.0 (2026-07-08) + +* **Feature**: Add RequestChecksumCalculation config. + # v0.2.14 (2026-07-06) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_client.go index 02ae4440..2c6c11c9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_client.go @@ -39,7 +39,7 @@ func New(s3Client S3APIClient, optFns ...func(*Options)) *Client { resolveConcurrency(&opts) resolvePartSizeBytes(&opts) - resolveChecksumAlgorithm(&opts) + resolveRequestChecksumCalculation(&opts) resolveMultipartUploadThreshold(&opts) resolveGetObjectType(&opts) resolvePartBodyMaxRetries(&opts) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadDirectory.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadDirectory.go index 6f6b4634..c8fad4cf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadDirectory.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadDirectory.go @@ -130,7 +130,6 @@ type directoryUploader struct { filesUploaded atomic.Int64 filesFailed atomic.Int64 - traversed map[string]any err error @@ -151,7 +150,7 @@ func (u *directoryUploader) uploadDirectory(ctx context.Context) (*UploadDirecto } if aws.ToBool(u.in.Recursive) { - u.traverse(aws.ToString(u.in.Source), aws.ToString(u.in.KeyPrefix), ch) + u.traverse(aws.ToString(u.in.Source), aws.ToString(u.in.KeyPrefix), ch, map[string]struct{}{}) } else { files, err := u.traverseFolder(aws.ToString(u.in.Source)) if err != nil { @@ -210,8 +209,6 @@ func (u *directoryUploader) uploadDirectory(ctx context.Context) (*UploadDirecto } func (u *directoryUploader) init() { - u.traversed = make(map[string]any) - u.failurePolicy = TerminateUploadPolicy{} if u.in.FailurePolicy != nil { u.failurePolicy = u.in.FailurePolicy @@ -228,8 +225,15 @@ type fileEntry struct { } // traverse recursively visits each folder and sends each -// valid file's request to worker goroutines -func (u *directoryUploader) traverse(path, keyPrefix string, ch chan fileEntry) { +// valid file's request to worker goroutines. +// +// ancestors tracks the real directory paths currently active on the call +// stack. It is used to detect symlinks that would create an infinite loop by +// pointing back to a directory that is already being recursed into. Entries +// are added before recursing into a directory and removed afterward (DFS +// backtracking), so two sibling symlinks that resolve to the same directory +// are each traversed independently without triggering a false positive. +func (u *directoryUploader) traverse(path, keyPrefix string, ch chan fileEntry, ancestors map[string]struct{}) { if u.getErr() != nil { return } @@ -256,14 +260,24 @@ func (u *directoryUploader) traverse(path, keyPrefix string, ch chan fileEntry) return } if fileInfo.IsDir() { + // Detect symlink-induced directory loops: if absPath is already an + // ancestor on the current recursion stack we would loop forever. + if _, loop := ancestors[absPath]; loop { + u.setErr(fmt.Errorf("traversed duplicate path %s", absPath)) + return + } subFiles, err := u.traverseFolder(absPath) if err != nil { u.setErr(fmt.Errorf("error when traversing folder %s: %v", absPath, err)) return } + // Mark this directory as active for all children, then unmark it + // once done so sibling subtrees can legitimately enter the same dir. + ancestors[absPath] = struct{}{} for _, f := range subFiles { - u.traverse(filepath.Join(path, f), key, ch) + u.traverse(filepath.Join(path, f), key, ch, ancestors) } + delete(ancestors, absPath) } else { if u.in.Filter != nil && !u.in.Filter.FilterFile(path) { return @@ -272,8 +286,8 @@ func (u *directoryUploader) traverse(path, keyPrefix string, ch chan fileEntry) } } -// getAbsPath resolves a path's desination absolute path with deduplication -// in case any symlink causes traverse loop or repeated upload +// getAbsPath resolves a path's destination absolute path, following symlinks +// when FollowSymbolicLinks is enabled. func (u *directoryUploader) getAbsPath(path string) (string, error) { fileInfo, err := os.Lstat(path) if err != nil { @@ -289,10 +303,6 @@ func (u *directoryUploader) getAbsPath(path string) (string, error) { return "", err } } - if u.traversed[path] != nil { - return "", fmt.Errorf("traversed duplicate path %s", path) - } - u.traversed[path] = struct{}{} return path, nil } @@ -318,6 +328,10 @@ func (u *directoryUploader) traverseFolder(path string) ([]string, error) { func (u *directoryUploader) traverseSymlink(path string) (string, error) { originPath := path + // visited is local to this resolution chain and detects circular symlink + // references (e.g. a → b → a) without interfering with other symlinks that + // may legitimately resolve to the same target. + visited := map[string]struct{}{path: {}} for { dst, err := os.Readlink(path) if err != nil { @@ -328,7 +342,7 @@ func (u *directoryUploader) traverseSymlink(path string) (string, error) { } else { path = filepath.Join(filepath.Dir(path), dst) } - if u.traversed[path] != nil { + if _, seen := visited[path]; seen { return "", fmt.Errorf("traversed duplicate path: %s", path) } fileInfo, err := os.Lstat(path) @@ -338,7 +352,7 @@ func (u *directoryUploader) traverseSymlink(path string) (string, error) { if fileInfo.Mode()&os.ModeSymlink != os.ModeSymlink { return path, nil } - u.traversed[path] = struct{}{} + visited[path] = struct{}{} } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadObject.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadObject.go index 23c0eb2d..cf3613c4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/api_op_UploadObject.go @@ -15,9 +15,11 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/types" + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" "github.com/aws/aws-sdk-go-v2/service/s3" s3types "github.com/aws/aws-sdk-go-v2/service/s3/types" smithymiddleware "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" ) // A MultipartUploadError wraps a failed S3 multipart upload. An error returned @@ -839,9 +841,13 @@ func (u *uploader) upload(ctx context.Context) (*UploadObjectOutput, error) { clientOptions := []func(o *s3.Options){ func(o *s3.Options) { + o.RequestChecksumCalculation = u.options.RequestChecksumCalculation o.APIOptions = append(o.APIOptions, middleware.AddSDKAgentKey(middleware.FeatureMetadata, userAgentKey), addFeatureUserAgent, + func(s *smithymiddleware.Stack) error { + return s.Finalize.Insert(&setS3ExpressDefaultChecksum{}, "ResolveEndpointV2", smithymiddleware.After) + }, ) }} @@ -905,7 +911,7 @@ func (u *uploader) initSize() error { func (u *uploader) singleUpload(ctx context.Context, r io.Reader, sz int, cleanUp func(), clientOptions ...func(*s3.Options)) (*UploadObjectOutput, error) { defer cleanUp() - params := u.in.mapSingleUploadInput(r, u.options.ChecksumAlgorithm) + params := u.in.mapSingleUploadInput(r, u.options.checksumAlgorithm()) objectSize := int64(sz) var loc recordLocationClient @@ -1018,7 +1024,7 @@ func (cp completedParts) Swap(i, j int) { // upload will perform a multipart upload using the firstBuf buffer containing // the first chunk of data. func (u *multiUploader) upload(ctx context.Context, firstBuf io.Reader, firstBuflen int, cleanup func(), clientOptions ...func(*s3.Options)) (*UploadObjectOutput, error) { - params := u.uploader.in.mapCreateMultipartUploadInput(u.options.ChecksumAlgorithm) + params := u.uploader.in.mapCreateMultipartUploadInput(u.options.checksumAlgorithm()) // We are **ignoring** the output.Location here for backwards compat. // @@ -1144,7 +1150,7 @@ func (u *multiUploader) readChunk(ctx context.Context, ch chan ulChunk, clientOp // send performs an UploadPart request and keeps track of the completed // part information. func (u *multiUploader) send(ctx context.Context, c ulChunk, clientOptions ...func(*s3.Options)) error { - params := u.in.mapUploadPartInput(c.buf, c.partNum, u.uploadID, u.options.ChecksumAlgorithm) + params := u.in.mapUploadPartInput(c.buf, c.partNum, u.uploadID, u.options.checksumAlgorithm()) resp, err := u.options.S3.UploadPart(ctx, params, clientOptions...) if err != nil { // progress failed() is NOT emitted here, it's emitted once at the end @@ -1224,6 +1230,43 @@ func (u *multiUploader) complete(ctx context.Context, clientOptions ...func(*s3. return resp } +type setS3ExpressDefaultChecksum struct{} + +func (*setS3ExpressDefaultChecksum) ID() string { + return "setS3ExpressDefaultChecksum" +} + +func (*setS3ExpressDefaultChecksum) HandleFinalize( + ctx context.Context, in smithymiddleware.FinalizeInput, next smithymiddleware.FinalizeHandler, +) ( + out smithymiddleware.FinalizeOutput, metadata smithymiddleware.Metadata, err error, +) { + const checksumHeader = "x-amz-checksum-algorithm" + + if internalcontext.GetS3Backend(ctx) != internalcontext.S3BackendS3Express { + return next.HandleFinalize(ctx, in) + } + + // If this is CreateMultipartUpload we need to ensure the checksum + // algorithm header is present. Otherwise everything is driven off the + // context setting and we can let it flow from there. + if middleware.GetOperationName(ctx) == "CreateMultipartUpload" { + r, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) + } + + if internalcontext.GetChecksumInputAlgorithm(ctx) == "" { + r.Header.Set(checksumHeader, "CRC32") + } + return next.HandleFinalize(ctx, in) + } else if internalcontext.GetChecksumInputAlgorithm(ctx) == "" { + ctx = internalcontext.SetChecksumInputAlgorithm(ctx, string(s3types.ChecksumAlgorithmCrc32)) + } + + return next.HandleFinalize(ctx, in) +} + func addFeatureUserAgent(stack *smithymiddleware.Stack) error { ua, err := getOrAddRequestUserAgent(stack) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/go_module_metadata.go index 91ff0794..ad6bfdb0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/go_module_metadata.go @@ -3,4 +3,4 @@ package transfermanager // goModuleVersion is the tagged release for this module -const goModuleVersion = "0.2.14" +const goModuleVersion = "0.3.1" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/options.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/options.go index abb3234d..3d4ad346 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/options.go @@ -3,6 +3,7 @@ package transfermanager import ( "time" + "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/types" ) @@ -35,6 +36,24 @@ type Options struct { // Checksum algorithm to use for upload ChecksumAlgorithm types.ChecksumAlgorithm + // RequestChecksumCalculation determines when request checksums are calculated + // for uploads. This setting takes precedence over the RequestChecksumCalculation + // configured on the underlying S3 client. + // + // There are two possible values: + // + // 1. RequestChecksumCalculationWhenSupported (default): a checksum is + // calculated for every upload request, defaulting to CRC32 when the caller + // does not specify a ChecksumAlgorithm. + // + // 2. RequestChecksumCalculationWhenRequired: a checksum is only calculated + // when the caller specifies a ChecksumAlgorithm (on the input or these + // options) or the operation otherwise requires it. + // + // Note: S3 Express One Zone (directory) buckets always require CRC32 checksums, + // which are applied regardless of this setting. + RequestChecksumCalculation aws.RequestChecksumCalculation + // The number of goroutines to spin up in parallel per call to transfer single object parts or directory objects. // If this is set to zero, the DefaultUploadConcurrency value will be used. // @@ -80,12 +99,26 @@ func resolvePartSizeBytes(o *Options) { } } -func resolveChecksumAlgorithm(o *Options) { - if o.ChecksumAlgorithm == "" { - o.ChecksumAlgorithm = types.ChecksumAlgorithmCrc32 +func resolveRequestChecksumCalculation(o *Options) { + if o.RequestChecksumCalculation == aws.RequestChecksumCalculationUnset { + o.RequestChecksumCalculation = aws.RequestChecksumCalculationWhenSupported } } +func (o Options) checksumAlgorithm() types.ChecksumAlgorithm { + if o.ChecksumAlgorithm != "" { + return o.ChecksumAlgorithm + } + + if o.RequestChecksumCalculation != aws.RequestChecksumCalculationWhenRequired { + return types.ChecksumAlgorithmCrc32 + } + + // Empty: the RequestChecksumCalculation client option applied to each S3 call + // suppresses the client's own default checksum. + return "" +} + func resolveMultipartUploadThreshold(o *Options) { if o.MultipartUploadThreshold == 0 { o.MultipartUploadThreshold = defaultMultipartUploadThreshold diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md index d7f1e6eb..0fb1f774 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.4.0 (2026-07-08.2) + +* **Feature**: Adds support for OAuth 2.0 token operations in AWS Sign-In, CreateOAuth2TokenWithIAM (client credentials flow), IntrospectOAuth2TokenWithIAM (token inspection), and RevokeOAuth2TokenWithIAM (token revocation). + # v1.3.0 (2026-07-06) * **Feature**: Add request serialization snapshot tests. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2TokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2TokenWithIAM.go new file mode 100644 index 00000000..0237f038 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2TokenWithIAM.go @@ -0,0 +1,134 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Grants permission to exchange client credentials for an OAuth 2.0 access token +// scoped to a resource that can be used to access AWS services from applications +func (c *Client) CreateOAuth2TokenWithIAM(ctx context.Context, params *CreateOAuth2TokenWithIAMInput, optFns ...func(*Options)) (*CreateOAuth2TokenWithIAMOutput, error) { + if params == nil { + params = &CreateOAuth2TokenWithIAMInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "CreateOAuth2TokenWithIAM", params, optFns, c.addOperationCreateOAuth2TokenWithIAMMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*CreateOAuth2TokenWithIAMOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input structure for CreateOAuth2TokenWithIAM operation +type CreateOAuth2TokenWithIAMInput struct { + + // OAuth 2.0 grant type. Must be "client_credentials". + // + // This member is required. + GrantType *string + + // The OAuth resource for which the access token is requested. Example: + // "aws-mcp.amazonaws.com". + // + // This member is required. + Resource *string + + noSmithyDocumentSerde +} + +func (in *CreateOAuth2TokenWithIAMInput) bindEndpointParams(p *EndpointParameters) { + + p.IsOAuthEndpoint = ptr.Bool(true) +} + +// Output structure for CreateOAuth2TokenWithIAM operation +// +// Contains the JWT access token, token type, and expiration per RFC 6749 §5.1. +type CreateOAuth2TokenWithIAMOutput struct { + + // JWT access token containing principal identity, resource scope, and session + // metadata + // + // This member is required. + AccessToken *string + + // Token lifetime in seconds. Value is the minimum of session validity and 1 hour. + // + // This member is required. + ExpiresIn *int32 + + // Always "Bearer" per OAuth 2.1 specification + // + // This member is required. + TokenType *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationCreateOAuth2TokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateOAuth2TokenWithIAM{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateOAuth2TokenWithIAM{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpCreateOAuth2TokenWithIAMValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "CreateOAuth2TokenWithIAM"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_IntrospectOAuth2TokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_IntrospectOAuth2TokenWithIAM.go new file mode 100644 index 00000000..ef2b630a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_IntrospectOAuth2TokenWithIAM.go @@ -0,0 +1,184 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Grants permission to inspect the metadata and state of an OAuth 2.0 access +// token or refresh token +// +// Implements RFC 7662 OAuth 2.0 Token Introspection over a SigV4-authenticated +// endpoint. Inspects the metadata of an access_token or refresh_token issued by +// AWS Sign-In and returns the claims associated with it. +// +// Inactive token semantics (RFC 7662 §2.2): when the supplied token is unknown, +// expired, revoked, malformed, or owned by a different account, the response body +// is exactly { "active": false } with all other claims omitted. +func (c *Client) IntrospectOAuth2TokenWithIAM(ctx context.Context, params *IntrospectOAuth2TokenWithIAMInput, optFns ...func(*Options)) (*IntrospectOAuth2TokenWithIAMOutput, error) { + if params == nil { + params = &IntrospectOAuth2TokenWithIAMInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "IntrospectOAuth2TokenWithIAM", params, optFns, c.addOperationIntrospectOAuth2TokenWithIAMMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*IntrospectOAuth2TokenWithIAMOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input structure for IntrospectOAuth2TokenWithIAM operation +// +// RFC 7662 §2.1 introspection request. Contains the token to inspect and an +// optional hint about the token's type. +type IntrospectOAuth2TokenWithIAMInput struct { + + // The string value of the token to introspect. May be either an access_token or a + // refresh_token issued by AWS Sign-In. + // + // This member is required. + Token *string + + // Optional hint about the type of the token submitted for introspection. The + // server uses this hint to optimize lookup, but still falls back to the other + // token type on miss. Allowed values: access_token, refresh_token. + TokenTypeHint *string + + noSmithyDocumentSerde +} + +func (in *IntrospectOAuth2TokenWithIAMInput) bindEndpointParams(p *EndpointParameters) { + + p.IsOAuthEndpoint = ptr.Bool(true) +} + +// Output structure for IntrospectOAuth2TokenWithIAM operation +// +// RFC 7662 §2.2 introspection response. Only active is required; all other claims +// are omitted when the token is inactive. +type IntrospectOAuth2TokenWithIAMOutput struct { + + // Indicates whether the token is currently active. true only when the token is + // valid, has not expired, has not been revoked, and belongs to the caller's + // account. + // + // This member is required. + Active *bool + + // 12-digit AWS account ID of the token's subject principal. + AccountId *string + + // Audience of the token: the OAuth resource the token is scoped to (for example, + // "aws-mcp.amazonaws.com"). Omitted for refresh tokens. + Aud *string + + // Client identifier for the OAuth 2.0 client that requested the token. + ClientId *string + + // Token expiration time as a NumericDate (Unix epoch seconds). + Exp *int64 + + // Token issuance time as a NumericDate (Unix epoch seconds). + Iat *int64 + + // Issuer of the token. Always "signin.amazonaws.com" for AWS Sign-In. + Iss *string + + // Unique identifier for the token. + Jti *string + + // Token "not before" time as a NumericDate (Unix epoch seconds). + Nbf *int64 + + // The OAuth resource the token is scoped to during Human OAuth flow. Only present + // for refresh token introspection. + Resource *string + + // AWS Sign-In session ARN bound to the token, of the form + // arn:aws:signin:{region}:{account}:session/{uuid}. + SigninSession *string + + // Subject of the token: the IAM principal ARN. For assumed-role sessions, this is + // the session ARN (matches sts:GetCallerIdentity's Arn field), e.g. + // arn:aws:sts::123456789012:assumed-role/MyRole/session-name. + Sub *string + + // Indicates which kind of token was introspected. One of "access_token" or + // "refresh_token". + TokenType *string + + // User identifier matching sts:GetCallerIdentity's UserId field for the token's + // subject principal (e.g. "AIDAEXAMPLE" for an IAM user, or + // "AROAEXAMPLE:session-name" for an assumed role). + UserId *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationIntrospectOAuth2TokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpIntrospectOAuth2TokenWithIAM{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpIntrospectOAuth2TokenWithIAM{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpIntrospectOAuth2TokenWithIAMValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "IntrospectOAuth2TokenWithIAM"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_RevokeOAuth2TokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_RevokeOAuth2TokenWithIAM.go new file mode 100644 index 00000000..8ec46798 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_RevokeOAuth2TokenWithIAM.go @@ -0,0 +1,122 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Grants permission to revoke an OAuth 2.0 refresh token and its associated +// refresh tokens +// +// Revokes a refresh_token issued by AWS Sign-In, invalidating the entire token +// chain so that the refresh_token can no longer be used to mint new access_tokens. +// +// Idempotency: revoking an already-revoked, expired, or otherwise invalid token +// still returns 200 OK with an empty body. Only the refresh_token type is +// accepted. +func (c *Client) RevokeOAuth2TokenWithIAM(ctx context.Context, params *RevokeOAuth2TokenWithIAMInput, optFns ...func(*Options)) (*RevokeOAuth2TokenWithIAMOutput, error) { + if params == nil { + params = &RevokeOAuth2TokenWithIAMInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "RevokeOAuth2TokenWithIAM", params, optFns, c.addOperationRevokeOAuth2TokenWithIAMMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*RevokeOAuth2TokenWithIAMOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input structure for RevokeOAuth2TokenWithIAM operation +// +// RFC 7009 §2.1 revocation request. Contains the refresh_token to revoke. +type RevokeOAuth2TokenWithIAMInput struct { + + // The refresh_token to revoke. Must be a refresh_token issued by AWS Sign-In + // (prefix "ASOR"); access_tokens are not accepted for revocation. + // + // This member is required. + Token *string + + noSmithyDocumentSerde +} + +func (in *RevokeOAuth2TokenWithIAMInput) bindEndpointParams(p *EndpointParameters) { + + p.IsOAuthEndpoint = ptr.Bool(true) +} + +// Output structure for RevokeOAuth2TokenWithIAM operation +// +// RFC 7009 §2.2 revocation response. The endpoint returns 200 OK with an empty +// body on success; there are no response fields. +type RevokeOAuth2TokenWithIAMOutput struct { + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationRevokeOAuth2TokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpRevokeOAuth2TokenWithIAM{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpRevokeOAuth2TokenWithIAM{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpRevokeOAuth2TokenWithIAMValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "RevokeOAuth2TokenWithIAM"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go index 12208eaa..e78be322 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go @@ -180,6 +180,193 @@ func awsRestjson1_deserializeOpDocumentCreateOAuth2TokenOutput(v **CreateOAuth2T return nil } +type awsRestjson1_deserializeOpCreateOAuth2TokenWithIAM struct { +} + +func (*awsRestjson1_deserializeOpCreateOAuth2TokenWithIAM) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpCreateOAuth2TokenWithIAM) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorCreateOAuth2TokenWithIAM(response, &metadata) + } + output := &CreateOAuth2TokenWithIAMOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentCreateOAuth2TokenWithIAMOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorCreateOAuth2TokenWithIAM(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentCreateOAuth2TokenWithIAMOutput(v **CreateOAuth2TokenWithIAMOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *CreateOAuth2TokenWithIAMOutput + if *v == nil { + sv = &CreateOAuth2TokenWithIAMOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "access_token": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuthAccessToken to be of type string, got %T instead", value) + } + sv.AccessToken = ptr.String(jtv) + } + + case "expires_in": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected TokenExpiresIn to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.ExpiresIn = ptr.Int32(int32(i64)) + } + + case "token_type": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BearerTokenType to be of type string, got %T instead", value) + } + sv.TokenType = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + type awsRestjson1_deserializeOpDeleteConsoleAuthorizationConfiguration struct { } @@ -514,7 +701,193 @@ func (m *awsRestjson1_deserializeOpGetConsoleAuthorizationConfiguration) HandleD return out, metadata, err } - err = awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutput(&output, shape) + err = awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorGetConsoleAuthorizationConfiguration(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutput(v **GetConsoleAuthorizationConfigurationOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *GetConsoleAuthorizationConfigurationOutput + if *v == nil { + sv = &GetConsoleAuthorizationConfigurationOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "consoleAuthorizationEnabled": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.ConsoleAuthorizationEnabled = ptr.Bool(jtv) + } + + case "scope": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Scope = ptr.String(jtv) + } + + case "targetId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TargetId to be of type string, got %T instead", value) + } + sv.TargetId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +type awsRestjson1_deserializeOpGetResourcePolicy struct { +} + +func (*awsRestjson1_deserializeOpGetResourcePolicy) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpGetResourcePolicy) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorGetResourcePolicy(response, &metadata) + } + output := &GetResourcePolicyOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(&output, shape) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -528,7 +901,7 @@ func (m *awsRestjson1_deserializeOpGetConsoleAuthorizationConfiguration) HandleD return out, metadata, err } -func awsRestjson1_deserializeOpErrorGetConsoleAuthorizationConfiguration(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsRestjson1_deserializeOpErrorGetResourcePolicy(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -581,9 +954,6 @@ func awsRestjson1_deserializeOpErrorGetConsoleAuthorizationConfiguration(respons case strings.EqualFold("TooManyRequestsError", errorCode): return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) - case strings.EqualFold("ValidationException", errorCode): - return awsRestjson1_deserializeErrorValidationException(response, errorBody) - default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -594,7 +964,7 @@ func awsRestjson1_deserializeOpErrorGetConsoleAuthorizationConfiguration(respons } } -func awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutput(v **GetConsoleAuthorizationConfigurationOutput, value interface{}) error { +func awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(v **GetResourcePolicyOutput, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -607,40 +977,18 @@ func awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutpu return fmt.Errorf("unexpected JSON type %v", value) } - var sv *GetConsoleAuthorizationConfigurationOutput + var sv *GetResourcePolicyOutput if *v == nil { - sv = &GetConsoleAuthorizationConfigurationOutput{} + sv = &GetResourcePolicyOutput{} } else { sv = *v } for key, value := range shape { switch key { - case "consoleAuthorizationEnabled": - if value != nil { - jtv, ok := value.(bool) - if !ok { - return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) - } - sv.ConsoleAuthorizationEnabled = ptr.Bool(jtv) - } - - case "scope": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected String to be of type string, got %T instead", value) - } - sv.Scope = ptr.String(jtv) - } - - case "targetId": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected TargetId to be of type string, got %T instead", value) - } - sv.TargetId = ptr.String(jtv) + case "signinResourceBasedPolicy": + if err := awsRestjson1_deserializeDocumentSigninResourceBasedPolicy(&sv.SigninResourceBasedPolicy, value); err != nil { + return err } default: @@ -652,14 +1000,14 @@ func awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutpu return nil } -type awsRestjson1_deserializeOpGetResourcePolicy struct { +type awsRestjson1_deserializeOpIntrospectOAuth2TokenWithIAM struct { } -func (*awsRestjson1_deserializeOpGetResourcePolicy) ID() string { +func (*awsRestjson1_deserializeOpIntrospectOAuth2TokenWithIAM) ID() string { return "OperationDeserializer" } -func (m *awsRestjson1_deserializeOpGetResourcePolicy) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( +func (m *awsRestjson1_deserializeOpIntrospectOAuth2TokenWithIAM) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( out middleware.DeserializeOutput, metadata middleware.Metadata, err error, ) { out, metadata, err = next.HandleDeserialize(ctx, in) @@ -677,9 +1025,9 @@ func (m *awsRestjson1_deserializeOpGetResourcePolicy) HandleDeserialize(ctx cont } if response.StatusCode < 200 || response.StatusCode >= 300 { - return out, metadata, awsRestjson1_deserializeOpErrorGetResourcePolicy(response, &metadata) + return out, metadata, awsRestjson1_deserializeOpErrorIntrospectOAuth2TokenWithIAM(response, &metadata) } - output := &GetResourcePolicyOutput{} + output := &IntrospectOAuth2TokenWithIAMOutput{} out.Result = output var buff [1024]byte @@ -700,7 +1048,7 @@ func (m *awsRestjson1_deserializeOpGetResourcePolicy) HandleDeserialize(ctx cont return out, metadata, err } - err = awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(&output, shape) + err = awsRestjson1_deserializeOpDocumentIntrospectOAuth2TokenWithIAMOutput(&output, shape) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -714,7 +1062,7 @@ func (m *awsRestjson1_deserializeOpGetResourcePolicy) HandleDeserialize(ctx cont return out, metadata, err } -func awsRestjson1_deserializeOpErrorGetResourcePolicy(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsRestjson1_deserializeOpErrorIntrospectOAuth2TokenWithIAM(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -761,12 +1109,12 @@ func awsRestjson1_deserializeOpErrorGetResourcePolicy(response *smithyhttp.Respo case strings.EqualFold("InternalServerException", errorCode): return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) - case strings.EqualFold("ResourceNotFoundException", errorCode): - return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) - case strings.EqualFold("TooManyRequestsError", errorCode): return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -777,7 +1125,7 @@ func awsRestjson1_deserializeOpErrorGetResourcePolicy(response *smithyhttp.Respo } } -func awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(v **GetResourcePolicyOutput, value interface{}) error { +func awsRestjson1_deserializeOpDocumentIntrospectOAuth2TokenWithIAMOutput(v **IntrospectOAuth2TokenWithIAMOutput, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -790,18 +1138,151 @@ func awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(v **GetResourcePo return fmt.Errorf("unexpected JSON type %v", value) } - var sv *GetResourcePolicyOutput + var sv *IntrospectOAuth2TokenWithIAMOutput if *v == nil { - sv = &GetResourcePolicyOutput{} + sv = &IntrospectOAuth2TokenWithIAMOutput{} } else { sv = *v } for key, value := range shape { switch key { - case "signinResourceBasedPolicy": - if err := awsRestjson1_deserializeDocumentSigninResourceBasedPolicy(&sv.SigninResourceBasedPolicy, value); err != nil { - return err + case "account_id": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected AccountId to be of type string, got %T instead", value) + } + sv.AccountId = ptr.String(jtv) + } + + case "active": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.Active = ptr.Bool(jtv) + } + + case "aud": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Aud = ptr.String(jtv) + } + + case "client_id": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.ClientId = ptr.String(jtv) + } + + case "exp": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected Long to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.Exp = ptr.Int64(i64) + } + + case "iat": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected Long to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.Iat = ptr.Int64(i64) + } + + case "iss": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Iss = ptr.String(jtv) + } + + case "jti": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Jti = ptr.String(jtv) + } + + case "nbf": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected Long to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.Nbf = ptr.Int64(i64) + } + + case "resource": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Resource = ptr.String(jtv) + } + + case "signin_session": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.SigninSession = ptr.String(jtv) + } + + case "sub": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Sub = ptr.String(jtv) + } + + case "token_type": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected IntrospectedTokenType to be of type string, got %T instead", value) + } + sv.TokenType = ptr.String(jtv) + } + + case "user_id": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.UserId = ptr.String(jtv) } default: @@ -1346,6 +1827,103 @@ func awsRestjson1_deserializeOpDocumentPutResourcePermissionStatementOutput(v ** return nil } +type awsRestjson1_deserializeOpRevokeOAuth2TokenWithIAM struct { +} + +func (*awsRestjson1_deserializeOpRevokeOAuth2TokenWithIAM) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpRevokeOAuth2TokenWithIAM) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorRevokeOAuth2TokenWithIAM(response, &metadata) + } + output := &RevokeOAuth2TokenWithIAMOutput{} + out.Result = output + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorRevokeOAuth2TokenWithIAM(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + func awsRestjson1_deserializeErrorAccessDeniedException(response *smithyhttp.Response, errorBody *bytes.Reader) error { output := &types.AccessDeniedException{} var buff [1024]byte diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go index 16944632..52c68b35 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go @@ -276,6 +276,12 @@ type EndpointParameters struct { // Parameter is // required. IsControlPlane *bool + + // Indicates if the operation targets the OAuth token endpoint + // + // Parameter is + // required. + IsOAuthEndpoint *bool } // ValidateRequired validates required parameters are set. @@ -306,8 +312,8 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { const bddRoot int32 = 2 -var bddNodes = [99]int32{ - -1, 1, -1, 0, 4, 3, 2, 30, 100000025, 1, 24, 5, 2, 30, 6, 3, 7, 26, 4, 18, 8, 5, 17, 9, 6, 100000004, 10, 7, 100000005, 11, 10, 100000006, 12, 12, 100000007, 13, 13, 100000008, 14, 14, 100000009, 15, 15, 100000010, 16, 16, 100000011, 100000014, 8, 100000022, 100000023, 5, 22, 19, 9, 100000012, 20, 10, 100000013, 21, 11, 100000020, 100000021, 8, 23, 100000019, 11, 100000018, 100000019, 2, 29, 25, 3, 32, 26, 4, 27, 100000025, 5, 100000025, 28, 9, 100000012, 100000025, 3, 32, 30, 4, 100000015, 31, 5, 100000016, 100000017, 6, 100000001, 33, 7, 100000002, 100000003} +var bddNodes = [120]int32{ + -1, 1, -1, 0, 6, 3, 2, 36, 4, 4, 5, 100000027, 6, 100000004, 100000027, 1, 29, 7, 2, 36, 8, 3, 9, 31, 4, 22, 10, 5, 19, 11, 7, 21, 12, 8, 100000007, 13, 10, 100000008, 14, 12, 100000009, 15, 13, 100000010, 16, 14, 100000011, 17, 15, 100000012, 18, 16, 100000013, 100000016, 6, 100000005, 20, 7, 21, 100000006, 17, 100000024, 100000025, 6, 100000004, 23, 7, 27, 24, 9, 100000014, 25, 10, 100000015, 26, 11, 100000022, 100000023, 11, 28, 100000021, 17, 100000020, 100000021, 2, 35, 30, 3, 39, 31, 4, 32, 100000027, 6, 100000004, 33, 7, 100000027, 34, 9, 100000014, 100000027, 3, 39, 36, 4, 38, 37, 7, 100000018, 100000019, 6, 100000004, 100000017, 5, 100000001, 40, 8, 100000002, 100000003} type conditionContext struct { PartitionResult *awsrulesfn.PartitionConfig @@ -335,13 +341,18 @@ func evalCondition(idx int, params *EndpointParameters, c *conditionContext) boo case 4: return *params.UseFIPS == true case 5: - return *params.UseDualStack == true - case 6: return c.PartitionResult.Name == "aws" + case 6: + return func() bool { + if v := params.IsOAuthEndpoint; v != nil { + return *v + } + return false + }() == true case 7: - return c.PartitionResult.Name == "aws-cn" + return *params.UseDualStack == true case 8: - return c.PartitionResult.SupportsDualStack == true + return c.PartitionResult.Name == "aws-cn" case 9: return *params.Region == "us-gov-west-1" case 10: @@ -358,6 +369,8 @@ func evalCondition(idx int, params *EndpointParameters, c *conditionContext) boo return c.PartitionResult.Name == "aws-iso-e" case 16: return c.PartitionResult.Name == "aws-eusc" + case 17: + return c.PartitionResult.SupportsDualStack == true } return false } @@ -467,6 +480,41 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( }(), }, nil case 4: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS endpoints are not supported for OAuth operations. Disable FIPS or use a non-OAuth operation.") + case 5: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".oauth.signin.aws") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetSigV4SigningName(&sp, "signin") + smithyhttp.SetSigV4ASigningName(&sp, "signin") + + smithyhttp.SetSigV4SigningRegion(&sp, *params.Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + case 6: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -482,7 +530,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 5: + case 7: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -498,7 +546,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 6: + case 8: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -514,7 +562,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 7: + case 9: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -530,7 +578,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 8: + case 10: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -546,7 +594,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 9: + case 11: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -562,7 +610,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 10: + case 12: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -578,7 +626,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 11: + case 13: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -594,7 +642,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 12: + case 14: uriString := "https://signin-fips.amazonaws-us-gov.com" uri, err := url.Parse(uriString) if err != nil { @@ -604,7 +652,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 13: + case 15: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -620,7 +668,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 14: + case 16: uriString := func() string { var out strings.Builder out.WriteString("https://") @@ -637,11 +685,11 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 15: + case 17: return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - case 16: + case 18: return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - case 17: + case 19: uriString := *params.Endpoint uri, err := url.Parse(uriString) if err != nil { @@ -651,7 +699,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 18: + case 20: uriString := func() string { var out strings.Builder out.WriteString("https://signin-fips.") @@ -668,9 +716,9 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 19: + case 21: return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - case 20: + case 22: uriString := func() string { var out strings.Builder out.WriteString("https://signin-fips.") @@ -687,9 +735,9 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 21: + case 23: return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - case 22: + case 24: uriString := func() string { var out strings.Builder out.WriteString("https://signin.") @@ -706,9 +754,9 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 23: + case 25: return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - case 24: + case 26: uriString := func() string { var out strings.Builder out.WriteString("https://signin.") @@ -725,7 +773,7 @@ func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) ( URI: *uri, Headers: http.Header{}, }, nil - case 25: + case 27: return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") } return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json index 40f6a162..e1a751d5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json @@ -9,13 +9,16 @@ "api_client.go", "api_client_test.go", "api_op_CreateOAuth2Token.go", + "api_op_CreateOAuth2TokenWithIAM.go", "api_op_DeleteConsoleAuthorizationConfiguration.go", "api_op_DeleteResourcePermissionStatement.go", "api_op_GetConsoleAuthorizationConfiguration.go", "api_op_GetResourcePolicy.go", + "api_op_IntrospectOAuth2TokenWithIAM.go", "api_op_ListResourcePermissionStatements.go", "api_op_PutConsoleAuthorizationConfiguration.go", "api_op_PutResourcePermissionStatement.go", + "api_op_RevokeOAuth2TokenWithIAM.go", "auth.go", "deserializers.go", "doc.go", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go index a92e13b6..e96b5d82 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go @@ -3,4 +3,4 @@ package signin // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.3.0" +const goModuleVersion = "1.4.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go index fe87e71f..d245732c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go @@ -97,6 +97,92 @@ func awsRestjson1_serializeOpHttpBindingsCreateOAuth2TokenInput(v *CreateOAuth2T return nil } +type awsRestjson1_serializeOpCreateOAuth2TokenWithIAM struct { +} + +func (*awsRestjson1_serializeOpCreateOAuth2TokenWithIAM) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpCreateOAuth2TokenWithIAM) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*CreateOAuth2TokenWithIAMInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/v1/token?x-amz-client-auth-method=iam") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentCreateOAuth2TokenWithIAMInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsCreateOAuth2TokenWithIAMInput(v *CreateOAuth2TokenWithIAMInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentCreateOAuth2TokenWithIAMInput(v *CreateOAuth2TokenWithIAMInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.GrantType != nil { + ok := object.Key("grant_type") + ok.String(*v.GrantType) + } + + if v.Resource != nil { + ok := object.Key("resource") + ok.String(*v.Resource) + } + + return nil +} + type awsRestjson1_serializeOpDeleteConsoleAuthorizationConfiguration struct { } @@ -403,6 +489,92 @@ func awsRestjson1_serializeOpHttpBindingsGetResourcePolicyInput(v *GetResourcePo return nil } +type awsRestjson1_serializeOpIntrospectOAuth2TokenWithIAM struct { +} + +func (*awsRestjson1_serializeOpIntrospectOAuth2TokenWithIAM) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpIntrospectOAuth2TokenWithIAM) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*IntrospectOAuth2TokenWithIAMInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/v1/introspect?x-amz-client-auth-method=iam") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentIntrospectOAuth2TokenWithIAMInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsIntrospectOAuth2TokenWithIAMInput(v *IntrospectOAuth2TokenWithIAMInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentIntrospectOAuth2TokenWithIAMInput(v *IntrospectOAuth2TokenWithIAMInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Token != nil { + ok := object.Key("token") + ok.String(*v.Token) + } + + if v.TokenTypeHint != nil { + ok := object.Key("token_type_hint") + ok.String(*v.TokenTypeHint) + } + + return nil +} + type awsRestjson1_serializeOpListResourcePermissionStatements struct { } @@ -686,6 +858,87 @@ func awsRestjson1_serializeOpDocumentPutResourcePermissionStatementInput(v *PutR return nil } +type awsRestjson1_serializeOpRevokeOAuth2TokenWithIAM struct { +} + +func (*awsRestjson1_serializeOpRevokeOAuth2TokenWithIAM) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpRevokeOAuth2TokenWithIAM) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*RevokeOAuth2TokenWithIAMInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/v1/revoke?x-amz-client-auth-method=iam") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentRevokeOAuth2TokenWithIAMInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsRevokeOAuth2TokenWithIAMInput(v *RevokeOAuth2TokenWithIAMInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentRevokeOAuth2TokenWithIAMInput(v *RevokeOAuth2TokenWithIAMInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.Token != nil { + ok := object.Key("token") + ok.String(*v.Token) + } + + return nil +} + func awsRestjson1_serializeDocumentCreateOAuth2TokenRequestBody(v *types.CreateOAuth2TokenRequestBody, value smithyjson.Value) error { object := value.Object() defer object.Close() diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go index aa4f7ecb..9e8bab75 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go @@ -8,9 +8,7 @@ import ( // AWS credentials structure containing temporary access credentials // -// The scoped-down, 15 minute duration AWS credentials. Scoping down will be based -// on CLI policy (CLI team needs to create it). Similar to cloud shell -// implementation. +// Scoped, temporary AWS credentials with a 15-minute duration. type AccessToken struct { // AWS access key ID for temporary credentials diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go index 8570cc5d..8049ca28 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go @@ -30,6 +30,26 @@ func (m *validateOpCreateOAuth2Token) HandleInitialize(ctx context.Context, in m return next.HandleInitialize(ctx, in) } +type validateOpCreateOAuth2TokenWithIAM struct { +} + +func (*validateOpCreateOAuth2TokenWithIAM) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpCreateOAuth2TokenWithIAM) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CreateOAuth2TokenWithIAMInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpCreateOAuth2TokenWithIAMInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpDeleteResourcePermissionStatement struct { } @@ -50,14 +70,66 @@ func (m *validateOpDeleteResourcePermissionStatement) HandleInitialize(ctx conte return next.HandleInitialize(ctx, in) } +type validateOpIntrospectOAuth2TokenWithIAM struct { +} + +func (*validateOpIntrospectOAuth2TokenWithIAM) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpIntrospectOAuth2TokenWithIAM) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*IntrospectOAuth2TokenWithIAMInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpIntrospectOAuth2TokenWithIAMInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + +type validateOpRevokeOAuth2TokenWithIAM struct { +} + +func (*validateOpRevokeOAuth2TokenWithIAM) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpRevokeOAuth2TokenWithIAM) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*RevokeOAuth2TokenWithIAMInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpRevokeOAuth2TokenWithIAMInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + func addOpCreateOAuth2TokenValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCreateOAuth2Token{}, middleware.After) } +func addOpCreateOAuth2TokenWithIAMValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpCreateOAuth2TokenWithIAM{}, middleware.After) +} + func addOpDeleteResourcePermissionStatementValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpDeleteResourcePermissionStatement{}, middleware.After) } +func addOpIntrospectOAuth2TokenWithIAMValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpIntrospectOAuth2TokenWithIAM{}, middleware.After) +} + +func addOpRevokeOAuth2TokenWithIAMValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpRevokeOAuth2TokenWithIAM{}, middleware.After) +} + func validateCreateOAuth2TokenRequestBody(v *types.CreateOAuth2TokenRequestBody) error { if v == nil { return nil @@ -95,6 +167,24 @@ func validateOpCreateOAuth2TokenInput(v *CreateOAuth2TokenInput) error { } } +func validateOpCreateOAuth2TokenWithIAMInput(v *CreateOAuth2TokenWithIAMInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CreateOAuth2TokenWithIAMInput"} + if v.GrantType == nil { + invalidParams.Add(smithy.NewErrParamRequired("GrantType")) + } + if v.Resource == nil { + invalidParams.Add(smithy.NewErrParamRequired("Resource")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpDeleteResourcePermissionStatementInput(v *DeleteResourcePermissionStatementInput) error { if v == nil { return nil @@ -109,3 +199,33 @@ func validateOpDeleteResourcePermissionStatementInput(v *DeleteResourcePermissio return nil } } + +func validateOpIntrospectOAuth2TokenWithIAMInput(v *IntrospectOAuth2TokenWithIAMInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "IntrospectOAuth2TokenWithIAMInput"} + if v.Token == nil { + invalidParams.Add(smithy.NewErrParamRequired("Token")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateOpRevokeOAuth2TokenWithIAMInput(v *RevokeOAuth2TokenWithIAMInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "RevokeOAuth2TokenWithIAMInput"} + if v.Token == nil { + invalidParams.Add(smithy.NewErrParamRequired("Token")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} diff --git a/vendor/modules.txt b/vendor/modules.txt index c6456cde..128a2c32 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -69,11 +69,11 @@ github.com/aws/aws-sdk-go-v2/internal/timeconv ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/eventstreamapi -# github.com/aws/aws-sdk-go-v2/config v1.32.28 +# github.com/aws/aws-sdk-go-v2/config v1.32.29 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/config github.com/aws/aws-sdk-go-v2/config/internal/ini -# github.com/aws/aws-sdk-go-v2/credentials v1.19.27 +# github.com/aws/aws-sdk-go-v2/credentials v1.19.28 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/credentials github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds @@ -89,7 +89,7 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config # github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.22.17 ## explicit; go 1.24 -# github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.14 +# github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.3.1 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager/types @@ -125,7 +125,7 @@ github.com/aws/aws-sdk-go-v2/service/s3/internal/arn github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints github.com/aws/aws-sdk-go-v2/service/s3/types -# github.com/aws/aws-sdk-go-v2/service/signin v1.3.0 +# github.com/aws/aws-sdk-go-v2/service/signin v1.4.0 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/signin github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints