From f606bff4b7a2a4cbb5b20a4383ea4ede167dede1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 14:43:29 +0000 Subject: [PATCH 1/2] [release-v1.21][gomod]: Bump the minor group across 1 directory with 29 updates Bumps the minor group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.36` | `1.32.17` | | [github.com/aws/aws-sdk-go-v2/service/dynamodb](https://github.com/aws/aws-sdk-go-v2) | `1.53.5` | `1.57.3` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.95.0` | `1.100.1` | | [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.16.3` | `1.20.2` | | [github.com/cloudevents/sdk-go/sql/v2](https://github.com/cloudevents/sdk-go) | `2.0.0-20240712172937-3ce6b2f1f011` | `2.16.2` | | [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.9.0` | `3.18.0` | | [github.com/eclipse/paho.golang](https://github.com/eclipse/paho.golang) | `0.12.0` | `0.23.0` | | [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | `1.9.0` | `1.10.1` | | [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | `2.0.5` | `2.3.1` | | [github.com/rickb777/date](https://github.com/rickb777/date) | `1.13.0` | `1.22.0` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.68.0` | | [go.opentelemetry.io/contrib/instrumentation/runtime](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.68.0` | | [go.uber.org/atomic](https://github.com/uber-go/atomic) | `1.10.0` | `1.11.0` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` | Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.36 to 1.32.17 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.36...config/v1.32.17) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.34 to 1.19.16 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.17.34...credentials/v1.19.16) Updates `github.com/aws/aws-sdk-go-v2/service/dynamodb` from 1.53.5 to 1.57.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.53.5...service/iot/v1.57.3) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.95.0 to 1.100.1 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.95.0...service/s3/v1.100.1) Updates `github.com/cert-manager/cert-manager` from 1.16.3 to 1.20.2 - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md) - [Commits](https://github.com/cert-manager/cert-manager/compare/v1.16.3...v1.20.2) Updates `github.com/cloudevents/sdk-go/sql/v2` from 2.0.0-20240712172937-3ce6b2f1f011 to 2.16.2 - [Release notes](https://github.com/cloudevents/sdk-go/releases) - [Commits](https://github.com/cloudevents/sdk-go/commits/v2.16.2) Updates `github.com/coreos/go-oidc/v3` from 3.9.0 to 3.18.0 - [Release notes](https://github.com/coreos/go-oidc/releases) - [Commits](https://github.com/coreos/go-oidc/compare/v3.9.0...v3.18.0) Updates `github.com/eclipse/paho.golang` from 0.12.0 to 0.23.0 - [Release notes](https://github.com/eclipse/paho.golang/releases) - [Commits](https://github.com/eclipse/paho.golang/compare/v0.12.0...v0.23.0) Updates `github.com/fsnotify/fsnotify` from 1.9.0 to 1.10.1 - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.9.0...v1.10.1) Updates `github.com/pelletier/go-toml/v2` from 2.0.5 to 2.3.1 - [Release notes](https://github.com/pelletier/go-toml/releases) - [Commits](https://github.com/pelletier/go-toml/compare/v2.0.5...v2.3.1) Updates `github.com/rickb777/date` from 1.13.0 to 1.22.0 - [Release notes](https://github.com/rickb777/date/releases) - [Commits](https://github.com/rickb777/date/compare/v1.13.0...v1.22.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.64.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.68.0) Updates `go.opentelemetry.io/contrib/instrumentation/runtime` from 0.64.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.68.0) Updates `go.opentelemetry.io/otel` from 1.39.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0) Updates `go.opentelemetry.io/otel/metric` from 1.39.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0) Updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0) Updates `go.opentelemetry.io/otel/sdk/metric` from 1.39.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0) Updates `go.opentelemetry.io/otel/trace` from 1.39.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0) Updates `go.uber.org/atomic` from 1.10.0 to 1.11.0 - [Release notes](https://github.com/uber-go/atomic/releases) - [Changelog](https://github.com/uber-go/atomic/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/atomic/compare/v1.10.0...v1.11.0) Updates `go.uber.org/zap` from 1.27.1 to 1.28.0 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.27.1...v1.28.0) Updates `golang.org/x/net` from 0.49.0 to 0.52.0 - [Commits](https://github.com/golang/net/compare/v0.49.0...v0.52.0) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](https://github.com/golang/sync/compare/v0.19.0...v0.20.0) Updates `k8s.io/api` from 0.34.6 to 0.35.2 - [Commits](https://github.com/kubernetes/api/compare/v0.34.6...v0.35.2) Updates `k8s.io/apiextensions-apiserver` from 0.34.6 to 0.35.2 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.34.6...v0.35.2) Updates `k8s.io/apimachinery` from 0.34.6 to 0.35.2 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.34.6...v0.35.2) Updates `k8s.io/apiserver` from 0.34.6 to 0.35.2 - [Commits](https://github.com/kubernetes/apiserver/compare/v0.34.6...v0.35.2) Updates `k8s.io/client-go` from 0.34.6 to 0.35.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.34.6...v0.35.2) Updates `k8s.io/code-generator` from 0.34.6 to 0.35.2 - [Commits](https://github.com/kubernetes/code-generator/compare/v0.34.6...v0.35.2) Updates `k8s.io/utils` from 0.0.0-20250604170112-4c0f3b243397 to 0.0.0-20260210185600-b8788abfbbc2 - [Commits](https://github.com/kubernetes/utils/commits) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-version: 1.32.17 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-version: 1.19.16 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/aws/aws-sdk-go-v2/service/dynamodb dependency-version: 1.57.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-version: 1.100.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/cert-manager/cert-manager dependency-version: 1.20.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/cloudevents/sdk-go/sql/v2 dependency-version: 2.16.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/coreos/go-oidc/v3 dependency-version: 3.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/eclipse/paho.golang dependency-version: 0.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/fsnotify/fsnotify dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/pelletier/go-toml/v2 dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: github.com/rickb777/date dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/contrib/instrumentation/runtime dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/otel dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/otel/metric dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/otel/sdk/metric dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.uber.org/atomic dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: go.uber.org/zap dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: golang.org/x/net dependency-version: 0.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/api dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/apimachinery dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/apiserver dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/client-go dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/code-generator dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: k8s.io/utils dependency-version: 0.0.0-20260210185600-b8788abfbbc2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor ... Signed-off-by: dependabot[bot] --- go.mod | 147 +- go.sum | 330 +- .../aws-sdk-go-v2/aws/go_module_metadata.go | 2 +- .../aws/protocol/eventstream/CHANGELOG.md | 25 + .../aws/protocol/eventstream/debug.go | 10 +- .../aws/protocol/eventstream/encode.go | 2 +- .../aws/protocol/eventstream/error.go | 2 +- .../eventstream/go_module_metadata.go | 2 +- .../aws/protocol/eventstream/header.go | 4 +- .../aws/protocol/eventstream/header_value.go | 22 +- .../aws/aws-sdk-go-v2/config/CHANGELOG.md | 347 + .../config/auth_scheme_preference.go | 19 + .../aws/aws-sdk-go-v2/config/config.go | 21 +- .../aws/aws-sdk-go-v2/config/env_config.go | 222 +- .../config/go_module_metadata.go | 2 +- .../{ => config}/internal/ini/errors.go | 0 .../{ => config}/internal/ini/ini.go | 0 .../{ => config}/internal/ini/parse.go | 0 .../{ => config}/internal/ini/sections.go | 0 .../{ => config}/internal/ini/strings.go | 0 .../{ => config}/internal/ini/token.go | 0 .../{ => config}/internal/ini/tokenize.go | 0 .../{ => config}/internal/ini/value.go | 0 .../aws/aws-sdk-go-v2/config/load_options.go | 214 + .../aws/aws-sdk-go-v2/config/provider.go | 67 +- .../aws/aws-sdk-go-v2/config/resolve.go | 71 +- .../config/resolve_credentials.go | 130 +- .../aws/aws-sdk-go-v2/config/shared_config.go | 92 +- .../aws-sdk-go-v2/credentials/CHANGELOG.md | 335 + .../credentials/ec2rolecreds/provider.go | 12 + .../credentials/endpointcreds/provider.go | 14 + .../credentials/go_module_metadata.go | 2 +- .../credentials/logincreds/dpop.go | 150 + .../credentials/logincreds/file.go | 14 + .../credentials/logincreds/provider.go | 172 + .../credentials/logincreds/token.go | 110 + .../credentials/processcreds/provider.go | 11 + .../credentials/ssocreds/sso_cached_token.go | 3 +- .../ssocreds/sso_credentials_provider.go | 12 + .../credentials/static_provider.go | 10 + .../stscreds/assume_role_provider.go | 12 + .../stscreds/web_identity_provider.go | 16 +- .../feature/ec2/imds/CHANGELOG.md | 190 + .../feature/ec2/imds/api_client.go | 12 +- .../feature/ec2/imds/api_op_GetDynamicData.go | 4 +- .../feature/ec2/imds/api_op_GetIAMInfo.go | 4 +- .../api_op_GetInstanceIdentityDocument.go | 4 +- .../feature/ec2/imds/api_op_GetMetadata.go | 4 +- .../feature/ec2/imds/api_op_GetRegion.go | 2 +- .../feature/ec2/imds/api_op_GetToken.go | 4 +- .../feature/ec2/imds/api_op_GetUserData.go | 4 +- .../feature/ec2/imds/go_module_metadata.go | 2 +- .../feature/ec2/imds/request_middleware.go | 18 +- .../internal/configsources/CHANGELOG.md | 10 + .../configsources/go_module_metadata.go | 2 +- .../internal/endpoints/v2/CHANGELOG.md | 10 + .../endpoints/v2/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/internal/ini/CHANGELOG.md | 275 - .../internal/middleware/middleware.go | 32 - .../aws-sdk-go-v2/internal/v4a/CHANGELOG.md | 36 + .../internal/v4a/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/internal/v4a/smithy.go | 2 +- .../aws/aws-sdk-go-v2/internal/v4a/v4a.go | 2 +- .../service/dynamodb/CHANGELOG.md | 46 + .../service/dynamodb/api_client.go | 11 +- .../dynamodb/api_op_BatchExecuteStatement.go | 5 +- .../service/dynamodb/api_op_BatchGetItem.go | 5 +- .../service/dynamodb/api_op_BatchWriteItem.go | 5 +- .../service/dynamodb/api_op_CreateBackup.go | 5 +- .../dynamodb/api_op_CreateGlobalTable.go | 5 +- .../service/dynamodb/api_op_CreateTable.go | 100 +- .../service/dynamodb/api_op_DeleteBackup.go | 5 +- .../service/dynamodb/api_op_DeleteItem.go | 5 +- .../dynamodb/api_op_DeleteResourcePolicy.go | 5 +- .../service/dynamodb/api_op_DeleteTable.go | 5 +- .../service/dynamodb/api_op_DescribeBackup.go | 5 +- .../api_op_DescribeContinuousBackups.go | 5 +- .../api_op_DescribeContributorInsights.go | 204 +- .../dynamodb/api_op_DescribeEndpoints.go | 5 +- .../service/dynamodb/api_op_DescribeExport.go | 211 +- .../dynamodb/api_op_DescribeGlobalTable.go | 5 +- .../api_op_DescribeGlobalTableSettings.go | 5 +- .../service/dynamodb/api_op_DescribeImport.go | 226 +- ..._op_DescribeKinesisStreamingDestination.go | 242 +- .../service/dynamodb/api_op_DescribeLimits.go | 5 +- .../service/dynamodb/api_op_DescribeTable.go | 5 +- .../api_op_DescribeTableReplicaAutoScaling.go | 5 +- .../dynamodb/api_op_DescribeTimeToLive.go | 5 +- ...i_op_DisableKinesisStreamingDestination.go | 5 +- ...pi_op_EnableKinesisStreamingDestination.go | 5 +- .../dynamodb/api_op_ExecuteStatement.go | 5 +- .../dynamodb/api_op_ExecuteTransaction.go | 5 +- .../api_op_ExportTableToPointInTime.go | 7 +- .../service/dynamodb/api_op_GetItem.go | 5 +- .../dynamodb/api_op_GetResourcePolicy.go | 5 +- .../service/dynamodb/api_op_ImportTable.go | 5 +- .../service/dynamodb/api_op_ListBackups.go | 5 +- .../api_op_ListContributorInsights.go | 5 +- .../service/dynamodb/api_op_ListExports.go | 8 +- .../dynamodb/api_op_ListGlobalTables.go | 5 +- .../service/dynamodb/api_op_ListImports.go | 5 +- .../service/dynamodb/api_op_ListTables.go | 5 +- .../dynamodb/api_op_ListTagsOfResource.go | 5 +- .../service/dynamodb/api_op_PutItem.go | 9 +- .../dynamodb/api_op_PutResourcePolicy.go | 5 +- .../service/dynamodb/api_op_Query.go | 5 +- .../dynamodb/api_op_RestoreTableFromBackup.go | 5 +- .../api_op_RestoreTableToPointInTime.go | 5 +- .../service/dynamodb/api_op_Scan.go | 5 +- .../service/dynamodb/api_op_TagResource.go | 5 +- .../dynamodb/api_op_TransactGetItems.go | 5 +- .../dynamodb/api_op_TransactWriteItems.go | 5 +- .../service/dynamodb/api_op_UntagResource.go | 5 +- .../api_op_UpdateContinuousBackups.go | 5 +- .../api_op_UpdateContributorInsights.go | 5 +- .../dynamodb/api_op_UpdateGlobalTable.go | 5 +- .../api_op_UpdateGlobalTableSettings.go | 5 +- .../service/dynamodb/api_op_UpdateItem.go | 11 +- ...pi_op_UpdateKinesisStreamingDestination.go | 5 +- .../service/dynamodb/api_op_UpdateTable.go | 17 +- .../api_op_UpdateTableReplicaAutoScaling.go | 5 +- .../dynamodb/api_op_UpdateTimeToLive.go | 5 +- .../service/dynamodb/deserializers.go | 27 + .../service/dynamodb/generated.json | 3 +- .../service/dynamodb/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/service/dynamodb/options.go | 3 +- .../service/dynamodb/serializers.go | 15 + .../service/dynamodb/types/enums.go | 22 + .../service/dynamodb/types/errors.go | 3 +- .../service/dynamodb/types/types.go | 31 +- .../service/dynamodb/validators.go | 8 +- .../internal/accept-encoding/CHANGELOG.md | 20 + .../accept-encoding/go_module_metadata.go | 2 +- .../service/internal/checksum/CHANGELOG.md | 37 + .../internal/checksum/go_module_metadata.go | 2 +- .../internal/checksum/middleware_add.go | 6 +- .../middleware_compute_input_checksum.go | 40 +- .../checksum/middleware_setup_context.go | 6 +- .../internal/endpoint-discovery/CHANGELOG.md | 32 + .../internal/endpoint-discovery/cache.go | 2 +- .../endpoint-discovery/go_module_metadata.go | 2 +- .../internal/endpoint-discovery/middleware.go | 2 +- .../internal/presigned-url/CHANGELOG.md | 32 + .../presigned-url/go_module_metadata.go | 2 +- .../internal/presigned-url/middleware.go | 12 +- .../service/internal/s3shared/CHANGELOG.md | 32 + .../service/internal/s3shared/arn_lookup.go | 2 +- .../internal/s3shared/go_module_metadata.go | 2 +- .../internal/s3shared/response_error.go | 2 +- .../aws/aws-sdk-go-v2/service/s3/CHANGELOG.md | 67 + .../aws-sdk-go-v2/service/s3/api_client.go | 24 +- .../service/s3/api_op_AbortMultipartUpload.go | 10 +- .../s3/api_op_CompleteMultipartUpload.go | 78 +- .../service/s3/api_op_CopyObject.go | 18 +- .../service/s3/api_op_CreateBucket.go | 39 +- ...pi_op_CreateBucketMetadataConfiguration.go | 5 +- ..._CreateBucketMetadataTableConfiguration.go | 5 +- .../s3/api_op_CreateMultipartUpload.go | 10 +- .../service/s3/api_op_CreateSession.go | 19 +- .../service/s3/api_op_DeleteBucket.go | 5 +- ...i_op_DeleteBucketAnalyticsConfiguration.go | 5 +- .../service/s3/api_op_DeleteBucketCors.go | 5 +- .../s3/api_op_DeleteBucketEncryption.go | 5 +- ...teBucketIntelligentTieringConfiguration.go | 5 +- ...i_op_DeleteBucketInventoryConfiguration.go | 51 +- .../s3/api_op_DeleteBucketLifecycle.go | 5 +- ...pi_op_DeleteBucketMetadataConfiguration.go | 5 +- ..._DeleteBucketMetadataTableConfiguration.go | 5 +- ...api_op_DeleteBucketMetricsConfiguration.go | 49 +- .../api_op_DeleteBucketOwnershipControls.go | 5 +- .../service/s3/api_op_DeleteBucketPolicy.go | 5 +- .../s3/api_op_DeleteBucketReplication.go | 5 +- .../service/s3/api_op_DeleteBucketTagging.go | 8 +- .../service/s3/api_op_DeleteBucketWebsite.go | 5 +- .../service/s3/api_op_DeleteObject.go | 10 +- .../service/s3/api_op_DeleteObjectTagging.go | 5 +- .../service/s3/api_op_DeleteObjects.go | 20 +- .../s3/api_op_DeletePublicAccessBlock.go | 5 +- .../service/s3/api_op_GetBucketAbac.go | 5 +- ...api_op_GetBucketAccelerateConfiguration.go | 10 +- .../service/s3/api_op_GetBucketAcl.go | 5 +- .../api_op_GetBucketAnalyticsConfiguration.go | 5 +- .../service/s3/api_op_GetBucketCors.go | 5 +- .../service/s3/api_op_GetBucketEncryption.go | 5 +- ...etBucketIntelligentTieringConfiguration.go | 5 +- .../api_op_GetBucketInventoryConfiguration.go | 51 +- .../api_op_GetBucketLifecycleConfiguration.go | 5 +- .../service/s3/api_op_GetBucketLocation.go | 5 +- .../service/s3/api_op_GetBucketLogging.go | 5 +- .../api_op_GetBucketMetadataConfiguration.go | 5 +- ..._op_GetBucketMetadataTableConfiguration.go | 5 +- .../api_op_GetBucketMetricsConfiguration.go | 49 +- ...i_op_GetBucketNotificationConfiguration.go | 5 +- .../s3/api_op_GetBucketOwnershipControls.go | 5 +- .../service/s3/api_op_GetBucketPolicy.go | 5 +- .../s3/api_op_GetBucketPolicyStatus.go | 5 +- .../service/s3/api_op_GetBucketReplication.go | 5 +- .../s3/api_op_GetBucketRequestPayment.go | 5 +- .../service/s3/api_op_GetBucketTagging.go | 10 +- .../service/s3/api_op_GetBucketVersioning.go | 5 +- .../service/s3/api_op_GetBucketWebsite.go | 5 +- .../service/s3/api_op_GetObject.go | 42 +- .../service/s3/api_op_GetObjectAcl.go | 10 +- .../service/s3/api_op_GetObjectAttributes.go | 10 +- .../service/s3/api_op_GetObjectLegalHold.go | 10 +- .../s3/api_op_GetObjectLockConfiguration.go | 5 +- .../service/s3/api_op_GetObjectRetention.go | 10 +- .../service/s3/api_op_GetObjectTagging.go | 10 +- .../service/s3/api_op_GetObjectTorrent.go | 10 +- .../service/s3/api_op_GetPublicAccessBlock.go | 5 +- .../service/s3/api_op_HeadBucket.go | 13 +- .../service/s3/api_op_HeadObject.go | 40 +- ...pi_op_ListBucketAnalyticsConfigurations.go | 5 +- ...tBucketIntelligentTieringConfigurations.go | 5 +- ...pi_op_ListBucketInventoryConfigurations.go | 47 +- .../api_op_ListBucketMetricsConfigurations.go | 52 +- .../service/s3/api_op_ListBuckets.go | 5 +- .../service/s3/api_op_ListDirectoryBuckets.go | 5 +- .../service/s3/api_op_ListMultipartUploads.go | 10 +- .../service/s3/api_op_ListObjectVersions.go | 10 +- .../service/s3/api_op_ListObjects.go | 5 +- .../service/s3/api_op_ListObjectsV2.go | 5 +- .../service/s3/api_op_ListParts.go | 10 +- .../service/s3/api_op_PutBucketAbac.go | 5 +- ...api_op_PutBucketAccelerateConfiguration.go | 5 +- .../service/s3/api_op_PutBucketAcl.go | 5 +- .../api_op_PutBucketAnalyticsConfiguration.go | 5 +- .../service/s3/api_op_PutBucketCors.go | 5 +- .../service/s3/api_op_PutBucketEncryption.go | 5 +- ...utBucketIntelligentTieringConfiguration.go | 5 +- .../api_op_PutBucketInventoryConfiguration.go | 53 +- .../api_op_PutBucketLifecycleConfiguration.go | 16 +- .../service/s3/api_op_PutBucketLogging.go | 5 +- .../api_op_PutBucketMetricsConfiguration.go | 49 +- ...i_op_PutBucketNotificationConfiguration.go | 5 +- .../s3/api_op_PutBucketOwnershipControls.go | 5 +- .../service/s3/api_op_PutBucketPolicy.go | 15 +- .../service/s3/api_op_PutBucketReplication.go | 5 +- .../s3/api_op_PutBucketRequestPayment.go | 5 +- .../service/s3/api_op_PutBucketTagging.go | 5 +- .../service/s3/api_op_PutBucketVersioning.go | 5 +- .../service/s3/api_op_PutBucketWebsite.go | 5 +- .../service/s3/api_op_PutObject.go | 106 +- .../service/s3/api_op_PutObjectAcl.go | 10 +- .../service/s3/api_op_PutObjectLegalHold.go | 10 +- .../s3/api_op_PutObjectLockConfiguration.go | 10 +- .../service/s3/api_op_PutObjectRetention.go | 10 +- .../service/s3/api_op_PutObjectTagging.go | 5 +- .../service/s3/api_op_PutPublicAccessBlock.go | 5 +- .../service/s3/api_op_RenameObject.go | 5 +- .../service/s3/api_op_RestoreObject.go | 10 +- .../service/s3/api_op_SelectObjectContent.go | 5 +- ...cketMetadataInventoryTableConfiguration.go | 5 +- ...BucketMetadataJournalTableConfiguration.go | 5 +- .../s3/api_op_UpdateObjectEncryption.go | 432 + .../service/s3/api_op_UploadPart.go | 140 +- .../service/s3/api_op_UploadPartCopy.go | 18 +- .../s3/api_op_WriteGetObjectResponse.go | 45 +- .../service/s3/bucket_context.go | 2 +- .../aws/aws-sdk-go-v2/service/s3/bucketer.go | 2 +- .../aws-sdk-go-v2/service/s3/deserializers.go | 695 +- .../service/s3/express_default.go | 2 +- .../aws-sdk-go-v2/service/s3/generated.json | 4 +- .../service/s3/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/service/s3/options.go | 3 +- .../aws-sdk-go-v2/service/s3/presign_post.go | 24 +- .../aws-sdk-go-v2/service/s3/serializers.go | 329 + .../aws-sdk-go-v2/service/s3/types/enums.go | 39 + .../aws-sdk-go-v2/service/s3/types/errors.go | 40 +- .../aws-sdk-go-v2/service/s3/types/types.go | 314 +- .../aws-sdk-go-v2/service/s3/validators.go | 83 + .../aws-sdk-go-v2/service/signin/CHANGELOG.md | 54 + .../ini => service/signin}/LICENSE.txt | 0 .../service/signin/api_client.go | 929 + .../signin/api_op_CreateOAuth2Token.go | 206 + .../aws/aws-sdk-go-v2/service/signin/auth.go | 351 + .../service/signin/deserializers.go | 655 + .../aws/aws-sdk-go-v2/service/signin/doc.go | 9 + .../aws-sdk-go-v2/service/signin/endpoints.go | 624 + .../service/signin/generated.json | 33 + .../signin}/go_module_metadata.go | 4 +- .../signin/internal/endpoints/endpoints.go | 333 + .../aws-sdk-go-v2/service/signin/options.go | 238 + .../service/signin/serializers.go | 135 + .../service/signin/types/enums.go | 37 + .../service/signin/types/errors.go | 151 + .../service/signin/types/types.go | 115 + .../service/signin/validators.go | 72 + .../aws-sdk-go-v2/service/sso/CHANGELOG.md | 268 + .../aws-sdk-go-v2/service/sso/api_client.go | 259 +- .../service/sso/api_op_GetRoleCredentials.go | 15 +- .../service/sso/api_op_ListAccountRoles.go | 15 +- .../service/sso/api_op_ListAccounts.go | 15 +- .../service/sso/api_op_Logout.go | 15 +- .../aws/aws-sdk-go-v2/service/sso/auth.go | 44 +- .../service/sso/deserializers.go | 18 +- .../aws-sdk-go-v2/service/sso/endpoints.go | 33 +- .../aws-sdk-go-v2/service/sso/generated.json | 4 +- .../service/sso/go_module_metadata.go | 2 +- .../sso/internal/endpoints/endpoints.go | 62 + .../aws/aws-sdk-go-v2/service/sso/options.go | 10 +- .../aws-sdk-go-v2/service/sso/serializers.go | 8 +- .../service/ssooidc/CHANGELOG.md | 269 + .../service/ssooidc/api_client.go | 259 +- .../service/ssooidc/api_op_CreateToken.go | 45 +- .../ssooidc/api_op_CreateTokenWithIAM.go | 41 +- .../service/ssooidc/api_op_RegisterClient.go | 31 +- .../api_op_StartDeviceAuthorization.go | 15 +- .../aws/aws-sdk-go-v2/service/ssooidc/auth.go | 44 +- .../service/ssooidc/deserializers.go | 76 +- .../aws/aws-sdk-go-v2/service/ssooidc/doc.go | 7 +- .../service/ssooidc/endpoints.go | 29 +- .../service/ssooidc/generated.json | 5 +- .../service/ssooidc/go_module_metadata.go | 2 +- .../ssooidc/internal/endpoints/endpoints.go | 62 + .../aws-sdk-go-v2/service/ssooidc/options.go | 10 +- .../service/ssooidc/types/enums.go | 44 + .../service/ssooidc/types/errors.go | 2 + .../service/ssooidc/types/types.go | 16 + .../aws-sdk-go-v2/service/sts/CHANGELOG.md | 286 + .../aws-sdk-go-v2/service/sts/api_client.go | 277 +- .../service/sts/api_op_AssumeRole.go | 73 +- .../service/sts/api_op_AssumeRoleWithSAML.go | 30 +- .../sts/api_op_AssumeRoleWithWebIdentity.go | 70 +- .../service/sts/api_op_AssumeRoot.go | 229 + .../sts/api_op_DecodeAuthorizationMessage.go | 15 +- .../service/sts/api_op_GetAccessKeyInfo.go | 15 +- .../service/sts/api_op_GetCallerIdentity.go | 15 +- .../sts/api_op_GetDelegatedAccessToken.go | 169 + .../service/sts/api_op_GetFederationToken.go | 19 +- .../service/sts/api_op_GetSessionToken.go | 19 +- .../service/sts/api_op_GetWebIdentityToken.go | 192 + .../aws/aws-sdk-go-v2/service/sts/auth.go | 54 +- .../service/sts/deserializers.go | 1237 +- .../aws-sdk-go-v2/service/sts/endpoints.go | 30 +- .../aws-sdk-go-v2/service/sts/generated.json | 8 +- .../service/sts/go_module_metadata.go | 2 +- .../sts/internal/endpoints/endpoints.go | 70 + .../aws/aws-sdk-go-v2/service/sts/options.go | 58 +- .../aws-sdk-go-v2/service/sts/serializers.go | 287 + .../aws-sdk-go-v2/service/sts/types/errors.go | 123 +- .../aws-sdk-go-v2/service/sts/validators.go | 128 + vendor/github.com/aws/smithy-go/AGENTS.md | 172 + vendor/github.com/aws/smithy-go/CHANGELOG.md | 31 +- .../container/private/cache/lru/lru.go | 6 + .../endpoints/private/rulesfn/split.go | 16 + .../aws/smithy-go/go_module_metadata.go | 2 +- .../cert-manager/cert-manager/LICENSES | 437 +- .../cert-manager/pkg/apis/acme/v1/doc.go | 1 + .../cert-manager/pkg/apis/acme/v1/types.go | 18 + .../pkg/apis/acme/v1/types_challenge.go | 16 +- .../pkg/apis/acme/v1/types_issuer.go | 109 +- .../pkg/apis/acme/v1/types_order.go | 25 +- .../pkg/apis/acme/v1/zz_generated.deepcopy.go | 35 + .../pkg/apis/certmanager/v1/doc.go | 1 + .../pkg/apis/certmanager/v1/generic_issuer.go | 4 + .../pkg/apis/certmanager/v1/types.go | 14 +- .../apis/certmanager/v1/types_certificate.go | 114 +- .../v1/types_certificaterequest.go | 20 +- .../pkg/apis/certmanager/v1/types_issuer.go | 74 +- .../certmanager/v1/zz_generated.deepcopy.go | 14 +- .../cert-manager/pkg/apis/meta/doc.go | 2 - .../cert-manager/pkg/apis/meta/v1/doc.go | 2 +- .../cert-manager/pkg/apis/meta/v1/types.go | 21 +- .../pkg/apis/meta/v1/zz_generated.deepcopy.go | 16 +- .../acme/v1/acmeauthorization.go | 107 + .../acme/v1/acmechallenge.go | 70 + .../acme/v1/acmechallengesolver.go | 72 + .../acme/v1/acmechallengesolverdns01.go | 142 + .../acme/v1/acmechallengesolverhttp01.go | 63 + ...mechallengesolverhttp01gatewayhttproute.go | 92 + .../v1/acmechallengesolverhttp01ingress.go | 108 + ...echallengesolverhttp01ingressobjectmeta.go | 62 + ...allengesolverhttp01ingresspodobjectmeta.go | 62 + ...hallengesolverhttp01ingresspodresources.go | 61 + ...gesolverhttp01ingresspodsecuritycontext.go | 172 + ...acmechallengesolverhttp01ingresspodspec.go | 131 + ...challengesolverhttp01ingresspodtemplate.go | 83 + ...cmechallengesolverhttp01ingresstemplate.go | 71 + .../acme/v1/acmeexternalaccountbinding.go | 76 + .../applyconfigurations/acme/v1/acmeissuer.go | 204 + .../acme/v1/acmeissuerdns01provideracmedns.go | 55 + .../acme/v1/acmeissuerdns01providerakamai.go | 73 + .../v1/acmeissuerdns01providerazuredns.go | 145 + .../v1/acmeissuerdns01providerclouddns.go | 67 + .../v1/acmeissuerdns01providercloudflare.go | 70 + .../v1/acmeissuerdns01providerdigitalocean.go | 46 + .../acme/v1/acmeissuerdns01providerrfc2136.go | 96 + .../acme/v1/acmeissuerdns01providerroute53.go | 141 + .../acme/v1/acmeissuerdns01providerwebhook.go | 79 + .../acme/v1/acmeissuerstatus.go | 65 + .../acme/v1/azuremanagedidentity.go | 65 + .../acme/v1/certificatednsnameselector.go | 90 + .../applyconfigurations/acme/v1/challenge.go | 289 + .../acme/v1/challengespec.go | 143 + .../acme/v1/challengestatus.go | 86 + .../applyconfigurations/acme/v1/order.go | 289 + .../applyconfigurations/acme/v1/orderspec.go | 125 + .../acme/v1/orderstatus.go | 124 + .../acme/v1/route53auth.go | 43 + .../acme/v1/route53kubernetesauth.go | 45 + .../acme/v1/serviceaccountref.go | 58 + .../certmanager/v1/caissuer.go | 85 + .../certmanager/v1/certificate.go | 300 + .../v1/certificateadditionaloutputformat.go | 49 + .../certmanager/v1/certificatecondition.go | 105 + .../certmanager/v1/certificatekeystores.go | 55 + .../certmanager/v1/certificateprivatekey.go | 108 + .../certmanager/v1/certificaterequest.go | 305 + .../v1/certificaterequestcondition.go | 92 + .../certmanager/v1/certificaterequestspec.go | 179 + .../v1/certificaterequeststatus.go | 95 + .../v1/certificatesecrettemplate.go | 65 + .../certmanager/v1/certificatespec.go | 394 + .../certmanager/v1/certificatestatus.go | 152 + .../certmanager/v1/clusterissuer.go | 293 + .../certmanager/v1/issuer.go | 294 + .../certmanager/v1/issuercondition.go | 105 + .../certmanager/v1/issuerconfig.go | 93 + .../certmanager/v1/issuerspec.go | 78 + .../certmanager/v1/issuerstatus.go | 64 + .../certmanager/v1/jkskeystore.go | 91 + .../certmanager/v1/nameconstraintitem.go | 79 + .../certmanager/v1/nameconstraints.go | 64 + .../certmanager/v1/othername.go | 53 + .../certmanager/v1/pkcs12keystore.go | 99 + .../certmanager/v1/selfsignedissuer.go | 47 + .../certmanager/v1/serviceaccountref.go | 59 + .../certmanager/v1/vaultapprole.go | 72 + .../certmanager/v1/vaultauth.go | 81 + .../v1/vaultclientcertificateauth.go | 69 + .../certmanager/v1/vaultissuer.go | 144 + .../certmanager/v1/vaultkubernetesauth.go | 87 + .../certmanager/v1/venaficloud.go | 57 + .../certmanager/v1/venafiissuer.go | 68 + .../certmanager/v1/venafitpp.go | 88 + .../certmanager/v1/x509subject.go | 126 + .../applyconfigurations/internal/internal.go | 1923 ++ .../meta/v1/issuerreference.go | 64 + .../meta/v1/localobjectreference.go | 48 + .../meta/v1/secretkeyselector.go | 55 + .../pkg/client/applyconfigurations/utils.go | 200 + .../client/clientset/versioned/clientset.go | 4 +- .../versioned/fake/clientset_generated.go | 57 +- .../versioned/typed/acme/v1/acme_client.go | 22 +- .../versioned/typed/acme/v1/challenge.go | 29 +- .../typed/acme/v1/fake/fake_acme_client.go | 4 +- .../typed/acme/v1/fake/fake_challenge.go | 138 +- .../typed/acme/v1/fake/fake_order.go | 138 +- .../versioned/typed/acme/v1/order.go | 29 +- .../typed/certmanager/v1/certificate.go | 29 +- .../certmanager/v1/certificaterequest.go | 29 +- .../certmanager/v1/certmanager_client.go | 22 +- .../typed/certmanager/v1/clusterissuer.go | 29 +- .../certmanager/v1/fake/fake_certificate.go | 138 +- .../v1/fake/fake_certificaterequest.go | 142 +- .../v1/fake/fake_certmanager_client.go | 8 +- .../certmanager/v1/fake/fake_clusterissuer.go | 131 +- .../typed/certmanager/v1/fake/fake_issuer.go | 138 +- .../versioned/typed/certmanager/v1/issuer.go | 29 +- .../externalversions/acme/v1/challenge.go | 36 +- .../externalversions/acme/v1/order.go | 36 +- .../certmanager/v1/certificate.go | 36 +- .../certmanager/v1/certificaterequest.go | 36 +- .../certmanager/v1/clusterissuer.go | 36 +- .../externalversions/certmanager/v1/issuer.go | 36 +- .../informers/externalversions/factory.go | 3 +- .../informers/externalversions/generic.go | 2 +- .../pkg/client/listers/acme/v1/challenge.go | 22 +- .../pkg/client/listers/acme/v1/order.go | 22 +- .../listers/certmanager/v1/certificate.go | 22 +- .../certmanager/v1/certificaterequest.go | 22 +- .../listers/certmanager/v1/clusterissuer.go | 16 +- .../client/listers/certmanager/v1/issuer.go | 22 +- .../github.com/coreos/go-oidc/v3/oidc/jose.go | 15 + .../github.com/coreos/go-oidc/v3/oidc/jwks.go | 35 +- .../github.com/coreos/go-oidc/v3/oidc/oidc.go | 54 +- .../coreos/go-oidc/v3/oidc/verify.go | 106 +- vendor/github.com/eclipse/paho.golang/LICENSE | 21 +- .../eclipse/paho.golang/packets/auth.go | 15 + .../eclipse/paho.golang/packets/connack.go | 17 +- .../eclipse/paho.golang/packets/connect.go | 17 +- .../eclipse/paho.golang/packets/disconnect.go | 20 + .../eclipse/paho.golang/packets/packets.go | 23 + .../eclipse/paho.golang/packets/pingreq.go | 15 + .../eclipse/paho.golang/packets/pingresp.go | 15 + .../eclipse/paho.golang/packets/properties.go | 37 +- .../eclipse/paho.golang/packets/puback.go | 17 +- .../eclipse/paho.golang/packets/pubcomp.go | 17 +- .../eclipse/paho.golang/packets/publish.go | 15 + .../eclipse/paho.golang/packets/pubrec.go | 15 + .../eclipse/paho.golang/packets/pubrel.go | 17 +- .../eclipse/paho.golang/packets/suback.go | 17 +- .../eclipse/paho.golang/packets/subscribe.go | 21 + .../eclipse/paho.golang/packets/unsuback.go | 15 + .../paho.golang/packets/unsubscribe.go | 15 + .../eclipse/paho.golang/paho/acks_tracker.go | 15 + .../eclipse/paho.golang/paho/auth.go | 19 +- .../eclipse/paho.golang/paho/client.go | 738 +- .../eclipse/paho.golang/paho/cp_auth.go | 17 +- .../eclipse/paho.golang/paho/cp_connack.go | 15 + .../eclipse/paho.golang/paho/cp_connect.go | 18 +- .../eclipse/paho.golang/paho/cp_disconnect.go | 15 + .../eclipse/paho.golang/paho/cp_publish.go | 47 +- .../eclipse/paho.golang/paho/cp_pubresp.go | 15 + .../eclipse/paho.golang/paho/cp_suback.go | 15 + .../eclipse/paho.golang/paho/cp_subscribe.go | 15 + .../eclipse/paho.golang/paho/cp_unsuback.go | 15 + .../paho.golang/paho/cp_unsubscribe.go | 15 + .../eclipse/paho.golang/paho/cp_utils.go | 15 + .../eclipse/paho.golang/paho/log/test.go | 72 + .../paho.golang/paho/{ => log}/trace.go | 17 +- .../eclipse/paho.golang/paho/message_ids.go | 110 - .../paho.golang/paho/noop_persistence.go | 23 - .../eclipse/paho.golang/paho/persistence.go | 98 - .../eclipse/paho.golang/paho/pinger.go | 216 +- .../eclipse/paho.golang/paho/router.go | 122 +- .../paho.golang/paho/session/session.go | 83 + .../paho.golang/paho/session/state/readme.md | 5 + .../paho/session/state/sendquota.go | 130 + .../paho.golang/paho/session/state/state.go | 739 + .../paho.golang/paho/session/state/store.go | 35 + .../paho.golang/paho/store/memory/store.go | 147 + .../emicklei/go-restful/v3/.travis.yml | 13 - .../emicklei/go-restful/v3/CHANGES.md | 4 + .../emicklei/go-restful/v3/README.md | 1 + .../emicklei/go-restful/v3/curly.go | 50 +- .../emicklei/go-restful/v3/custom_verb.go | 34 +- .../github.com/emicklei/go-restful/v3/doc.go | 42 +- .../github.com/fsnotify/fsnotify/.cirrus.yml | 14 - .../github.com/fsnotify/fsnotify/CHANGELOG.md | 49 + .../fsnotify/fsnotify/CONTRIBUTING.md | 2 + vendor/github.com/fsnotify/fsnotify/README.md | 56 +- .../fsnotify/fsnotify/backend_fen.go | 4 +- .../fsnotify/fsnotify/backend_inotify.go | 84 +- .../fsnotify/fsnotify/backend_kqueue.go | 68 +- .../fsnotify/fsnotify/backend_windows.go | 78 +- .../github.com/fsnotify/fsnotify/fsnotify.go | 72 +- .../fsnotify/fsnotify/internal/darwin.go | 19 - .../fsnotify/internal/debug_darwin.go | 42 - .../fsnotify/internal/debug_dragonfly.go | 18 - .../fsnotify/internal/debug_freebsd.go | 34 +- .../fsnotify/internal/debug_kqueue.go | 2 +- .../fsnotify/internal/debug_netbsd.go | 10 - .../fsnotify/internal/debug_openbsd.go | 12 - .../fsnotify/fsnotify/internal/freebsd.go | 11 - .../fsnotify/fsnotify/internal/unix.go | 11 - .../fsnotify/fsnotify/internal/unix2.go | 18 + .../fsnotify/fsnotify/internal/windows.go | 1 - .../github.com/go-jose/go-jose/v4/.gitignore | 2 + .../go-jose/go-jose/v4/.golangci.yml | 53 + .../github.com/go-jose/go-jose/v4/.travis.yml | 33 + .../go-jose/go-jose/v4/CONTRIBUTING.md | 9 + vendor/github.com/go-jose/go-jose/v4/LICENSE | 202 + .../github.com/go-jose/go-jose/v4/README.md | 108 + .../github.com/go-jose/go-jose/v4/SECURITY.md | 13 + .../go-jose/go-jose/v4/asymmetric.go | 603 + .../go-jose/go-jose/v4/cipher/cbc_hmac.go | 196 + .../go-jose/go-jose/v4/cipher/concat_kdf.go | 75 + .../go-jose/go-jose/v4/cipher/ecdh_es.go | 86 + .../go-jose/go-jose/v4/cipher/key_wrap.go | 117 + .../github.com/go-jose/go-jose/v4/crypter.go | 595 + vendor/github.com/go-jose/go-jose/v4/doc.go | 25 + .../github.com/go-jose/go-jose/v4/encoding.go | 228 + .../go-jose/v4/json}/LICENSE | 16 +- .../go-jose/go-jose/v4/json/README.md | 13 + .../go-jose/go-jose/v4/json/decode.go | 1216 ++ .../go-jose/go-jose/v4/json/encode.go | 1197 ++ .../go-jose/go-jose/v4/json/indent.go | 141 + .../go-jose/go-jose/v4/json/scanner.go | 623 + .../go-jose/go-jose/v4/json/stream.go | 484 + .../go-jose/go-jose/v4/json/tags.go | 44 + vendor/github.com/go-jose/go-jose/v4/jwe.go | 391 + vendor/github.com/go-jose/go-jose/v4/jwk.go | 848 + vendor/github.com/go-jose/go-jose/v4/jws.go | 470 + .../github.com/go-jose/go-jose/v4/opaque.go | 147 + .../github.com/go-jose/go-jose/v4/shared.go | 560 + .../github.com/go-jose/go-jose/v4/signing.go | 523 + .../go-jose/go-jose/v4/symmetric.go | 532 + .../go-openapi/jsonpointer/.cliff.toml | 181 + .../go-openapi/jsonpointer/.gitignore | 5 +- .../go-openapi/jsonpointer/.golangci.yml | 111 +- .../go-openapi/jsonpointer/CONTRIBUTORS.md | 24 + .../github.com/go-openapi/jsonpointer/LICENSE | 1 - .../github.com/go-openapi/jsonpointer/NOTICE | 39 + .../go-openapi/jsonpointer/README.md | 152 +- .../go-openapi/jsonpointer/SECURITY.md | 19 + .../go-openapi/jsonpointer/errors.go | 35 + .../go-openapi/jsonpointer/pointer.go | 622 +- .../go-openapi/jsonreference/.cliff.toml | 181 + .../go-openapi/jsonreference/.editorconfig | 26 + .../go-openapi/jsonreference/.golangci.yml | 111 +- .../go-openapi/jsonreference/CONTRIBUTORS.md | 21 + .../go-openapi/jsonreference/NOTICE | 39 + .../go-openapi/jsonreference/README.md | 94 +- .../go-openapi/jsonreference/SECURITY.md | 19 + .../jsonreference/internal/normalize_url.go | 11 +- .../go-openapi/jsonreference/reference.go | 111 +- .../github.com/go-openapi/swag/.golangci.yml | 34 +- vendor/github.com/go-openapi/swag/errors.go | 15 + vendor/github.com/go-openapi/swag/json.go | 3 +- .../go-openapi/swag/jsonname/LICENSE | 202 + .../go-openapi/swag/jsonname/doc.go | 5 + .../go-openapi/swag/jsonname/name_provider.go | 138 + vendor/github.com/go-openapi/swag/loading.go | 2 +- vendor/github.com/go-openapi/swag/yaml.go | 32 +- vendor/github.com/gogo/protobuf/AUTHORS | 15 - vendor/github.com/gogo/protobuf/CONTRIBUTORS | 23 - .../github.com/gogo/protobuf/proto/Makefile | 43 - .../github.com/gogo/protobuf/proto/clone.go | 258 - .../gogo/protobuf/proto/custom_gogo.go | 39 - .../github.com/gogo/protobuf/proto/decode.go | 427 - .../gogo/protobuf/proto/deprecated.go | 63 - .../github.com/gogo/protobuf/proto/discard.go | 350 - .../gogo/protobuf/proto/duration.go | 100 - .../gogo/protobuf/proto/duration_gogo.go | 49 - .../github.com/gogo/protobuf/proto/encode.go | 205 - .../gogo/protobuf/proto/encode_gogo.go | 33 - .../github.com/gogo/protobuf/proto/equal.go | 300 - .../gogo/protobuf/proto/extensions.go | 605 - .../gogo/protobuf/proto/extensions_gogo.go | 389 - vendor/github.com/gogo/protobuf/proto/lib.go | 973 - .../gogo/protobuf/proto/lib_gogo.go | 50 - .../gogo/protobuf/proto/message_set.go | 181 - .../gogo/protobuf/proto/pointer_reflect.go | 357 - .../protobuf/proto/pointer_reflect_gogo.go | 59 - .../gogo/protobuf/proto/pointer_unsafe.go | 308 - .../protobuf/proto/pointer_unsafe_gogo.go | 56 - .../gogo/protobuf/proto/properties.go | 610 - .../gogo/protobuf/proto/properties_gogo.go | 36 - .../gogo/protobuf/proto/skip_gogo.go | 119 - .../gogo/protobuf/proto/table_marshal.go | 3009 --- .../gogo/protobuf/proto/table_marshal_gogo.go | 388 - .../gogo/protobuf/proto/table_merge.go | 676 - .../gogo/protobuf/proto/table_unmarshal.go | 2249 --- .../protobuf/proto/table_unmarshal_gogo.go | 385 - vendor/github.com/gogo/protobuf/proto/text.go | 930 - .../gogo/protobuf/proto/text_gogo.go | 57 - .../gogo/protobuf/proto/text_parser.go | 1018 - .../gogo/protobuf/proto/timestamp.go | 113 - .../gogo/protobuf/proto/timestamp_gogo.go | 49 - .../gogo/protobuf/proto/wrappers.go | 1888 -- .../gogo/protobuf/proto/wrappers_gogo.go | 113 - .../gogo/protobuf/sortkeys/sortkeys.go | 101 - .../gnostic-models/extensions/extension.proto | 2 +- .../gnostic-models/openapiv2/OpenAPIv2.proto | 2 +- .../gnostic-models/openapiv3/OpenAPIv3.proto | 2 +- .../openapiv3/annotations.proto | 2 +- .../v2/internal/httprule/BUILD.bazel | 35 + .../grpc-gateway/v2/runtime/BUILD.bazel | 98 + .../grpc-gateway/v2/utilities/BUILD.bazel | 31 + .../pelletier/go-toml/v2/.gitignore | 4 +- .../pelletier/go-toml/v2/.golangci.toml | 74 +- .../pelletier/go-toml/v2/.goreleaser.yaml | 9 +- .../github.com/pelletier/go-toml/v2/AGENTS.md | 64 + .../pelletier/go-toml/v2/CONTRIBUTING.md | 81 +- .../github.com/pelletier/go-toml/v2/LICENSE | 3 +- .../github.com/pelletier/go-toml/v2/README.md | 230 +- .../pelletier/go-toml/v2/SECURITY.md | 3 - vendor/github.com/pelletier/go-toml/v2/ci.sh | 30 +- .../github.com/pelletier/go-toml/v2/decode.go | 93 +- .../github.com/pelletier/go-toml/v2/errors.go | 67 +- .../pelletier/go-toml/v2/internal/ast/ast.go | 144 - .../go-toml/v2/internal/ast/builder.go | 51 - .../go-toml/v2/internal/characters/ascii.go | 42 + .../v2/{ => internal/characters}/utf8.go | 113 +- .../go-toml/v2/internal/danger/danger.go | 65 - .../go-toml/v2/internal/danger/typeid.go | 23 - .../go-toml/v2/internal/tracker/key.go | 14 +- .../go-toml/v2/internal/tracker/seen.go | 101 +- .../go-toml/v2/internal/tracker/tracker.go | 1 + .../pelletier/go-toml/v2/localtime.go | 8 +- .../pelletier/go-toml/v2/marshaler.go | 258 +- .../github.com/pelletier/go-toml/v2/strict.go | 51 +- .../pelletier/go-toml/v2/test-go-versions.sh | 597 + .../github.com/pelletier/go-toml/v2/types.go | 21 +- .../pelletier/go-toml/v2/unmarshaler.go | 495 +- .../pelletier/go-toml/v2/unstable/ast.go | 149 + .../pelletier/go-toml/v2/unstable/builder.go | 64 + .../pelletier/go-toml/v2/unstable/doc.go | 3 + .../v2/{internal/ast => unstable}/kind.go | 24 +- .../go-toml/v2/{ => unstable}/parser.go | 475 +- .../go-toml/v2/{ => unstable}/scanner.go | 51 +- .../go-toml/v2/unstable/unmarshaler.go | 32 + .../rickb777/date/period/arithmetic.go | 111 + .../rickb777/date/period/designator.go | 55 + vendor/github.com/rickb777/date/period/doc.go | 4 +- .../github.com/rickb777/date/period/flag.go | 16 + .../github.com/rickb777/date/period/format.go | 83 +- .../rickb777/date/period/marshal.go | 6 +- .../github.com/rickb777/date/period/parse.go | 265 +- .../github.com/rickb777/date/period/period.go | 443 +- .../rickb777/date/period/period64.go | 142 + vendor/github.com/rickb777/date/period/sql.go | 36 + vendor/github.com/rickb777/plural/.travis.yml | 11 - vendor/github.com/rickb777/plural/README.md | 22 +- .../github.com/rickb777/plural/build+test.sh | 13 - vendor/github.com/rickb777/plural/build.sh | 5 + vendor/github.com/rickb777/plural/doc.go | 1 - vendor/github.com/rickb777/plural/plural.go | 12 +- vendor/github.com/spf13/cobra/.golangci.yml | 35 +- vendor/github.com/spf13/cobra/README.md | 24 +- vendor/github.com/spf13/cobra/SECURITY.md | 105 + vendor/github.com/spf13/cobra/command.go | 23 +- vendor/github.com/spf13/cobra/completions.go | 19 +- .../net/http/otelhttp/client.go | 65 - .../net/http/otelhttp/common.go | 2 +- .../net/http/otelhttp/config.go | 17 +- .../net/http/otelhttp/handler.go | 44 +- .../internal/request/resp_writer_wrapper.go | 9 +- .../http/otelhttp/internal/semconv/client.go | 68 +- .../http/otelhttp/internal/semconv/server.go | 33 +- .../http/otelhttp/internal/semconv/util.go | 8 +- .../net/http/otelhttp/transport.go | 93 +- .../net/http/otelhttp/version.go | 5 +- .../instrumentation/runtime/producer.go | 2 +- .../instrumentation/runtime/runtime.go | 4 +- .../instrumentation/runtime/version.go | 5 +- vendor/go.opentelemetry.io/otel/.golangci.yml | 16 + vendor/go.opentelemetry.io/otel/CHANGELOG.md | 128 +- .../go.opentelemetry.io/otel/CONTRIBUTING.md | 6 +- vendor/go.opentelemetry.io/otel/Makefile | 15 +- vendor/go.opentelemetry.io/otel/README.md | 14 +- vendor/go.opentelemetry.io/otel/RELEASING.md | 41 +- .../otel/attribute/encoder.go | 4 +- .../otel/attribute/hash.go | 4 +- .../otel/attribute/internal/attribute.go | 107 +- .../go.opentelemetry.io/otel/attribute/kv.go | 2 +- .../go.opentelemetry.io/otel/attribute/set.go | 2 +- .../otel/attribute/type_string.go | 6 +- .../otel/attribute/value.go | 62 +- .../otel/baggage/baggage.go | 113 +- .../otel/dependencies.Dockerfile | 2 +- .../internal/errorhandler/errorhandler.go | 96 + .../otel/internal/global/handler.go | 34 +- .../otel/internal/global/instruments.go | 56 + .../otel/internal/global/meter.go | 28 +- .../otel/internal/global/state.go | 36 +- .../otel/metric/asyncfloat64.go | 9 +- .../otel/metric/asyncint64.go | 9 +- .../go.opentelemetry.io/otel/metric/meter.go | 60 +- .../otel/metric/noop/noop.go | 24 + .../otel/metric/syncfloat64.go | 48 + .../otel/metric/syncint64.go | 48 + .../otel/propagation/baggage.go | 24 +- .../otel/propagation/trace_context.go | 13 +- .../go.opentelemetry.io/otel/requirements.txt | 2 +- .../otel/sdk/internal/x/features.go | 15 + .../otel/sdk/metric/config.go | 4 +- .../metric/exemplar/fixed_size_reservoir.go | 172 +- .../metric/exemplar/histogram_reservoir.go | 9 +- .../otel/sdk/metric/exemplar/storage.go | 53 +- .../otel/sdk/metric/instrument.go | 3 - .../metric/internal/aggregate/aggregate.go | 14 +- .../sdk/metric/internal/aggregate/atomic.go | 91 + .../aggregate/exponential_histogram.go | 164 +- .../metric/internal/aggregate/histogram.go | 401 +- .../metric/internal/aggregate/lastvalue.go | 246 +- .../otel/sdk/metric/internal/aggregate/sum.go | 34 +- .../metric/internal/observ/instrumentation.go | 4 +- .../otel/sdk/metric/internal/x/README.md | 100 - .../otel/sdk/metric/internal/x/x.go | 65 - .../otel/sdk/metric/manual_reader.go | 27 +- .../metricdata/metricdatatest/comparisons.go | 179 +- .../otel/sdk/metric/periodic_reader.go | 38 +- .../otel/sdk/metric/pipeline.go | 36 +- .../otel/sdk/metric/reader.go | 58 + .../otel/sdk/metric/version.go | 2 +- .../otel/sdk/resource/builtin.go | 2 +- .../otel/sdk/resource/config.go | 8 + .../otel/sdk/resource/container.go | 2 +- .../otel/sdk/resource/env.go | 2 +- .../otel/sdk/resource/host_id.go | 19 +- .../otel/sdk/resource/host_id_readfile.go | 2 +- .../otel/sdk/resource/os.go | 2 +- .../otel/sdk/resource/process.go | 2 +- .../otel/sdk/resource/resource.go | 19 +- .../otel/sdk/trace/batch_span_processor.go | 12 +- .../internal/observ/batch_span_processor.go | 4 +- .../internal/observ/simple_span_processor.go | 4 +- .../otel/sdk/trace/internal/observ/tracer.go | 10 +- .../otel/sdk/trace/provider.go | 17 +- .../otel/sdk/trace/sampling.go | 64 +- .../otel/sdk/trace/span.go | 2 +- .../go.opentelemetry.io/otel/sdk/version.go | 2 +- .../otel/semconv/v1.40.0/MIGRATION.md | 27 + .../otel/semconv/v1.40.0/README.md | 3 + .../otel/semconv/v1.40.0/attribute_group.go | 16861 ++++++++++++++++ .../otel/semconv/v1.40.0/doc.go | 9 + .../otel/semconv/v1.40.0/error_type.go | 66 + .../otel/semconv/v1.40.0/exception.go | 9 + .../{v1.37.0 => v1.40.0}/goconv/metric.go | 0 .../otel/semconv/v1.40.0/httpconv/metric.go | 1767 ++ .../otel/semconv/v1.40.0/otelconv/metric.go | 2222 ++ .../otel/semconv/v1.40.0/schema.go | 9 + vendor/go.opentelemetry.io/otel/trace/auto.go | 2 +- .../go.opentelemetry.io/otel/trace/trace.go | 24 + .../otel/trace/tracestate.go | 9 +- vendor/go.opentelemetry.io/otel/version.go | 2 +- vendor/go.opentelemetry.io/otel/versions.yaml | 14 +- vendor/go.uber.org/atomic/CHANGELOG.md | 10 + vendor/go.uber.org/atomic/bool.go | 2 +- vendor/go.uber.org/atomic/duration.go | 2 +- vendor/go.uber.org/atomic/error.go | 14 +- vendor/go.uber.org/atomic/float32.go | 2 +- vendor/go.uber.org/atomic/float64.go | 2 +- vendor/go.uber.org/atomic/int32.go | 2 +- vendor/go.uber.org/atomic/int64.go | 2 +- vendor/go.uber.org/atomic/pointer_go118.go | 41 +- .../atomic/pointer_go118_pre119.go | 60 + vendor/go.uber.org/atomic/string.go | 23 +- vendor/go.uber.org/atomic/string_ext.go | 15 +- vendor/go.uber.org/atomic/time.go | 2 +- vendor/go.uber.org/atomic/uint32.go | 2 +- vendor/go.uber.org/atomic/uint64.go | 2 +- vendor/go.uber.org/atomic/uintptr.go | 2 +- vendor/go.uber.org/zap/CHANGELOG.md | 4 + vendor/go.uber.org/zap/zapcore/entry.go | 32 +- .../x/net/http2/client_priority_go126.go | 20 + .../x/net/http2/client_priority_go127.go | 13 + vendor/golang.org/x/net/http2/frame.go | 188 +- vendor/golang.org/x/net/http2/http2.go | 18 +- vendor/golang.org/x/net/http2/server.go | 88 +- vendor/golang.org/x/net/http2/transport.go | 15 +- vendor/golang.org/x/net/http2/writesched.go | 6 + .../net/http2/writesched_priority_rfc7540.go | 9 + .../x/net/http2/writesched_random.go | 2 + .../x/net/internal/httpsfv/httpsfv.go | 665 + vendor/golang.org/x/oauth2/deviceauth.go | 31 +- vendor/golang.org/x/oauth2/oauth2.go | 2 +- vendor/golang.org/x/oauth2/pkce.go | 2 +- vendor/golang.org/x/oauth2/token.go | 2 +- vendor/golang.org/x/oauth2/transport.go | 2 +- .../golang.org/x/sync/semaphore/semaphore.go | 160 - .../golang.org/x/sys/plan9/syscall_plan9.go | 8 +- vendor/golang.org/x/sys/unix/ioctl_signed.go | 11 +- .../golang.org/x/sys/unix/ioctl_unsigned.go | 11 +- .../golang.org/x/sys/unix/syscall_solaris.go | 8 - vendor/golang.org/x/sys/unix/syscall_unix.go | 10 +- vendor/golang.org/x/sys/unix/ztypes_linux.go | 229 +- vendor/golang.org/x/sys/windows/aliases.go | 1 + .../golang.org/x/sys/windows/registry/key.go | 15 +- .../x/sys/windows/syscall_windows.go | 15 +- .../golang.org/x/sys/windows/types_windows.go | 85 + .../x/sys/windows/zsyscall_windows.go | 7 + .../golang.org/x/text/cases/tables10.0.0.go | 2255 --- .../golang.org/x/text/cases/tables11.0.0.go | 2316 --- .../golang.org/x/text/cases/tables12.0.0.go | 2359 --- .../golang.org/x/text/cases/tables15.0.0.go | 2 +- .../{tables13.0.0.go => tables17.0.0.go} | 1473 +- vendor/golang.org/x/text/cases/tables9.0.0.go | 2215 -- .../x/text/secure/bidirule/bidirule.go | 4 + .../x/text/secure/bidirule/bidirule10.0.0.go | 11 - .../x/text/secure/bidirule/bidirule9.0.0.go | 14 - .../x/text/unicode/bidi/tables10.0.0.go | 1815 -- .../x/text/unicode/bidi/tables11.0.0.go | 1887 -- .../x/text/unicode/bidi/tables12.0.0.go | 1923 -- .../x/text/unicode/bidi/tables13.0.0.go | 1955 -- .../x/text/unicode/bidi/tables15.0.0.go | 2 +- .../x/text/unicode/bidi/tables17.0.0.go | 2135 ++ .../x/text/unicode/bidi/tables9.0.0.go | 1781 -- .../x/text/unicode/norm/forminfo.go | 26 +- .../x/text/unicode/norm/tables10.0.0.go | 7657 ------- .../x/text/unicode/norm/tables11.0.0.go | 7693 ------- .../x/text/unicode/norm/tables12.0.0.go | 7710 ------- .../x/text/unicode/norm/tables15.0.0.go | 2820 +-- .../norm/{tables13.0.0.go => tables17.0.0.go} | 6716 +++--- .../x/text/unicode/norm/tables9.0.0.go | 7637 ------- vendor/golang.org/x/time/rate/rate.go | 2 +- .../x/tools/go/ast/inspector/cursor.go | 34 +- .../x/tools/go/ast/inspector/inspector.go | 4 +- .../x/tools/go/ast/inspector/iter.go | 36 +- .../x/tools/go/packages/packages.go | 15 +- .../x/tools/go/types/objectpath/objectpath.go | 16 +- .../x/tools/internal/aliases/aliases.go | 30 +- .../x/tools/internal/aliases/aliases_go122.go | 80 - .../x/tools/internal/event/core/event.go | 23 +- .../x/tools/internal/event/keys/keys.go | 439 +- .../x/tools/internal/event/label/label.go | 11 +- .../x/tools/internal/gcimporter/iexport.go | 11 +- .../x/tools/internal/gcimporter/iimport.go | 4 +- .../tools/internal/gcimporter/ureader_yes.go | 4 +- .../x/tools/internal/stdlib/deps.go | 2 +- .../x/tools/internal/typeparams/free.go | 4 +- .../x/tools/internal/typesinternal/types.go | 3 +- .../grpc/balancer/balancer.go | 2 - .../balancer/pickfirst/internal/internal.go | 2 + .../grpc/balancer/pickfirst/pickfirst.go | 57 +- .../grpc/balancer/subconn.go | 14 - .../grpc/balancer_wrapper.go | 6 +- vendor/google.golang.org/grpc/clientconn.go | 164 +- .../google.golang.org/grpc/credentials/tls.go | 6 +- .../grpc/encoding/encoding.go | 4 - .../grpc/encoding/gzip/gzip.go | 12 - .../grpc/experimental/stats/metricregistry.go | 39 + .../grpc/experimental/stats/metrics.go | 76 +- .../health/grpc_health_v1/health_grpc.pb.go | 2 +- vendor/google.golang.org/grpc/interceptor.go | 12 +- .../balancer/gracefulswitch/gracefulswitch.go | 12 + .../grpc/internal/balancer/weight/weight.go | 66 + .../grpc/internal/envconfig/envconfig.go | 27 + .../grpc/internal/experimental.go | 7 + .../grpc/internal/idle/idle.go | 77 +- .../grpc/internal/internal.go | 29 +- .../internal/resolver/dns/dns_resolver.go | 15 +- .../internal/stats/metrics_recorder_list.go | 60 + .../grpc/internal/transport/client_stream.go | 10 +- .../grpc/internal/transport/controlbuf.go | 24 +- .../grpc/internal/transport/http2_client.go | 38 +- .../grpc/internal/transport/http2_server.go | 94 +- .../grpc/internal/transport/http_util.go | 6 - .../grpc/internal/transport/transport.go | 40 +- .../google.golang.org/grpc/mem/buffer_pool.go | 15 +- vendor/google.golang.org/grpc/mem/buffers.go | 65 +- .../grpc/resolver/resolver.go | 1 + .../grpc/resolver_wrapper.go | 1 + vendor/google.golang.org/grpc/rpc_util.go | 93 +- vendor/google.golang.org/grpc/server.go | 61 +- vendor/google.golang.org/grpc/stream.go | 87 +- vendor/google.golang.org/grpc/version.go | 2 +- .../protobuf/internal/encoding/tag/tag.go | 11 +- .../protobuf/internal/encoding/text/decode.go | 115 +- .../protobuf/internal/filedesc/desc.go | 1 + .../protobuf/internal/filedesc/desc_lazy.go | 22 - .../protobuf/internal/genid/descriptor_gen.go | 1 + .../protobuf/internal/impl/codec_map.go | 6 + .../protobuf/internal/impl/decode.go | 3 +- .../protobuf/internal/impl/validate.go | 26 + .../protobuf/internal/version/version.go | 2 +- .../protobuf/proto/decode.go | 10 +- .../types/descriptorpb/descriptor.pb.go | 13 +- .../types/known/timestamppb/timestamp.pb.go | 13 +- .../gopkg.in/evanphx/json-patch.v4/README.md | 8 +- .../gopkg.in/evanphx/json-patch.v4/patch.go | 105 +- vendor/k8s.io/api/admission/v1/doc.go | 2 + .../k8s.io/api/admission/v1/generated.pb.go | 175 +- .../k8s.io/api/admission/v1/generated.proto | 47 +- .../admission/v1/generated.protomessage.pb.go | 28 + vendor/k8s.io/api/admission/v1/types.go | 47 +- .../v1/types_swagger_doc_generated.go | 46 +- .../admission/v1/zz_generated.model_name.go | 37 + .../api/admissionregistration/v1/doc.go | 2 + .../admissionregistration/v1/generated.pb.go | 937 +- .../v1/generated.protomessage.pb.go | 76 + .../api/admissionregistration/v1/types.go | 9 +- .../v1/zz_generated.model_name.go | 157 + .../api/admissionregistration/v1alpha1/doc.go | 2 + .../v1alpha1/generated.pb.go | 890 +- .../v1alpha1/generated.protomessage.pb.go | 74 + .../admissionregistration/v1alpha1/types.go | 3 +- .../v1alpha1/zz_generated.model_name.go | 152 + .../api/admissionregistration/v1beta1/doc.go | 2 + .../v1beta1/generated.pb.go | 1149 +- .../v1beta1/generated.proto | 1 - .../v1beta1/generated.protomessage.pb.go | 90 + .../admissionregistration/v1beta1/types.go | 12 +- .../v1beta1/zz_generated.model_name.go | 192 + vendor/k8s.io/api/apidiscovery/v2/doc.go | 2 + .../api/apidiscovery/v2/generated.pb.go | 215 +- .../v2/generated.protomessage.pb.go | 32 + .../v2/zz_generated.model_name.go | 47 + vendor/k8s.io/api/apidiscovery/v2beta1/doc.go | 1 + .../api/apidiscovery/v2beta1/generated.pb.go | 216 +- .../v2beta1/generated.protomessage.pb.go | 32 + .../v2beta1/zz_generated.model_name.go | 47 + .../api/apiserverinternal/v1alpha1/doc.go | 1 + .../v1alpha1/generated.pb.go | 248 +- .../v1alpha1/generated.protomessage.pb.go | 34 + .../v1alpha1/zz_generated.model_name.go | 52 + vendor/k8s.io/api/apps/v1/doc.go | 1 + vendor/k8s.io/api/apps/v1/generated.pb.go | 1032 +- vendor/k8s.io/api/apps/v1/generated.proto | 10 +- .../api/apps/v1/generated.protomessage.pb.go | 82 + vendor/k8s.io/api/apps/v1/types.go | 12 +- .../apps/v1/types_swagger_doc_generated.go | 6 +- .../api/apps/v1/zz_generated.model_name.go | 172 + vendor/k8s.io/api/apps/v1beta1/doc.go | 1 + .../k8s.io/api/apps/v1beta1/generated.pb.go | 829 +- .../k8s.io/api/apps/v1beta1/generated.proto | 16 +- .../apps/v1beta1/generated.protomessage.pb.go | 68 + vendor/k8s.io/api/apps/v1beta1/types.go | 16 +- .../v1beta1/types_swagger_doc_generated.go | 6 +- .../apps/v1beta1/zz_generated.model_name.go | 137 + vendor/k8s.io/api/apps/v1beta2/doc.go | 1 + .../k8s.io/api/apps/v1beta2/generated.pb.go | 1134 +- .../k8s.io/api/apps/v1beta2/generated.proto | 18 +- .../apps/v1beta2/generated.protomessage.pb.go | 88 + vendor/k8s.io/api/apps/v1beta2/types.go | 20 +- .../v1beta2/types_swagger_doc_generated.go | 8 +- .../apps/v1beta2/zz_generated.model_name.go | 187 + vendor/k8s.io/api/authentication/v1/doc.go | 1 + .../api/authentication/v1/generated.pb.go | 411 +- .../v1/generated.protomessage.pb.go | 44 + .../v1/zz_generated.model_name.go | 72 + .../k8s.io/api/authentication/v1alpha1/doc.go | 1 + .../authentication/v1alpha1/generated.pb.go | 106 +- .../v1alpha1/generated.protomessage.pb.go | 26 + .../v1alpha1/zz_generated.model_name.go | 32 + .../k8s.io/api/authentication/v1beta1/doc.go | 1 + .../authentication/v1beta1/generated.pb.go | 280 +- .../v1beta1/generated.protomessage.pb.go | 36 + .../v1beta1/zz_generated.model_name.go | 52 + vendor/k8s.io/api/authorization/v1/doc.go | 2 + .../api/authorization/v1/generated.pb.go | 573 +- .../v1/generated.protomessage.pb.go | 54 + .../v1/zz_generated.model_name.go | 97 + .../k8s.io/api/authorization/v1beta1/doc.go | 1 + .../api/authorization/v1beta1/generated.pb.go | 512 +- .../v1beta1/generated.protomessage.pb.go | 50 + .../v1beta1/zz_generated.model_name.go | 87 + vendor/k8s.io/api/autoscaling/v1/doc.go | 1 + .../k8s.io/api/autoscaling/v1/generated.pb.go | 734 +- .../v1/generated.protomessage.pb.go | 64 + .../autoscaling/v1/zz_generated.model_name.go | 127 + vendor/k8s.io/api/autoscaling/v2/doc.go | 1 + .../k8s.io/api/autoscaling/v2/generated.pb.go | 830 +- .../k8s.io/api/autoscaling/v2/generated.proto | 6 +- .../v2/generated.protomessage.pb.go | 70 + vendor/k8s.io/api/autoscaling/v2/types.go | 6 +- .../v2/types_swagger_doc_generated.go | 4 +- .../autoscaling/v2/zz_generated.model_name.go | 142 + vendor/k8s.io/api/autoscaling/v2beta1/doc.go | 1 + .../api/autoscaling/v2beta1/generated.pb.go | 644 +- .../v2beta1/generated.protomessage.pb.go | 58 + .../v2beta1/zz_generated.model_name.go | 112 + vendor/k8s.io/api/autoscaling/v2beta2/doc.go | 1 + .../api/autoscaling/v2beta2/generated.pb.go | 829 +- .../v2beta2/generated.protomessage.pb.go | 70 + .../v2beta2/zz_generated.model_name.go | 142 + vendor/k8s.io/api/batch/v1/doc.go | 2 + vendor/k8s.io/api/batch/v1/generated.pb.go | 631 +- vendor/k8s.io/api/batch/v1/generated.proto | 4 +- .../api/batch/v1/generated.protomessage.pb.go | 56 + vendor/k8s.io/api/batch/v1/types.go | 4 +- .../batch/v1/types_swagger_doc_generated.go | 2 +- .../api/batch/v1/zz_generated.model_name.go | 107 + vendor/k8s.io/api/batch/v1beta1/doc.go | 1 + .../k8s.io/api/batch/v1beta1/generated.pb.go | 218 +- .../v1beta1/generated.protomessage.pb.go | 32 + .../batch/v1beta1/zz_generated.model_name.go | 47 + vendor/k8s.io/api/certificates/v1/doc.go | 2 + .../api/certificates/v1/generated.pb.go | 262 +- .../api/certificates/v1/generated.proto | 3 +- .../v1/generated.protomessage.pb.go | 34 + vendor/k8s.io/api/certificates/v1/types.go | 3 +- .../v1/zz_generated.model_name.go | 47 + .../k8s.io/api/certificates/v1alpha1/doc.go | 1 + .../api/certificates/v1alpha1/generated.pb.go | 1949 +- .../api/certificates/v1alpha1/generated.proto | 205 - .../v1alpha1/generated.protomessage.pb.go | 28 + .../api/certificates/v1alpha1/register.go | 2 - .../k8s.io/api/certificates/v1alpha1/types.go | 231 - .../v1alpha1/types_swagger_doc_generated.go | 52 - .../v1alpha1/zz_generated.deepcopy.go | 128 - .../v1alpha1/zz_generated.model_name.go | 37 + .../zz_generated.prerelease-lifecycle.go | 36 - vendor/k8s.io/api/certificates/v1beta1/doc.go | 1 + .../api/certificates/v1beta1/generated.pb.go | 3082 ++- .../api/certificates/v1beta1/generated.proto | 220 +- .../v1beta1/generated.protomessage.pb.go | 48 + .../api/certificates/v1beta1/register.go | 2 + .../k8s.io/api/certificates/v1beta1/types.go | 251 +- .../v1beta1/types_swagger_doc_generated.go | 53 + .../v1beta1/zz_generated.deepcopy.go | 135 + .../v1beta1/zz_generated.model_name.go | 82 + .../zz_generated.prerelease-lifecycle.go | 36 + vendor/k8s.io/api/coordination/v1/doc.go | 1 + .../api/coordination/v1/generated.pb.go | 148 +- .../v1/generated.protomessage.pb.go | 28 + .../v1/zz_generated.model_name.go | 37 + .../k8s.io/api/coordination/v1alpha2/doc.go | 1 + .../api/coordination/v1alpha2/generated.pb.go | 147 +- .../v1alpha2/generated.protomessage.pb.go | 28 + .../v1alpha2/zz_generated.model_name.go | 37 + vendor/k8s.io/api/coordination/v1beta1/doc.go | 1 + .../api/coordination/v1beta1/generated.pb.go | 246 +- .../v1beta1/generated.protomessage.pb.go | 34 + .../v1beta1/zz_generated.model_name.go | 52 + vendor/k8s.io/api/core/v1/doc.go | 2 + vendor/k8s.io/api/core/v1/generated.pb.go | 9343 ++------- vendor/k8s.io/api/core/v1/generated.proto | 113 +- .../api/core/v1/generated.protomessage.pb.go | 498 + vendor/k8s.io/api/core/v1/toleration.go | 57 +- vendor/k8s.io/api/core/v1/types.go | 171 +- .../core/v1/types_swagger_doc_generated.go | 62 +- .../api/core/v1/zz_generated.deepcopy.go | 45 + .../api/core/v1/zz_generated.model_name.go | 1212 ++ vendor/k8s.io/api/discovery/v1/doc.go | 2 + .../k8s.io/api/discovery/v1/generated.pb.go | 320 +- .../k8s.io/api/discovery/v1/generated.proto | 2 - .../discovery/v1/generated.protomessage.pb.go | 38 + vendor/k8s.io/api/discovery/v1/types.go | 2 - .../v1/types_swagger_doc_generated.go | 2 +- .../discovery/v1/zz_generated.model_name.go | 62 + vendor/k8s.io/api/discovery/v1beta1/doc.go | 2 + .../api/discovery/v1beta1/generated.pb.go | 318 +- .../api/discovery/v1beta1/generated.proto | 2 - .../v1beta1/generated.protomessage.pb.go | 38 + vendor/k8s.io/api/discovery/v1beta1/types.go | 2 - .../v1beta1/types_swagger_doc_generated.go | 2 +- .../v1beta1/zz_generated.model_name.go | 62 + vendor/k8s.io/api/events/v1/doc.go | 2 + vendor/k8s.io/api/events/v1/generated.pb.go | 159 +- .../events/v1/generated.protomessage.pb.go | 28 + .../api/events/v1/zz_generated.model_name.go | 37 + vendor/k8s.io/api/events/v1beta1/doc.go | 1 + .../k8s.io/api/events/v1beta1/generated.pb.go | 159 +- .../v1beta1/generated.protomessage.pb.go | 28 + .../events/v1beta1/zz_generated.model_name.go | 37 + vendor/k8s.io/api/extensions/v1beta1/doc.go | 1 + .../api/extensions/v1beta1/generated.pb.go | 1521 +- .../api/extensions/v1beta1/generated.proto | 4 +- .../v1beta1/generated.protomessage.pb.go | 112 + vendor/k8s.io/api/extensions/v1beta1/types.go | 4 +- .../v1beta1/types_swagger_doc_generated.go | 4 +- .../v1beta1/zz_generated.model_name.go | 247 + .../v1beta1/zz_generated.validations.go | 24 +- vendor/k8s.io/api/flowcontrol/v1/doc.go | 1 + .../k8s.io/api/flowcontrol/v1/generated.pb.go | 791 +- .../v1/generated.protomessage.pb.go | 68 + .../flowcontrol/v1/zz_generated.model_name.go | 137 + vendor/k8s.io/api/flowcontrol/v1beta1/doc.go | 1 + .../api/flowcontrol/v1beta1/generated.pb.go | 792 +- .../v1beta1/generated.protomessage.pb.go | 68 + .../v1beta1/zz_generated.model_name.go | 137 + vendor/k8s.io/api/flowcontrol/v1beta2/doc.go | 1 + .../api/flowcontrol/v1beta2/generated.pb.go | 793 +- .../v1beta2/generated.protomessage.pb.go | 68 + .../v1beta2/zz_generated.model_name.go | 137 + vendor/k8s.io/api/flowcontrol/v1beta3/doc.go | 1 + .../api/flowcontrol/v1beta3/generated.pb.go | 792 +- .../v1beta3/generated.protomessage.pb.go | 68 + .../v1beta3/zz_generated.model_name.go | 137 + vendor/k8s.io/api/imagepolicy/v1alpha1/doc.go | 1 + .../api/imagepolicy/v1alpha1/generated.pb.go | 191 +- .../v1alpha1/generated.protomessage.pb.go | 30 + .../v1alpha1/zz_generated.model_name.go | 42 + vendor/k8s.io/api/networking/v1/doc.go | 2 + .../k8s.io/api/networking/v1/generated.pb.go | 1157 +- .../v1/generated.protomessage.pb.go | 92 + .../networking/v1/zz_generated.model_name.go | 197 + vendor/k8s.io/api/networking/v1beta1/doc.go | 2 + .../api/networking/v1beta1/generated.pb.go | 841 +- .../v1beta1/generated.protomessage.pb.go | 72 + .../v1beta1/zz_generated.model_name.go | 147 + vendor/k8s.io/api/node/v1/doc.go | 2 + vendor/k8s.io/api/node/v1/generated.pb.go | 193 +- .../api/node/v1/generated.protomessage.pb.go | 30 + .../api/node/v1/zz_generated.model_name.go | 42 + vendor/k8s.io/api/node/v1alpha1/doc.go | 1 + .../k8s.io/api/node/v1alpha1/generated.pb.go | 224 +- .../v1alpha1/generated.protomessage.pb.go | 32 + .../node/v1alpha1/zz_generated.model_name.go | 47 + vendor/k8s.io/api/node/v1beta1/doc.go | 1 + .../k8s.io/api/node/v1beta1/generated.pb.go | 193 +- .../node/v1beta1/generated.protomessage.pb.go | 30 + .../node/v1beta1/zz_generated.model_name.go | 42 + vendor/k8s.io/api/policy/v1/doc.go | 1 + vendor/k8s.io/api/policy/v1/generated.pb.go | 229 +- .../policy/v1/generated.protomessage.pb.go | 32 + .../api/policy/v1/zz_generated.model_name.go | 47 + vendor/k8s.io/api/policy/v1beta1/doc.go | 1 + .../k8s.io/api/policy/v1beta1/generated.pb.go | 229 +- .../v1beta1/generated.protomessage.pb.go | 32 + .../policy/v1beta1/zz_generated.model_name.go | 47 + vendor/k8s.io/api/rbac/v1/doc.go | 2 + vendor/k8s.io/api/rbac/v1/generated.pb.go | 422 +- vendor/k8s.io/api/rbac/v1/generated.proto | 4 + .../api/rbac/v1/generated.protomessage.pb.go | 46 + vendor/k8s.io/api/rbac/v1/types.go | 4 + .../api/rbac/v1/zz_generated.model_name.go | 82 + vendor/k8s.io/api/rbac/v1alpha1/doc.go | 1 + .../k8s.io/api/rbac/v1alpha1/generated.pb.go | 424 +- .../k8s.io/api/rbac/v1alpha1/generated.proto | 4 + .../v1alpha1/generated.protomessage.pb.go | 46 + vendor/k8s.io/api/rbac/v1alpha1/types.go | 4 + .../rbac/v1alpha1/zz_generated.model_name.go | 82 + vendor/k8s.io/api/rbac/v1beta1/doc.go | 1 + .../k8s.io/api/rbac/v1beta1/generated.pb.go | 422 +- .../k8s.io/api/rbac/v1beta1/generated.proto | 4 + .../rbac/v1beta1/generated.protomessage.pb.go | 46 + vendor/k8s.io/api/rbac/v1beta1/types.go | 4 + .../rbac/v1beta1/zz_generated.model_name.go | 82 + vendor/k8s.io/api/resource/v1/doc.go | 1 + vendor/k8s.io/api/resource/v1/generated.pb.go | 1493 +- vendor/k8s.io/api/resource/v1/generated.proto | 166 +- .../resource/v1/generated.protomessage.pb.go | 108 + vendor/k8s.io/api/resource/v1/types.go | 225 +- .../v1/types_swagger_doc_generated.go | 24 +- .../resource/v1/zz_generated.model_name.go | 237 + vendor/k8s.io/api/resource/v1alpha3/doc.go | 2 + .../api/resource/v1alpha3/generated.pb.go | 516 +- .../api/resource/v1alpha3/generated.proto | 59 +- .../v1alpha3/generated.protomessage.pb.go | 38 + vendor/k8s.io/api/resource/v1alpha3/types.go | 80 +- .../v1alpha3/types_swagger_doc_generated.go | 24 +- .../v1alpha3/zz_generated.deepcopy.go | 37 +- .../v1alpha3/zz_generated.model_name.go | 62 + vendor/k8s.io/api/resource/v1beta1/doc.go | 2 + .../api/resource/v1beta1/generated.pb.go | 1493 +- .../api/resource/v1beta1/generated.proto | 164 +- .../v1beta1/generated.protomessage.pb.go | 108 + vendor/k8s.io/api/resource/v1beta1/types.go | 221 +- .../v1beta1/types_swagger_doc_generated.go | 22 +- .../v1beta1/zz_generated.model_name.go | 237 + vendor/k8s.io/api/resource/v1beta2/doc.go | 2 + .../api/resource/v1beta2/generated.pb.go | 1493 +- .../api/resource/v1beta2/generated.proto | 166 +- .../v1beta2/generated.protomessage.pb.go | 108 + vendor/k8s.io/api/resource/v1beta2/types.go | 225 +- .../v1beta2/types_swagger_doc_generated.go | 24 +- .../v1beta2/zz_generated.model_name.go | 237 + vendor/k8s.io/api/scheduling/v1/doc.go | 2 + .../k8s.io/api/scheduling/v1/generated.pb.go | 113 +- .../v1/generated.protomessage.pb.go | 26 + .../scheduling/v1/zz_generated.model_name.go | 32 + vendor/k8s.io/api/scheduling/v1alpha1/doc.go | 1 + .../api/scheduling/v1alpha1/generated.pb.go | 1596 +- .../api/scheduling/v1alpha1/generated.proto | 115 + .../v1alpha1/generated.protomessage.pb.go | 42 + .../api/scheduling/v1alpha1/register.go | 2 + .../k8s.io/api/scheduling/v1alpha1/types.go | 127 + .../v1alpha1/types_swagger_doc_generated.go | 78 + .../v1alpha1/zz_generated.deepcopy.go | 179 + .../v1alpha1/zz_generated.model_name.go | 72 + vendor/k8s.io/api/scheduling/v1beta1/doc.go | 1 + .../api/scheduling/v1beta1/generated.pb.go | 114 +- .../v1beta1/generated.protomessage.pb.go | 26 + .../v1beta1/zz_generated.model_name.go | 32 + vendor/k8s.io/api/storage/v1/doc.go | 1 + vendor/k8s.io/api/storage/v1/generated.pb.go | 797 +- vendor/k8s.io/api/storage/v1/generated.proto | 26 + .../storage/v1/generated.protomessage.pb.go | 64 + vendor/k8s.io/api/storage/v1/types.go | 26 + .../storage/v1/types_swagger_doc_generated.go | 1 + .../api/storage/v1/zz_generated.deepcopy.go | 5 + .../api/storage/v1/zz_generated.model_name.go | 127 + vendor/k8s.io/api/storage/v1alpha1/doc.go | 1 + .../api/storage/v1alpha1/generated.pb.go | 391 +- .../v1alpha1/generated.protomessage.pb.go | 42 + .../v1alpha1/zz_generated.model_name.go | 72 + vendor/k8s.io/api/storage/v1beta1/doc.go | 1 + .../api/storage/v1beta1/generated.pb.go | 797 +- .../api/storage/v1beta1/generated.proto | 26 + .../v1beta1/generated.protomessage.pb.go | 64 + vendor/k8s.io/api/storage/v1beta1/types.go | 26 + .../v1beta1/types_swagger_doc_generated.go | 1 + .../storage/v1beta1/zz_generated.deepcopy.go | 5 + .../v1beta1/zz_generated.model_name.go | 127 + .../storagemigration/v1alpha1/generated.pb.go | 1688 -- .../{v1alpha1 => v1beta1}/doc.go | 4 +- .../storagemigration/v1beta1/generated.pb.go | 904 + .../{v1alpha1 => v1beta1}/generated.proto | 53 +- .../v1beta1/generated.protomessage.pb.go | 30 + .../{v1alpha1 => v1beta1}/register.go | 4 +- .../{v1alpha1 => v1beta1}/types.go | 52 +- .../types_swagger_doc_generated.go | 31 +- .../zz_generated.deepcopy.go | 38 +- .../v1beta1/zz_generated.model_name.go | 42 + .../zz_generated.prerelease-lifecycle.go | 14 +- .../pkg/apis/apiextensions/types.go | 11 + .../pkg/apis/apiextensions/v1/doc.go | 2 + .../pkg/apis/apiextensions/v1/generated.pb.go | 1074 +- .../pkg/apis/apiextensions/v1/generated.proto | 12 + .../v1/generated.protomessage.pb.go | 76 + .../pkg/apis/apiextensions/v1/types.go | 11 + .../v1/zz_generated.conversion.go | 4 + .../v1/zz_generated.model_name.go | 157 + .../pkg/apis/apiextensions/v1beta1/doc.go | 2 + .../apiextensions/v1beta1/generated.pb.go | 1048 +- .../apiextensions/v1beta1/generated.proto | 12 + .../v1beta1/generated.protomessage.pb.go | 74 + .../pkg/apis/apiextensions/v1beta1/types.go | 10 + .../v1beta1/zz_generated.conversion.go | 4 + .../v1beta1/zz_generated.model_name.go | 152 + .../v1/customresourcecolumndefinition.go | 24 +- .../v1/customresourceconversion.go | 9 +- .../v1/customresourcedefinition.go | 14 +- .../v1/customresourcedefinitioncondition.go | 30 +- .../v1/customresourcedefinitionnames.go | 24 +- .../v1/customresourcedefinitionspec.go | 34 +- .../v1/customresourcedefinitionstatus.go | 27 +- .../v1/customresourcedefinitionversion.go | 38 +- .../v1/customresourcesubresources.go | 11 +- .../v1/customresourcesubresourcescale.go | 24 +- .../v1/customresourcevalidation.go | 3 + .../apiextensions/v1/externaldocumentation.go | 2 + .../apiextensions/v1/jsonschemaprops.go | 179 +- .../apiextensions/v1/selectablefield.go | 10 + .../apiextensions/v1/servicereference.go | 16 +- .../apiextensions/v1/validationrule.go | 120 +- .../apiextensions/v1/webhookclientconfig.go | 39 +- .../apiextensions/v1/webhookconversion.go | 13 +- .../v1beta1/customresourcecolumndefinition.go | 24 +- .../v1beta1/customresourceconversion.go | 21 +- .../v1beta1/customresourcedefinition.go | 15 +- .../customresourcedefinitioncondition.go | 30 +- .../v1beta1/customresourcedefinitionnames.go | 24 +- .../v1beta1/customresourcedefinitionspec.go | 67 +- .../v1beta1/customresourcedefinitionstatus.go | 27 +- .../customresourcedefinitionversion.go | 43 +- .../v1beta1/customresourcesubresources.go | 9 +- .../v1beta1/customresourcesubresourcescale.go | 24 +- .../v1beta1/customresourcevalidation.go | 3 + .../v1beta1/externaldocumentation.go | 2 + .../apiextensions/v1beta1/jsonschemaprops.go | 179 +- .../apiextensions/v1beta1/selectablefield.go | 10 + .../apiextensions/v1beta1/servicereference.go | 16 +- .../apiextensions/v1beta1/validationrule.go | 120 +- .../v1beta1/webhookclientconfig.go | 39 +- .../clientset/fake/clientset_generated.go | 17 +- .../v1/customresourcedefinition.go | 4 +- .../v1beta1/customresourcedefinition.go | 4 +- .../informers/externalversions/factory.go | 3 +- .../k8s.io/apimachinery/pkg/api/errors/OWNERS | 16 + .../apimachinery/pkg/api/errors/errors.go | 3 +- .../k8s.io/apimachinery/pkg/api/meta/OWNERS | 15 + .../apimachinery/pkg/api/resource/OWNERS | 10 + .../pkg/api/resource/generated.pb.go | 93 +- .../pkg/api/resource/generated.proto | 2 + .../api/resource/generated.protomessage.pb.go | 26 + .../apimachinery/pkg/api/resource/quantity.go | 2 + .../pkg/api/resource/quantity_proto.go | 4 - .../api/resource/zz_generated.model_name.go | 32 + .../pkg/api/validate/content/decimal_int.go | 62 + .../pkg/api/validate/content/dns.go | 101 + .../pkg/api/validate/content/errors.go | 27 + .../pkg/api/validate/content/identifier.go | 35 + .../pkg/api/validate/content/kube.go | 101 + .../apimachinery/pkg/api/validate/each.go | 15 + .../apimachinery/pkg/api/validate/enum.go | 48 +- .../pkg/api/validate/immutable.go | 42 +- .../apimachinery/pkg/api/validate/item.go | 25 +- .../apimachinery/pkg/api/validate/limits.go | 20 + .../apimachinery/pkg/api/validate/options.go | 35 + .../apimachinery/pkg/api/validate/strfmt.go | 290 + .../apimachinery/pkg/api/validate/subfield.go | 19 +- .../apimachinery/pkg/api/validate/union.go | 55 +- .../apimachinery/pkg/api/validate/update.go | 160 + .../pkg/api/validate/zeroorone.go | 9 +- .../apimachinery/pkg/api/validation/OWNERS | 11 + .../pkg/api/validation/generic.go | 6 + .../pkg/api/validation/objectmeta.go | 86 +- .../internalversion/validation/validation.go | 76 + .../apimachinery/pkg/apis/meta/v1/OWNERS | 17 + .../apimachinery/pkg/apis/meta/v1/doc.go | 1 + .../pkg/apis/meta/v1/generated.pb.go | 1520 +- .../pkg/apis/meta/v1/generated.proto | 2 +- .../apis/meta/v1/generated.protomessage.pb.go | 112 + .../apimachinery/pkg/apis/meta/v1/types.go | 1 - .../pkg/apis/meta/v1/validation/validation.go | 4 +- .../apis/meta/v1/zz_generated.model_name.go | 267 + .../apimachinery/pkg/apis/meta/v1beta1/doc.go | 1 + .../pkg/apis/meta/v1beta1/generated.pb.go | 72 +- .../meta/v1beta1/generated.protomessage.pb.go | 24 + .../pkg/apis/meta/v1beta1/types.go | 1 + .../meta/v1beta1/zz_generated.model_name.go | 27 + .../apimachinery/pkg/labels/selector.go | 4 +- vendor/k8s.io/apimachinery/pkg/runtime/doc.go | 2 + .../apimachinery/pkg/runtime/generated.pb.go | 135 +- .../pkg/runtime/generated.protomessage.pb.go | 28 + .../pkg/runtime/schema/generated.pb.go | 38 - .../schema/generated.protomessage.pb.go | 22 + .../k8s.io/apimachinery/pkg/runtime/scheme.go | 10 + .../serializer/protobuf/collections.go | 8 +- .../runtime/serializer/protobuf/protobuf.go | 39 +- .../apimachinery/pkg/runtime/types_proto.go | 10 + .../pkg/runtime/zz_generated.model_name.go | 92 + .../pkg/util/intstr/generated.pb.go | 72 +- .../pkg/util/intstr/generated.proto | 1 + .../util/intstr/generated.protomessage.pb.go | 24 + .../apimachinery/pkg/util/intstr/intstr.go | 1 + .../util/intstr/zz_generated.model_name.go | 27 + .../apimachinery/pkg/util/mergepatch/OWNERS | 6 + .../k8s.io/apimachinery/pkg/util/sets/set.go | 19 +- .../pkg/util/strategicpatch/OWNERS | 9 + .../pkg/util/strategicpatch/meta.go | 2 +- .../apimachinery/pkg/util/validation/OWNERS | 11 + .../util/validation/field/error_matcher.go | 135 +- .../pkg/util/validation/field/errors.go | 8 + .../pkg/util/validation/validation.go | 105 +- .../apimachinery/pkg/util/version/doc.go | 18 + .../apimachinery/pkg/util/version/version.go | 484 + vendor/k8s.io/apimachinery/pkg/version/doc.go | 2 + .../pkg/version/zz_generated.model_name.go | 27 + .../third_party/forked/golang/json/OWNERS | 6 + .../client-go/applyconfigurations/OWNERS | 6 + .../v1/auditannotation.go | 34 +- .../v1/expressionwarning.go | 10 +- .../v1/matchcondition.go | 26 +- .../v1/matchresources.go | 84 +- .../v1/mutatingwebhook.go | 153 +- .../v1/mutatingwebhookconfiguration.go | 48 +- .../v1/namedrulewithoperations.go | 6 +- .../admissionregistration/v1/paramkind.go | 9 +- .../admissionregistration/v1/paramref.go | 49 +- .../admissionregistration/v1/rule.go | 40 +- .../v1/rulewithoperations.go | 11 +- .../v1/servicereference.go | 17 +- .../admissionregistration/v1/typechecking.go | 4 + .../v1/validatingadmissionpolicy.go | 56 +- .../v1/validatingadmissionpolicybinding.go | 58 +- .../validatingadmissionpolicybindingspec.go | 59 +- .../v1/validatingadmissionpolicyspec.go | 66 +- .../v1/validatingadmissionpolicystatus.go | 12 +- .../v1/validatingwebhook.go | 136 +- .../v1/validatingwebhookconfiguration.go | 48 +- .../admissionregistration/v1/validation.go | 74 +- .../admissionregistration/v1/variable.go | 9 +- .../v1/webhookclientconfig.go | 40 +- .../v1alpha1/applyconfiguration.go | 42 + .../v1alpha1/auditannotation.go | 34 +- .../v1alpha1/expressionwarning.go | 10 +- .../v1alpha1/jsonpatch.go | 66 + .../v1alpha1/matchcondition.go | 24 +- .../v1alpha1/matchresources.go | 87 +- .../v1alpha1/mutatingadmissionpolicy.go | 48 +- .../mutatingadmissionpolicybinding.go | 58 +- .../mutatingadmissionpolicybindingspec.go | 22 +- .../v1alpha1/mutatingadmissionpolicyspec.go | 74 +- .../v1alpha1/mutation.go | 17 +- .../v1alpha1/namedrulewithoperations.go | 6 +- .../v1alpha1/paramkind.go | 9 +- .../v1alpha1/paramref.go | 44 +- .../v1alpha1/typechecking.go | 4 + .../v1alpha1/validatingadmissionpolicy.go | 56 +- .../validatingadmissionpolicybinding.go | 58 +- .../validatingadmissionpolicybindingspec.go | 59 +- .../v1alpha1/validatingadmissionpolicyspec.go | 66 +- .../validatingadmissionpolicystatus.go | 12 +- .../v1alpha1/validation.go | 74 +- .../v1alpha1/variable.go | 9 +- .../v1beta1/applyconfiguration.go | 42 + .../v1beta1/auditannotation.go | 34 +- .../v1beta1/expressionwarning.go | 10 +- .../v1beta1/jsonpatch.go | 66 + .../v1beta1/matchcondition.go | 26 +- .../v1beta1/matchresources.go | 86 +- .../v1beta1/mutatingadmissionpolicy.go | 48 +- .../v1beta1/mutatingadmissionpolicybinding.go | 58 +- .../mutatingadmissionpolicybindingspec.go | 22 +- .../v1beta1/mutatingadmissionpolicyspec.go | 74 +- .../v1beta1/mutatingwebhook.go | 154 +- .../v1beta1/mutatingwebhookconfiguration.go | 49 +- .../admissionregistration/v1beta1/mutation.go | 17 +- .../v1beta1/namedrulewithoperations.go | 6 +- .../v1beta1/paramkind.go | 9 +- .../admissionregistration/v1beta1/paramref.go | 49 +- .../v1beta1/servicereference.go | 17 +- .../v1beta1/typechecking.go | 4 + .../v1beta1/validatingadmissionpolicy.go | 56 +- .../validatingadmissionpolicybinding.go | 58 +- .../validatingadmissionpolicybindingspec.go | 59 +- .../v1beta1/validatingadmissionpolicyspec.go | 66 +- .../validatingadmissionpolicystatus.go | 12 +- .../v1beta1/validatingwebhook.go | 137 +- .../v1beta1/validatingwebhookconfiguration.go | 49 +- .../v1beta1/validation.go | 74 +- .../admissionregistration/v1beta1/variable.go | 9 +- .../v1beta1/webhookclientconfig.go | 40 +- .../v1alpha1/serverstorageversion.go | 16 +- .../v1alpha1/storageversion.go | 54 +- .../v1alpha1/storageversioncondition.go | 20 +- .../v1alpha1/storageversionstatus.go | 15 +- .../apps/v1/controllerrevision.go | 60 +- .../applyconfigurations/apps/v1/daemonset.go | 61 +- .../apps/v1/daemonsetcondition.go | 18 +- .../apps/v1/daemonsetspec.go | 30 +- .../apps/v1/daemonsetstatus.go | 45 +- .../apps/v1/daemonsetupdatestrategy.go | 10 +- .../applyconfigurations/apps/v1/deployment.go | 62 +- .../apps/v1/deploymentcondition.go | 20 +- .../apps/v1/deploymentspec.go | 38 +- .../apps/v1/deploymentstatus.go | 36 +- .../apps/v1/deploymentstrategy.go | 10 +- .../applyconfigurations/apps/v1/replicaset.go | 69 +- .../apps/v1/replicasetcondition.go | 17 +- .../apps/v1/replicasetspec.go | 24 +- .../apps/v1/replicasetstatus.go | 27 +- .../apps/v1/rollingupdatedaemonset.go | 36 +- .../apps/v1/rollingupdatedeployment.go | 25 +- .../v1/rollingupdatestatefulsetstrategy.go | 15 +- .../apps/v1/statefulset.go | 69 +- .../apps/v1/statefulsetcondition.go | 17 +- .../apps/v1/statefulsetordinals.go | 11 + ...setpersistentvolumeclaimretentionpolicy.go | 14 +- .../apps/v1/statefulsetspec.go | 76 +- .../apps/v1/statefulsetstatus.go | 39 +- .../apps/v1/statefulsetupdatestrategy.go | 9 +- .../apps/v1beta1/controllerrevision.go | 62 +- .../apps/v1beta1/deployment.go | 57 +- .../apps/v1beta1/deploymentcondition.go | 20 +- .../apps/v1beta1/deploymentspec.go | 41 +- .../apps/v1beta1/deploymentstatus.go | 36 +- .../apps/v1beta1/deploymentstrategy.go | 10 +- .../apps/v1beta1/rollbackconfig.go | 3 + .../apps/v1beta1/rollingupdatedeployment.go | 25 +- .../rollingupdatestatefulsetstrategy.go | 15 +- .../apps/v1beta1/statefulset.go | 61 +- .../apps/v1beta1/statefulsetcondition.go | 17 +- .../apps/v1beta1/statefulsetordinals.go | 11 + ...setpersistentvolumeclaimretentionpolicy.go | 14 +- .../apps/v1beta1/statefulsetspec.go | 75 +- .../apps/v1beta1/statefulsetstatus.go | 39 +- .../apps/v1beta1/statefulsetupdatestrategy.go | 8 +- .../apps/v1beta2/controllerrevision.go | 62 +- .../apps/v1beta2/daemonset.go | 63 +- .../apps/v1beta2/daemonsetcondition.go | 18 +- .../apps/v1beta2/daemonsetspec.go | 30 +- .../apps/v1beta2/daemonsetstatus.go | 45 +- .../apps/v1beta2/daemonsetupdatestrategy.go | 10 +- .../apps/v1beta2/deployment.go | 57 +- .../apps/v1beta2/deploymentcondition.go | 20 +- .../apps/v1beta2/deploymentspec.go | 38 +- .../apps/v1beta2/deploymentstatus.go | 36 +- .../apps/v1beta2/deploymentstrategy.go | 10 +- .../apps/v1beta2/replicaset.go | 64 +- .../apps/v1beta2/replicasetcondition.go | 17 +- .../apps/v1beta2/replicasetspec.go | 24 +- .../apps/v1beta2/replicasetstatus.go | 27 +- .../apps/v1beta2/rollingupdatedaemonset.go | 36 +- .../apps/v1beta2/rollingupdatedeployment.go | 25 +- .../rollingupdatestatefulsetstrategy.go | 15 +- .../applyconfigurations/apps/v1beta2/scale.go | 12 +- .../apps/v1beta2/statefulset.go | 67 +- .../apps/v1beta2/statefulsetcondition.go | 17 +- .../apps/v1beta2/statefulsetordinals.go | 11 + ...setpersistentvolumeclaimretentionpolicy.go | 14 +- .../apps/v1beta2/statefulsetspec.go | 76 +- .../apps/v1beta2/statefulsetstatus.go | 39 +- .../apps/v1beta2/statefulsetupdatestrategy.go | 9 +- .../v1/crossversionobjectreference.go | 9 +- .../autoscaling/v1/horizontalpodautoscaler.go | 55 +- .../v1/horizontalpodautoscalerspec.go | 20 +- .../v1/horizontalpodautoscalerstatus.go | 19 +- .../autoscaling/v1/scale.go | 12 +- .../autoscaling/v1/scalespec.go | 3 + .../autoscaling/v1/scalestatus.go | 9 +- .../v2/containerresourcemetricsource.go | 17 +- .../v2/containerresourcemetricstatus.go | 15 +- .../v2/crossversionobjectreference.go | 9 +- .../autoscaling/v2/externalmetricsource.go | 8 +- .../autoscaling/v2/externalmetricstatus.go | 7 +- .../autoscaling/v2/horizontalpodautoscaler.go | 59 +- .../v2/horizontalpodautoscalerbehavior.go | 14 +- .../v2/horizontalpodautoscalercondition.go | 20 +- .../v2/horizontalpodautoscalerspec.go | 32 +- .../v2/horizontalpodautoscalerstatus.go | 24 +- .../autoscaling/v2/hpascalingpolicy.go | 13 +- .../autoscaling/v2/hpascalingrules.go | 44 +- .../autoscaling/v2/metricidentifier.go | 8 +- .../autoscaling/v2/metricspec.go | 35 +- .../autoscaling/v2/metricstatus.go | 34 +- .../autoscaling/v2/metrictarget.go | 18 +- .../autoscaling/v2/metricvaluestatus.go | 14 +- .../autoscaling/v2/objectmetricsource.go | 10 +- .../autoscaling/v2/objectmetricstatus.go | 10 +- .../autoscaling/v2/podsmetricsource.go | 9 +- .../autoscaling/v2/podsmetricstatus.go | 7 +- .../autoscaling/v2/resourcemetricsource.go | 12 +- .../autoscaling/v2/resourcemetricstatus.go | 10 +- .../v2beta1/containerresourcemetricsource.go | 24 +- .../v2beta1/containerresourcemetricstatus.go | 25 +- .../v2beta1/crossversionobjectreference.go | 9 +- .../v2beta1/externalmetricsource.go | 20 +- .../v2beta1/externalmetricstatus.go | 17 +- .../v2beta1/horizontalpodautoscaler.go | 59 +- .../horizontalpodautoscalercondition.go | 20 +- .../v2beta1/horizontalpodautoscalerspec.go | 24 +- .../v2beta1/horizontalpodautoscalerstatus.go | 24 +- .../autoscaling/v2beta1/metricspec.go | 35 +- .../autoscaling/v2beta1/metricstatus.go | 34 +- .../autoscaling/v2beta1/objectmetricsource.go | 21 +- .../autoscaling/v2beta1/objectmetricstatus.go | 21 +- .../autoscaling/v2beta1/podsmetricsource.go | 17 +- .../autoscaling/v2beta1/podsmetricstatus.go | 15 +- .../v2beta1/resourcemetricsource.go | 21 +- .../v2beta1/resourcemetricstatus.go | 22 +- .../v2beta2/containerresourcemetricsource.go | 17 +- .../v2beta2/containerresourcemetricstatus.go | 15 +- .../v2beta2/crossversionobjectreference.go | 9 +- .../v2beta2/externalmetricsource.go | 8 +- .../v2beta2/externalmetricstatus.go | 7 +- .../v2beta2/horizontalpodautoscaler.go | 59 +- .../horizontalpodautoscalerbehavior.go | 14 +- .../horizontalpodautoscalercondition.go | 20 +- .../v2beta2/horizontalpodautoscalerspec.go | 32 +- .../v2beta2/horizontalpodautoscalerstatus.go | 24 +- .../autoscaling/v2beta2/hpascalingpolicy.go | 13 +- .../autoscaling/v2beta2/hpascalingrules.go | 23 +- .../autoscaling/v2beta2/metricidentifier.go | 8 +- .../autoscaling/v2beta2/metricspec.go | 35 +- .../autoscaling/v2beta2/metricstatus.go | 34 +- .../autoscaling/v2beta2/metrictarget.go | 18 +- .../autoscaling/v2beta2/metricvaluestatus.go | 14 +- .../autoscaling/v2beta2/objectmetricsource.go | 9 +- .../autoscaling/v2beta2/objectmetricstatus.go | 7 +- .../autoscaling/v2beta2/podsmetricsource.go | 9 +- .../autoscaling/v2beta2/podsmetricstatus.go | 7 +- .../v2beta2/resourcemetricsource.go | 12 +- .../v2beta2/resourcemetricstatus.go | 10 +- .../applyconfigurations/batch/v1/cronjob.go | 58 +- .../batch/v1/cronjobspec.go | 43 +- .../batch/v1/cronjobstatus.go | 11 +- .../applyconfigurations/batch/v1/job.go | 58 +- .../batch/v1/jobcondition.go | 20 +- .../applyconfigurations/batch/v1/jobspec.go | 149 +- .../applyconfigurations/batch/v1/jobstatus.go | 94 +- .../batch/v1/jobtemplatespec.go | 8 +- .../batch/v1/podfailurepolicy.go | 7 + .../podfailurepolicyonexitcodesrequirement.go | 34 +- .../podfailurepolicyonpodconditionspattern.go | 12 +- .../batch/v1/podfailurepolicyrule.go | 24 +- .../batch/v1/successpolicy.go | 8 + .../batch/v1/successpolicyrule.go | 26 +- .../batch/v1/uncountedterminatedpods.go | 7 +- .../batch/v1beta1/cronjob.go | 58 +- .../batch/v1beta1/cronjobspec.go | 45 +- .../batch/v1beta1/cronjobstatus.go | 11 +- .../batch/v1beta1/jobtemplatespec.go | 8 +- .../v1/certificatesigningrequest.go | 68 +- .../v1/certificatesigningrequestcondition.go | 37 +- .../v1/certificatesigningrequestspec.go | 81 +- .../v1/certificatesigningrequeststatus.go | 34 +- .../v1alpha1/clustertrustbundle.go | 62 +- .../v1alpha1/clustertrustbundlespec.go | 33 +- .../v1beta1/certificatesigningrequest.go | 52 +- .../certificatesigningrequestcondition.go | 23 +- .../v1beta1/certificatesigningrequestspec.go | 85 +- .../certificatesigningrequeststatus.go | 6 +- .../v1beta1/clustertrustbundle.go | 62 +- .../v1beta1/clustertrustbundlespec.go | 33 +- .../podcertificaterequest.go | 68 +- .../podcertificaterequestspec.go | 108 +- .../podcertificaterequeststatus.go | 60 +- .../coordination/v1/lease.go | 49 +- .../coordination/v1/leasespec.go | 33 +- .../coordination/v1alpha2/leasecandidate.go | 50 +- .../v1alpha2/leasecandidatespec.go | 36 +- .../coordination/v1beta1/lease.go | 49 +- .../coordination/v1beta1/leasecandidate.go | 50 +- .../v1beta1/leasecandidatespec.go | 38 +- .../coordination/v1beta1/leasespec.go | 31 +- .../applyconfigurations/core/v1/affinity.go | 9 +- .../core/v1/apparmorprofile.go | 15 +- .../core/v1/attachedvolume.go | 8 +- .../v1/awselasticblockstorevolumesource.go | 28 +- .../core/v1/azurediskvolumesource.go | 21 +- .../v1/azurefilepersistentvolumesource.go | 14 +- .../core/v1/azurefilevolumesource.go | 10 +- .../core/v1/capabilities.go | 6 +- .../core/v1/cephfspersistentvolumesource.go | 27 +- .../core/v1/cephfsvolumesource.go | 27 +- .../core/v1/cinderpersistentvolumesource.go | 22 +- .../core/v1/cindervolumesource.go | 22 +- .../core/v1/clientipconfig.go | 5 + .../core/v1/clustertrustbundleprojection.go | 27 +- .../core/v1/componentcondition.go | 18 +- .../core/v1/componentstatus.go | 50 +- .../applyconfigurations/core/v1/configmap.go | 68 +- .../core/v1/configmapenvsource.go | 10 +- .../core/v1/configmapkeyselector.go | 9 +- .../core/v1/configmapnodeconfigsource.go | 23 +- .../core/v1/configmapprojection.go | 20 +- .../core/v1/configmapvolumesource.go | 28 +- .../applyconfigurations/core/v1/container.go | 179 +- .../v1/containerextendedresourcerequest.go | 10 +- .../core/v1/containerimage.go | 9 +- .../core/v1/containerport.go | 24 +- .../core/v1/containerresizepolicy.go | 8 +- .../core/v1/containerrestartrule.go | 8 +- .../v1/containerrestartruleonexitcodes.go | 13 +- .../core/v1/containerstate.go | 11 +- .../core/v1/containerstaterunning.go | 3 + .../core/v1/containerstateterminated.go | 23 +- .../core/v1/containerstatewaiting.go | 6 +- .../core/v1/containerstatus.go | 78 +- .../core/v1/containeruser.go | 4 + .../core/v1/csipersistentvolumesource.go | 55 +- .../core/v1/csivolumesource.go | 24 +- .../core/v1/daemonendpoint.go | 3 + .../core/v1/downwardapiprojection.go | 5 + .../core/v1/downwardapivolumefile.go | 18 +- .../core/v1/downwardapivolumesource.go | 16 +- .../core/v1/emptydirvolumesource.go | 17 +- .../core/v1/endpointaddress.go | 15 +- .../core/v1/endpointport.go | 34 +- .../applyconfigurations/core/v1/endpoints.go | 72 +- .../core/v1/endpointsubset.go | 26 +- .../core/v1/envfromsource.go | 10 +- .../applyconfigurations/core/v1/envvar.go | 18 +- .../core/v1/envvarsource.go | 18 +- .../core/v1/ephemeralcontainer.go | 21 +- .../core/v1/ephemeralcontainercommon.go | 137 +- .../core/v1/ephemeralvolumesource.go | 23 + .../applyconfigurations/core/v1/event.go | 96 +- .../core/v1/eventseries.go | 7 +- .../core/v1/eventsource.go | 6 +- .../applyconfigurations/core/v1/execaction.go | 7 + .../core/v1/fcvolumesource.go | 22 +- .../core/v1/filekeyselector.go | 21 +- .../core/v1/flexpersistentvolumesource.go | 23 +- .../core/v1/flexvolumesource.go | 23 +- .../core/v1/flockervolumesource.go | 7 + .../core/v1/gcepersistentdiskvolumesource.go | 30 +- .../core/v1/gitrepovolumesource.go | 18 +- .../v1/glusterfspersistentvolumesource.go | 19 +- .../core/v1/glusterfsvolumesource.go | 13 +- .../applyconfigurations/core/v1/grpcaction.go | 9 +- .../applyconfigurations/core/v1/hostalias.go | 7 +- .../applyconfigurations/core/v1/hostip.go | 3 + .../core/v1/hostpathvolumesource.go | 11 +- .../core/v1/httpgetaction.go | 19 +- .../applyconfigurations/core/v1/httpheader.go | 7 +- .../core/v1/imagevolumesource.go | 15 +- .../core/v1/iscsipersistentvolumesource.go | 47 +- .../core/v1/iscsivolumesource.go | 47 +- .../applyconfigurations/core/v1/keytopath.go | 17 +- .../applyconfigurations/core/v1/lifecycle.go | 26 +- .../core/v1/lifecyclehandler.go | 15 +- .../applyconfigurations/core/v1/limitrange.go | 50 +- .../core/v1/limitrangeitem.go | 18 +- .../core/v1/limitrangespec.go | 3 + .../core/v1/linuxcontaineruser.go | 9 +- .../core/v1/loadbalanceringress.go | 23 +- .../core/v1/loadbalancerstatus.go | 4 + .../core/v1/localobjectreference.go | 20 + .../core/v1/localvolumesource.go | 10 +- .../core/v1/modifyvolumestatus.go | 17 +- .../applyconfigurations/core/v1/namespace.go | 57 +- .../core/v1/namespacecondition.go | 17 +- .../core/v1/namespacespec.go | 4 + .../core/v1/namespacestatus.go | 7 +- .../core/v1/nfsvolumesource.go | 16 +- .../applyconfigurations/core/v1/node.go | 59 +- .../core/v1/nodeaddress.go | 8 +- .../core/v1/nodeaffinity.go | 18 +- .../core/v1/nodecondition.go | 20 +- .../core/v1/nodeconfigsource.go | 4 + .../core/v1/nodeconfigstatus.go | 43 +- .../core/v1/nodedaemonendpoints.go | 3 + .../core/v1/nodefeatures.go | 5 + .../core/v1/noderuntimehandler.go | 7 +- .../core/v1/noderuntimehandlerfeatures.go | 6 +- .../core/v1/nodeselector.go | 5 + .../core/v1/nodeselectorrequirement.go | 15 +- .../core/v1/nodeselectorterm.go | 8 +- .../applyconfigurations/core/v1/nodespec.go | 27 +- .../applyconfigurations/core/v1/nodestatus.go | 64 +- .../core/v1/nodeswapstatus.go | 3 + .../core/v1/nodesysteminfo.go | 39 +- .../core/v1/objectfieldselector.go | 6 +- .../core/v1/objectreference.go | 50 +- .../core/v1/persistentvolume.go | 61 +- .../core/v1/persistentvolumeclaim.go | 59 +- .../core/v1/persistentvolumeclaimcondition.go | 25 +- .../core/v1/persistentvolumeclaimspec.go | 75 +- .../core/v1/persistentvolumeclaimstatus.go | 81 +- .../core/v1/persistentvolumeclaimtemplate.go | 12 +- .../v1/persistentvolumeclaimvolumesource.go | 11 +- .../core/v1/persistentvolumesource.go | 105 +- .../core/v1/persistentvolumespec.go | 50 +- .../core/v1/persistentvolumestatus.go | 17 +- .../v1/photonpersistentdiskvolumesource.go | 8 +- .../applyconfigurations/core/v1/pod.go | 72 +- .../core/v1/podaffinity.go | 20 +- .../core/v1/podaffinityterm.go | 49 +- .../core/v1/podantiaffinity.go | 20 +- .../core/v1/podcertificateprojection.go | 84 +- .../core/v1/podcondition.go | 27 +- .../core/v1/poddnsconfig.go | 19 +- .../core/v1/poddnsconfigoption.go | 7 +- .../core/v1/podextendedresourceclaimstatus.go | 12 +- .../applyconfigurations/core/v1/podip.go | 3 + .../applyconfigurations/core/v1/podos.go | 6 + .../core/v1/podreadinessgate.go | 3 + .../core/v1/podresourceclaim.go | 33 +- .../core/v1/podresourceclaimstatus.go | 13 +- .../core/v1/podschedulinggate.go | 4 + .../core/v1/podsecuritycontext.go | 120 +- .../applyconfigurations/core/v1/podspec.go | 305 +- .../applyconfigurations/core/v1/podstatus.go | 145 +- .../core/v1/podtemplate.go | 50 +- .../core/v1/podtemplatespec.go | 8 +- .../applyconfigurations/core/v1/portstatus.go | 17 +- .../core/v1/portworxvolumesource.go | 12 +- .../core/v1/preferredschedulingterm.go | 7 +- .../applyconfigurations/core/v1/probe.go | 37 +- .../core/v1/probehandler.go | 13 +- .../core/v1/projectedvolumesource.go | 14 +- .../core/v1/quobytevolumesource.go | 25 +- .../core/v1/rbdpersistentvolumesource.go | 44 +- .../core/v1/rbdvolumesource.go | 44 +- .../core/v1/replicationcontroller.go | 68 +- .../core/v1/replicationcontrollercondition.go | 17 +- .../core/v1/replicationcontrollerspec.go | 26 +- .../core/v1/replicationcontrollerstatus.go | 22 +- .../core/v1/resourceclaim.go | 10 +- .../core/v1/resourcefieldselector.go | 11 +- .../core/v1/resourcehealth.go | 18 +- .../core/v1/resourcequota.go | 58 +- .../core/v1/resourcequotaspec.go | 13 +- .../core/v1/resourcequotastatus.go | 5 + .../core/v1/resourcerequirements.go | 21 +- .../core/v1/resourcestatus.go | 11 +- .../core/v1/scaleiopersistentvolumesource.go | 39 +- .../core/v1/scaleiovolumesource.go | 39 +- .../v1/scopedresourceselectorrequirement.go | 16 +- .../core/v1/scopeselector.go | 4 + .../core/v1/seccompprofile.go | 17 +- .../applyconfigurations/core/v1/secret.go | 69 +- .../core/v1/secretenvsource.go | 10 +- .../core/v1/secretkeyselector.go | 9 +- .../core/v1/secretprojection.go | 19 +- .../core/v1/secretreference.go | 7 +- .../core/v1/secretvolumesource.go | 31 +- .../core/v1/securitycontext.go | 82 +- .../core/v1/selinuxoptions.go | 12 +- .../applyconfigurations/core/v1/service.go | 62 +- .../core/v1/serviceaccount.go | 74 +- .../core/v1/serviceaccounttokenprojection.go | 23 +- .../core/v1/serviceport.go | 54 +- .../core/v1/servicespec.go | 214 +- .../core/v1/servicestatus.go | 7 +- .../core/v1/sessionaffinityconfig.go | 3 + .../core/v1/sleepaction.go | 3 + .../v1/storageospersistentvolumesource.go | 27 +- .../core/v1/storageosvolumesource.go | 27 +- .../applyconfigurations/core/v1/sysctl.go | 6 +- .../applyconfigurations/core/v1/taint.go | 17 +- .../core/v1/tcpsocketaction.go | 8 +- .../applyconfigurations/core/v1/toleration.go | 28 +- .../v1/topologyselectorlabelrequirement.go | 8 +- .../core/v1/topologyselectorterm.go | 7 + .../core/v1/topologyspreadconstraint.go | 108 +- .../core/v1/typedlocalobjectreference.go | 26 +- .../core/v1/typedobjectreference.go | 16 +- .../applyconfigurations/core/v1/volume.go | 10 +- .../core/v1/volumedevice.go | 6 +- .../core/v1/volumemount.go | 47 +- .../core/v1/volumemountstatus.go | 14 +- .../core/v1/volumenodeaffinity.go | 3 + .../core/v1/volumeprojection.go | 64 +- .../core/v1/volumeresourcerequirements.go | 10 +- .../core/v1/volumesource.go | 174 +- .../core/v1/vspherevirtualdiskvolumesource.go | 14 +- .../core/v1/weightedpodaffinityterm.go | 7 +- .../core/v1/windowssecuritycontextoptions.go | 20 +- .../core/v1/workloadreference.go | 74 + .../discovery/v1/endpoint.go | 43 +- .../discovery/v1/endpointconditions.go | 19 +- .../discovery/v1/endpointhints.go | 6 + .../discovery/v1/endpointport.go | 39 +- .../discovery/v1/endpointslice.go | 74 +- .../discovery/v1/fornode.go | 3 + .../discovery/v1/forzone.go | 3 + .../discovery/v1beta1/endpoint.go | 45 +- .../discovery/v1beta1/endpointconditions.go | 18 +- .../discovery/v1beta1/endpointhints.go | 6 + .../discovery/v1beta1/endpointport.go | 29 +- .../discovery/v1beta1/endpointslice.go | 67 +- .../discovery/v1beta1/fornode.go | 3 + .../discovery/v1beta1/forzone.go | 3 + .../applyconfigurations/events/v1/event.go | 104 +- .../events/v1/eventseries.go | 9 +- .../events/v1beta1/event.go | 103 +- .../events/v1beta1/eventseries.go | 7 +- .../extensions/v1beta1/daemonset.go | 63 +- .../extensions/v1beta1/daemonsetcondition.go | 18 +- .../extensions/v1beta1/daemonsetspec.go | 34 +- .../extensions/v1beta1/daemonsetstatus.go | 45 +- .../v1beta1/daemonsetupdatestrategy.go | 15 +- .../extensions/v1beta1/deployment.go | 63 +- .../extensions/v1beta1/deploymentcondition.go | 20 +- .../extensions/v1beta1/deploymentspec.go | 43 +- .../extensions/v1beta1/deploymentstatus.go | 36 +- .../extensions/v1beta1/deploymentstrategy.go | 10 +- .../extensions/v1beta1/httpingresspath.go | 30 +- .../v1beta1/httpingressrulevalue.go | 7 + .../extensions/v1beta1/ingress.go | 62 +- .../extensions/v1beta1/ingressbackend.go | 13 +- .../v1beta1/ingressloadbalanceringress.go | 11 +- .../v1beta1/ingressloadbalancerstatus.go | 3 + .../extensions/v1beta1/ingressportstatus.go | 17 +- .../extensions/v1beta1/ingressrule.go | 33 +- .../extensions/v1beta1/ingressrulevalue.go | 11 + .../extensions/v1beta1/ingressspec.go | 31 +- .../extensions/v1beta1/ingressstatus.go | 3 + .../extensions/v1beta1/ingresstls.go | 15 +- .../extensions/v1beta1/ipblock.go | 12 +- .../extensions/v1beta1/networkpolicy.go | 50 +- .../v1beta1/networkpolicyegressrule.go | 17 +- .../v1beta1/networkpolicyingressrule.go | 15 +- .../extensions/v1beta1/networkpolicypeer.go | 20 +- .../extensions/v1beta1/networkpolicyport.go | 18 +- .../extensions/v1beta1/networkpolicyspec.go | 39 +- .../extensions/v1beta1/replicaset.go | 70 +- .../extensions/v1beta1/replicasetcondition.go | 17 +- .../extensions/v1beta1/replicasetspec.go | 24 +- .../extensions/v1beta1/replicasetstatus.go | 27 +- .../extensions/v1beta1/rollbackconfig.go | 3 + .../v1beta1/rollingupdatedaemonset.go | 37 +- .../v1beta1/rollingupdatedeployment.go | 25 +- .../extensions/v1beta1/scale.go | 12 +- .../v1/exemptprioritylevelconfiguration.go | 28 +- .../flowcontrol/v1/flowdistinguishermethod.go | 5 + .../flowcontrol/v1/flowschema.go | 57 +- .../flowcontrol/v1/flowschemacondition.go | 20 +- .../flowcontrol/v1/flowschemaspec.go | 20 +- .../flowcontrol/v1/flowschemastatus.go | 3 + .../flowcontrol/v1/groupsubject.go | 6 + .../v1/limitedprioritylevelconfiguration.go | 55 +- .../flowcontrol/v1/limitresponse.go | 13 +- .../flowcontrol/v1/nonresourcepolicyrule.go | 18 +- .../flowcontrol/v1/policyruleswithsubjects.go | 18 +- .../v1/prioritylevelconfiguration.go | 56 +- .../v1/prioritylevelconfigurationcondition.go | 20 +- .../v1/prioritylevelconfigurationreference.go | 4 + .../v1/prioritylevelconfigurationspec.go | 22 +- .../v1/prioritylevelconfigurationstatus.go | 3 + .../flowcontrol/v1/queuingconfiguration.go | 27 +- .../flowcontrol/v1/resourcepolicyrule.go | 44 +- .../flowcontrol/v1/serviceaccountsubject.go | 8 +- .../flowcontrol/v1/subject.go | 14 +- .../flowcontrol/v1/usersubject.go | 4 + .../exemptprioritylevelconfiguration.go | 28 +- .../v1beta1/flowdistinguishermethod.go | 5 + .../flowcontrol/v1beta1/flowschema.go | 57 +- .../v1beta1/flowschemacondition.go | 20 +- .../flowcontrol/v1beta1/flowschemaspec.go | 20 +- .../flowcontrol/v1beta1/flowschemastatus.go | 3 + .../flowcontrol/v1beta1/groupsubject.go | 6 + .../limitedprioritylevelconfiguration.go | 51 +- .../flowcontrol/v1beta1/limitresponse.go | 13 +- .../v1beta1/nonresourcepolicyrule.go | 18 +- .../v1beta1/policyruleswithsubjects.go | 18 +- .../v1beta1/prioritylevelconfiguration.go | 56 +- .../prioritylevelconfigurationcondition.go | 20 +- .../prioritylevelconfigurationreference.go | 4 + .../v1beta1/prioritylevelconfigurationspec.go | 22 +- .../prioritylevelconfigurationstatus.go | 3 + .../v1beta1/queuingconfiguration.go | 27 +- .../flowcontrol/v1beta1/resourcepolicyrule.go | 44 +- .../v1beta1/serviceaccountsubject.go | 8 +- .../flowcontrol/v1beta1/subject.go | 14 +- .../flowcontrol/v1beta1/usersubject.go | 4 + .../exemptprioritylevelconfiguration.go | 28 +- .../v1beta2/flowdistinguishermethod.go | 5 + .../flowcontrol/v1beta2/flowschema.go | 57 +- .../v1beta2/flowschemacondition.go | 20 +- .../flowcontrol/v1beta2/flowschemaspec.go | 20 +- .../flowcontrol/v1beta2/flowschemastatus.go | 3 + .../flowcontrol/v1beta2/groupsubject.go | 6 + .../limitedprioritylevelconfiguration.go | 51 +- .../flowcontrol/v1beta2/limitresponse.go | 13 +- .../v1beta2/nonresourcepolicyrule.go | 18 +- .../v1beta2/policyruleswithsubjects.go | 18 +- .../v1beta2/prioritylevelconfiguration.go | 56 +- .../prioritylevelconfigurationcondition.go | 20 +- .../prioritylevelconfigurationreference.go | 4 + .../v1beta2/prioritylevelconfigurationspec.go | 22 +- .../prioritylevelconfigurationstatus.go | 3 + .../v1beta2/queuingconfiguration.go | 27 +- .../flowcontrol/v1beta2/resourcepolicyrule.go | 44 +- .../v1beta2/serviceaccountsubject.go | 8 +- .../flowcontrol/v1beta2/subject.go | 14 +- .../flowcontrol/v1beta2/usersubject.go | 4 + .../exemptprioritylevelconfiguration.go | 28 +- .../v1beta3/flowdistinguishermethod.go | 5 + .../flowcontrol/v1beta3/flowschema.go | 57 +- .../v1beta3/flowschemacondition.go | 20 +- .../flowcontrol/v1beta3/flowschemaspec.go | 20 +- .../flowcontrol/v1beta3/flowschemastatus.go | 3 + .../flowcontrol/v1beta3/groupsubject.go | 6 + .../limitedprioritylevelconfiguration.go | 51 +- .../flowcontrol/v1beta3/limitresponse.go | 13 +- .../v1beta3/nonresourcepolicyrule.go | 18 +- .../v1beta3/policyruleswithsubjects.go | 18 +- .../v1beta3/prioritylevelconfiguration.go | 56 +- .../prioritylevelconfigurationcondition.go | 20 +- .../prioritylevelconfigurationreference.go | 4 + .../v1beta3/prioritylevelconfigurationspec.go | 22 +- .../prioritylevelconfigurationstatus.go | 3 + .../v1beta3/queuingconfiguration.go | 27 +- .../flowcontrol/v1beta3/resourcepolicyrule.go | 44 +- .../v1beta3/serviceaccountsubject.go | 8 +- .../flowcontrol/v1beta3/subject.go | 14 +- .../flowcontrol/v1beta3/usersubject.go | 4 + .../imagepolicy/v1alpha1/imagereview.go | 54 +- .../v1alpha1/imagereviewcontainerspec.go | 3 + .../imagepolicy/v1alpha1/imagereviewspec.go | 13 +- .../imagepolicy/v1alpha1/imagereviewstatus.go | 14 +- .../applyconfigurations/internal/internal.go | 398 +- .../applyconfigurations/meta/v1/condition.go | 46 +- .../meta/v1/deleteoptions.go | 52 +- .../v1/groupresource.go} | 28 +- .../meta/v1/labelselector.go | 15 +- .../meta/v1/labelselectorrequirement.go | 14 +- .../meta/v1/managedfieldsentry.go | 39 +- .../applyconfigurations/meta/v1/objectmeta.go | 129 +- .../meta/v1/ownerreference.go | 32 +- .../meta/v1/preconditions.go | 8 +- .../applyconfigurations/meta/v1/typemeta.go | 15 +- .../networking/v1/httpingresspath.go | 29 +- .../networking/v1/httpingressrulevalue.go | 7 + .../networking/v1/ingress.go | 61 +- .../networking/v1/ingressbackend.go | 10 +- .../networking/v1/ingressclass.go | 54 +- .../v1/ingressclassparametersreference.go | 21 +- .../networking/v1/ingressclassspec.go | 13 +- .../v1/ingressloadbalanceringress.go | 11 +- .../v1/ingressloadbalancerstatus.go | 3 + .../networking/v1/ingressportstatus.go | 17 +- .../networking/v1/ingressrule.go | 33 +- .../networking/v1/ingressrulevalue.go | 5 + .../networking/v1/ingressservicebackend.go | 8 +- .../networking/v1/ingressspec.go | 31 +- .../networking/v1/ingressstatus.go | 3 + .../networking/v1/ingresstls.go | 15 +- .../networking/v1/ipaddress.go | 56 +- .../networking/v1/ipaddressspec.go | 4 + .../networking/v1/ipblock.go | 11 +- .../networking/v1/networkpolicy.go | 49 +- .../networking/v1/networkpolicyegressrule.go | 16 +- .../networking/v1/networkpolicyingressrule.go | 15 +- .../networking/v1/networkpolicypeer.go | 21 +- .../networking/v1/networkpolicyport.go | 18 +- .../networking/v1/networkpolicyspec.go | 40 +- .../networking/v1/parentreference.go | 12 +- .../networking/v1/servicebackendport.go | 10 +- .../networking/v1/servicecidr.go | 57 +- .../networking/v1/servicecidrspec.go | 5 + .../networking/v1/servicecidrstatus.go | 4 + .../networking/v1beta1/httpingresspath.go | 30 +- .../v1beta1/httpingressrulevalue.go | 7 + .../networking/v1beta1/ingress.go | 61 +- .../networking/v1beta1/ingressbackend.go | 13 +- .../networking/v1beta1/ingressclass.go | 54 +- .../ingressclassparametersreference.go | 21 +- .../networking/v1beta1/ingressclassspec.go | 13 +- .../v1beta1/ingressloadbalanceringress.go | 11 +- .../v1beta1/ingressloadbalancerstatus.go | 3 + .../networking/v1beta1/ingressportstatus.go | 17 +- .../networking/v1beta1/ingressrule.go | 33 +- .../networking/v1beta1/ingressrulevalue.go | 5 + .../networking/v1beta1/ingressspec.go | 31 +- .../networking/v1beta1/ingressstatus.go | 3 + .../networking/v1beta1/ingresstls.go | 15 +- .../networking/v1beta1/ipaddress.go | 56 +- .../networking/v1beta1/ipaddressspec.go | 4 + .../networking/v1beta1/parentreference.go | 12 +- .../networking/v1beta1/servicecidr.go | 57 +- .../networking/v1beta1/servicecidrspec.go | 5 + .../networking/v1beta1/servicecidrstatus.go | 4 + .../applyconfigurations/node/v1/overhead.go | 3 + .../node/v1/runtimeclass.go | 74 +- .../applyconfigurations/node/v1/scheduling.go | 15 +- .../node/v1alpha1/overhead.go | 3 + .../node/v1alpha1/runtimeclass.go | 55 +- .../node/v1alpha1/runtimeclassspec.go | 28 +- .../node/v1alpha1/scheduling.go | 15 +- .../node/v1beta1/overhead.go | 3 + .../node/v1beta1/runtimeclass.go | 74 +- .../node/v1beta1/scheduling.go | 15 +- .../applyconfigurations/policy/v1/eviction.go | 50 +- .../policy/v1/poddisruptionbudget.go | 56 +- .../policy/v1/poddisruptionbudgetspec.go | 42 +- .../policy/v1/poddisruptionbudgetstatus.go | 46 +- .../policy/v1beta1/eviction.go | 50 +- .../policy/v1beta1/poddisruptionbudget.go | 56 +- .../policy/v1beta1/poddisruptionbudgetspec.go | 43 +- .../v1beta1/poddisruptionbudgetstatus.go | 46 +- .../rbac/v1/aggregationrule.go | 4 + .../rbac/v1/clusterrole.go | 53 +- .../rbac/v1/clusterrolebinding.go | 54 +- .../applyconfigurations/rbac/v1/policyrule.go | 23 +- .../applyconfigurations/rbac/v1/role.go | 48 +- .../rbac/v1/rolebinding.go | 55 +- .../applyconfigurations/rbac/v1/roleref.go | 9 +- .../applyconfigurations/rbac/v1/subject.go | 17 +- .../rbac/v1alpha1/aggregationrule.go | 4 + .../rbac/v1alpha1/clusterrole.go | 54 +- .../rbac/v1alpha1/clusterrolebinding.go | 54 +- .../rbac/v1alpha1/policyrule.go | 23 +- .../applyconfigurations/rbac/v1alpha1/role.go | 49 +- .../rbac/v1alpha1/rolebinding.go | 55 +- .../rbac/v1alpha1/roleref.go | 9 +- .../rbac/v1alpha1/subject.go | 17 +- .../rbac/v1beta1/aggregationrule.go | 4 + .../rbac/v1beta1/clusterrole.go | 54 +- .../rbac/v1beta1/clusterrolebinding.go | 54 +- .../rbac/v1beta1/policyrule.go | 24 +- .../applyconfigurations/rbac/v1beta1/role.go | 49 +- .../rbac/v1beta1/rolebinding.go | 55 +- .../rbac/v1beta1/roleref.go | 9 +- .../rbac/v1beta1/subject.go | 17 +- .../resource/v1/allocateddevicestatus.go | 41 +- .../resource/v1/allocationresult.go | 16 +- .../resource/v1/capacityrequestpolicy.go | 35 +- .../resource/v1/capacityrequestpolicyrange.go | 26 +- .../resource/v1/capacityrequirements.go | 24 + .../resource/v1/celdeviceselector.go | 54 + .../resource/v1/counter.go | 3 + .../resource/v1/counterset.go | 17 +- .../applyconfigurations/resource/v1/device.go | 99 +- .../v1/deviceallocationconfiguration.go | 15 +- .../resource/v1/deviceallocationresult.go | 12 +- .../resource/v1/deviceattribute.go | 13 +- .../resource/v1/devicecapacity.go | 18 +- .../resource/v1/deviceclaim.go | 15 +- .../resource/v1/deviceclaimconfiguration.go | 8 + .../resource/v1/deviceclass.go | 61 +- .../resource/v1/deviceclassconfiguration.go | 2 + .../resource/v1/deviceclassspec.go | 25 +- .../resource/v1/deviceconfiguration.go | 5 + .../resource/v1/deviceconstraint.go | 37 +- .../resource/v1/devicecounterconsumption.go | 12 +- .../resource/v1/devicerequest.go | 38 +- .../v1/devicerequestallocationresult.go | 78 +- .../resource/v1/deviceselector.go | 3 + .../resource/v1/devicesubrequest.go | 91 +- .../resource/v1/devicetaint.go | 24 +- .../resource/v1/devicetoleration.go | 31 +- .../resource/v1/exactdevicerequest.go | 89 +- .../resource/v1/networkdevicedata.go | 23 +- .../resource/v1/opaquedeviceconfiguration.go | 19 +- .../resource/v1/resourceclaim.go | 63 +- .../v1/resourceclaimconsumerreference.go | 18 +- .../resource/v1/resourceclaimspec.go | 3 + .../resource/v1/resourceclaimstatus.go | 30 +- .../resource/v1/resourceclaimtemplate.go | 55 +- .../resource/v1/resourceclaimtemplatespec.go | 10 +- .../resource/v1/resourcepool.go | 30 +- .../resource/v1/resourceslice.go | 73 +- .../resource/v1/resourceslicespec.go | 65 +- .../resource/v1alpha3/celdeviceselector.go | 39 - .../resource/v1alpha3/deviceselector.go | 39 - .../resource/v1alpha3/devicetaint.go | 24 +- .../resource/v1alpha3/devicetaintrule.go | 64 +- .../resource/v1alpha3/devicetaintrulespec.go | 9 +- .../v1alpha3/devicetaintrulestatus.go | 70 + .../resource/v1alpha3/devicetaintselector.go | 48 +- .../resource/v1beta1/allocateddevicestatus.go | 41 +- .../resource/v1beta1/allocationresult.go | 16 +- .../resource/v1beta1/basicdevice.go | 94 +- .../resource/v1beta1/capacityrequestpolicy.go | 35 +- .../v1beta1/capacityrequestpolicyrange.go | 26 +- .../resource/v1beta1/capacityrequirements.go | 24 + .../resource/v1beta1/celdeviceselector.go | 54 + .../resource/v1beta1/counter.go | 3 + .../resource/v1beta1/counterset.go | 17 +- .../resource/v1beta1/device.go | 8 +- .../v1beta1/deviceallocationconfiguration.go | 15 +- .../v1beta1/deviceallocationresult.go | 12 +- .../resource/v1beta1/deviceattribute.go | 13 +- .../resource/v1beta1/devicecapacity.go | 18 +- .../resource/v1beta1/deviceclaim.go | 15 +- .../v1beta1/deviceclaimconfiguration.go | 8 + .../resource/v1beta1/deviceclass.go | 61 +- .../v1beta1/deviceclassconfiguration.go | 2 + .../resource/v1beta1/deviceclassspec.go | 25 +- .../resource/v1beta1/deviceconfiguration.go | 5 + .../resource/v1beta1/deviceconstraint.go | 37 +- .../v1beta1/devicecounterconsumption.go | 12 +- .../resource/v1beta1/devicerequest.go | 133 +- .../v1beta1/devicerequestallocationresult.go | 78 +- .../resource/v1beta1/deviceselector.go | 3 + .../resource/v1beta1/devicesubrequest.go | 92 +- .../resource/v1beta1/devicetaint.go | 24 +- .../resource/v1beta1/devicetoleration.go | 31 +- .../resource/v1beta1/networkdevicedata.go | 25 +- .../v1beta1/opaquedeviceconfiguration.go | 19 +- .../resource/v1beta1/resourceclaim.go | 63 +- .../v1beta1/resourceclaimconsumerreference.go | 18 +- .../resource/v1beta1/resourceclaimspec.go | 3 + .../resource/v1beta1/resourceclaimstatus.go | 30 +- .../resource/v1beta1/resourceclaimtemplate.go | 55 +- .../v1beta1/resourceclaimtemplatespec.go | 10 +- .../resource/v1beta1/resourcepool.go | 30 +- .../resource/v1beta1/resourceslice.go | 73 +- .../resource/v1beta1/resourceslicespec.go | 65 +- .../resource/v1beta2/allocateddevicestatus.go | 41 +- .../resource/v1beta2/allocationresult.go | 16 +- .../resource/v1beta2/capacityrequestpolicy.go | 35 +- .../v1beta2/capacityrequestpolicyrange.go | 26 +- .../resource/v1beta2/capacityrequirements.go | 24 + .../resource/v1beta2/celdeviceselector.go | 54 + .../resource/v1beta2/counter.go | 3 + .../resource/v1beta2/counterset.go | 17 +- .../resource/v1beta2/device.go | 99 +- .../v1beta2/deviceallocationconfiguration.go | 15 +- .../v1beta2/deviceallocationresult.go | 12 +- .../resource/v1beta2/deviceattribute.go | 13 +- .../resource/v1beta2/devicecapacity.go | 18 +- .../resource/v1beta2/deviceclaim.go | 15 +- .../v1beta2/deviceclaimconfiguration.go | 8 + .../resource/v1beta2/deviceclass.go | 61 +- .../v1beta2/deviceclassconfiguration.go | 2 + .../resource/v1beta2/deviceclassspec.go | 25 +- .../resource/v1beta2/deviceconfiguration.go | 5 + .../resource/v1beta2/deviceconstraint.go | 37 +- .../v1beta2/devicecounterconsumption.go | 12 +- .../resource/v1beta2/devicerequest.go | 38 +- .../v1beta2/devicerequestallocationresult.go | 78 +- .../resource/v1beta2/deviceselector.go | 3 + .../resource/v1beta2/devicesubrequest.go | 91 +- .../resource/v1beta2/devicetaint.go | 24 +- .../resource/v1beta2/devicetoleration.go | 31 +- .../resource/v1beta2/exactdevicerequest.go | 89 +- .../resource/v1beta2/networkdevicedata.go | 23 +- .../v1beta2/opaquedeviceconfiguration.go | 19 +- .../resource/v1beta2/resourceclaim.go | 63 +- .../v1beta2/resourceclaimconsumerreference.go | 18 +- .../resource/v1beta2/resourceclaimspec.go | 3 + .../resource/v1beta2/resourceclaimstatus.go | 30 +- .../resource/v1beta2/resourceclaimtemplate.go | 55 +- .../v1beta2/resourceclaimtemplatespec.go | 10 +- .../resource/v1beta2/resourcepool.go | 30 +- .../resource/v1beta2/resourceslice.go | 73 +- .../resource/v1beta2/resourceslicespec.go | 65 +- .../scheduling/v1/priorityclass.go | 67 +- .../v1alpha1/gangschedulingpolicy.go | 44 + .../scheduling/v1alpha1/podgroup.go | 53 + .../scheduling/v1alpha1/podgrouppolicy.go | 58 + .../scheduling/v1alpha1/priorityclass.go | 68 +- .../v1alpha1/typedlocalobjectreference.go | 67 + .../scheduling/v1alpha1/workload.go | 279 + .../scheduling/v1alpha1/workloadspec.go | 61 + .../scheduling/v1beta1/priorityclass.go | 68 +- .../storage/v1/csidriver.go | 59 +- .../storage/v1/csidriverspec.go | 170 +- .../applyconfigurations/storage/v1/csinode.go | 57 +- .../storage/v1/csinodedriver.go | 34 +- .../storage/v1/csinodespec.go | 4 + .../storage/v1/csistoragecapacity.go | 113 +- .../storage/v1/storageclass.go | 80 +- .../storage/v1/tokenrequest.go | 10 +- .../storage/v1/volumeattachment.go | 60 +- .../storage/v1/volumeattachmentsource.go | 16 +- .../storage/v1/volumeattachmentspec.go | 12 +- .../storage/v1/volumeattachmentstatus.go | 24 +- .../storage/v1/volumeattributesclass.go | 67 +- .../storage/v1/volumeerror.go | 15 +- .../storage/v1/volumenoderesources.go | 6 + .../storage/v1alpha1/csistoragecapacity.go | 113 +- .../storage/v1alpha1/volumeattachment.go | 60 +- .../v1alpha1/volumeattachmentsource.go | 16 +- .../storage/v1alpha1/volumeattachmentspec.go | 12 +- .../v1alpha1/volumeattachmentstatus.go | 24 +- .../storage/v1alpha1/volumeattributesclass.go | 67 +- .../storage/v1alpha1/volumeerror.go | 15 +- .../storage/v1beta1/csidriver.go | 62 +- .../storage/v1beta1/csidriverspec.go | 170 +- .../storage/v1beta1/csinode.go | 58 +- .../storage/v1beta1/csinodedriver.go | 33 +- .../storage/v1beta1/csinodespec.go | 4 + .../storage/v1beta1/csistoragecapacity.go | 113 +- .../storage/v1beta1/storageclass.go | 80 +- .../storage/v1beta1/tokenrequest.go | 10 +- .../storage/v1beta1/volumeattachment.go | 60 +- .../storage/v1beta1/volumeattachmentsource.go | 16 +- .../storage/v1beta1/volumeattachmentspec.go | 12 +- .../storage/v1beta1/volumeattachmentstatus.go | 24 +- .../storage/v1beta1/volumeattributesclass.go | 67 +- .../storage/v1beta1/volumeerror.go | 15 +- .../storage/v1beta1/volumenoderesources.go | 6 + .../v1alpha1/migrationcondition.go | 81 - .../storageversionmigration.go | 65 +- .../storageversionmigrationspec.go | 24 +- .../storageversionmigrationstatus.go | 18 +- .../client-go/applyconfigurations/utils.go | 56 +- .../client-go/discovery/discovery_client.go | 30 +- .../k8s.io/client-go/dynamic/fake/simple.go | 65 +- vendor/k8s.io/client-go/features/features.go | 43 +- .../client-go/features/known_features.go | 46 +- vendor/k8s.io/client-go/gentype/type.go | 8 +- .../v1/mutatingwebhookconfiguration.go | 4 +- .../v1/validatingadmissionpolicy.go | 4 +- .../v1/validatingadmissionpolicybinding.go | 4 +- .../v1/validatingwebhookconfiguration.go | 4 +- .../v1alpha1/mutatingadmissionpolicy.go | 4 +- .../mutatingadmissionpolicybinding.go | 4 +- .../v1alpha1/validatingadmissionpolicy.go | 4 +- .../validatingadmissionpolicybinding.go | 4 +- .../v1beta1/mutatingadmissionpolicy.go | 4 +- .../v1beta1/mutatingadmissionpolicybinding.go | 4 +- .../v1beta1/mutatingwebhookconfiguration.go | 4 +- .../v1beta1/validatingadmissionpolicy.go | 4 +- .../validatingadmissionpolicybinding.go | 4 +- .../v1beta1/validatingwebhookconfiguration.go | 4 +- .../v1alpha1/storageversion.go | 4 +- .../informers/apps/v1/controllerrevision.go | 4 +- .../client-go/informers/apps/v1/daemonset.go | 4 +- .../client-go/informers/apps/v1/deployment.go | 4 +- .../client-go/informers/apps/v1/replicaset.go | 4 +- .../informers/apps/v1/statefulset.go | 4 +- .../apps/v1beta1/controllerrevision.go | 4 +- .../informers/apps/v1beta1/deployment.go | 4 +- .../informers/apps/v1beta1/statefulset.go | 4 +- .../apps/v1beta2/controllerrevision.go | 4 +- .../informers/apps/v1beta2/daemonset.go | 4 +- .../informers/apps/v1beta2/deployment.go | 4 +- .../informers/apps/v1beta2/replicaset.go | 4 +- .../informers/apps/v1beta2/statefulset.go | 4 +- .../autoscaling/v1/horizontalpodautoscaler.go | 4 +- .../autoscaling/v2/horizontalpodautoscaler.go | 4 +- .../v2beta1/horizontalpodautoscaler.go | 4 +- .../v2beta2/horizontalpodautoscaler.go | 4 +- .../client-go/informers/batch/v1/cronjob.go | 4 +- .../client-go/informers/batch/v1/job.go | 4 +- .../informers/batch/v1beta1/cronjob.go | 4 +- .../v1/certificatesigningrequest.go | 4 +- .../v1alpha1/clustertrustbundle.go | 4 +- .../certificates/v1alpha1/interface.go | 7 - .../v1beta1/certificatesigningrequest.go | 4 +- .../v1beta1/clustertrustbundle.go | 4 +- .../certificates/v1beta1/interface.go | 7 + .../podcertificaterequest.go | 28 +- .../informers/coordination/v1/lease.go | 4 +- .../coordination/v1alpha2/leasecandidate.go | 4 +- .../informers/coordination/v1beta1/lease.go | 4 +- .../coordination/v1beta1/leasecandidate.go | 4 +- .../informers/core/v1/componentstatus.go | 4 +- .../client-go/informers/core/v1/configmap.go | 4 +- .../client-go/informers/core/v1/endpoints.go | 4 +- .../client-go/informers/core/v1/event.go | 4 +- .../client-go/informers/core/v1/limitrange.go | 4 +- .../client-go/informers/core/v1/namespace.go | 4 +- .../client-go/informers/core/v1/node.go | 4 +- .../informers/core/v1/persistentvolume.go | 4 +- .../core/v1/persistentvolumeclaim.go | 4 +- .../k8s.io/client-go/informers/core/v1/pod.go | 4 +- .../informers/core/v1/podtemplate.go | 4 +- .../core/v1/replicationcontroller.go | 4 +- .../informers/core/v1/resourcequota.go | 4 +- .../client-go/informers/core/v1/secret.go | 4 +- .../client-go/informers/core/v1/service.go | 4 +- .../informers/core/v1/serviceaccount.go | 4 +- .../informers/discovery/v1/endpointslice.go | 4 +- .../discovery/v1beta1/endpointslice.go | 4 +- .../client-go/informers/events/v1/event.go | 4 +- .../informers/events/v1beta1/event.go | 4 +- .../informers/extensions/v1beta1/daemonset.go | 4 +- .../extensions/v1beta1/deployment.go | 4 +- .../informers/extensions/v1beta1/ingress.go | 4 +- .../extensions/v1beta1/networkpolicy.go | 4 +- .../extensions/v1beta1/replicaset.go | 4 +- vendor/k8s.io/client-go/informers/factory.go | 3 +- .../informers/flowcontrol/v1/flowschema.go | 4 +- .../v1/prioritylevelconfiguration.go | 4 +- .../flowcontrol/v1beta1/flowschema.go | 4 +- .../v1beta1/prioritylevelconfiguration.go | 4 +- .../flowcontrol/v1beta2/flowschema.go | 4 +- .../v1beta2/prioritylevelconfiguration.go | 4 +- .../flowcontrol/v1beta3/flowschema.go | 4 +- .../v1beta3/prioritylevelconfiguration.go | 4 +- vendor/k8s.io/client-go/informers/generic.go | 14 +- .../informers/networking/v1/ingress.go | 4 +- .../informers/networking/v1/ingressclass.go | 4 +- .../informers/networking/v1/ipaddress.go | 4 +- .../informers/networking/v1/networkpolicy.go | 4 +- .../informers/networking/v1/servicecidr.go | 4 +- .../informers/networking/v1beta1/ingress.go | 4 +- .../networking/v1beta1/ingressclass.go | 4 +- .../informers/networking/v1beta1/ipaddress.go | 4 +- .../networking/v1beta1/servicecidr.go | 4 +- .../informers/node/v1/runtimeclass.go | 4 +- .../informers/node/v1alpha1/runtimeclass.go | 4 +- .../informers/node/v1beta1/runtimeclass.go | 4 +- .../policy/v1/poddisruptionbudget.go | 4 +- .../policy/v1beta1/poddisruptionbudget.go | 4 +- .../informers/rbac/v1/clusterrole.go | 4 +- .../informers/rbac/v1/clusterrolebinding.go | 4 +- .../client-go/informers/rbac/v1/role.go | 4 +- .../informers/rbac/v1/rolebinding.go | 4 +- .../informers/rbac/v1alpha1/clusterrole.go | 4 +- .../rbac/v1alpha1/clusterrolebinding.go | 4 +- .../client-go/informers/rbac/v1alpha1/role.go | 4 +- .../informers/rbac/v1alpha1/rolebinding.go | 4 +- .../informers/rbac/v1beta1/clusterrole.go | 4 +- .../rbac/v1beta1/clusterrolebinding.go | 4 +- .../client-go/informers/rbac/v1beta1/role.go | 4 +- .../informers/rbac/v1beta1/rolebinding.go | 4 +- .../informers/resource/v1/deviceclass.go | 4 +- .../informers/resource/v1/resourceclaim.go | 4 +- .../resource/v1/resourceclaimtemplate.go | 4 +- .../informers/resource/v1/resourceslice.go | 4 +- .../resource/v1alpha3/devicetaintrule.go | 4 +- .../informers/resource/v1beta1/deviceclass.go | 4 +- .../resource/v1beta1/resourceclaim.go | 4 +- .../resource/v1beta1/resourceclaimtemplate.go | 4 +- .../resource/v1beta1/resourceslice.go | 4 +- .../informers/resource/v1beta2/deviceclass.go | 4 +- .../resource/v1beta2/resourceclaim.go | 4 +- .../resource/v1beta2/resourceclaimtemplate.go | 4 +- .../resource/v1beta2/resourceslice.go | 4 +- .../informers/scheduling/v1/priorityclass.go | 4 +- .../scheduling/v1alpha1/interface.go | 7 + .../scheduling/v1alpha1/priorityclass.go | 4 +- .../informers/scheduling/v1alpha1/workload.go | 102 + .../scheduling/v1beta1/priorityclass.go | 4 +- .../informers/storage/v1/csidriver.go | 4 +- .../client-go/informers/storage/v1/csinode.go | 4 +- .../storage/v1/csistoragecapacity.go | 4 +- .../informers/storage/v1/storageclass.go | 4 +- .../informers/storage/v1/volumeattachment.go | 4 +- .../storage/v1/volumeattributesclass.go | 4 +- .../storage/v1alpha1/csistoragecapacity.go | 4 +- .../storage/v1alpha1/volumeattachment.go | 4 +- .../storage/v1alpha1/volumeattributesclass.go | 4 +- .../informers/storage/v1beta1/csidriver.go | 4 +- .../informers/storage/v1beta1/csinode.go | 4 +- .../storage/v1beta1/csistoragecapacity.go | 4 +- .../informers/storage/v1beta1/storageclass.go | 4 +- .../storage/v1beta1/volumeattachment.go | 4 +- .../storage/v1beta1/volumeattributesclass.go | 4 +- .../informers/storagemigration/interface.go | 12 +- .../{v1alpha1 => v1beta1}/interface.go | 2 +- .../storageversionmigration.go | 28 +- .../k8s.io/client-go/kubernetes/clientset.go | 16 +- .../kubernetes/fake/clientset_generated.go | 27 +- .../client-go/kubernetes/fake/register.go | 4 +- .../client-go/kubernetes/scheme/register.go | 4 +- .../v1alpha1/certificates_client.go | 5 - .../v1alpha1/fake/fake_certificates_client.go | 4 - .../fake/fake_podcertificaterequest.go | 53 - .../v1alpha1/generated_expansion.go | 2 - .../v1beta1/certificates_client.go | 5 + .../v1beta1/fake/fake_certificates_client.go | 4 + .../fake/fake_podcertificaterequest.go | 53 + .../v1beta1/generated_expansion.go | 2 + .../podcertificaterequest.go | 38 +- .../resource/v1alpha3/devicetaintrule.go | 4 + .../v1alpha1/fake/fake_scheduling_client.go | 4 + .../scheduling/v1alpha1/fake/fake_workload.go | 51 + .../v1alpha1/generated_expansion.go | 2 + .../scheduling/v1alpha1/scheduling_client.go | 5 + .../typed/scheduling/v1alpha1/workload.go | 71 + .../fake/fake_storageversionmigration.go | 53 - .../{v1alpha1 => v1beta1}/doc.go | 2 +- .../{v1alpha1 => v1beta1}/fake/doc.go | 0 .../fake/fake_storagemigration_client.go | 8 +- .../fake/fake_storageversionmigration.go | 53 + .../generated_expansion.go | 2 +- .../storagemigration_client.go | 36 +- .../storageversionmigration.go | 38 +- .../v1alpha1/expansion_generated.go | 8 - .../v1beta1/expansion_generated.go | 8 + .../podcertificaterequest.go | 18 +- .../v1alpha1/expansion_generated.go | 8 + .../listers/scheduling/v1alpha1/workload.go | 70 + .../expansion_generated.go | 2 +- .../storageversionmigration.go | 12 +- vendor/k8s.io/client-go/openapi/OWNERS | 4 + .../pkg/apis/clientauthentication/OWNERS | 8 + .../pkg/apis/clientauthentication/v1/doc.go | 1 + .../v1/zz_generated.model_name.go | 42 + .../apis/clientauthentication/v1beta1/doc.go | 1 + .../v1beta1/zz_generated.model_name.go | 42 + .../plugin/pkg/client/auth/exec/exec.go | 157 +- .../plugin/pkg/client/auth/exec/metrics.go | 16 + vendor/k8s.io/client-go/rest/.mockery.yaml | 11 +- vendor/k8s.io/client-go/rest/OWNERS | 14 + vendor/k8s.io/client-go/rest/urlbackoff.go | 4 +- vendor/k8s.io/client-go/rest/warnings.go | 7 +- vendor/k8s.io/client-go/testing/fixture.go | 11 + vendor/k8s.io/client-go/tools/auth/OWNERS | 8 + vendor/k8s.io/client-go/tools/cache/OWNERS | 27 + .../client-go/tools/cache/controller.go | 127 +- .../client-go/tools/cache/delta_fifo.go | 2 +- .../tools/cache/expiration_cache_fakes.go | 2 +- vendor/k8s.io/client-go/tools/cache/fifo.go | 17 + vendor/k8s.io/client-go/tools/cache/index.go | 4 +- .../k8s.io/client-go/tools/cache/listwatch.go | 30 + .../k8s.io/client-go/tools/cache/reflector.go | 25 +- .../client-go/tools/cache/shared_informer.go | 7 + vendor/k8s.io/client-go/tools/cache/store.go | 71 + .../client-go/tools/cache/the_real_fifo.go | 120 +- .../tools/cache/thread_safe_store.go | 81 +- .../client-go/tools/clientcmd/api/types.go | 49 + .../api/v1/zz_generated.conversion.go | 1 + .../clientcmd/api/zz_generated.deepcopy.go | 38 + .../tools/clientcmd/client_config.go | 15 + .../client-go/tools/clientcmd/loader.go | 5 +- .../client-go/tools/clientcmd/validation.go | 5 + .../client-go/tools/leaderelection/OWNERS | 13 + .../tools/leaderelection/leaderelection.go | 48 +- .../tools/leaderelection/leasecandidate.go | 15 +- vendor/k8s.io/client-go/tools/metrics/OWNERS | 5 + .../k8s.io/client-go/tools/metrics/metrics.go | 17 + vendor/k8s.io/client-go/tools/record/OWNERS | 6 + vendor/k8s.io/client-go/tools/record/event.go | 2 +- .../client-go/tools/record/events_cache.go | 4 +- .../k8s.io/client-go/tools/reference/ref.go | 5 +- vendor/k8s.io/client-go/transport/OWNERS | 8 + vendor/k8s.io/client-go/util/cert/OWNERS | 8 + vendor/k8s.io/client-go/util/keyutil/OWNERS | 6 + vendor/k8s.io/client-go/util/retry/OWNERS | 4 + .../client-go/util/watchlist/watch_list.go | 99 + .../k8s.io/client-go/util/workqueue/queue.go | 44 +- vendor/k8s.io/code-generator/OWNERS | 16 + .../generators/applyconfiguration.go | 135 +- .../code-generator/cmd/client-gen/OWNERS | 11 + .../fake/generator_fake_for_clientset.go | 17 +- .../conversion-gen/generators/conversion.go | 40 + .../code-generator/cmd/go-to-protobuf/OWNERS | 6 + .../cmd/go-to-protobuf/protobuf/cmd.go | 19 +- .../cmd/go-to-protobuf/protobuf/package.go | 6 +- .../cmd/go-to-protobuf/protobuf/parser.go | 205 +- .../cmd/informer-gen/generators/factory.go | 3 +- .../cmd/informer-gen/generators/informer.go | 55 +- .../cmd/informer-gen/generators/types.go | 49 +- .../generators/register_external.go | 1 + .../cmd/validation-gen/targets.go | 3 + .../cmd/validation-gen/validation.go | 579 +- .../cmd/validation-gen/validators/each.go | 419 +- .../cmd/validation-gen/validators/enum.go | 229 +- .../cmd/validation-gen/validators/equality.go | 3 +- .../cmd/validation-gen/validators/format.go | 160 + .../validation-gen/validators/immutable.go | 24 +- .../cmd/validation-gen/validators/item.go | 366 +- .../cmd/validation-gen/validators/limits.go | 128 +- .../cmd/validation-gen/validators/list.go | 494 + .../cmd/validation-gen/validators/opaque.go | 7 +- .../cmd/validation-gen/validators/options.go | 109 + .../cmd/validation-gen/validators/registry.go | 43 +- .../cmd/validation-gen/validators/required.go | 3 + .../cmd/validation-gen/validators/subfield.go | 82 +- .../cmd/validation-gen/validators/testing.go | 19 +- .../cmd/validation-gen/validators/union.go | 292 +- .../cmd/validation-gen/validators/update.go | 226 + .../validation-gen/validators/validators.go | 133 +- .../validation-gen/validators/zeroorone.go | 9 +- vendor/k8s.io/code-generator/kube_codegen.sh | 9 +- vendor/k8s.io/gengo/v2/Makefile | 2 +- vendor/k8s.io/gengo/v2/generator/execute.go | 39 +- .../gengo/v2/generator/import_tracker.go | 4 +- vendor/k8s.io/gengo/v2/namer/namer.go | 9 +- vendor/k8s.io/gengo/v2/parser/parse.go | 123 +- vendor/k8s.io/gengo/v2/parser/parse_122.go | 5 + .../k8s.io/gengo/v2/parser/parse_pre_122.go | 4 + vendor/k8s.io/klog/OWNERS | 19 + vendor/k8s.io/klog/v2/OWNERS | 16 + vendor/k8s.io/klog/v2/README.md | 2 - .../klog/v2/internal/serialize/keyvalues.go | 232 +- .../internal/serialize/keyvalues_no_slog.go | 10 +- .../v2/internal/serialize/keyvalues_slog.go | 12 +- vendor/k8s.io/klog/v2/klog.go | 87 +- vendor/k8s.io/klog/v2/klogr.go | 4 +- vendor/k8s.io/klog/v2/klogr_slog.go | 11 +- .../kube-openapi/cmd/openapi-gen/args/args.go | 13 + .../cmd/openapi-gen/openapi-gen.go | 27 +- .../kube-openapi/pkg/generators/config.go | 62 +- .../pkg/generators/model_names.go | 177 + .../kube-openapi/pkg/generators/openapi.go | 66 +- .../kube-openapi/pkg/generators/rules/OWNERS | 4 + .../k8s.io/kube-openapi/pkg/util/proto/OWNERS | 2 + vendor/k8s.io/kube-openapi/pkg/util/util.go | 13 +- .../kube-openapi/pkg/validation/spec/ref.go | 50 - vendor/k8s.io/utils/buffer/ring_fixed.go | 120 + vendor/k8s.io/utils/net/multi_listen.go | 6 +- vendor/k8s.io/utils/pointer/OWNERS | 10 + vendor/k8s.io/utils/ptr/OWNERS | 10 + vendor/k8s.io/utils/strings/slices/slices.go | 51 +- vendor/knative.dev/hack/OWNERS | 8 + vendor/knative.dev/hack/OWNERS_ALIASES | 128 + vendor/knative.dev/pkg/apis/OWNERS | 15 + vendor/knative.dev/pkg/apis/duck/OWNERS | 8 + vendor/knative.dev/pkg/controller/OWNERS | 7 + vendor/knative.dev/pkg/reconciler/OWNERS | 7 + vendor/knative.dev/pkg/resolver/OWNERS | 8 + vendor/knative.dev/pkg/test/OWNERS | 10 + vendor/knative.dev/pkg/webhook/OWNERS | 7 + .../reconciler-test/pkg/feature/feature.go | 9 - vendor/modules.txt | 307 +- .../apis/v1/backendtlspolicy_types.go | 348 + .../gateway-api/apis/v1/gateway_types.go | 777 +- .../gateway-api/apis/v1/gatewayclass_types.go | 79 +- .../apis/v1/gatewayclass_types_overrides.go | 60 + .../gateway-api/apis/v1/grpcroute_types.go | 34 +- .../gateway-api/apis/v1/httproute_types.go | 692 +- .../gateway-api/apis/v1/listenerset_types.go | 632 + .../apis/v1/object_reference_types.go | 16 +- .../gateway-api/apis/v1/policy_types.go | 279 + .../apis/v1/referencegrant_types.go | 157 + .../gateway-api/apis/v1/shared_types.go | 222 +- .../gateway-api/apis/v1/tlsroute_types.go | 162 + .../apis/v1/zz_generated.deepcopy.go | 1367 +- .../apis/v1/zz_generated.register.go | 19 +- vendor/sigs.k8s.io/json/OWNERS | 6 + .../internal/golang/encoding/json/decode.go | 43 +- .../internal/golang/encoding/json/encode.go | 63 +- .../internal/golang/encoding/json/stream.go | 4 +- vendor/sigs.k8s.io/randfill/OWNERS | 8 + vendor/sigs.k8s.io/randfill/OWNERS_ALIASES | 14 + .../v6/schema/elements.go | 47 +- .../structured-merge-diff/v6/typed/remove.go | 65 +- .../v6/value/reflectcache.go | 4 + vendor/sigs.k8s.io/yaml/OWNERS | 23 + 2599 files changed, 136768 insertions(+), 136937 deletions(-) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/config/auth_scheme_preference.go rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/errors.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/ini.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/parse.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/sections.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/strings.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/token.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/tokenize.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/value.go (100%) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go delete mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md delete mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateObjectEncryption.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md rename vendor/github.com/aws/aws-sdk-go-v2/{internal/ini => service/signin}/LICENSE.txt (100%) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/doc.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json rename vendor/github.com/aws/aws-sdk-go-v2/{internal/ini => service/signin}/go_module_metadata.go (73%) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints/endpoints.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/enums.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go create mode 100644 vendor/github.com/aws/smithy-go/AGENTS.md create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeauthorization.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallenge.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolver.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverdns01.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01gatewayhttproute.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingress.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingressobjectmeta.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodobjectmeta.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodresources.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodsecuritycontext.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodspec.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodtemplate.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresstemplate.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeexternalaccountbinding.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01provideracmedns.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerakamai.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerazuredns.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerclouddns.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providercloudflare.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerdigitalocean.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerrfc2136.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerroute53.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerwebhook.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerstatus.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/azuremanagedidentity.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/certificatednsnameselector.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challenge.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengespec.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengestatus.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/order.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderspec.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderstatus.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53auth.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53kubernetesauth.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/serviceaccountref.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/caissuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificate.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateadditionaloutputformat.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatecondition.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatekeystores.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateprivatekey.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequest.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestcondition.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestspec.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequeststatus.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatesecrettemplate.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatespec.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatestatus.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/clusterissuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuercondition.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerconfig.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerspec.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerstatus.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/jkskeystore.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraintitem.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraints.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/othername.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/pkcs12keystore.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/selfsignedissuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/serviceaccountref.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultapprole.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultauth.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultclientcertificateauth.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultissuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultkubernetesauth.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venaficloud.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafiissuer.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafitpp.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/x509subject.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal/internal.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/issuerreference.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/localobjectreference.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/secretkeyselector.go create mode 100644 vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/utils.go create mode 100644 vendor/github.com/eclipse/paho.golang/paho/log/test.go rename vendor/github.com/eclipse/paho.golang/paho/{ => log}/trace.go (55%) delete mode 100644 vendor/github.com/eclipse/paho.golang/paho/message_ids.go delete mode 100644 vendor/github.com/eclipse/paho.golang/paho/noop_persistence.go delete mode 100644 vendor/github.com/eclipse/paho.golang/paho/persistence.go create mode 100644 vendor/github.com/eclipse/paho.golang/paho/session/session.go create mode 100644 vendor/github.com/eclipse/paho.golang/paho/session/state/readme.md create mode 100644 vendor/github.com/eclipse/paho.golang/paho/session/state/sendquota.go create mode 100644 vendor/github.com/eclipse/paho.golang/paho/session/state/state.go create mode 100644 vendor/github.com/eclipse/paho.golang/paho/session/state/store.go create mode 100644 vendor/github.com/eclipse/paho.golang/paho/store/memory/store.go delete mode 100644 vendor/github.com/emicklei/go-restful/v3/.travis.yml delete mode 100644 vendor/github.com/fsnotify/fsnotify/.cirrus.yml create mode 100644 vendor/github.com/go-jose/go-jose/v4/.gitignore create mode 100644 vendor/github.com/go-jose/go-jose/v4/.golangci.yml create mode 100644 vendor/github.com/go-jose/go-jose/v4/.travis.yml create mode 100644 vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md create mode 100644 vendor/github.com/go-jose/go-jose/v4/LICENSE create mode 100644 vendor/github.com/go-jose/go-jose/v4/README.md create mode 100644 vendor/github.com/go-jose/go-jose/v4/SECURITY.md create mode 100644 vendor/github.com/go-jose/go-jose/v4/asymmetric.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/crypter.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/doc.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/encoding.go rename vendor/github.com/{gogo/protobuf => go-jose/go-jose/v4/json}/LICENSE (73%) create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/README.md create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/decode.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/encode.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/indent.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/scanner.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/stream.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/json/tags.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/jwe.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/jwk.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/jws.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/opaque.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/shared.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/signing.go create mode 100644 vendor/github.com/go-jose/go-jose/v4/symmetric.go create mode 100644 vendor/github.com/go-openapi/jsonpointer/.cliff.toml create mode 100644 vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md create mode 100644 vendor/github.com/go-openapi/jsonpointer/NOTICE create mode 100644 vendor/github.com/go-openapi/jsonpointer/SECURITY.md create mode 100644 vendor/github.com/go-openapi/jsonpointer/errors.go create mode 100644 vendor/github.com/go-openapi/jsonreference/.cliff.toml create mode 100644 vendor/github.com/go-openapi/jsonreference/.editorconfig create mode 100644 vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md create mode 100644 vendor/github.com/go-openapi/jsonreference/NOTICE create mode 100644 vendor/github.com/go-openapi/jsonreference/SECURITY.md create mode 100644 vendor/github.com/go-openapi/swag/errors.go create mode 100644 vendor/github.com/go-openapi/swag/jsonname/LICENSE create mode 100644 vendor/github.com/go-openapi/swag/jsonname/doc.go create mode 100644 vendor/github.com/go-openapi/swag/jsonname/name_provider.go delete mode 100644 vendor/github.com/gogo/protobuf/AUTHORS delete mode 100644 vendor/github.com/gogo/protobuf/CONTRIBUTORS delete mode 100644 vendor/github.com/gogo/protobuf/proto/Makefile delete mode 100644 vendor/github.com/gogo/protobuf/proto/clone.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/custom_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/decode.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/deprecated.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/discard.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/duration.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/duration_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/encode.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/encode_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/equal.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/extensions.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/extensions_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/lib.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/lib_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/message_set.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/pointer_reflect.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/properties.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/properties_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/skip_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/table_marshal.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/table_merge.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/table_unmarshal.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/text.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/text_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/text_parser.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/timestamp.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/wrappers.go delete mode 100644 vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go delete mode 100644 vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go create mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel create mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel create mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel create mode 100644 vendor/github.com/pelletier/go-toml/v2/AGENTS.md delete mode 100644 vendor/github.com/pelletier/go-toml/v2/internal/ast/ast.go delete mode 100644 vendor/github.com/pelletier/go-toml/v2/internal/ast/builder.go create mode 100644 vendor/github.com/pelletier/go-toml/v2/internal/characters/ascii.go rename vendor/github.com/pelletier/go-toml/v2/{ => internal/characters}/utf8.go (73%) delete mode 100644 vendor/github.com/pelletier/go-toml/v2/internal/danger/danger.go delete mode 100644 vendor/github.com/pelletier/go-toml/v2/internal/danger/typeid.go create mode 100644 vendor/github.com/pelletier/go-toml/v2/test-go-versions.sh create mode 100644 vendor/github.com/pelletier/go-toml/v2/unstable/ast.go create mode 100644 vendor/github.com/pelletier/go-toml/v2/unstable/builder.go create mode 100644 vendor/github.com/pelletier/go-toml/v2/unstable/doc.go rename vendor/github.com/pelletier/go-toml/v2/{internal/ast => unstable}/kind.go (50%) rename vendor/github.com/pelletier/go-toml/v2/{ => unstable}/parser.go (58%) rename vendor/github.com/pelletier/go-toml/v2/{ => unstable}/scanner.go (79%) create mode 100644 vendor/github.com/pelletier/go-toml/v2/unstable/unmarshaler.go create mode 100644 vendor/github.com/rickb777/date/period/arithmetic.go create mode 100644 vendor/github.com/rickb777/date/period/designator.go create mode 100644 vendor/github.com/rickb777/date/period/flag.go create mode 100644 vendor/github.com/rickb777/date/period/period64.go create mode 100644 vendor/github.com/rickb777/date/period/sql.go delete mode 100644 vendor/github.com/rickb777/plural/.travis.yml delete mode 100644 vendor/github.com/rickb777/plural/build+test.sh create mode 100644 vendor/github.com/rickb777/plural/build.sh create mode 100644 vendor/github.com/spf13/cobra/SECURITY.md delete mode 100644 vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/client.go create mode 100644 vendor/go.opentelemetry.io/otel/internal/errorhandler/errorhandler.go delete mode 100644 vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/README.md delete mode 100644 vendor/go.opentelemetry.io/otel/sdk/metric/internal/x/x.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/MIGRATION.md create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/README.md create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/attribute_group.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/doc.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/error_type.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/exception.go rename vendor/go.opentelemetry.io/otel/semconv/{v1.37.0 => v1.40.0}/goconv/metric.go (100%) create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/httpconv/metric.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/otelconv/metric.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.40.0/schema.go create mode 100644 vendor/go.uber.org/atomic/pointer_go118_pre119.go create mode 100644 vendor/golang.org/x/net/http2/client_priority_go126.go create mode 100644 vendor/golang.org/x/net/http2/client_priority_go127.go create mode 100644 vendor/golang.org/x/net/internal/httpsfv/httpsfv.go delete mode 100644 vendor/golang.org/x/sync/semaphore/semaphore.go delete mode 100644 vendor/golang.org/x/text/cases/tables10.0.0.go delete mode 100644 vendor/golang.org/x/text/cases/tables11.0.0.go delete mode 100644 vendor/golang.org/x/text/cases/tables12.0.0.go rename vendor/golang.org/x/text/cases/{tables13.0.0.go => tables17.0.0.go} (60%) delete mode 100644 vendor/golang.org/x/text/cases/tables9.0.0.go delete mode 100644 vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go delete mode 100644 vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go create mode 100644 vendor/golang.org/x/text/unicode/bidi/tables17.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables10.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables11.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables12.0.0.go rename vendor/golang.org/x/text/unicode/norm/{tables13.0.0.go => tables17.0.0.go} (53%) delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables9.0.0.go delete mode 100644 vendor/golang.org/x/tools/internal/aliases/aliases_go122.go create mode 100644 vendor/google.golang.org/grpc/internal/balancer/weight/weight.go create mode 100644 vendor/k8s.io/api/admission/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/admission/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/admissionregistration/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/admissionregistration/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/admissionregistration/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/admissionregistration/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/apidiscovery/v2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/apidiscovery/v2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/apidiscovery/v2beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/apidiscovery/v2beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/apps/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/apps/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/apps/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/apps/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/apps/v1beta2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/apps/v1beta2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/authentication/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/authentication/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/authentication/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/authentication/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/authentication/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/authentication/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/authorization/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/authorization/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/authorization/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/authorization/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/autoscaling/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/autoscaling/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/autoscaling/v2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/autoscaling/v2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/autoscaling/v2beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/autoscaling/v2beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/autoscaling/v2beta2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/autoscaling/v2beta2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/batch/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/batch/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/batch/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/batch/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/certificates/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/certificates/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/certificates/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/certificates/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/certificates/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/certificates/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/coordination/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/coordination/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/coordination/v1alpha2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/coordination/v1alpha2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/coordination/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/coordination/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/core/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/core/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/discovery/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/discovery/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/discovery/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/discovery/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/events/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/events/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/events/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/events/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/extensions/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/extensions/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1beta2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1beta3/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/imagepolicy/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/imagepolicy/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/networking/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/networking/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/networking/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/networking/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/node/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/node/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/node/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/node/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/node/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/node/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/policy/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/policy/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/policy/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/policy/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/rbac/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/rbac/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/rbac/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/rbac/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/rbac/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/rbac/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/resource/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/resource/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/resource/v1alpha3/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/resource/v1alpha3/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/resource/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/resource/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/resource/v1beta2/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/resource/v1beta2/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/scheduling/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/scheduling/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/scheduling/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/scheduling/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/scheduling/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/scheduling/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/storage/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/storage/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/storage/v1alpha1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/storage/v1alpha1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/api/storage/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/api/storage/v1beta1/zz_generated.model_name.go delete mode 100644 vendor/k8s.io/api/storagemigration/v1alpha1/generated.pb.go rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/doc.go (89%) create mode 100644 vendor/k8s.io/api/storagemigration/v1beta1/generated.pb.go rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/generated.proto (64%) create mode 100644 vendor/k8s.io/api/storagemigration/v1beta1/generated.protomessage.pb.go rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/register.go (97%) rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/types.go (57%) rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/types_swagger_doc_generated.go (68%) rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/zz_generated.deepcopy.go (78%) create mode 100644 vendor/k8s.io/api/storagemigration/v1beta1/zz_generated.model_name.go rename vendor/k8s.io/api/storagemigration/{v1alpha1 => v1beta1}/zz_generated.prerelease-lifecycle.go (96%) create mode 100644 vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/api/resource/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/content/decimal_int.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/content/dns.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/content/identifier.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/content/kube.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/options.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/strfmt.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validate/update.go create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion/validation/validation.go create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1beta1/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/pkg/runtime/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/pkg/util/intstr/generated.protomessage.pb.go create mode 100644 vendor/k8s.io/apimachinery/pkg/util/intstr/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/util/version/doc.go create mode 100644 vendor/k8s.io/apimachinery/pkg/util/version/version.go create mode 100644 vendor/k8s.io/apimachinery/pkg/version/zz_generated.model_name.go create mode 100644 vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS create mode 100644 vendor/k8s.io/client-go/applyconfigurations/OWNERS rename vendor/k8s.io/client-go/applyconfigurations/certificates/{v1alpha1 => v1beta1}/podcertificaterequest.go (85%) rename vendor/k8s.io/client-go/applyconfigurations/certificates/{v1alpha1 => v1beta1}/podcertificaterequestspec.go (53%) rename vendor/k8s.io/client-go/applyconfigurations/certificates/{v1alpha1 => v1beta1}/podcertificaterequeststatus.go (56%) create mode 100644 vendor/k8s.io/client-go/applyconfigurations/core/v1/workloadreference.go rename vendor/k8s.io/client-go/applyconfigurations/{storagemigration/v1alpha1/groupversionresource.go => meta/v1/groupresource.go} (54%) delete mode 100644 vendor/k8s.io/client-go/applyconfigurations/resource/v1alpha3/celdeviceselector.go delete mode 100644 vendor/k8s.io/client-go/applyconfigurations/resource/v1alpha3/deviceselector.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/resource/v1alpha3/devicetaintrulestatus.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/scheduling/v1alpha1/gangschedulingpolicy.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/scheduling/v1alpha1/podgroup.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/scheduling/v1alpha1/podgrouppolicy.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/scheduling/v1alpha1/typedlocalobjectreference.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/scheduling/v1alpha1/workload.go create mode 100644 vendor/k8s.io/client-go/applyconfigurations/scheduling/v1alpha1/workloadspec.go delete mode 100644 vendor/k8s.io/client-go/applyconfigurations/storagemigration/v1alpha1/migrationcondition.go rename vendor/k8s.io/client-go/applyconfigurations/storagemigration/{v1alpha1 => v1beta1}/storageversionmigration.go (85%) rename vendor/k8s.io/client-go/applyconfigurations/storagemigration/{v1alpha1 => v1beta1}/storageversionmigrationspec.go (66%) rename vendor/k8s.io/client-go/applyconfigurations/storagemigration/{v1alpha1 => v1beta1}/storageversionmigrationstatus.go (76%) rename vendor/k8s.io/client-go/informers/certificates/{v1alpha1 => v1beta1}/podcertificaterequest.go (77%) create mode 100644 vendor/k8s.io/client-go/informers/scheduling/v1alpha1/workload.go rename vendor/k8s.io/client-go/informers/storagemigration/{v1alpha1 => v1beta1}/interface.go (98%) rename vendor/k8s.io/client-go/informers/storagemigration/{v1alpha1 => v1beta1}/storageversionmigration.go (77%) delete mode 100644 vendor/k8s.io/client-go/kubernetes/typed/certificates/v1alpha1/fake/fake_podcertificaterequest.go create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake/fake_podcertificaterequest.go rename vendor/k8s.io/client-go/kubernetes/typed/certificates/{v1alpha1 => v1beta1}/podcertificaterequest.go (58%) create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1/fake/fake_workload.go create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1/workload.go delete mode 100644 vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1alpha1/fake/fake_storageversionmigration.go rename vendor/k8s.io/client-go/kubernetes/typed/storagemigration/{v1alpha1 => v1beta1}/doc.go (97%) rename vendor/k8s.io/client-go/kubernetes/typed/storagemigration/{v1alpha1 => v1beta1}/fake/doc.go (100%) rename vendor/k8s.io/client-go/kubernetes/typed/storagemigration/{v1alpha1 => v1beta1}/fake/fake_storagemigration_client.go (75%) create mode 100644 vendor/k8s.io/client-go/kubernetes/typed/storagemigration/v1beta1/fake/fake_storageversionmigration.go rename vendor/k8s.io/client-go/kubernetes/typed/storagemigration/{v1alpha1 => v1beta1}/generated_expansion.go (97%) rename vendor/k8s.io/client-go/kubernetes/typed/storagemigration/{v1alpha1 => v1beta1}/storagemigration_client.go (62%) rename vendor/k8s.io/client-go/kubernetes/typed/storagemigration/{v1alpha1 => v1beta1}/storageversionmigration.go (57%) rename vendor/k8s.io/client-go/listers/certificates/{v1alpha1 => v1beta1}/podcertificaterequest.go (79%) create mode 100644 vendor/k8s.io/client-go/listers/scheduling/v1alpha1/workload.go rename vendor/k8s.io/client-go/listers/storagemigration/{v1alpha1 => v1beta1}/expansion_generated.go (97%) rename vendor/k8s.io/client-go/listers/storagemigration/{v1alpha1 => v1beta1}/storageversionmigration.go (78%) create mode 100644 vendor/k8s.io/client-go/openapi/OWNERS create mode 100644 vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS create mode 100644 vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.model_name.go create mode 100644 vendor/k8s.io/client-go/rest/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/auth/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/cache/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/leaderelection/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/metrics/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/record/OWNERS create mode 100644 vendor/k8s.io/client-go/transport/OWNERS create mode 100644 vendor/k8s.io/client-go/util/cert/OWNERS create mode 100644 vendor/k8s.io/client-go/util/keyutil/OWNERS create mode 100644 vendor/k8s.io/client-go/util/retry/OWNERS create mode 100644 vendor/k8s.io/client-go/util/watchlist/watch_list.go create mode 100644 vendor/k8s.io/code-generator/OWNERS create mode 100644 vendor/k8s.io/code-generator/cmd/client-gen/OWNERS create mode 100644 vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS create mode 100644 vendor/k8s.io/code-generator/cmd/validation-gen/validators/format.go create mode 100644 vendor/k8s.io/code-generator/cmd/validation-gen/validators/list.go create mode 100644 vendor/k8s.io/code-generator/cmd/validation-gen/validators/options.go create mode 100644 vendor/k8s.io/code-generator/cmd/validation-gen/validators/update.go create mode 100644 vendor/k8s.io/klog/OWNERS create mode 100644 vendor/k8s.io/klog/v2/OWNERS create mode 100644 vendor/k8s.io/kube-openapi/pkg/generators/model_names.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS create mode 100644 vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS create mode 100644 vendor/k8s.io/utils/buffer/ring_fixed.go create mode 100644 vendor/k8s.io/utils/pointer/OWNERS create mode 100644 vendor/k8s.io/utils/ptr/OWNERS create mode 100644 vendor/knative.dev/hack/OWNERS create mode 100644 vendor/knative.dev/hack/OWNERS_ALIASES create mode 100644 vendor/knative.dev/pkg/apis/OWNERS create mode 100644 vendor/knative.dev/pkg/apis/duck/OWNERS create mode 100644 vendor/knative.dev/pkg/controller/OWNERS create mode 100644 vendor/knative.dev/pkg/reconciler/OWNERS create mode 100644 vendor/knative.dev/pkg/resolver/OWNERS create mode 100644 vendor/knative.dev/pkg/test/OWNERS create mode 100644 vendor/knative.dev/pkg/webhook/OWNERS create mode 100644 vendor/sigs.k8s.io/gateway-api/apis/v1/backendtlspolicy_types.go create mode 100644 vendor/sigs.k8s.io/gateway-api/apis/v1/gatewayclass_types_overrides.go create mode 100644 vendor/sigs.k8s.io/gateway-api/apis/v1/listenerset_types.go create mode 100644 vendor/sigs.k8s.io/gateway-api/apis/v1/policy_types.go create mode 100644 vendor/sigs.k8s.io/gateway-api/apis/v1/referencegrant_types.go create mode 100644 vendor/sigs.k8s.io/gateway-api/apis/v1/tlsroute_types.go create mode 100644 vendor/sigs.k8s.io/json/OWNERS create mode 100644 vendor/sigs.k8s.io/randfill/OWNERS create mode 100644 vendor/sigs.k8s.io/randfill/OWNERS_ALIASES create mode 100644 vendor/sigs.k8s.io/yaml/OWNERS diff --git a/go.mod b/go.mod index 302fd32caf7..3fc23ee80c0 100644 --- a/go.mod +++ b/go.mod @@ -4,21 +4,21 @@ go 1.25.0 require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1 - github.com/aws/aws-sdk-go-v2 v1.41.5 - github.com/aws/aws-sdk-go-v2/config v1.27.36 - github.com/aws/aws-sdk-go-v2/credentials v1.17.34 - github.com/aws/aws-sdk-go-v2/service/dynamodb v1.53.5 - github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0 + github.com/aws/aws-sdk-go-v2 v1.41.7 + github.com/aws/aws-sdk-go-v2/config v1.32.17 + github.com/aws/aws-sdk-go-v2/credentials v1.19.16 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.3 + github.com/aws/aws-sdk-go-v2/service/s3 v1.100.1 github.com/aws/aws-sdk-go-v2/service/sqs v1.42.25 - github.com/cert-manager/cert-manager v1.16.3 + github.com/cert-manager/cert-manager v1.20.2 github.com/cloudevents/conformance v0.4.1 github.com/cloudevents/sdk-go/observability/opentelemetry/v2 v2.16.2 github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2 v2.0.0-20240508060731-1ed9471c98bd - github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20240712172937-3ce6b2f1f011 + github.com/cloudevents/sdk-go/sql/v2 v2.16.2 github.com/cloudevents/sdk-go/v2 v2.16.2 - github.com/coreos/go-oidc/v3 v3.9.0 - github.com/eclipse/paho.golang v0.12.0 - github.com/fsnotify/fsnotify v1.9.0 + github.com/coreos/go-oidc/v3 v3.18.0 + github.com/eclipse/paho.golang v0.23.0 + github.com/fsnotify/fsnotify v1.10.1 github.com/go-jose/go-jose/v3 v3.0.5 github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.0 @@ -29,32 +29,32 @@ require ( github.com/kelseyhightower/envconfig v1.4.0 github.com/mitchellh/go-homedir v1.1.0 github.com/openzipkin/zipkin-go v0.4.3 - github.com/pelletier/go-toml/v2 v2.0.5 + github.com/pelletier/go-toml/v2 v2.3.1 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 - github.com/rickb777/date v1.13.0 + github.com/rickb777/date v1.22.0 github.com/robfig/cron/v3 v3.0.1 github.com/stretchr/testify v1.11.1 github.com/wavesoftware/go-ensure v1.0.0 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 - go.opentelemetry.io/contrib/instrumentation/runtime v0.64.0 - go.opentelemetry.io/otel v1.39.0 - go.opentelemetry.io/otel/metric v1.39.0 - go.opentelemetry.io/otel/sdk v1.39.0 - go.opentelemetry.io/otel/sdk/metric v1.39.0 - go.opentelemetry.io/otel/trace v1.39.0 - go.uber.org/atomic v1.10.0 + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 + go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0 + go.opentelemetry.io/otel v1.43.0 + go.opentelemetry.io/otel/metric v1.43.0 + go.opentelemetry.io/otel/sdk v1.43.0 + go.opentelemetry.io/otel/sdk/metric v1.43.0 + go.opentelemetry.io/otel/trace v1.43.0 + go.uber.org/atomic v1.11.0 go.uber.org/multierr v1.11.0 - go.uber.org/zap v1.27.1 - golang.org/x/net v0.49.0 - golang.org/x/sync v0.19.0 - k8s.io/api v0.34.6 - k8s.io/apiextensions-apiserver v0.34.6 - k8s.io/apimachinery v0.34.6 - k8s.io/apiserver v0.34.6 - k8s.io/client-go v0.34.6 - k8s.io/code-generator v0.34.6 - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 + go.uber.org/zap v1.28.0 + golang.org/x/net v0.52.0 + golang.org/x/sync v0.20.0 + k8s.io/api v0.35.2 + k8s.io/apiextensions-apiserver v0.35.2 + k8s.io/apimachinery v0.35.2 + k8s.io/apiserver v0.35.2 + k8s.io/client-go v0.35.2 + k8s.io/code-generator v0.35.2 + k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 knative.dev/hack v0.0.0-20260120115810-bf6758cba446 knative.dev/hack/schema v0.0.0-20260120115810-bf6758cba446 knative.dev/pkg v0.0.0-20260120122510-4a022ed9999a @@ -65,45 +65,46 @@ require ( require ( github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.16 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.23.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.31.0 // indirect - github.com/aws/smithy-go v1.24.2 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.10 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.15 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.23 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.23 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 // indirect + github.com/aws/smithy-go v1.25.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/blendle/zapdriver v1.3.1 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect - github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/jsonpointer v0.22.4 // indirect + github.com/go-openapi/jsonreference v0.21.4 // indirect + github.com/go-openapi/swag v0.23.1 // indirect + github.com/go-openapi/swag/jsonname v0.25.4 // indirect github.com/gobuffalo/flect v1.0.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/google/gnostic-models v0.7.0 // indirect + github.com/google/gnostic-models v0.7.1 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.9.0 // indirect + github.com/mailru/easyjson v0.9.1 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -113,9 +114,9 @@ require ( github.com/prometheus/common v0.67.4 // indirect github.com/prometheus/otlptranslator v1.0.0 // indirect github.com/prometheus/procfs v0.19.2 // indirect - github.com/rickb777/plural v1.2.1 // indirect + github.com/rickb777/plural v1.4.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/spf13/cobra v1.9.1 // indirect + github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/x448/float16 v0.8.4 // indirect @@ -131,29 +132,29 @@ require ( go.uber.org/automaxprocs v1.6.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.47.0 // indirect - golang.org/x/mod v0.32.0 // indirect - golang.org/x/oauth2 v0.32.0 // indirect - golang.org/x/sys v0.40.0 // indirect - golang.org/x/term v0.39.0 // indirect - golang.org/x/text v0.33.0 // indirect - golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.41.0 // indirect + golang.org/x/crypto v0.49.0 // indirect + golang.org/x/mod v0.33.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/sys v0.42.0 // indirect + golang.org/x/term v0.41.0 // indirect + golang.org/x/text v0.35.0 // indirect + golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.42.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect - google.golang.org/grpc v1.77.0 // indirect - google.golang.org/protobuf v1.36.10 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.11 // indirect + gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect - k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect + k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b // indirect k8s.io/klog v1.0.0 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - sigs.k8s.io/gateway-api v1.1.0 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + k8s.io/klog/v2 v2.140.0 // indirect + k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect + sigs.k8s.io/gateway-api v1.5.0 // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect ) diff --git a/go.sum b/go.sum index 2e037959b60..813c673d1bf 100644 --- a/go.sum +++ b/go.sum @@ -49,6 +49,8 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1 h1:mh2wBXE8rRSJkYz87b9YBTOOTzLUex1kuV+ar4r2j1c= github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8= @@ -64,48 +66,48 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aws/aws-sdk-go-v2 v1.41.5 h1:dj5kopbwUsVUVFgO4Fi5BIT3t4WyqIDjGKCangnV/yY= -github.com/aws/aws-sdk-go-v2 v1.41.5/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= -github.com/aws/aws-sdk-go-v2/config v1.27.36 h1:4IlvHh6Olc7+61O1ktesh0jOcqmq/4WG6C2Aj5SKXy0= -github.com/aws/aws-sdk-go-v2/config v1.27.36/go.mod h1:IiBpC0HPAGq9Le0Xxb1wpAKzEfAQ3XlYgJLYKEVYcfw= -github.com/aws/aws-sdk-go-v2/credentials v1.17.34 h1:gmkk1l/cDGSowPRzkdxYi8edw+gN4HmVK151D/pqGNc= -github.com/aws/aws-sdk-go-v2/credentials v1.17.34/go.mod h1:4R9OEV3tgFMsok4ZeFpExn7zQaZRa9MRGFYnI/xC/vs= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 h1:Rgg6wvjjtX8bNHcvi9OnXWwcE0a2vGpbwmtICOsvcf4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21/go.mod h1:A/kJFst/nm//cyqonihbdpQZwiUhhzpqTsdbhDdRF9c= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 h1:PEgGVtPoB6NTpPrBgqSE5hE/o47Ij9qk/SEZFbUOe9A= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21/go.mod h1:p+hz+PRAYlY3zcpJhPwXlLC4C+kqn70WIHwnzAfs6ps= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 h1:CjMzUs78RDDv4ROu3JnJn/Ig1r6ZD7/T2DXLLRpejic= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16/go.mod h1:uVW4OLBqbJXSHJYA9svT9BluSvvwbzLQ2Crf6UPzR3c= -github.com/aws/aws-sdk-go-v2/service/dynamodb v1.53.5 h1:mSBrQCXMjEvLHsYyJVbN8QQlcITXwHEuu+8mX9e2bSo= -github.com/aws/aws-sdk-go-v2/service/dynamodb v1.53.5/go.mod h1:eEuD0vTf9mIzsSjGBFWIaNQwtH5/mzViJOVQfnMY5DE= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 h1:DIBqIrJ7hv+e4CmIk2z3pyKT+3B6qVMgRsawHiR3qso= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7/go.mod h1:vLm00xmBke75UmpNvOcZQ/Q30ZFjbczeLFqGx5urmGo= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.16 h1:8g4OLy3zfNzLV20wXmZgx+QumI9WhWHnd4GCdvETxs4= -github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.16/go.mod h1:5a78jwLMs7BaesU0UIhLfVy2ZmOEgOy6ewYQXKTD37Q= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A= -github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0 h1:MIWra+MSq53CFaXXAywB2qg9YvVZifkk6vEGl/1Qor0= -github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8= +github.com/aws/aws-sdk-go-v2 v1.41.7 h1:DWpAJt66FmnnaRIOT/8ASTucrvuDPZASqhhLey6tLY8= +github.com/aws/aws-sdk-go-v2 v1.41.7/go.mod h1:4LAfZOPHNVNQEckOACQx60Y8pSRjIkNZQz1w92xpMJc= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.10 h1:gx1AwW1Iyk9Z9dD9F4akX5gnN3QZwUB20GGKH/I+Rho= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.10/go.mod h1:qqY157uZoqm5OXq/amuaBJyC9hgBCBQnsaWnPe905GY= +github.com/aws/aws-sdk-go-v2/config v1.32.17 h1:FpL4/758/diKwqbytU0prpuiu60fgXKUWCpDJtApclU= +github.com/aws/aws-sdk-go-v2/config v1.32.17/go.mod h1:OXqUMzgXytfoF9JaKkhrOYsyh72t9G+MJH8mMRaexOE= +github.com/aws/aws-sdk-go-v2/credentials v1.19.16 h1:r3RJBuU7X9ibt8RHbMjWE6y60QbKBiII6wSrXnapxSU= +github.com/aws/aws-sdk-go-v2/credentials v1.19.16/go.mod h1:6cx7zqDENJDbBIIWX6P8s0h6hqHC8Avbjh9Dseo27ug= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 h1:UuSfcORqNSz/ey3VPRS8TcVH2Ikf0/sC+Hdj400QI6U= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23/go.mod h1:+G/OSGiOFnSOkYloKj/9M35s74LgVAdJBSD5lsFfqKg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 h1:GpT/TrnBYuE5gan2cZbTtvP+JlHsutdmlV2YfEyNde0= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23/go.mod h1:xYWD6BS9ywC5bS3sz9Xh04whO/hzK2plt2Zkyrp4JuA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 h1:bpd8vxhlQi2r1hiueOw02f/duEPTMK59Q4QMAoTTtTo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23/go.mod h1:15DfR2nw+CRHIk0tqNyifu3G1YdAOy68RftkhMDDwYk= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 h1:OQqn11BtaYv1WLUowvcA30MpzIu8Ti4pcLPIIyoKZrA= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24/go.mod h1:X5ZJyfwVrWA96GzPmUCWFQaEARPR7gCrpq2E92PJwAE= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.3 h1:XgjzLEE8CrNYnr4Xmi1W5PfKsKMjp4Pu1rWkJNO43JI= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.3/go.mod h1:r7sfLXEN8RUA89tAHy1E7lCtVOOWIkqVy/FbnUdxW1E= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 h1:FLudkZLt5ci0ozzgkVo8BJGwvqNaZbTWb3UcucAateA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9/go.mod h1:w7wZ/s9qK7c8g4al+UyoF1Sp/Z45UwMGcqIzLWVQHWk= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.15 h1:ieLCO1JxUWuxTZ1cRd0GAaeX7O6cIxnwk7tc1LsQhC4= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.15/go.mod h1:e3IzZvQ3kAWNykvE0Tr0RDZCMFInMvhku3qNpcIQXhM= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.23 h1:3Eo/PBBnjFi1+gYfaL286dpmFSW3mTfodBIybq36Qv4= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.23/go.mod h1:3oh+5xGSd1iuxonVb3Qbm+WJYlbhczT9kbzr6doJLzY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 h1:pbrxO/kuIwgEsOPLkaHu0O+m4fNgLU8B3vxQ+72jTPw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23/go.mod h1:/CMNUqoj46HpS3MNRDEDIwcgEnrtZlKRaHNaHxIFpNA= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.23 h1:03xatSQO4+AM1lTAbnRg5OK528EUg744nW7F73U8DKw= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.23/go.mod h1:M8l3mwgx5ToK7wot2sBBce/ojzgnPzZXUV445gTSyE8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.100.1 h1:mxuT1xE+dI54NW3RkNjP8DUT5HXqbkiAFvfdyDFwE5c= +github.com/aws/aws-sdk-go-v2/service/s3 v1.100.1/go.mod h1:L2dcoOgS2VSgbPLvpak2NyUPsO1TBN7M45Z4H7DlRc4= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 h1:TdJ+HdzOBhU8+iVAOGUTU63VXopcumCOF1paFulHWZc= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.11/go.mod h1:R82ZRExE/nheo0N+T8zHPcLRTcH8MGsnR3BiVGX0TwI= github.com/aws/aws-sdk-go-v2/service/sqs v1.42.25 h1:8Bv3TQ1Cob6HLlpUbAnWxeHhAkYScJO9RIHh2WPXaxw= github.com/aws/aws-sdk-go-v2/service/sqs v1.42.25/go.mod h1:eDstEbM0OEnBUnNQxIA7j74Jy61cCU1S4EMlCtdMwzs= -github.com/aws/aws-sdk-go-v2/service/sso v1.23.0 h1:fHySkG0IGj2nepgGJPmmhZYL9ndnsq1Tvc6MeuVQCaQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.23.0/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.0 h1:cU/OeQPNReyMj1JEBgjE29aclYZYtXcsPMXbTkVGMFk= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.0/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E= -github.com/aws/aws-sdk-go-v2/service/sts v1.31.0 h1:GNVxIHBTi2EgwCxpNiozhNasMOK+ROUA2Z3X+cSBX58= -github.com/aws/aws-sdk-go-v2/service/sts v1.31.0/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI= -github.com/aws/smithy-go v1.24.2 h1:FzA3bu/nt/vDvmnkg+R8Xl46gmzEDam6mZ1hzmwXFng= -github.com/aws/smithy-go v1.24.2/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 h1:7byT8HUWrgoRp6sXjxtZwgOKfhss5fW6SkLBtqzgRoE= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.17/go.mod h1:xNWknVi4Ezm1vg1QsB/5EWpAJURq22uqd38U8qKvOJc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 h1:+1Kl1zx6bWi4X7cKi3VYh29h8BvsCoHQEQ6ST9X8w7w= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21/go.mod h1:4vIRDq+CJB2xFAXZ+YgGUTiEft7oAQlhIs71xcSeuVg= +github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 h1:F/M5Y9I3nwr2IEpshZgh1GeHpOItExNM9L1euNuh/fk= +github.com/aws/aws-sdk-go-v2/service/sts v1.42.1/go.mod h1:mTNxImtovCOEEuD65mKW7DCsL+2gjEH+RPEAexAzAio= +github.com/aws/smithy-go v1.25.1 h1:J8ERsGSU7d+aCmdQur5Txg6bVoYelvQJgtZehD12GkI= +github.com/aws/smithy-go v1.25.1/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -119,8 +121,8 @@ github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1x github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.16.3 h1:seEF5eidFaeduaCuM85PFEuzH/1X/HOV5Y8zDQrHgpc= -github.com/cert-manager/cert-manager v1.16.3/go.mod h1:6JQ/GAZ6dH+erqS1BbaqorPy8idJzCtWFUmJQBTjo6Q= +github.com/cert-manager/cert-manager v1.20.2 h1:CimnY00nLqB2lmxhoSuEC4GDMFDK7JCXqyjwMM9ndIQ= +github.com/cert-manager/cert-manager v1.20.2/go.mod h1:1g/+a/WK5zWH/dXPZa3dMD3aJQJNRXQu+PN17C6WrOw= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -138,8 +140,8 @@ github.com/cloudevents/sdk-go/observability/opentelemetry/v2 v2.16.2 h1:iXVFmEH4 github.com/cloudevents/sdk-go/observability/opentelemetry/v2 v2.16.2/go.mod h1:v1jS/Cp9zkcWZqn1HCQFH0gr/3bETyp44YNYOVLJOBU= github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2 v2.0.0-20240508060731-1ed9471c98bd h1:MGVlnkCz/b0vjfkM5tSVLD+4oaUnYuVEjiW6lAMJ9IM= github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2 v2.0.0-20240508060731-1ed9471c98bd/go.mod h1:s+KZsVZst0bVW6vuKYb8CH49CcSJDO09+ZiIeKzJmqE= -github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20240712172937-3ce6b2f1f011 h1:mx6avAROtrV9yTlBBH4Y8IAmspmcz9v44Pkcrjq0tAA= -github.com/cloudevents/sdk-go/sql/v2 v2.0.0-20240712172937-3ce6b2f1f011/go.mod h1:oqJ9+L9IXySYb8PN6M/g/K8y/WdVQunmmZhJnlLFcCk= +github.com/cloudevents/sdk-go/sql/v2 v2.16.2 h1:ufWHXiH1ZVd0WDbzTX9Nod9Sdq5wcnaqyL0iA1fBwYs= +github.com/cloudevents/sdk-go/sql/v2 v2.16.2/go.mod h1:ILl53/KWcQDoMpbgYQSSMa1+dJkFpD2d3htzbkQDxEk= github.com/cloudevents/sdk-go/v2 v2.16.2 h1:ZYDFrYke4FD+jM8TZTJJO6JhKHzOQl2oqpFK1D+NnQM= github.com/cloudevents/sdk-go/v2 v2.16.2/go.mod h1:laOcGImm4nVJEU+PHnUrKL56CKmRL65RlQF0kRmW/kg= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -152,8 +154,8 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= -github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= +github.com/coreos/go-oidc/v3 v3.18.0 h1:V9orjXynvu5wiC9SemFTWnG4F45v403aIcjWo0d41+A= +github.com/coreos/go-oidc/v3 v3.18.0/go.mod h1:DYCf24+ncYi+XkIH97GY1+dqoRlbaSI26KVTCI9SrY4= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -162,10 +164,10 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/eclipse/paho.golang v0.12.0 h1:EXQFJbJklDnUqW6lyAknMWRhM2NgpHxwrrL8riUmp3Q= -github.com/eclipse/paho.golang v0.12.0/go.mod h1:TSDCUivu9JnoR9Hl+H7sQMcHkejWH2/xKK1NJGtLbIE= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/eclipse/paho.golang v0.23.0 h1:KHgl2wz6EJo7cMBmkuhpt7C576vP+kpPv7jjvSyR6Mk= +github.com/eclipse/paho.golang v0.23.0/go.mod h1:nQRhTkoZv8EAiNs5UU0/WdQIx2NrnWUpL9nsGJTQN04= +github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= +github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -188,10 +190,9 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho= +github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -200,6 +201,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ= github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -213,12 +216,16 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= -github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= -github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4= +github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80= +github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8= +github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4= +github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= +github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= +github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= +github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= +github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= @@ -227,7 +234,6 @@ github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4 github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -265,8 +271,8 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= -github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= +github.com/google/gnostic-models v0.7.1 h1:SisTfuFKJSKM5CPZkffwi6coztzzeYUhc3v4yxLWH8c= +github.com/google/gnostic-models v0.7.1/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -303,8 +309,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -355,7 +361,6 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -393,8 +398,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= -github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= -github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= +github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8= +github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -410,7 +415,6 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= @@ -433,23 +437,17 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWu github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= +github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/openzipkin/zipkin-go v0.4.3 h1:9EGwpqkgnwdEIJ+Od7QVSEIH+ocmm5nPat0G7sjsSdg= github.com/openzipkin/zipkin-go v0.4.3/go.mod h1:M9wCJZFWCo2RiY+o1eBCEMe0Dp2S5LDHcMZmk3RmK7c= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= -github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= +github.com/pelletier/go-toml/v2 v2.3.1 h1:MYEvvGnQjeNkRF1qUuGolNtNExTDwct51yp7olPtrEc= +github.com/pelletier/go-toml/v2 v2.3.1/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -486,10 +484,10 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= -github.com/rickb777/date v1.13.0 h1:+8AmwLuY1d/rldzdqvqTEg7107bZ8clW37x4nsdG3Hs= -github.com/rickb777/date v1.13.0/go.mod h1:GZf3LoGnxPWjX+/1TXOuzHefZFDovTyNLHDMd3qH70k= -github.com/rickb777/plural v1.2.1 h1:UitRAgR70+yHFt26Tmj/F9dU9aV6UfjGXSbO1DcC9/U= -github.com/rickb777/plural v1.2.1/go.mod h1:j058+3M5QQFgcZZ2oKIOekcygoZUL8gKW5yRO14BuAw= +github.com/rickb777/date v1.22.0 h1:Nhc/n4bHrybA0Ohz6xel1F2rbIb6y+EgA3g6J3yYLjU= +github.com/rickb777/date v1.22.0/go.mod h1:MwMzuHvKJHfWAYAhvu85Atwm8kWysR5joMm+MAg3sVI= +github.com/rickb777/plural v1.4.7 h1:rBRAxp9aTFYzWTLWIE/UTwKcaqSSAV2ml7aOUFYpAGo= +github.com/rickb777/plural v1.4.7/go.mod h1:DB19dtrplGS5s6VJVHn7tvmFYPoE83p1xqio3oVnNRM= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -510,15 +508,14 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= -github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= -github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= -github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518/go.mod h1:CKI4AZ4XmGV240rTHfO0hfE83S6/a3/Q1siZJ/vXf7A= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -562,12 +559,12 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ= -go.opentelemetry.io/contrib/instrumentation/runtime v0.64.0 h1:/+/+UjlXjFcdDlXxKL1PouzX8Z2Vl0OxolRKeBEgYDw= -go.opentelemetry.io/contrib/instrumentation/runtime v0.64.0/go.mod h1:Ldm/PDuzY2DP7IypudopCR3OCOW42NJlN9+mNEroevo= -go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= -go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8VOmDefoh0+ztfGaymYbhdB/tT3zs79QaZTNGY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0/go.mod h1:BuhAPThV8PBHBvg8ZzZ/Ok3idOdhWIodywz2xEcRbJo= +go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0 h1:jhVIQEprwUTV+KfzzliLidclhoTOoHTgdz96kAyR8mU= +go.opentelemetry.io/contrib/instrumentation/runtime v0.68.0/go.mod h1:4HsdbLUbernaTnA8CNaNE+1g026SciXb3juRYe3l8EY= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0 h1:cEf8jF6WbuGQWUVcqgyWtTR0kOOAWY1DYZ+UhvdmQPw= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0/go.mod h1:k1lzV5n5U3HkGvTCJHraTAGJ7MqsgL1wrGwTj1Isfiw= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.39.0 h1:nKP4Z2ejtHn3yShBb+2KawiXgpn8In5cT7aO2wXuOTE= @@ -582,21 +579,21 @@ go.opentelemetry.io/otel/exporters/prometheus v0.61.0 h1:cCyZS4dr67d30uDyh8etKM2 go.opentelemetry.io/otel/exporters/prometheus v0.61.0/go.mod h1:iivMuj3xpR2DkUrUya3TPS/Z9h3dz7h01GxU+fQBRNg= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.39.0 h1:8UPA4IbVZxpsD76ihGOQiFml99GPAEZLohDXvqHdi6U= go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.39.0/go.mod h1:MZ1T/+51uIVKlRzGw1Fo46KEWThjlCBZKl2LzY5nv4g= -go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= -go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= -go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= -go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= -go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= -go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= -go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= -go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -607,8 +604,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= @@ -625,8 +622,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= -golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -665,11 +662,10 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= -golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= +golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= +golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -694,7 +690,6 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -713,8 +708,8 @@ golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= -golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -732,8 +727,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= -golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -747,12 +742,11 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -765,13 +759,11 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -822,15 +814,15 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= -golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= -golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -843,13 +835,13 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= -golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -886,7 +878,6 @@ golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjs golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512001501-aaeff5de670a/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -908,8 +899,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= +golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= +golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -1024,10 +1015,10 @@ google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= -google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M= +google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7 h1:ndE4FoJqsIceKP2oYSnUZqhTdYufCYYkqwtFzfrhI7w= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1055,8 +1046,8 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= -google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1071,8 +1062,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1080,20 +1071,17 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= -gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo= +gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -1107,33 +1095,33 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.34.6 h1:0ReeOHQfV9SwQ8CMOHkPbM/GscIT3gN2qh463TOEEk4= -k8s.io/api v0.34.6/go.mod h1:u6eOg5ckbO2DUKiyVp7mUMVIA+qZZdW2oyKDhs8nXec= -k8s.io/apiextensions-apiserver v0.34.6 h1:iEEpenT99Bn4+85NFj3Psd0ZDDUecl7W1Q297GN9Kok= -k8s.io/apiextensions-apiserver v0.34.6/go.mod h1:S8qCNZck7vV8aHqnS5t2Ccew4xJsZ9GpP6n3NVqHg9o= -k8s.io/apimachinery v0.34.6 h1:Y/ZNX0Mf1E+CT8clgFzLIkOhkbRLTSHqv6+eJnMJaoQ= -k8s.io/apimachinery v0.34.6/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/apiserver v0.34.6 h1:4qu8CpD6haT/heJMWTs7B7gr+1FIvL/i8QJel7ULlMg= -k8s.io/apiserver v0.34.6/go.mod h1:JlgULDmLA8USqiOmVeMKCwyRH3jhtko71DYz87FkMls= -k8s.io/client-go v0.34.6 h1:8aF4tJiZolSdliT5nhJnBx49Om2ET3Tn3/JKKpJk4gI= -k8s.io/client-go v0.34.6/go.mod h1:ZntANq4HsaiOD0rIhLHTdZT/aLkv4NVyI/glqocESTQ= -k8s.io/code-generator v0.34.6 h1:Sff8VcHxpVj/1tvYE7CgL1X7/hHjH2Nnu2//BNVUAaY= -k8s.io/code-generator v0.34.6/go.mod h1:21o4G2tzuXrgpwntJeWA5Nt+H9ADnXvoQ2fwKlfGkfE= +k8s.io/api v0.35.2 h1:tW7mWc2RpxW7HS4CoRXhtYHSzme1PN1UjGHJ1bdrtdw= +k8s.io/api v0.35.2/go.mod h1:7AJfqGoAZcwSFhOjcGM7WV05QxMMgUaChNfLTXDRE60= +k8s.io/apiextensions-apiserver v0.35.2 h1:iyStXHoJZsUXPh/nFAsjC29rjJWdSgUmG1XpApE29c0= +k8s.io/apiextensions-apiserver v0.35.2/go.mod h1:OdyGvcO1FtMDWQ+rRh/Ei3b6X3g2+ZDHd0MSRGeS8rU= +k8s.io/apimachinery v0.35.2 h1:NqsM/mmZA7sHW02JZ9RTtk3wInRgbVxL8MPfzSANAK8= +k8s.io/apimachinery v0.35.2/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= +k8s.io/apiserver v0.35.2 h1:rb52v0CZGEL0FkhjS+I6jHflAp7fZ4MIaKcEHX7wmDk= +k8s.io/apiserver v0.35.2/go.mod h1:CROJUAu0tfjZLyYgSeBsBan2T7LUJGh0ucWwTCSSk7g= +k8s.io/client-go v0.35.2 h1:YUfPefdGJA4aljDdayAXkc98DnPkIetMl4PrKX97W9o= +k8s.io/client-go v0.35.2/go.mod h1:4QqEwh4oQpeK8AaefZ0jwTFJw/9kIjdQi0jpKeYvz7g= +k8s.io/code-generator v0.35.2 h1:3874swbO2c26VWTf6lKD4NWGyHIfyBeTCk7caCG3TuU= +k8s.io/code-generator v0.35.2/go.mod h1:id4XLCm0yAQq5nlvyfAKibMOKnMjzlesAwGw6kM3Adc= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q= -k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= +k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b h1:gMplByicHV/TJBizHd9aVEsTYoJBnnUAT5MHlTkbjhQ= +k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b/go.mod h1:CgujABENc3KuTrcsdpGmrrASjtQsWCT7R99mEV4U/fM= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= +k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= +k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 h1:HhDfevmPS+OalTjQRKbTHppRIz01AWi8s45TMXStgYY= +k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= +k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= knative.dev/hack v0.0.0-20260120115810-bf6758cba446 h1:Y8raYHIuAL9/gUKGYD9/dD+EqUTmrpqVDowzfUVSlGs= knative.dev/hack v0.0.0-20260120115810-bf6758cba446/go.mod h1:L5RzHgbvam0u8QFHfzCX6MKxu/a/gIGEdaRBqNiVbl0= knative.dev/hack/schema v0.0.0-20260120115810-bf6758cba446 h1:V7TW1ZOZObhVcDuN04tYvCfCjvvikv1qZR/6lcp6g4Q= @@ -1145,14 +1133,14 @@ knative.dev/reconciler-test v0.0.0-20260120140419-4301404c03ce/go.mod h1:FUaadFi rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= -sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/gateway-api v1.5.0 h1:duoo14Ky/fJXpjpmyMISE2RTBGnfCg8zICfTYLTnBJA= +sigs.k8s.io/gateway-api v1.5.0/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go index 57bfbfb694c..e589f615619 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go @@ -3,4 +3,4 @@ package aws // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.41.5" +const goModuleVersion = "1.41.7" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md index 2ccb977142f..4eebedc3bf1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md @@ -1,3 +1,28 @@ +# v1.7.10 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. + +# v1.7.9 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait + +# v1.7.8 (2026-03-23) + +* No change notes available for this release. + +# v1.7.7 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. + +# v1.7.6 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 + +# v1.7.5 (2026-02-23) + +* No change notes available for this release. + # v1.7.4 (2025-12-02) * **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/debug.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/debug.go index 151054971a5..ca4394f8bf7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/debug.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/debug.go @@ -82,9 +82,9 @@ type decodedHeaders Headers func (hs *decodedHeaders) UnmarshalJSON(b []byte) error { var jsonHeaders []struct { - Name string `json:"name"` - Type valueType `json:"type"` - Value interface{} `json:"value"` + Name string `json:"name"` + Type valueType `json:"type"` + Value any `json:"value"` } decoder := json.NewDecoder(bytes.NewReader(b)) @@ -106,7 +106,7 @@ func (hs *decodedHeaders) UnmarshalJSON(b []byte) error { return nil } -func valueFromType(typ valueType, val interface{}) (Value, error) { +func valueFromType(typ valueType, val any) (Value, error) { switch typ { case trueValueType: return BoolValue(true), nil @@ -139,6 +139,6 @@ func valueFromType(typ valueType, val interface{}) (Value, error) { copy(tv[:], v) return tv, err default: - panic(fmt.Sprintf("unknown type, %s, %T", typ.String(), val)) + return nil, fmt.Errorf("unable to decode unknown type, %s, %T", typ.String(), val) } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/encode.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/encode.go index f03ee4b934b..61cf7238d96 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/encode.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/encode.go @@ -157,7 +157,7 @@ func EncodeHeaders(w io.Writer, headers Headers) error { return nil } -func binaryWriteFields(w io.Writer, order binary.ByteOrder, vs ...interface{}) error { +func binaryWriteFields(w io.Writer, order binary.ByteOrder, vs ...any) error { for _, v := range vs { if err := binary.Write(w, order, v); err != nil { return err diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/error.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/error.go index 5481ef30796..7616214dd64 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/error.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/error.go @@ -7,7 +7,7 @@ type LengthError struct { Part string Want int Have int - Value interface{} + Value any } func (e LengthError) Error() string { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go index 334a73b1299..84a7e483fd4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go @@ -3,4 +3,4 @@ package eventstream // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.7.4" +const goModuleVersion = "1.7.10" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header.go index f6f8c5674ed..b5aacca00ec 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header.go @@ -34,7 +34,7 @@ func (hs *Headers) Set(name string, value Value) { // Get returns the Value associated with the header. Nil is returned if the // value does not exist. func (hs Headers) Get(name string) Value { - for i := 0; i < len(hs); i++ { + for i := range hs { if h := hs[i]; h.Name == name { return h.Value } @@ -151,7 +151,7 @@ func decodeHeaderValue(r io.Reader) (Value, error) { err = tv.decode(r) v = tv default: - panic(fmt.Sprintf("unknown value type %d", raw.Type)) + return nil, fmt.Errorf("unable to decode header of unknown value type %d", raw.Type) } // Error could be EOF, let caller deal with it diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header_value.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header_value.go index 423b6bb26c1..61ed35366d2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header_value.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/header_value.go @@ -62,7 +62,7 @@ type rawValue struct { Value []byte // byte representation of value, BigEndian encoding. } -func (r rawValue) encodeScalar(w io.Writer, v interface{}) error { +func (r rawValue) encodeScalar(w io.Writer, v any) error { return binaryWriteFields(w, binary.BigEndian, r.Type, v, @@ -158,7 +158,7 @@ func decodeStringValue(r io.Reader) (string, error) { // Value represents the abstract header value. type Value interface { - Get() interface{} + Get() any String() string valueType() valueType encode(io.Writer) error @@ -169,7 +169,7 @@ type Value interface { type BoolValue bool // Get returns the underlying type -func (v BoolValue) Get() interface{} { +func (v BoolValue) Get() any { return bool(v) } @@ -196,7 +196,7 @@ func (v BoolValue) encode(w io.Writer) error { type Int8Value int8 // Get returns the underlying value. -func (v Int8Value) Get() interface{} { +func (v Int8Value) Get() any { return int8(v) } @@ -234,7 +234,7 @@ func (v *Int8Value) decode(r io.Reader) error { type Int16Value int16 // Get returns the underlying value. -func (v Int16Value) Get() interface{} { +func (v Int16Value) Get() any { return int16(v) } @@ -271,7 +271,7 @@ func (v *Int16Value) decode(r io.Reader) error { type Int32Value int32 // Get returns the underlying value. -func (v Int32Value) Get() interface{} { +func (v Int32Value) Get() any { return int32(v) } @@ -308,7 +308,7 @@ func (v *Int32Value) decode(r io.Reader) error { type Int64Value int64 // Get returns the underlying value. -func (v Int64Value) Get() interface{} { +func (v Int64Value) Get() any { return int64(v) } @@ -345,7 +345,7 @@ func (v *Int64Value) decode(r io.Reader) error { type BytesValue []byte // Get returns the underlying value. -func (v BytesValue) Get() interface{} { +func (v BytesValue) Get() any { return []byte(v) } @@ -383,7 +383,7 @@ func (v *BytesValue) decode(r io.Reader) error { type StringValue string // Get returns the underlying value. -func (v StringValue) Get() interface{} { +func (v StringValue) Get() any { return string(v) } @@ -421,7 +421,7 @@ func (v *StringValue) decode(r io.Reader) error { type TimestampValue time.Time // Get returns the underlying value. -func (v TimestampValue) Get() interface{} { +func (v TimestampValue) Get() any { return time.Time(v) } @@ -478,7 +478,7 @@ func timeFromEpochMilli(t int64) time.Time { type UUIDValue [16]byte // Get returns the underlying value. -func (v UUIDValue) Get() interface{} { +func (v UUIDValue) Get() any { return v[:] } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index 9e405046480..6f932e910a8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,350 @@ +# v1.32.17 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.16 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.15 (2026-04-16) + +* No change notes available for this release. + +# v1.32.14 (2026-04-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.13 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.12 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.11 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.10 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.9 (2026-02-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.8 (2026-02-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.7 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.6 (2025-12-16) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.5 (2025-12-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.32.2 (2025-11-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.1 (2025-11-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.0 (2025-11-19.2) + +* **Feature**: Add support for AWS Login credentials (package credentials/logincreds) to the default credential chain. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.21 (2025-11-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.20 (2025-11-12) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.19 (2025-11-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.18 (2025-11-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.17 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.31.16 (2025-10-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.15 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.14 (2025-10-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.13 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.12 (2025-09-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.11 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.10 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.9 (2025-09-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.8 (2025-09-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.7 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.6 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.5 (2025-08-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.4 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.3 (2025-08-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.2 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.1 (2025-08-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.0 (2025-08-11) + +* **Feature**: Add support for configuring per-service Options via callback on global config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.3 (2025-08-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.2 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.1 (2025-07-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.18 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.17 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.16 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.15 (2025-06-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.14 (2025-04-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.13 (2025-04-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.12 (2025-03-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.11 (2025-03-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.10 (2025-03-24) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.9 (2025-03-04.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.8 (2025-02-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.7 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.6 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.5 (2025-02-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.4 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.3 (2025-01-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.2 (2025-01-24) + +* **Bug Fix**: Fix env config naming and usage of deprecated ioutil +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.29.1 (2025-01-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.0 (2025-01-15) + +* **Feature**: S3 client behavior is updated to always calculate a checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). The checksum algorithm used by default now becomes CRC32. Checksum behavior can be configured using `when_supported` and `when_required` options - in code using RequestChecksumCalculation, in shared config using request_checksum_calculation, or as env variable using AWS_REQUEST_CHECKSUM_CALCULATION. The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using `when_supported` and `when_required` options - in code using ResponseChecksumValidation, in shared config using response_checksum_validation, or as env variable using AWS_RESPONSE_CHECKSUM_VALIDATION. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.11 (2025-01-14) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.10 (2025-01-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.9 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.8 (2025-01-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.7 (2024-12-19) + +* **Bug Fix**: Fix improper use of printf-style functions. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.6 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.5 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.4 (2024-11-14) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.3 (2024-11-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.2 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.1 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.0 (2024-10-16) + +* **Feature**: Adds the LoadOptions hook `WithBaseEndpoint` for setting global endpoint override in-code. + +# v1.27.43 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.42 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.41 (2024-10-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.40 (2024-10-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.39 (2024-09-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.38 (2024-09-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.37 (2024-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.27.36 (2024-09-20) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/auth_scheme_preference.go b/vendor/github.com/aws/aws-sdk-go-v2/config/auth_scheme_preference.go new file mode 100644 index 00000000000..99e1236614d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/auth_scheme_preference.go @@ -0,0 +1,19 @@ +package config + +import "strings" + +func toAuthSchemePreferenceList(cfg string) []string { + if len(cfg) == 0 { + return nil + } + parts := strings.Split(cfg, ",") + ids := make([]string, 0, len(parts)) + + for _, p := range parts { + if id := strings.TrimSpace(p); len(id) > 0 { + ids = append(ids, id) + } + } + + return ids +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go index d5226cb0437..498a668a30f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go @@ -83,6 +83,19 @@ var defaultAWSConfigResolvers = []awsConfigResolver{ // Sets the AccountIDEndpointMode if present in env var or shared config profile resolveAccountIDEndpointMode, + + // Sets the RequestChecksumCalculation if present in env var or shared config profile + resolveRequestChecksumCalculation, + + // Sets the ResponseChecksumValidation if present in env var or shared config profile + resolveResponseChecksumValidation, + + resolveInterceptors, + + resolveAuthSchemePreference, + + // Sets the ServiceOptions if present in LoadOptions + resolveServiceOptions, } // A Config represents a generic configuration value or set of values. This type @@ -90,7 +103,7 @@ var defaultAWSConfigResolvers = []awsConfigResolver{ // // General the Config type will use type assertion against the Provider interfaces // to extract specific data from the Config. -type Config interface{} +type Config any // A loader is used to load external configuration data and returns it as // a generic Config type. @@ -157,8 +170,8 @@ func (cs configs) ResolveAWSConfig(ctx context.Context, resolvers []awsConfigRes // ResolveConfig calls the provide function passing slice of configuration sources. // This implements the aws.ConfigResolver interface. -func (cs configs) ResolveConfig(f func(configs []interface{}) error) error { - var cfgs []interface{} +func (cs configs) ResolveConfig(f func(configs []any) error) error { + var cfgs []any for i := range cs { cfgs = append(cfgs, cs[i]) } @@ -212,7 +225,7 @@ func resolveConfigLoaders(options *LoadOptions) []loader { loaders[0] = loadEnvConfig // specification of a profile should cause a load failure if it doesn't exist - if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" { + if os.Getenv(awsProfileEnv) != "" || options.SharedConfigProfile != "" { loaders[1] = loadSharedConfig } else { loaders[1] = loadSharedConfigIgnoreNotExist diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go index 3a06f1412a7..e932c63dfb4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go @@ -5,7 +5,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "os" "strconv" "strings" @@ -21,86 +20,91 @@ const CredentialsSourceName = "EnvConfigCredentials" // Environment variables that will be read for configuration values. const ( - awsAccessKeyIDEnvVar = "AWS_ACCESS_KEY_ID" - awsAccessKeyEnvVar = "AWS_ACCESS_KEY" + awsAccessKeyIDEnv = "AWS_ACCESS_KEY_ID" + awsAccessKeyEnv = "AWS_ACCESS_KEY" - awsSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY" - awsSecretKeyEnvVar = "AWS_SECRET_KEY" + awsSecretAccessKeyEnv = "AWS_SECRET_ACCESS_KEY" + awsSecretKeyEnv = "AWS_SECRET_KEY" - awsSessionTokenEnvVar = "AWS_SESSION_TOKEN" + awsSessionTokenEnv = "AWS_SESSION_TOKEN" - awsContainerCredentialsEndpointEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" - awsContainerCredentialsRelativePathEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" - awsContainerPProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" + awsContainerCredentialsFullURIEnv = "AWS_CONTAINER_CREDENTIALS_FULL_URI" + awsContainerCredentialsRelativeURIEnv = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" + awsContainerAuthorizationTokenEnv = "AWS_CONTAINER_AUTHORIZATION_TOKEN" - awsRegionEnvVar = "AWS_REGION" - awsDefaultRegionEnvVar = "AWS_DEFAULT_REGION" + awsRegionEnv = "AWS_REGION" + awsDefaultRegionEnv = "AWS_DEFAULT_REGION" - awsProfileEnvVar = "AWS_PROFILE" - awsDefaultProfileEnvVar = "AWS_DEFAULT_PROFILE" + awsProfileEnv = "AWS_PROFILE" + awsDefaultProfileEnv = "AWS_DEFAULT_PROFILE" - awsSharedCredentialsFileEnvVar = "AWS_SHARED_CREDENTIALS_FILE" + awsSharedCredentialsFileEnv = "AWS_SHARED_CREDENTIALS_FILE" - awsConfigFileEnvVar = "AWS_CONFIG_FILE" + awsConfigFileEnv = "AWS_CONFIG_FILE" - awsCustomCABundleEnvVar = "AWS_CA_BUNDLE" + awsCABundleEnv = "AWS_CA_BUNDLE" - awsWebIdentityTokenFilePathEnvVar = "AWS_WEB_IDENTITY_TOKEN_FILE" + awsWebIdentityTokenFileEnv = "AWS_WEB_IDENTITY_TOKEN_FILE" - awsRoleARNEnvVar = "AWS_ROLE_ARN" - awsRoleSessionNameEnvVar = "AWS_ROLE_SESSION_NAME" + awsRoleARNEnv = "AWS_ROLE_ARN" + awsRoleSessionNameEnv = "AWS_ROLE_SESSION_NAME" - awsEnableEndpointDiscoveryEnvVar = "AWS_ENABLE_ENDPOINT_DISCOVERY" + awsEnableEndpointDiscoveryEnv = "AWS_ENABLE_ENDPOINT_DISCOVERY" - awsS3UseARNRegionEnvVar = "AWS_S3_USE_ARN_REGION" + awsS3UseARNRegionEnv = "AWS_S3_USE_ARN_REGION" - awsEc2MetadataServiceEndpointModeEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE" + awsEc2MetadataServiceEndpointModeEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE" - awsEc2MetadataServiceEndpointEnvVar = "AWS_EC2_METADATA_SERVICE_ENDPOINT" + awsEc2MetadataServiceEndpointEnv = "AWS_EC2_METADATA_SERVICE_ENDPOINT" - awsEc2MetadataDisabled = "AWS_EC2_METADATA_DISABLED" - awsEc2MetadataV1DisabledEnvVar = "AWS_EC2_METADATA_V1_DISABLED" + awsEc2MetadataDisabledEnv = "AWS_EC2_METADATA_DISABLED" + awsEc2MetadataV1DisabledEnv = "AWS_EC2_METADATA_V1_DISABLED" - awsS3DisableMultiRegionAccessPointEnvVar = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS" + awsS3DisableMultiRegionAccessPointsEnv = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS" - awsUseDualStackEndpoint = "AWS_USE_DUALSTACK_ENDPOINT" + awsUseDualStackEndpointEnv = "AWS_USE_DUALSTACK_ENDPOINT" - awsUseFIPSEndpoint = "AWS_USE_FIPS_ENDPOINT" + awsUseFIPSEndpointEnv = "AWS_USE_FIPS_ENDPOINT" - awsDefaultMode = "AWS_DEFAULTS_MODE" + awsDefaultsModeEnv = "AWS_DEFAULTS_MODE" - awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS" - awsRetryMode = "AWS_RETRY_MODE" - awsSdkAppID = "AWS_SDK_UA_APP_ID" + awsMaxAttemptsEnv = "AWS_MAX_ATTEMPTS" + awsRetryModeEnv = "AWS_RETRY_MODE" + awsSdkUaAppIDEnv = "AWS_SDK_UA_APP_ID" - awsIgnoreConfiguredEndpoints = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS" - awsEndpointURL = "AWS_ENDPOINT_URL" + awsIgnoreConfiguredEndpointURLEnv = "AWS_IGNORE_CONFIGURED_ENDPOINT_URLS" + awsEndpointURLEnv = "AWS_ENDPOINT_URL" - awsDisableRequestCompression = "AWS_DISABLE_REQUEST_COMPRESSION" - awsRequestMinCompressionSizeBytes = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES" + awsDisableRequestCompressionEnv = "AWS_DISABLE_REQUEST_COMPRESSION" + awsRequestMinCompressionSizeBytesEnv = "AWS_REQUEST_MIN_COMPRESSION_SIZE_BYTES" awsS3DisableExpressSessionAuthEnv = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH" awsAccountIDEnv = "AWS_ACCOUNT_ID" awsAccountIDEndpointModeEnv = "AWS_ACCOUNT_ID_ENDPOINT_MODE" + + awsRequestChecksumCalculation = "AWS_REQUEST_CHECKSUM_CALCULATION" + awsResponseChecksumValidation = "AWS_RESPONSE_CHECKSUM_VALIDATION" + + awsAuthSchemePreferenceEnv = "AWS_AUTH_SCHEME_PREFERENCE" ) var ( credAccessEnvKeys = []string{ - awsAccessKeyIDEnvVar, - awsAccessKeyEnvVar, + awsAccessKeyIDEnv, + awsAccessKeyEnv, } credSecretEnvKeys = []string{ - awsSecretAccessKeyEnvVar, - awsSecretKeyEnvVar, + awsSecretAccessKeyEnv, + awsSecretKeyEnv, } regionEnvKeys = []string{ - awsRegionEnvVar, - awsDefaultRegionEnvVar, + awsRegionEnv, + awsDefaultRegionEnv, } profileEnvKeys = []string{ - awsProfileEnvVar, - awsDefaultProfileEnvVar, + awsProfileEnv, + awsDefaultProfileEnv, } ) @@ -296,6 +300,15 @@ type EnvConfig struct { // Indicates whether account ID will be required/ignored in endpoint2.0 routing AccountIDEndpointMode aws.AccountIDEndpointMode + + // Indicates whether request checksum should be calculated + RequestChecksumCalculation aws.RequestChecksumCalculation + + // Indicates whether response checksum should be validated + ResponseChecksumValidation aws.ResponseChecksumValidation + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string } // loadEnvConfig reads configuration values from the OS's environment variables. @@ -316,79 +329,79 @@ func NewEnvConfig() (EnvConfig, error) { setStringFromEnvVal(&creds.SecretAccessKey, credSecretEnvKeys) if creds.HasKeys() { creds.AccountID = os.Getenv(awsAccountIDEnv) - creds.SessionToken = os.Getenv(awsSessionTokenEnvVar) + creds.SessionToken = os.Getenv(awsSessionTokenEnv) cfg.Credentials = creds } - cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsEndpointEnvVar) - cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativePathEnvVar) - cfg.ContainerAuthorizationToken = os.Getenv(awsContainerPProviderAuthorizationEnvVar) + cfg.ContainerCredentialsEndpoint = os.Getenv(awsContainerCredentialsFullURIEnv) + cfg.ContainerCredentialsRelativePath = os.Getenv(awsContainerCredentialsRelativeURIEnv) + cfg.ContainerAuthorizationToken = os.Getenv(awsContainerAuthorizationTokenEnv) setStringFromEnvVal(&cfg.Region, regionEnvKeys) setStringFromEnvVal(&cfg.SharedConfigProfile, profileEnvKeys) - cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnvVar) - cfg.SharedConfigFile = os.Getenv(awsConfigFileEnvVar) + cfg.SharedCredentialsFile = os.Getenv(awsSharedCredentialsFileEnv) + cfg.SharedConfigFile = os.Getenv(awsConfigFileEnv) - cfg.CustomCABundle = os.Getenv(awsCustomCABundleEnvVar) + cfg.CustomCABundle = os.Getenv(awsCABundleEnv) - cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFilePathEnvVar) + cfg.WebIdentityTokenFilePath = os.Getenv(awsWebIdentityTokenFileEnv) - cfg.RoleARN = os.Getenv(awsRoleARNEnvVar) - cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar) + cfg.RoleARN = os.Getenv(awsRoleARNEnv) + cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnv) - cfg.AppID = os.Getenv(awsSdkAppID) + cfg.AppID = os.Getenv(awsSdkUaAppIDEnv) - if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompression}); err != nil { + if err := setBoolPtrFromEnvVal(&cfg.DisableRequestCompression, []string{awsDisableRequestCompressionEnv}); err != nil { return cfg, err } - if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytes}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil { + if err := setInt64PtrFromEnvVal(&cfg.RequestMinCompressSizeBytes, []string{awsRequestMinCompressionSizeBytesEnv}, smithyrequestcompression.MaxRequestMinCompressSizeBytes); err != nil { return cfg, err } - if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil { + if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnv}); err != nil { return cfg, err } - if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnvVar}); err != nil { + if err := setBoolPtrFromEnvVal(&cfg.S3UseARNRegion, []string{awsS3UseARNRegionEnv}); err != nil { return cfg, err } - setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabled}) - if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnvVar}); err != nil { + setEC2IMDSClientEnableState(&cfg.EC2IMDSClientEnableState, []string{awsEc2MetadataDisabledEnv}) + if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, []string{awsEc2MetadataServiceEndpointModeEnv}); err != nil { return cfg, err } - cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnvVar) - if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnvVar}); err != nil { + cfg.EC2IMDSEndpoint = os.Getenv(awsEc2MetadataServiceEndpointEnv) + if err := setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, []string{awsEc2MetadataV1DisabledEnv}); err != nil { return cfg, err } - if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointEnvVar}); err != nil { + if err := setBoolPtrFromEnvVal(&cfg.S3DisableMultiRegionAccessPoints, []string{awsS3DisableMultiRegionAccessPointsEnv}); err != nil { return cfg, err } - if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpoint}); err != nil { + if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, []string{awsUseDualStackEndpointEnv}); err != nil { return cfg, err } - if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpoint}); err != nil { + if err := setUseFIPSEndpointFromEnvVal(&cfg.UseFIPSEndpoint, []string{awsUseFIPSEndpointEnv}); err != nil { return cfg, err } - if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultMode}); err != nil { + if err := setDefaultsModeFromEnvVal(&cfg.DefaultsMode, []string{awsDefaultsModeEnv}); err != nil { return cfg, err } - if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsRetryMaxAttempts}); err != nil { + if err := setIntFromEnvVal(&cfg.RetryMaxAttempts, []string{awsMaxAttemptsEnv}); err != nil { return cfg, err } - if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryMode}); err != nil { + if err := setRetryModeFromEnvVal(&cfg.RetryMode, []string{awsRetryModeEnv}); err != nil { return cfg, err } - setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURL}) + setStringFromEnvVal(&cfg.BaseEndpoint, []string{awsEndpointURLEnv}) - if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpoints}); err != nil { + if err := setBoolPtrFromEnvVal(&cfg.IgnoreConfiguredEndpoints, []string{awsIgnoreConfiguredEndpointURLEnv}); err != nil { return cfg, err } @@ -400,6 +413,15 @@ func NewEnvConfig() (EnvConfig, error) { return cfg, err } + if err := setRequestChecksumCalculationFromEnvVal(&cfg.RequestChecksumCalculation, []string{awsRequestChecksumCalculation}); err != nil { + return cfg, err + } + if err := setResponseChecksumValidationFromEnvVal(&cfg.ResponseChecksumValidation, []string{awsResponseChecksumValidation}); err != nil { + return cfg, err + } + + cfg.AuthSchemePreference = toAuthSchemePreferenceList(os.Getenv(awsAuthSchemePreferenceEnv)) + return cfg, nil } @@ -432,6 +454,14 @@ func (c EnvConfig) getAccountIDEndpointMode(context.Context) (aws.AccountIDEndpo return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil } +func (c EnvConfig) getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error) { + return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil +} + +func (c EnvConfig) getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error) { + return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil +} + // GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified, // and not 0. func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) { @@ -528,6 +558,45 @@ func setAIDEndPointModeFromEnvVal(m *aws.AccountIDEndpointMode, keys []string) e return nil } +func setRequestChecksumCalculationFromEnvVal(m *aws.RequestChecksumCalculation, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch strings.ToLower(value) { + case checksumWhenSupported: + *m = aws.RequestChecksumCalculationWhenSupported + case checksumWhenRequired: + *m = aws.RequestChecksumCalculationWhenRequired + default: + return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value) + } + } + return nil +} + +func setResponseChecksumValidationFromEnvVal(m *aws.ResponseChecksumValidation, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch strings.ToLower(value) { + case checksumWhenSupported: + *m = aws.ResponseChecksumValidationWhenSupported + case checksumWhenRequired: + *m = aws.ResponseChecksumValidationWhenRequired + default: + return fmt.Errorf("invalid value for environment variable, %s=%s, must be when_supported/when_required", k, value) + } + + } + return nil +} + // GetRegion returns the AWS Region if set in the environment. Returns an empty // string if not set. func (c EnvConfig) getRegion(ctx context.Context) (string, bool, error) { @@ -584,7 +653,7 @@ func (c EnvConfig) getCustomCABundle(context.Context) (io.Reader, bool, error) { return nil, false, nil } - b, err := ioutil.ReadFile(c.CustomCABundle) + b, err := os.ReadFile(c.CustomCABundle) if err != nil { return nil, false, err } @@ -608,7 +677,7 @@ func (c EnvConfig) getBaseEndpoint(context.Context) (string, bool, error) { // GetServiceBaseEndpoint is used to retrieve a normalized SDK ID for use // with configured endpoints. func (c EnvConfig) GetServiceBaseEndpoint(ctx context.Context, sdkID string) (string, bool, error) { - if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURL, normalizeEnv(sdkID))); endpt != "" { + if endpt := os.Getenv(fmt.Sprintf("%s_%s", awsEndpointURLEnv, normalizeEnv(sdkID))); endpt != "" { return endpt, true, nil } return "", false, nil @@ -854,3 +923,10 @@ func (c EnvConfig) GetS3DisableExpressAuth() (value, ok bool) { return *c.S3DisableExpressAuth, true } + +func (c EnvConfig) getAuthSchemePreference() ([]string, bool) { + if len(c.AuthSchemePreference) > 0 { + return c.AuthSchemePreference, true + } + return nil, false +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index d822849850c..fdbfa78e45b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.27.36" +const goModuleVersion = "1.32.17" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/errors.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/ini.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/sections.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/sections.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/token.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/token.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go index 5f643977b00..7cb5a136588 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go @@ -14,6 +14,7 @@ import ( smithybearer "github.com/aws/smithy-go/auth/bearer" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" ) // LoadOptionsFunc is a type alias for LoadOptions functional option @@ -216,7 +217,29 @@ type LoadOptions struct { // Whether S3 Express auth is disabled. S3DisableExpressAuth *bool + // Whether account id should be built into endpoint resolution AccountIDEndpointMode aws.AccountIDEndpointMode + + // Specify if request checksum should be calculated + RequestChecksumCalculation aws.RequestChecksumCalculation + + // Specifies if response checksum should be validated + ResponseChecksumValidation aws.ResponseChecksumValidation + + // Service endpoint override. This value is not necessarily final and is + // passed to the service's EndpointResolverV2 for further delegation. + BaseEndpoint string + + // Registry of operation interceptors. + Interceptors smithyhttp.InterceptorRegistry + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string + + // ServiceOptions provides service specific configuration options that will be applied + // when constructing clients for specific services. Each callback function receives the service ID + // and the service's Options struct, allowing for dynamic configuration based on the service. + ServiceOptions []func(string, any) } func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) { @@ -284,6 +307,31 @@ func (o LoadOptions) getAccountIDEndpointMode(ctx context.Context) (aws.AccountI return o.AccountIDEndpointMode, len(o.AccountIDEndpointMode) > 0, nil } +func (o LoadOptions) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) { + return o.RequestChecksumCalculation, o.RequestChecksumCalculation > 0, nil +} + +func (o LoadOptions) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) { + return o.ResponseChecksumValidation, o.ResponseChecksumValidation > 0, nil +} + +func (o LoadOptions) getBaseEndpoint(context.Context) (string, bool, error) { + return o.BaseEndpoint, o.BaseEndpoint != "", nil +} + +func (o LoadOptions) getServiceOptions(context.Context) ([]func(string, any), bool, error) { + return o.ServiceOptions, len(o.ServiceOptions) > 0, nil +} + +// GetServiceBaseEndpoint satisfies (internal/configsources).ServiceBaseEndpointProvider. +// +// The sdkID value is unused because LoadOptions only supports setting a GLOBAL +// endpoint override. In-code, per-service endpoint overrides are performed via +// functional options in service client space. +func (o LoadOptions) GetServiceBaseEndpoint(context.Context, string) (string, bool, error) { + return o.BaseEndpoint, o.BaseEndpoint != "", nil +} + // WithRegion is a helper function to construct functional options // that sets Region on config's LoadOptions. Setting the region to // an empty string, will result in the region value being ignored. @@ -340,6 +388,26 @@ func WithAccountIDEndpointMode(m aws.AccountIDEndpointMode) LoadOptionsFunc { } } +// WithRequestChecksumCalculation is a helper function to construct functional options +// that sets RequestChecksumCalculation on config's LoadOptions +func WithRequestChecksumCalculation(c aws.RequestChecksumCalculation) LoadOptionsFunc { + return func(o *LoadOptions) error { + if c > 0 { + o.RequestChecksumCalculation = c + } + return nil + } +} + +// WithResponseChecksumValidation is a helper function to construct functional options +// that sets ResponseChecksumValidation on config's LoadOptions +func WithResponseChecksumValidation(v aws.ResponseChecksumValidation) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.ResponseChecksumValidation = v + return nil + } +} + // getDefaultRegion returns DefaultRegion from config's LoadOptions func (o LoadOptions) getDefaultRegion(ctx context.Context) (string, bool, error) { if len(o.DefaultRegion) == 0 { @@ -1139,3 +1207,149 @@ func WithS3DisableExpressAuth(v bool) LoadOptionsFunc { return nil } } + +// WithBaseEndpoint is a helper function to construct functional options that +// sets BaseEndpoint on config's LoadOptions. Empty values have no effect, and +// subsequent calls to this API override previous ones. +// +// This is an in-code setting, therefore, any value set using this hook takes +// precedence over and will override ALL environment and shared config +// directives that set endpoint URLs. Functional options on service clients +// have higher specificity, and functional options that modify the value of +// BaseEndpoint on a client will take precedence over this setting. +func WithBaseEndpoint(v string) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.BaseEndpoint = v + return nil + } +} + +// WithServiceOptions is a helper function to construct functional options +// that sets ServiceOptions on config's LoadOptions. +func WithServiceOptions(callbacks ...func(string, any)) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.ServiceOptions = append(o.ServiceOptions, callbacks...) + return nil + } +} + +// WithBeforeExecution adds the BeforeExecutionInterceptor to config. +func WithBeforeExecution(i smithyhttp.BeforeExecutionInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeExecution = append(o.Interceptors.BeforeExecution, i) + return nil + } +} + +// WithBeforeSerialization adds the BeforeSerializationInterceptor to config. +func WithBeforeSerialization(i smithyhttp.BeforeSerializationInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeSerialization = append(o.Interceptors.BeforeSerialization, i) + return nil + } +} + +// WithAfterSerialization adds the AfterSerializationInterceptor to config. +func WithAfterSerialization(i smithyhttp.AfterSerializationInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.AfterSerialization = append(o.Interceptors.AfterSerialization, i) + return nil + } +} + +// WithBeforeRetryLoop adds the BeforeRetryLoopInterceptor to config. +func WithBeforeRetryLoop(i smithyhttp.BeforeRetryLoopInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeRetryLoop = append(o.Interceptors.BeforeRetryLoop, i) + return nil + } +} + +// WithBeforeAttempt adds the BeforeAttemptInterceptor to config. +func WithBeforeAttempt(i smithyhttp.BeforeAttemptInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeAttempt = append(o.Interceptors.BeforeAttempt, i) + return nil + } +} + +// WithBeforeSigning adds the BeforeSigningInterceptor to config. +func WithBeforeSigning(i smithyhttp.BeforeSigningInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeSigning = append(o.Interceptors.BeforeSigning, i) + return nil + } +} + +// WithAfterSigning adds the AfterSigningInterceptor to config. +func WithAfterSigning(i smithyhttp.AfterSigningInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.AfterSigning = append(o.Interceptors.AfterSigning, i) + return nil + } +} + +// WithBeforeTransmit adds the BeforeTransmitInterceptor to config. +func WithBeforeTransmit(i smithyhttp.BeforeTransmitInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeTransmit = append(o.Interceptors.BeforeTransmit, i) + return nil + } +} + +// WithAfterTransmit adds the AfterTransmitInterceptor to config. +func WithAfterTransmit(i smithyhttp.AfterTransmitInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.AfterTransmit = append(o.Interceptors.AfterTransmit, i) + return nil + } +} + +// WithBeforeDeserialization adds the BeforeDeserializationInterceptor to config. +func WithBeforeDeserialization(i smithyhttp.BeforeDeserializationInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.BeforeDeserialization = append(o.Interceptors.BeforeDeserialization, i) + return nil + } +} + +// WithAfterDeserialization adds the AfterDeserializationInterceptor to config. +func WithAfterDeserialization(i smithyhttp.AfterDeserializationInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.AfterDeserialization = append(o.Interceptors.AfterDeserialization, i) + return nil + } +} + +// WithAfterAttempt adds the AfterAttemptInterceptor to config. +func WithAfterAttempt(i smithyhttp.AfterAttemptInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.AfterAttempt = append(o.Interceptors.AfterAttempt, i) + return nil + } +} + +// WithAfterExecution adds the AfterExecutionInterceptor to config. +func WithAfterExecution(i smithyhttp.AfterExecutionInterceptor) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.Interceptors.AfterExecution = append(o.Interceptors.AfterExecution, i) + return nil + } +} + +// WithAuthSchemePreference sets the priority order of auth schemes on config. +// +// Schemes are expressed as names e.g. sigv4a or sigv4. +func WithAuthSchemePreference(schemeIDs ...string) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.AuthSchemePreference = schemeIDs + return nil + } +} + +func (o LoadOptions) getAuthSchemePreference() ([]string, bool) { + if len(o.AuthSchemePreference) > 0 { + return o.AuthSchemePreference, true + } + return nil, false +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go index 043781f1f77..55312497103 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go @@ -130,7 +130,7 @@ type IgnoreConfiguredEndpointsProvider interface { // GetIgnoreConfiguredEndpoints is used in knowing when to disable configured // endpoints feature. -func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []interface{}) (value bool, found bool, err error) { +func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []any) (value bool, found bool, err error) { for _, cfg := range configs { if p, ok := cfg.(IgnoreConfiguredEndpointsProvider); ok { value, found, err = p.GetIgnoreConfiguredEndpoints(ctx) @@ -242,6 +242,40 @@ func getAccountIDEndpointMode(ctx context.Context, configs configs) (value aws.A return } +// requestChecksumCalculationProvider provides access to the RequestChecksumCalculation +type requestChecksumCalculationProvider interface { + getRequestChecksumCalculation(context.Context) (aws.RequestChecksumCalculation, bool, error) +} + +func getRequestChecksumCalculation(ctx context.Context, configs configs) (value aws.RequestChecksumCalculation, found bool, err error) { + for _, cfg := range configs { + if p, ok := cfg.(requestChecksumCalculationProvider); ok { + value, found, err = p.getRequestChecksumCalculation(ctx) + if err != nil || found { + break + } + } + } + return +} + +// responseChecksumValidationProvider provides access to the ResponseChecksumValidation +type responseChecksumValidationProvider interface { + getResponseChecksumValidation(context.Context) (aws.ResponseChecksumValidation, bool, error) +} + +func getResponseChecksumValidation(ctx context.Context, configs configs) (value aws.ResponseChecksumValidation, found bool, err error) { + for _, cfg := range configs { + if p, ok := cfg.(responseChecksumValidationProvider); ok { + value, found, err = p.getResponseChecksumValidation(ctx) + if err != nil || found { + break + } + } + } + return +} + // ec2IMDSRegionProvider provides access to the ec2 imds region // configuration value type ec2IMDSRegionProvider interface { @@ -719,3 +753,34 @@ func getRetryMode(ctx context.Context, configs configs) (v aws.RetryMode, found } return v, found, err } + +func getAuthSchemePreference(ctx context.Context, configs configs) ([]string, bool) { + type provider interface { + getAuthSchemePreference() ([]string, bool) + } + + for _, cfg := range configs { + if p, ok := cfg.(provider); ok { + if v, ok := p.getAuthSchemePreference(); ok { + return v, true + } + } + } + return nil, false +} + +type serviceOptionsProvider interface { + getServiceOptions(ctx context.Context) ([]func(string, any), bool, error) +} + +func getServiceOptions(ctx context.Context, configs configs) (v []func(string, any), found bool, err error) { + for _, c := range configs { + if p, ok := c.(serviceOptionsProvider); ok { + v, found, err = p.getServiceOptions(ctx) + if err != nil || found { + break + } + } + } + return v, found, err +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go index 41009c7da06..a71c105d960 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "io/ioutil" + "io" "net/http" "os" @@ -21,7 +21,7 @@ import ( // This should be used as the first resolver in the slice of resolvers when // resolving external configuration. func resolveDefaultAWSConfig(ctx context.Context, cfg *aws.Config, cfgs configs) error { - var sources []interface{} + var sources []any for _, s := range cfgs { sources = append(sources, s) } @@ -69,7 +69,7 @@ func resolveCustomCABundle(ctx context.Context, cfg *aws.Config, cfgs configs) e tr.TLSClientConfig.RootCAs = x509.NewCertPool() } - b, err := ioutil.ReadAll(pemCerts) + b, err := io.ReadAll(pemCerts) if err != nil { appendErr = fmt.Errorf("failed to read custom CA bundle PEM file") } @@ -106,9 +106,9 @@ func resolveRegion(ctx context.Context, cfg *aws.Config, configs configs) error } func resolveBaseEndpoint(ctx context.Context, cfg *aws.Config, configs configs) error { - var downcastCfgSources []interface{} + var downcastCfgSources []any for _, cs := range configs { - downcastCfgSources = append(downcastCfgSources, interface{}(cs)) + downcastCfgSources = append(downcastCfgSources, any(cs)) } if val, found, err := GetIgnoreConfiguredEndpoints(ctx, downcastCfgSources); found && val && err == nil { @@ -182,6 +182,36 @@ func resolveAccountIDEndpointMode(ctx context.Context, cfg *aws.Config, configs return nil } +// resolveRequestChecksumCalculation extracts the RequestChecksumCalculation from the configs slice's +// SharedConfig or EnvConfig +func resolveRequestChecksumCalculation(ctx context.Context, cfg *aws.Config, configs configs) error { + c, found, err := getRequestChecksumCalculation(ctx, configs) + if err != nil { + return err + } + + if !found { + c = aws.RequestChecksumCalculationWhenSupported + } + cfg.RequestChecksumCalculation = c + return nil +} + +// resolveResponseValidation extracts the ResponseChecksumValidation from the configs slice's +// SharedConfig or EnvConfig +func resolveResponseChecksumValidation(ctx context.Context, cfg *aws.Config, configs configs) error { + c, found, err := getResponseChecksumValidation(ctx, configs) + if err != nil { + return err + } + + if !found { + c = aws.ResponseChecksumValidationWhenSupported + } + cfg.ResponseChecksumValidation = c + return nil +} + // resolveDefaultRegion extracts the first instance of a default region and sets `aws.Config.Region` to the default // region if region had not been resolved from other sources. func resolveDefaultRegion(ctx context.Context, cfg *aws.Config, configs configs) error { @@ -381,3 +411,34 @@ func resolveRetryMode(ctx context.Context, cfg *aws.Config, configs configs) err return nil } + +func resolveInterceptors(ctx context.Context, cfg *aws.Config, configs configs) error { + // LoadOptions is the only thing that you can really configure interceptors + // on so just check that directly. + for _, c := range configs { + if loadopts, ok := c.(LoadOptions); ok { + cfg.Interceptors = loadopts.Interceptors.Copy() + } + } + return nil +} + +func resolveAuthSchemePreference(ctx context.Context, cfg *aws.Config, configs configs) error { + if pref, ok := getAuthSchemePreference(ctx, configs); ok { + cfg.AuthSchemePreference = pref + } + return nil +} + +func resolveServiceOptions(ctx context.Context, cfg *aws.Config, configs configs) error { + serviceOptions, found, err := getServiceOptions(ctx, configs) + if err != nil { + return err + } + if !found { + return nil + } + + cfg.ServiceOptions = serviceOptions + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go index 7ae252e2e87..4f8c324e0d5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go @@ -3,7 +3,6 @@ package config import ( "context" "fmt" - "io/ioutil" "net" "net/url" "os" @@ -13,10 +12,12 @@ import ( "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds" "github.com/aws/aws-sdk-go-v2/credentials/endpointcreds" + "github.com/aws/aws-sdk-go-v2/credentials/logincreds" "github.com/aws/aws-sdk-go-v2/credentials/processcreds" "github.com/aws/aws-sdk-go-v2/credentials/ssocreds" "github.com/aws/aws-sdk-go-v2/credentials/stscreds" "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + "github.com/aws/aws-sdk-go-v2/service/signin" "github.com/aws/aws-sdk-go-v2/service/sso" "github.com/aws/aws-sdk-go-v2/service/ssooidc" "github.com/aws/aws-sdk-go-v2/service/sts" @@ -112,13 +113,15 @@ func resolveCredentialChain(ctx context.Context, cfg *aws.Config, configs config switch { case sharedProfileSet: - err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other) + ctx, err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other) case envConfig.Credentials.HasKeys(): - cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials} + ctx = addCredentialSource(ctx, aws.CredentialSourceEnvVars) + cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials, Source: getCredentialSources(ctx)} case len(envConfig.WebIdentityTokenFilePath) > 0: + ctx = addCredentialSource(ctx, aws.CredentialSourceEnvVarsSTSWebIDToken) err = assumeWebIdentity(ctx, cfg, envConfig.WebIdentityTokenFilePath, envConfig.RoleARN, envConfig.RoleSessionName, configs) default: - err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other) + ctx, err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig, other) } if err != nil { return err @@ -133,53 +136,74 @@ func resolveCredentialChain(ctx context.Context, cfg *aws.Config, configs config return nil } -func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedConfig *SharedConfig, configs configs) (err error) { - +func resolveCredsFromProfile(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedConfig *SharedConfig, configs configs) (ctx2 context.Context, err error) { switch { case sharedConfig.Source != nil: + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSourceProfile) // Assume IAM role with credentials source from a different profile. - err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig.Source, configs) + ctx, err = resolveCredsFromProfile(ctx, cfg, envConfig, sharedConfig.Source, configs) case sharedConfig.Credentials.HasKeys(): // Static Credentials from Shared Config/Credentials file. + ctx = addCredentialSource(ctx, aws.CredentialSourceProfile) cfg.Credentials = credentials.StaticCredentialsProvider{ - Value: sharedConfig.Credentials, + Value: sharedConfig.Credentials, + Source: getCredentialSources(ctx), } case len(sharedConfig.CredentialSource) != 0: - err = resolveCredsFromSource(ctx, cfg, envConfig, sharedConfig, configs) + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileNamedProvider) + ctx, err = resolveCredsFromSource(ctx, cfg, envConfig, sharedConfig, configs) case len(sharedConfig.WebIdentityTokenFile) != 0: // Credentials from Assume Web Identity token require an IAM Role, and // that roll will be assumed. May be wrapped with another assume role // via SourceProfile. - return assumeWebIdentity(ctx, cfg, sharedConfig.WebIdentityTokenFile, sharedConfig.RoleARN, sharedConfig.RoleSessionName, configs) + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSTSWebIDToken) + return ctx, assumeWebIdentity(ctx, cfg, sharedConfig.WebIdentityTokenFile, sharedConfig.RoleARN, sharedConfig.RoleSessionName, configs) case sharedConfig.hasSSOConfiguration(): + if sharedConfig.hasLegacySSOConfiguration() { + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSSOLegacy) + ctx = addCredentialSource(ctx, aws.CredentialSourceSSOLegacy) + } else { + ctx = addCredentialSource(ctx, aws.CredentialSourceSSO) + } + if sharedConfig.SSOSession != nil { + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileSSO) + } err = resolveSSOCredentials(ctx, cfg, sharedConfig, configs) - + case len(sharedConfig.LoginSession) > 0: + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileLogin) + ctx = addCredentialSource(ctx, aws.CredentialSourceLogin) + err = resolveLoginCredentials(ctx, cfg, sharedConfig, configs) case len(sharedConfig.CredentialProcess) != 0: // Get credentials from CredentialProcess + ctx = addCredentialSource(ctx, aws.CredentialSourceProfileProcess) + ctx = addCredentialSource(ctx, aws.CredentialSourceProcess) err = processCredentials(ctx, cfg, sharedConfig, configs) case len(envConfig.ContainerCredentialsRelativePath) != 0: + ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP) err = resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs) case len(envConfig.ContainerCredentialsEndpoint) != 0: + ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP) err = resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs) default: + ctx = addCredentialSource(ctx, aws.CredentialSourceIMDS) err = resolveEC2RoleCredentials(ctx, cfg, configs) } if err != nil { - return err + return ctx, err } if len(sharedConfig.RoleARN) > 0 { - return credsFromAssumeRole(ctx, cfg, sharedConfig, configs) + return ctx, credsFromAssumeRole(ctx, cfg, sharedConfig, configs) } - return nil + return ctx, nil } func resolveSSOCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *SharedConfig, configs configs) error { @@ -198,6 +222,10 @@ func resolveSSOCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *S cfgCopy := cfg.Copy() + options = append(options, func(o *ssocreds.Options) { + o.CredentialSources = getCredentialSources(ctx) + }) + if sharedConfig.SSOSession != nil { ssoTokenProviderOptionsFn, found, err := getSSOTokenProviderOptions(ctx, configs) if err != nil { @@ -242,6 +270,10 @@ func processCredentials(ctx context.Context, cfg *aws.Config, sharedConfig *Shar opts = append(opts, options) } + opts = append(opts, func(o *processcreds.Options) { + o.CredentialSources = getCredentialSources(ctx) + }) + cfg.Credentials = processcreds.NewProvider(sharedConfig.CredentialProcess, opts...) return nil @@ -313,7 +345,7 @@ func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToke options.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) { var contents []byte var err error - if contents, err = ioutil.ReadFile(authFilePath); err != nil { + if contents, err = os.ReadFile(authFilePath); err != nil { return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err) } return string(contents), nil @@ -323,6 +355,7 @@ func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToke if cfg.Retryer != nil { options.Retryer = cfg.Retryer() } + options.CredentialSources = getCredentialSources(ctx) }, } @@ -346,28 +379,31 @@ func resolveHTTPCredProvider(ctx context.Context, cfg *aws.Config, url, authToke return nil } -func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedCfg *SharedConfig, configs configs) (err error) { +func resolveCredsFromSource(ctx context.Context, cfg *aws.Config, envConfig *EnvConfig, sharedCfg *SharedConfig, configs configs) (context.Context, error) { switch sharedCfg.CredentialSource { case credSourceEc2Metadata: - return resolveEC2RoleCredentials(ctx, cfg, configs) + ctx = addCredentialSource(ctx, aws.CredentialSourceIMDS) + return ctx, resolveEC2RoleCredentials(ctx, cfg, configs) case credSourceEnvironment: - cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials} + ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP) + cfg.Credentials = credentials.StaticCredentialsProvider{Value: envConfig.Credentials, Source: getCredentialSources(ctx)} case credSourceECSContainer: + ctx = addCredentialSource(ctx, aws.CredentialSourceHTTP) if len(envConfig.ContainerCredentialsRelativePath) != 0 { - return resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs) + return ctx, resolveHTTPCredProvider(ctx, cfg, ecsContainerURI(envConfig.ContainerCredentialsRelativePath), envConfig.ContainerAuthorizationToken, configs) } if len(envConfig.ContainerCredentialsEndpoint) != 0 { - return resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs) + return ctx, resolveLocalHTTPCredProvider(ctx, cfg, envConfig.ContainerCredentialsEndpoint, envConfig.ContainerAuthorizationToken, configs) } - return fmt.Errorf("EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was set") + return ctx, fmt.Errorf("EcsContainer was specified as the credential_source, but neither 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' or AWS_CONTAINER_CREDENTIALS_FULL_URI' was set") default: - return fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment") + return ctx, fmt.Errorf("credential_source values must be EcsContainer, Ec2InstanceMetadata, or Environment") } - return nil + return ctx, nil } func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs configs) error { @@ -386,6 +422,7 @@ func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs con if o.Client == nil { o.Client = imds.NewFromConfig(*cfg) } + o.CredentialSources = getCredentialSources(ctx) }) provider := ec2rolecreds.New(optFns...) @@ -394,7 +431,6 @@ func resolveEC2RoleCredentials(ctx context.Context, cfg *aws.Config, configs con if err != nil { return err } - return nil } @@ -473,6 +509,10 @@ func assumeWebIdentity(ctx context.Context, cfg *aws.Config, filepath string, ro RoleARN: roleARN, } + optFns = append(optFns, func(options *stscreds.WebIdentityRoleOptions) { + options.CredentialSources = getCredentialSources(ctx) + }) + for _, fn := range optFns { fn(&opts) } @@ -494,6 +534,8 @@ func assumeWebIdentity(ctx context.Context, cfg *aws.Config, filepath string, ro } func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *SharedConfig, configs configs) (err error) { + // resolve credentials early + credentialSources := getCredentialSources(ctx) optFns := []func(*stscreds.AssumeRoleOptions){ func(options *stscreds.AssumeRoleOptions) { options.RoleSessionName = sharedCfg.RoleSessionName @@ -511,6 +553,9 @@ func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *Shared if len(sharedCfg.MFASerial) != 0 { options.SerialNumber = aws.String(sharedCfg.MFASerial) } + + // add existing credential chain + options.CredentialSources = credentialSources }, } @@ -533,7 +578,6 @@ func credsFromAssumeRole(ctx context.Context, cfg *aws.Config, sharedCfg *Shared return AssumeRoleTokenProviderNotSetError{} } } - cfg.Credentials = stscreds.NewAssumeRoleProvider(sts.NewFromConfig(*cfg), sharedCfg.RoleARN, optFns...) return nil @@ -567,3 +611,39 @@ func wrapWithCredentialsCache( return aws.NewCredentialsCache(provider, optFns...), nil } + +// credentialSource stores the chain of providers that was used to create an instance of +// a credentials provider on the context +type credentialSource struct{} + +func addCredentialSource(ctx context.Context, source aws.CredentialSource) context.Context { + existing, ok := ctx.Value(credentialSource{}).([]aws.CredentialSource) + if !ok { + existing = []aws.CredentialSource{source} + } else { + existing = append(existing, source) + } + return context.WithValue(ctx, credentialSource{}, existing) +} + +func getCredentialSources(ctx context.Context) []aws.CredentialSource { + return ctx.Value(credentialSource{}).([]aws.CredentialSource) +} + +func resolveLoginCredentials(ctx context.Context, cfg *aws.Config, sharedCfg *SharedConfig, configs configs) error { + cacheDir := os.Getenv("AWS_LOGIN_CACHE_DIRECTORY") + tokenPath, err := logincreds.StandardCachedTokenFilepath(sharedCfg.LoginSession, cacheDir) + if err != nil { + return err + } + + svc := signin.NewFromConfig(*cfg) + provider := logincreds.New(svc, tokenPath, func(o *logincreds.Options) { + o.CredentialSources = getCredentialSources(ctx) + }) + cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, provider) + if err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go index d7a2b5307ea..5b251f54f57 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go @@ -6,15 +6,14 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "path/filepath" "strings" "time" "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config/internal/ini" "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" - "github.com/aws/aws-sdk-go-v2/internal/ini" "github.com/aws/aws-sdk-go-v2/internal/shareddefaults" "github.com/aws/smithy-go/logging" smithyrequestcompression "github.com/aws/smithy-go/private/requestcompression" @@ -118,6 +117,15 @@ const ( accountIDKey = "aws_account_id" accountIDEndpointMode = "account_id_endpoint_mode" + + requestChecksumCalculationKey = "request_checksum_calculation" + responseChecksumValidationKey = "response_checksum_validation" + checksumWhenSupported = "when_supported" + checksumWhenRequired = "when_required" + + authSchemePreferenceKey = "auth_scheme_preference" + + loginSessionKey = "login_session" ) // defaultSharedConfigProfile allows for swapping the default profile for testing @@ -346,6 +354,18 @@ type SharedConfig struct { S3DisableExpressAuth *bool AccountIDEndpointMode aws.AccountIDEndpointMode + + // RequestChecksumCalculation indicates if the request checksum should be calculated + RequestChecksumCalculation aws.RequestChecksumCalculation + + // ResponseChecksumValidation indicates if the response checksum should be validated + ResponseChecksumValidation aws.ResponseChecksumValidation + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string + + // Session ARN from an `aws login` session. + LoginSession string } func (c SharedConfig) getDefaultsMode(ctx context.Context) (value aws.DefaultsMode, ok bool, err error) { @@ -481,7 +501,7 @@ func (c SharedConfig) getCustomCABundle(context.Context) (io.Reader, bool, error return nil, false, nil } - b, err := ioutil.ReadFile(c.CustomCABundle) + b, err := os.ReadFile(c.CustomCABundle) if err != nil { return nil, false, err } @@ -879,6 +899,10 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error { ssoRegionKey, ssoRoleNameKey, ssoStartURLKey, + + authSchemePreferenceKey, + + loginSessionKey, } for i := range stringKeys { if err := mergeStringKey(&srcSection, &dstSection, sectionName, stringKeys[i]); err != nil { @@ -1133,6 +1157,13 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er return fmt.Errorf("failed to load %s from shared config, %w", accountIDEndpointMode, err) } + if err := updateRequestChecksumCalculation(&c.RequestChecksumCalculation, section, requestChecksumCalculationKey); err != nil { + return fmt.Errorf("failed to load %s from shared config, %w", requestChecksumCalculationKey, err) + } + if err := updateResponseChecksumValidation(&c.ResponseChecksumValidation, section, responseChecksumValidationKey); err != nil { + return fmt.Errorf("failed to load %s from shared config, %w", responseChecksumValidationKey, err) + } + // Shared Credentials creds := aws.Credentials{ AccessKeyID: section.String(accessKeyIDKey), @@ -1148,6 +1179,10 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er updateString(&c.ServicesSectionName, section, servicesSectionKey) + c.AuthSchemePreference = toAuthSchemePreferenceList(section.String(authSchemePreferenceKey)) + + updateString(&c.LoginSession, section, loginSessionKey) + return nil } @@ -1207,6 +1242,42 @@ func updateAIDEndpointMode(m *aws.AccountIDEndpointMode, sec ini.Section, key st return nil } +func updateRequestChecksumCalculation(m *aws.RequestChecksumCalculation, sec ini.Section, key string) error { + if !sec.Has(key) { + return nil + } + + v := sec.String(key) + switch strings.ToLower(v) { + case checksumWhenSupported: + *m = aws.RequestChecksumCalculationWhenSupported + case checksumWhenRequired: + *m = aws.RequestChecksumCalculationWhenRequired + default: + return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v) + } + + return nil +} + +func updateResponseChecksumValidation(m *aws.ResponseChecksumValidation, sec ini.Section, key string) error { + if !sec.Has(key) { + return nil + } + + v := sec.String(key) + switch strings.ToLower(v) { + case checksumWhenSupported: + *m = aws.ResponseChecksumValidationWhenSupported + case checksumWhenRequired: + *m = aws.ResponseChecksumValidationWhenRequired + default: + return fmt.Errorf("invalid value for shared config profile field, %s=%s, must be when_supported/when_required", key, v) + } + + return nil +} + func (c SharedConfig) getRequestMinCompressSizeBytes(ctx context.Context) (int64, bool, error) { if c.RequestMinCompressSizeBytes == nil { return 0, false, nil @@ -1225,6 +1296,14 @@ func (c SharedConfig) getAccountIDEndpointMode(ctx context.Context) (aws.Account return c.AccountIDEndpointMode, len(c.AccountIDEndpointMode) > 0, nil } +func (c SharedConfig) getRequestChecksumCalculation(ctx context.Context) (aws.RequestChecksumCalculation, bool, error) { + return c.RequestChecksumCalculation, c.RequestChecksumCalculation > 0, nil +} + +func (c SharedConfig) getResponseChecksumValidation(ctx context.Context) (aws.ResponseChecksumValidation, bool, error) { + return c.ResponseChecksumValidation, c.ResponseChecksumValidation > 0, nil +} + func updateDefaultsMode(mode *aws.DefaultsMode, section ini.Section, key string) error { if !section.Has(key) { return nil @@ -1616,3 +1695,10 @@ func updateUseFIPSEndpoint(dst *aws.FIPSEndpointState, section ini.Section, key return } + +func (c SharedConfig) getAuthSchemePreference() ([]string, bool) { + if len(c.AuthSchemePreference) > 0 { + return c.AuthSchemePreference, true + } + return nil, false +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md index eb7c3fe68f1..0b215e6b831 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md @@ -1,3 +1,338 @@ +# v1.19.16 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.15 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.14 (2026-04-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.13 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.12 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.11 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.10 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.9 (2026-02-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.8 (2026-02-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.7 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.6 (2025-12-16) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.5 (2025-12-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.19.2 (2025-11-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.1 (2025-11-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.0 (2025-11-19.2) + +* **Feature**: Add support for AWS Login credentials (package credentials/logincreds) to the default credential chain. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.25 (2025-11-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.24 (2025-11-12) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.23 (2025-11-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.22 (2025-11-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.21 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.18.20 (2025-10-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.19 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.18 (2025-10-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.17 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.16 (2025-09-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.15 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.14 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.13 (2025-09-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.12 (2025-09-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.11 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.10 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.9 (2025-08-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.8 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.7 (2025-08-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.6 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.5 (2025-08-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.4 (2025-08-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.3 (2025-08-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.2 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.1 (2025-07-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.71 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.70 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.69 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.68 (2025-06-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.67 (2025-04-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.66 (2025-04-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.65 (2025-03-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.64 (2025-03-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.63 (2025-03-24) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.62 (2025-03-04.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.61 (2025-02-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.60 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.59 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.58 (2025-02-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.57 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.56 (2025-01-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.55 (2025-01-24) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.17.54 (2025-01-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.53 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.52 (2025-01-14) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.51 (2025-01-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.50 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.49 (2025-01-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.48 (2024-12-19) + +* **Bug Fix**: Fix improper use of printf-style functions. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.47 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.46 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.45 (2024-11-14) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.44 (2024-11-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.43 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.42 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.41 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.40 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.39 (2024-10-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.38 (2024-10-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.37 (2024-09-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.36 (2024-09-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.17.35 (2024-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.17.34 (2024-09-20) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/provider.go index 5c699f16650..a95e6c8bdd6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/provider.go @@ -47,6 +47,10 @@ type Options struct { // // If nil, the provider will default to the EC2 IMDS client. Client GetMetadataAPIClient + + // The chain of providers that was used to create this provider + // These values are for reporting purposes and are not meant to be set up directly + CredentialSources []aws.CredentialSource } // New returns an initialized Provider value configured to retrieve @@ -227,3 +231,11 @@ func requestCred(ctx context.Context, client GetMetadataAPIClient, credsName str return respCreds, nil } + +// ProviderSources returns the credential chain that was used to construct this provider +func (p *Provider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceIMDS} + } // If no source has been set, assume this is used directly which means just call to assume role + return p.options.CredentialSources +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go index 2386153a9ec..c8ac6d9ff18 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go @@ -98,6 +98,10 @@ type Options struct { // // Will override AuthorizationToken if configured AuthorizationTokenProvider AuthTokenProvider + + // The chain of providers that was used to create this provider + // These values are for reporting purposes and are not meant to be set up directly + CredentialSources []aws.CredentialSource } // AuthTokenProvider defines an interface to dynamically load a value to be passed @@ -191,3 +195,13 @@ func (p *Provider) resolveAuthToken() (string, error) { return authToken, nil } + +var _ aws.CredentialProviderSource = (*Provider)(nil) + +// ProviderSources returns the credential chain that was used to construct this provider +func (p *Provider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceHTTP} + } + return p.options.CredentialSources +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go index 99ec3eb5670..5abad90cd98 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go @@ -3,4 +3,4 @@ package credentials // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.17.34" +const goModuleVersion = "1.19.16" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go new file mode 100644 index 00000000000..6dc0845fdfd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go @@ -0,0 +1,150 @@ +package logincreds + +import ( + "context" + "crypto/ecdsa" + cryptorand "crypto/rand" + "crypto/sha256" + "crypto/x509" + "encoding/base64" + "encoding/json" + "encoding/pem" + "fmt" + + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/aws-sdk-go-v2/service/signin" + "github.com/aws/smithy-go/middleware" + smithyrand "github.com/aws/smithy-go/rand" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// AWS signin DPOP always uses the P256 curve +const curvelen = 256 / 8 // bytes + +// https://datatracker.ietf.org/doc/html/rfc9449 +func mkdpop(token *loginToken, htu string) (string, error) { + key, err := parseKey(token.DPOPKey) + if err != nil { + return "", fmt.Errorf("parse key: %w", err) + } + + header, err := jsonb64(&dpopHeader{ + Typ: "dpop+jwt", + Alg: "ES256", + Jwk: &dpopHeaderJwk{ + Kty: "EC", + X: base64.RawURLEncoding.EncodeToString(key.X.Bytes()), + Y: base64.RawURLEncoding.EncodeToString(key.Y.Bytes()), + Crv: "P-256", + }, + }) + if err != nil { + return "", fmt.Errorf("marshal header: %w", err) + } + + uuid, err := smithyrand.NewUUID(cryptorand.Reader).GetUUID() + if err != nil { + return "", fmt.Errorf("uuid: %w", err) + } + + payload, err := jsonb64(&dpopPayload{ + Jti: uuid, + Htm: "POST", + Htu: htu, + Iat: sdk.NowTime().Unix(), + }) + if err != nil { + return "", fmt.Errorf("marshal payload: %w", err) + } + + msg := fmt.Sprintf("%s.%s", header, payload) + + h := sha256.New() + h.Write([]byte(msg)) + + r, s, err := ecdsa.Sign(cryptorand.Reader, key, h.Sum(nil)) + if err != nil { + return "", fmt.Errorf("sign: %w", err) + } + + // DPOP signatures are formatted in RAW r || s form (with each value padded + // to fit in curve size which in our case is always the 256 bits) - rather + // than encoded in something like asn.1 + sig := make([]byte, curvelen*2) + r.FillBytes(sig[0:curvelen]) + s.FillBytes(sig[curvelen:]) + + dpop := fmt.Sprintf("%s.%s", msg, base64.RawURLEncoding.EncodeToString(sig)) + return dpop, nil +} + +func parseKey(pemBlock string) (*ecdsa.PrivateKey, error) { + block, _ := pem.Decode([]byte(pemBlock)) + priv, err := x509.ParseECPrivateKey(block.Bytes) + if err != nil { + return nil, fmt.Errorf("parse ec private key: %w", err) + } + + return priv, nil +} + +func jsonb64(v any) (string, error) { + j, err := json.MarshalIndent(v, "", " ") + if err != nil { + return "", err + } + + return base64.RawURLEncoding.EncodeToString(j), nil +} + +type dpopHeader struct { + Typ string `json:"typ"` + Alg string `json:"alg"` + Jwk *dpopHeaderJwk `json:"jwk"` +} + +type dpopHeaderJwk struct { + Kty string `json:"kty"` + X string `json:"x"` + Y string `json:"y"` + Crv string `json:"crv"` +} + +type dpopPayload struct { + Jti string `json:"jti"` + Htm string `json:"htm"` + Htu string `json:"htu"` + Iat int64 `json:"iat"` +} + +type signDPOP struct { + Token *loginToken +} + +func addSignDPOP(token *loginToken) func(o *signin.Options) { + return signin.WithAPIOptions(func(stack *middleware.Stack) error { + return stack.Finalize.Add(&signDPOP{token}, middleware.After) + }) +} + +func (*signDPOP) ID() string { + return "signDPOP" +} + +func (m *signDPOP) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, md middleware.Metadata, err error, +) { + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, md, fmt.Errorf("unexpected transport type %T", req) + } + + dpop, err := mkdpop(m.Token, req.URL.String()) + if err != nil { + return out, md, fmt.Errorf("sign dpop: %w", err) + } + + req.Header.Set("DPoP", dpop) + return next.HandleFinalize(ctx, in) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go new file mode 100644 index 00000000000..6cd5281d49f --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go @@ -0,0 +1,14 @@ +package logincreds + +import ( + "io" + "os" +) + +var openFile func(string) (io.ReadCloser, error) = func(name string) (io.ReadCloser, error) { + return os.Open(name) +} + +var createFile func(string) (io.WriteCloser, error) = func(name string) (io.WriteCloser, error) { + return os.Create(name) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go new file mode 100644 index 00000000000..3e6357b87c7 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go @@ -0,0 +1,172 @@ +// Package logincreds implements AWS credential provision for sessions created +// via an `aws login` command. +package logincreds + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "io" + "os" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/aws-sdk-go-v2/service/signin" + "github.com/aws/aws-sdk-go-v2/service/signin/types" +) + +// ProviderName identifies the login provider. +const ProviderName = "LoginProvider" + +// TokenAPIClient provides the interface for the login session's token +// retrieval operation. +type TokenAPIClient interface { + CreateOAuth2Token(context.Context, *signin.CreateOAuth2TokenInput, ...func(*signin.Options)) (*signin.CreateOAuth2TokenOutput, error) +} + +// Provider supplies credentials for an `aws login` session. +type Provider struct { + options Options +} + +var _ aws.CredentialsProvider = (*Provider)(nil) + +// Options configures the Provider. +type Options struct { + Client TokenAPIClient + + // APIOptions to pass to the underlying CreateOAuth2Token operation. + ClientOptions []func(*signin.Options) + + // The path to the cached login token. + CachedTokenFilepath string + + // The chain of providers that was used to create this provider. + // + // These values are for reporting purposes and are not meant to be set up + // directly. + CredentialSources []aws.CredentialSource +} + +// New returns a new login session credentials provider. +func New(client TokenAPIClient, path string, opts ...func(*Options)) *Provider { + options := Options{ + Client: client, + CachedTokenFilepath: path, + } + + for _, opt := range opts { + opt(&options) + } + + return &Provider{options} +} + +// Retrieve generates a new set of temporary credentials using an `aws login` +// session. +func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) { + token, err := p.loadToken() + if err != nil { + return aws.Credentials{}, fmt.Errorf("load login token: %w", err) + } + if err := token.Validate(); err != nil { + return aws.Credentials{}, fmt.Errorf("validate login token: %w", err) + } + + // the token may have been refreshed elsewhere or the login session might + // have just been created + if sdk.NowTime().Before(token.AccessToken.ExpiresAt) { + return token.Credentials(), nil + } + + opts := make([]func(*signin.Options), len(p.options.ClientOptions)+1) + opts[0] = addSignDPOP(token) + copy(opts[1:], p.options.ClientOptions) + + out, err := p.options.Client.CreateOAuth2Token(ctx, &signin.CreateOAuth2TokenInput{ + TokenInput: &types.CreateOAuth2TokenRequestBody{ + ClientId: aws.String(token.ClientID), + GrantType: aws.String("refresh_token"), + RefreshToken: aws.String(token.RefreshToken), + }, + }, opts...) + if err != nil { + var terr *types.AccessDeniedException + if errors.As(err, &terr) { + err = toAccessDeniedError(terr) + } + return aws.Credentials{}, fmt.Errorf("create oauth2 token: %w", err) + } + + token.Update(out) + if err := p.saveToken(token); err != nil { + return aws.Credentials{}, fmt.Errorf("save token: %w", err) + } + + return token.Credentials(), nil +} + +// ProviderSources returns the credential chain that was used to construct this +// provider. +func (p *Provider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceLogin} + } + return p.options.CredentialSources +} + +func (p *Provider) loadToken() (*loginToken, error) { + f, err := openFile(p.options.CachedTokenFilepath) + if err != nil && os.IsNotExist(err) { + return nil, fmt.Errorf("token file not found, please reauthenticate") + } + if err != nil { + return nil, err + } + defer f.Close() + + j, err := io.ReadAll(f) + if err != nil { + return nil, err + } + + var t *loginToken + if err := json.Unmarshal(j, &t); err != nil { + return nil, err + } + + return t, nil +} + +func (p *Provider) saveToken(token *loginToken) error { + j, err := json.Marshal(token) + if err != nil { + return err + } + + f, err := createFile(p.options.CachedTokenFilepath) + if err != nil { + return err + } + defer f.Close() + + if _, err := f.Write(j); err != nil { + return err + } + + return nil +} + +func toAccessDeniedError(err *types.AccessDeniedException) error { + switch err.Error_ { + case types.OAuth2ErrorCodeTokenExpired: + return fmt.Errorf("login session has expired, please reauthenticate") + case types.OAuth2ErrorCodeUserCredentialsChanged: + return fmt.Errorf("login session password has changed, please reauthenticate") + case types.OAuth2ErrorCodeInsufficientPermissions: + return fmt.Errorf("insufficient permissions, you may be missing permissions for the CreateOAuth2Token action") + default: + return err + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go new file mode 100644 index 00000000000..1a97b98cdc2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go @@ -0,0 +1,110 @@ +package logincreds + +import ( + "crypto/sha256" + "encoding/hex" + "errors" + "fmt" + "path/filepath" + "strings" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/aws-sdk-go-v2/internal/shareddefaults" + "github.com/aws/aws-sdk-go-v2/service/signin" +) + +var userHomeDir = shareddefaults.UserHomeDir + +// StandardCachedTokenFilepath returns the filepath for the cached login token +// file. Key that will be used to compute a SHA256 value that is hex encoded. +// +// An overriden root dir can be provided, if not set the path defaults to +// ~/.aws/sso/cache. +func StandardCachedTokenFilepath(session, dir string) (string, error) { + session = strings.TrimSpace(session) + + if len(dir) == 0 { + dir = userHomeDir() + if len(dir) == 0 { + return "", errors.New("user home dir is blank") + } + dir = filepath.Join(dir, ".aws", "login", "cache") + } + + h := sha256.New() + h.Write([]byte(session)) + + filename := strings.ToLower(hex.EncodeToString(h.Sum(nil))) + ".json" + return filepath.Join(dir, filename), nil +} + +// contents of the token as they appear on disk +type loginToken struct { + AccessToken *loginTokenAccessToken `json:"accessToken"` + TokenType string `json:"tokenType"` + RefreshToken string `json:"refreshToken"` + IdentityToken string `json:"identityToken"` + ClientID string `json:"clientId"` + DPOPKey string `json:"dpopKey"` +} + +type loginTokenAccessToken struct { + AccessKeyID string `json:"accessKeyId"` + SecretAccessKey string `json:"secretAccessKey"` + SessionToken string `json:"sessionToken"` + AccountID string `json:"accountId"` + ExpiresAt time.Time `json:"expiresAt"` +} + +func (t *loginToken) Validate() error { + if t.AccessToken == nil { + return fmt.Errorf("missing accessToken") + } + if t.AccessToken.AccessKeyID == "" { + return fmt.Errorf("missing accessToken.accessKeyId") + } + if t.AccessToken.SecretAccessKey == "" { + return fmt.Errorf("missing accessToken.secretAccessKey") + } + if t.AccessToken.SessionToken == "" { + return fmt.Errorf("missing accessToken.sessionToken") + } + if t.AccessToken.AccountID == "" { + return fmt.Errorf("missing accessToken.accountId") + } + if t.AccessToken.ExpiresAt.IsZero() { + return fmt.Errorf("missing accessToken.expiresAt") + } + if t.ClientID == "" { + return fmt.Errorf("missing clientId") + } + if t.RefreshToken == "" { + return fmt.Errorf("missing refreshToken") + } + if t.DPOPKey == "" { + return fmt.Errorf("missing dpopKey") + } + return nil +} + +func (t *loginToken) Credentials() aws.Credentials { + return aws.Credentials{ + AccessKeyID: t.AccessToken.AccessKeyID, + SecretAccessKey: t.AccessToken.SecretAccessKey, + SessionToken: t.AccessToken.SessionToken, + Source: ProviderName, + CanExpire: true, + Expires: t.AccessToken.ExpiresAt, + AccountID: t.AccessToken.AccountID, + } +} + +func (t *loginToken) Update(out *signin.CreateOAuth2TokenOutput) { + t.AccessToken.AccessKeyID = *out.TokenOutput.AccessToken.AccessKeyId + t.AccessToken.SecretAccessKey = *out.TokenOutput.AccessToken.SecretAccessKey + t.AccessToken.SessionToken = *out.TokenOutput.AccessToken.SessionToken + t.AccessToken.ExpiresAt = sdk.NowTime().Add(time.Duration(*out.TokenOutput.ExpiresIn) * time.Second) + t.RefreshToken = *out.TokenOutput.RefreshToken +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go index 911fcc32729..dfc6b2548ed 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go @@ -57,6 +57,9 @@ type Provider struct { type Options struct { // Timeout limits the time a process can run. Timeout time.Duration + // The chain of providers that was used to create this provider + // These values are for reporting purposes and are not meant to be set up directly + CredentialSources []aws.CredentialSource } // NewCommandBuilder provides the interface for specifying how command will be @@ -274,6 +277,14 @@ func (p *Provider) executeCredentialProcess(ctx context.Context) ([]byte, error) return out, nil } +// ProviderSources returns the credential chain that was used to construct this provider +func (p *Provider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceProcess} + } + return p.options.CredentialSources +} + func executeCommand(cmd *exec.Cmd, exec chan error) { // Start the command err := cmd.Start() diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go index 46ae2f92310..1fb6b2f0da3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go @@ -5,7 +5,6 @@ import ( "encoding/hex" "encoding/json" "fmt" - "io/ioutil" "os" "path/filepath" "strconv" @@ -145,7 +144,7 @@ func getTokenFieldRFC3339(v interface{}, value **rfc3339) error { } func loadCachedToken(filename string) (token, error) { - fileBytes, err := ioutil.ReadFile(filename) + fileBytes, err := os.ReadFile(filename) if err != nil { return token{}, fmt.Errorf("failed to read cached SSO token file, %w", err) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go index 8c230be8eb8..3ed9cbb3ec0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go @@ -49,6 +49,10 @@ type Options struct { // Used by the SSOCredentialProvider if a token configuration // profile is used in the shared config SSOTokenProvider *SSOTokenProvider + + // The chain of providers that was used to create this provider. + // These values are for reporting purposes and are not meant to be set up directly + CredentialSources []aws.CredentialSource } // Provider is an AWS credential provider that retrieves temporary AWS @@ -133,6 +137,14 @@ func (p *Provider) Retrieve(ctx context.Context) (aws.Credentials, error) { }, nil } +// ProviderSources returns the credential chain that was used to construct this provider +func (p *Provider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceSSO} + } + return p.options.CredentialSources +} + // InvalidTokenError is the error type that is returned if loaded token has // expired or is otherwise invalid. To refresh the SSO session run AWS SSO // login with the corresponding profile. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/static_provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/static_provider.go index d525cac0960..a469abdb790 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/static_provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/static_provider.go @@ -22,6 +22,16 @@ func (*StaticCredentialsEmptyError) Error() string { // never expire. type StaticCredentialsProvider struct { Value aws.Credentials + // These values are for reporting purposes and are not meant to be set up directly + Source []aws.CredentialSource +} + +// ProviderSources returns the credential chain that was used to construct this provider +func (s StaticCredentialsProvider) ProviderSources() []aws.CredentialSource { + if s.Source == nil { + return []aws.CredentialSource{aws.CredentialSourceCode} // If no source has been set, assume this is used directly which means hardcoded creds + } + return s.Source } // NewStaticCredentialsProvider return a StaticCredentialsProvider initialized with the AWS diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go index 4c7f7993f54..1ccf71e77e6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go @@ -247,6 +247,10 @@ type AssumeRoleOptions struct { // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining) // in the IAM User Guide. This parameter is optional. TransitiveTagKeys []string + + // The chain of providers that was used to create this provider + // These values are for reporting purposes and are not meant to be set up directly + CredentialSources []aws.CredentialSource } // NewAssumeRoleProvider constructs and returns a credentials provider that @@ -324,3 +328,11 @@ func (p *AssumeRoleProvider) Retrieve(ctx context.Context) (aws.Credentials, err AccountID: accountID, }, nil } + +// ProviderSources returns the credential chain that was used to construct this provider +func (p *AssumeRoleProvider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceSTSAssumeRole} + } // If no source has been set, assume this is used directly which means just call to assume role + return append(p.options.CredentialSources, aws.CredentialSourceSTSAssumeRole) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go index b4b71970862..e3d4a3cd4c2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go @@ -3,7 +3,7 @@ package stscreds import ( "context" "fmt" - "io/ioutil" + "os" "strconv" "strings" "time" @@ -64,6 +64,10 @@ type WebIdentityRoleOptions struct { // want to use as managed session policies. The policies must exist in the // same account as the role. PolicyARNs []types.PolicyDescriptorType + + // The chain of providers that was used to create this provider + // These values are for reporting purposes and are not meant to be set up directly + CredentialSources []aws.CredentialSource } // IdentityTokenRetriever is an interface for retrieving a JWT @@ -76,7 +80,7 @@ type IdentityTokenFile string // GetIdentityToken retrieves the JWT token from the file and returns the contents as a []byte func (j IdentityTokenFile) GetIdentityToken() ([]byte, error) { - b, err := ioutil.ReadFile(string(j)) + b, err := os.ReadFile(string(j)) if err != nil { return nil, fmt.Errorf("unable to read file at %s: %v", string(j), err) } @@ -167,3 +171,11 @@ func getAccountID(u *types.AssumedRoleUser) string { } return parts[4] } + +// ProviderSources returns the credential chain that was used to construct this provider +func (p *WebIdentityRoleProvider) ProviderSources() []aws.CredentialSource { + if p.options.CredentialSources == nil { + return []aws.CredentialSource{aws.CredentialSourceSTSAssumeRoleWebID} + } + return p.options.CredentialSources +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md index 045ceee610a..e17294549fc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md @@ -1,3 +1,193 @@ +# v1.18.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.20 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.18.14 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.13 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.18.12 (2025-10-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.11 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.10 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.9 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.8 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.7 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.6 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.5 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.4 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.3 (2025-08-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.2 (2025-08-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.1 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.0 (2025-07-29) + +* **Feature**: Add config switch `DisableDefaultMaxBackoff` that allows you to disable the default maximum backoff (1 second) for IMDS calls retry attempt + +# v1.17.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.33 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.32 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.31 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.30 (2025-02-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.29 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.28 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.27 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.26 (2025-01-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.25 (2025-01-24) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.16.24 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.23 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.22 (2024-12-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.21 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.20 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.19 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.18 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.17 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.16 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.16.15 (2024-10-04) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.16.14 (2024-09-20) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go index 3f4a10e2c16..a1da93d9d45 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go @@ -75,7 +75,9 @@ func New(options Options, optFns ...func(*Options)) *Client { if options.Retryer == nil { options.Retryer = retry.NewStandard() } - options.Retryer = retry.AddWithMaxBackoffDelay(options.Retryer, 1*time.Second) + if !options.DisableDefaultMaxBackoff { + options.Retryer = retry.AddWithMaxBackoffDelay(options.Retryer, 1*time.Second) + } if options.ClientEnableState == ClientDefaultEnableState { if v := os.Getenv(disableClientEnvVar); strings.EqualFold(v, "true") { @@ -189,6 +191,10 @@ type Options struct { // can disable that behavior with this setting. DisableDefaultTimeout bool + // By default all IMDS client operations enforce a 1-second retry delay at maximum. + // You can disable that behavior with this setting. + DisableDefaultMaxBackoff bool + // provides the caching of API tokens used for operation calls. If unset, // the API token will not be retrieved for the operation. tokenProvider *tokenProvider @@ -220,10 +226,10 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) { } func (c *Client) invokeOperation( - ctx context.Context, opID string, params interface{}, optFns []func(*Options), + ctx context.Context, opID string, params any, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error, ) ( - result interface{}, metadata middleware.Metadata, err error, + result any, metadata middleware.Metadata, err error, ) { stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) options := c.options.Copy() diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go index af58b6bb102..4f8775b2a9d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go @@ -61,7 +61,7 @@ func addGetDynamicDataMiddleware(stack *middleware.Stack, options Options) error buildGetDynamicDataOutput) } -func buildGetDynamicDataPath(params interface{}) (string, error) { +func buildGetDynamicDataPath(params any) (string, error) { p, ok := params.(*GetDynamicDataInput) if !ok { return "", fmt.Errorf("unknown parameter type %T", params) @@ -70,7 +70,7 @@ func buildGetDynamicDataPath(params interface{}) (string, error) { return appendURIPath(getDynamicDataPath, p.Path), nil } -func buildGetDynamicDataOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetDynamicDataOutput(resp *smithyhttp.Response) (any, error) { return &GetDynamicDataOutput{ Content: resp.Body, }, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go index 5111cc90cac..1ce70cb55c1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go @@ -59,11 +59,11 @@ func addGetIAMInfoMiddleware(stack *middleware.Stack, options Options) error { ) } -func buildGetIAMInfoPath(params interface{}) (string, error) { +func buildGetIAMInfoPath(params any) (string, error) { return getIAMInfoPath, nil } -func buildGetIAMInfoOutput(resp *smithyhttp.Response) (v interface{}, err error) { +func buildGetIAMInfoOutput(resp *smithyhttp.Response) (v any, err error) { defer func() { closeErr := resp.Body.Close() if err == nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go index dc8c09edf03..5c454c75da6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go @@ -60,11 +60,11 @@ func addGetInstanceIdentityDocumentMiddleware(stack *middleware.Stack, options O ) } -func buildGetInstanceIdentityDocumentPath(params interface{}) (string, error) { +func buildGetInstanceIdentityDocumentPath(params any) (string, error) { return getInstanceIdentityDocumentPath, nil } -func buildGetInstanceIdentityDocumentOutput(resp *smithyhttp.Response) (v interface{}, err error) { +func buildGetInstanceIdentityDocumentOutput(resp *smithyhttp.Response) (v any, err error) { defer func() { closeErr := resp.Body.Close() if err == nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go index 869bfc9feb9..4a9f7542c75 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go @@ -61,7 +61,7 @@ func addGetMetadataMiddleware(stack *middleware.Stack, options Options) error { buildGetMetadataOutput) } -func buildGetMetadataPath(params interface{}) (string, error) { +func buildGetMetadataPath(params any) (string, error) { p, ok := params.(*GetMetadataInput) if !ok { return "", fmt.Errorf("unknown parameter type %T", params) @@ -70,7 +70,7 @@ func buildGetMetadataPath(params interface{}) (string, error) { return appendURIPath(getMetadataPath, p.Path), nil } -func buildGetMetadataOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetMetadataOutput(resp *smithyhttp.Response) (any, error) { return &GetMetadataOutput{ Content: resp.Body, }, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go index 8c0572bb5c8..3171b45262b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go @@ -51,7 +51,7 @@ func addGetRegionMiddleware(stack *middleware.Stack, options Options) error { ) } -func buildGetRegionOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetRegionOutput(resp *smithyhttp.Response) (any, error) { out, err := buildGetInstanceIdentityDocumentOutput(resp) if err != nil { return nil, err diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go index 1f9ee97a5b7..1d33081b1e3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go @@ -64,11 +64,11 @@ func addGetTokenMiddleware(stack *middleware.Stack, options Options) error { return nil } -func buildGetTokenPath(interface{}) (string, error) { +func buildGetTokenPath(any) (string, error) { return getTokenPath, nil } -func buildGetTokenOutput(resp *smithyhttp.Response) (v interface{}, err error) { +func buildGetTokenOutput(resp *smithyhttp.Response) (v any, err error) { defer func() { closeErr := resp.Body.Close() if err == nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go index 8903697244a..abda6eb0324 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go @@ -50,11 +50,11 @@ func addGetUserDataMiddleware(stack *middleware.Stack, options Options) error { buildGetUserDataOutput) } -func buildGetUserDataPath(params interface{}) (string, error) { +func buildGetUserDataPath(params any) (string, error) { return getUserDataPath, nil } -func buildGetUserDataOutput(resp *smithyhttp.Response) (interface{}, error) { +func buildGetUserDataOutput(resp *smithyhttp.Response) (any, error) { return &GetUserDataOutput{ Content: resp.Body, }, nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go index 3134fabd369..7f59387edc3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go @@ -3,4 +3,4 @@ package imds // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.16.14" +const goModuleVersion = "1.18.23" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go index 90cf4aeb3df..0585f144d00 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "fmt" - "io/ioutil" + "io" "net/url" "path" "time" @@ -18,8 +18,8 @@ import ( func addAPIRequestMiddleware(stack *middleware.Stack, options Options, operation string, - getPath func(interface{}) (string, error), - getOutput func(*smithyhttp.Response) (interface{}, error), + getPath func(any) (string, error), + getOutput func(*smithyhttp.Response) (any, error), ) (err error) { err = addRequestMiddleware(stack, options, "GET", operation, getPath, getOutput) if err != nil { @@ -46,8 +46,8 @@ func addRequestMiddleware(stack *middleware.Stack, options Options, method string, operation string, - getPath func(interface{}) (string, error), - getOutput func(*smithyhttp.Response) (interface{}, error), + getPath func(any) (string, error), + getOutput func(*smithyhttp.Response) (any, error), ) (err error) { err = awsmiddleware.AddSDKAgentKey(awsmiddleware.FeatureMetadata, "ec2-imds")(stack) if err != nil { @@ -120,7 +120,7 @@ func addSetLoggerMiddleware(stack *middleware.Stack, o Options) error { } type serializeRequest struct { - GetPath func(interface{}) (string, error) + GetPath func(any) (string, error) Method string } @@ -150,7 +150,7 @@ func (m *serializeRequest) HandleSerialize( } type deserializeResponse struct { - GetOutput func(*smithyhttp.Response) (interface{}, error) + GetOutput func(*smithyhttp.Response) (any, error) } func (*deserializeResponse) ID() string { @@ -176,11 +176,11 @@ func (m *deserializeResponse) HandleDeserialize( // read the full body so that any operation timeouts cleanup will not race // the body being read. - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return out, metadata, fmt.Errorf("read response body failed, %w", err) } - resp.Body = ioutil.NopCloser(bytes.NewReader(body)) + resp.Body = io.NopCloser(bytes.NewReader(body)) // Anything that's not 200 |< 300 is error if resp.StatusCode < 200 || resp.StatusCode >= 300 { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md index 1def5e2d9fa..0990a4143a7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md @@ -1,3 +1,13 @@ +# v1.4.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.4.21 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go index 548da96016c..05a8d3e7bc1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go @@ -3,4 +3,4 @@ package configsources // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.4.21" +const goModuleVersion = "1.4.23" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md index a2a1c183ffa..49577e3e94c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md @@ -1,3 +1,13 @@ +# v2.7.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v2.7.21 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go index 03a0b8c0380..1e92900a1e8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go @@ -3,4 +3,4 @@ package endpoints // goModuleVersion is the tagged release for this module -const goModuleVersion = "2.7.21" +const goModuleVersion = "2.7.23" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md deleted file mode 100644 index be61098b46d..00000000000 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md +++ /dev/null @@ -1,275 +0,0 @@ -# v1.8.1 (2024-08-15) - -* **Dependency Update**: Bump minimum Go version to 1.21. - -# v1.8.0 (2024-02-13) - -* **Feature**: Bump minimum Go version to 1.20 per our language support policy. - -# v1.7.3 (2024-01-22) - -* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons. - -# v1.7.2 (2023-12-08) - -* **Bug Fix**: Correct loading of [services *] sections into shared config. - -# v1.7.1 (2023-11-16) - -* **Bug Fix**: Fix recognition of trailing comments in shared config properties. # or ; separators that aren't preceded by whitespace at the end of a property value should be considered part of it. - -# v1.7.0 (2023-11-13) - -* **Feature**: Replace the legacy config parser with a modern, less-strict implementation. Parsing failures within a section will now simply ignore the invalid line rather than silently drop the entire section. - -# v1.6.0 (2023-11-09.2) - -* **Feature**: BREAKFIX: In order to support subproperty parsing, invalid property definitions must not be ignored - -# v1.5.2 (2023-11-09) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.5.1 (2023-11-07) - -* **Bug Fix**: Fix subproperty performance regression - -# v1.5.0 (2023-11-01) - -* **Feature**: Adds support for configured endpoints via environment variables and the AWS shared configuration file. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.4.0 (2023-10-31) - -* **Feature**: **BREAKING CHANGE**: Bump minimum go version to 1.19 per the revised [go version support policy](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/). -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.45 (2023-10-12) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.44 (2023-10-06) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.43 (2023-09-22) - -* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0. -* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats. - -# v1.3.42 (2023-08-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.41 (2023-08-18) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.40 (2023-08-17) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.39 (2023-08-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.38 (2023-07-31) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.37 (2023-07-28) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.36 (2023-07-13) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.35 (2023-06-13) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.34 (2023-04-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.33 (2023-04-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.32 (2023-03-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.31 (2023-03-10) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.30 (2023-02-20) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.29 (2023-02-03) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.28 (2022-12-15) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.27 (2022-12-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.26 (2022-10-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.25 (2022-10-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.24 (2022-09-20) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.23 (2022-09-14) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.22 (2022-09-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.21 (2022-08-31) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.20 (2022-08-29) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.19 (2022-08-11) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.18 (2022-08-09) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.17 (2022-08-08) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.16 (2022-08-01) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.15 (2022-07-05) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.14 (2022-06-29) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.13 (2022-06-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.12 (2022-05-17) - -* **Bug Fix**: Removes the fuzz testing files from the module, as they are invalid and not used. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.11 (2022-04-25) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.10 (2022-03-30) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.9 (2022-03-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.8 (2022-03-23) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.7 (2022-03-08) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.6 (2022-02-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.5 (2022-01-28) - -* **Bug Fix**: Fixes the SDK's handling of `duration_sections` in the shared credentials file or specified in multiple shared config and shared credentials files under the same profile. [#1568](https://github.com/aws/aws-sdk-go-v2/pull/1568). Thanks to [Amir Szekely](https://github.com/kichik) for help reproduce this bug. - -# v1.3.4 (2022-01-14) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.3 (2022-01-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.2 (2021-12-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.1 (2021-11-19) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.0 (2021-11-06) - -* **Feature**: The SDK now supports configuration of FIPS and DualStack endpoints using environment variables, shared configuration, or programmatically. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.5 (2021-10-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.4 (2021-10-11) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.3 (2021-09-17) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.2 (2021-08-27) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.1 (2021-08-19) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.0 (2021-08-04) - -* **Feature**: adds error handling for defered close calls -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.1.1 (2021-07-15) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.1.0 (2021-07-01) - -* **Feature**: Support for `:`, `=`, `[`, `]` being present in expression values. - -# v1.0.1 (2021-06-25) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.0.0 (2021-05-20) - -* **Release**: The `github.com/aws/aws-sdk-go-v2/internal/ini` package is now a Go Module. -* **Dependency Update**: Updated to the latest SDK module versions - diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go deleted file mode 100644 index fb06d8dc055..00000000000 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go +++ /dev/null @@ -1,32 +0,0 @@ -package middleware - -import ( - "context" - "sync/atomic" - - "github.com/aws/smithy-go/middleware" -) - -// AddTimeOffsetMiddleware is deprecated. -// -// Deprecated: handled in retry loop. -type AddTimeOffsetMiddleware struct { - Offset *atomic.Int64 -} - -// ID the identifier for AddTimeOffsetMiddleware -func (m *AddTimeOffsetMiddleware) ID() string { return "AddTimeOffsetMiddleware" } - -// HandleBuild is a no-op. -func (m AddTimeOffsetMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) ( - out middleware.BuildOutput, metadata middleware.Metadata, err error, -) { - return next.HandleBuild(ctx, in) -} - -// HandleDeserialize is a no-op. -func (m *AddTimeOffsetMiddleware) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( - out middleware.DeserializeOutput, metadata middleware.Metadata, err error, -) { - return next.HandleDeserialize(ctx, in) -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md index 78d3ad8ba88..e1e3c23a740 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md @@ -1,3 +1,39 @@ +# v1.4.24 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.23 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.22 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.21 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.20 (2026-03-05) + +* **Bug Fix**: Read the correct auth property for SigV4A signing names. + +# v1.4.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.4.16 (2025-12-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go index 581d9d552bd..455cb74e1a5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go @@ -3,4 +3,4 @@ package v4a // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.4.16" +const goModuleVersion = "1.4.24" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go index af4f6abcfa7..c3b689bace2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go @@ -63,7 +63,7 @@ func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, return fmt.Errorf("unexpected identity type: %T", identity) } - name, ok := smithyhttp.GetSigV4SigningName(&props) + name, ok := smithyhttp.GetSigV4ASigningName(&props) if !ok { return fmt.Errorf("sigv4a signing name is required") } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go index f1f6ecc3714..f226bcdced3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go @@ -430,7 +430,7 @@ func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, he var canonicalHeaders strings.Builder n := len(headers) const colon = ':' - for i := 0; i < n; i++ { + for i := range n { if headers[i] == hostHeader { canonicalHeaders.WriteString(hostHeader) canonicalHeaders.WriteRune(colon) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md index 2575357533c..63e5e96900c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/CHANGELOG.md @@ -1,3 +1,49 @@ +# v1.57.3 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.57.2 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.57.1 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.57.0 (2026-03-20) + +* **Feature**: Adding ReplicaArn to ReplicaDescription of a global table replica + +# v1.56.2 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.56.1 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.56.0 (2026-02-23) + +* **Feature**: This change supports the creation of multi-account global tables. It adds one new arguments to UpdateTable, GlobalTableSettingsReplicationMode. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.55.0 (2026-02-03) + +* **Feature**: This change supports the creation of multi-account global tables. It adds two new arguments to CreateTable, GlobalTableSourceArn and GlobalTableSettingsReplicationMode. DescribeTable is also updated to include information about GlobalTableSettingsReplicationMode. + +# v1.54.0 (2026-01-22) + +* **Feature**: Adds additional waiters to Amazon DynamoDB. + +# v1.53.6 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.53.5 (2025-12-09) * No change notes available for this release. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_client.go index 8ddfebeaf5f..fc52e2ecfd4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_client.go @@ -16,7 +16,6 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" ddbcust "github.com/aws/aws-sdk-go-v2/service/dynamodb/internal/customizations" acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding" internalEndpointDiscovery "github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery" @@ -736,10 +735,11 @@ func resolveIdempotencyTokenProvider(o *Options) { o.IdempotencyTokenProvider = smithyrand.NewUUIDIdempotencyToken(cryptorand.Reader) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/dynamodb") + m.ClientSkew = c.timeOffset }) if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err @@ -874,13 +874,6 @@ func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMo return nil } -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchExecuteStatement.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchExecuteStatement.go index 5afc969d373..4c0ee65dda0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchExecuteStatement.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchExecuteStatement.go @@ -118,7 +118,7 @@ func (c *Client) addOperationBatchExecuteStatementMiddlewares(stack *middleware. if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -142,9 +142,6 @@ func (c *Client) addOperationBatchExecuteStatementMiddlewares(stack *middleware. if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchGetItem.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchGetItem.go index 11b0ea5a641..0597a8cca16 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchGetItem.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchGetItem.go @@ -265,7 +265,7 @@ func (c *Client) addOperationBatchGetItemMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -292,9 +292,6 @@ func (c *Client) addOperationBatchGetItemMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchWriteItem.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchWriteItem.go index a21c3691588..91a86850f66 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchWriteItem.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_BatchWriteItem.go @@ -285,7 +285,7 @@ func (c *Client) addOperationBatchWriteItemMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -312,9 +312,6 @@ func (c *Client) addOperationBatchWriteItemMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateBackup.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateBackup.go index fd8eefd66e9..7b2161eaebd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateBackup.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateBackup.go @@ -124,7 +124,7 @@ func (c *Client) addOperationCreateBackupMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -151,9 +151,6 @@ func (c *Client) addOperationCreateBackupMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateGlobalTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateGlobalTable.go index bd2a8829e1a..74179d54deb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateGlobalTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateGlobalTable.go @@ -146,7 +146,7 @@ func (c *Client) addOperationCreateGlobalTableMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -173,9 +173,6 @@ func (c *Client) addOperationCreateGlobalTableMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateTable.go index 1d8a0254b73..050fe1ee8a3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_CreateTable.go @@ -46,55 +46,15 @@ func (c *Client) CreateTable(ctx context.Context, params *CreateTableInput, optF // Represents the input of a CreateTable operation. type CreateTableInput struct { - // An array of attributes that describe the key schema for the table and indexes. - // - // This member is required. - AttributeDefinitions []types.AttributeDefinition - - // Specifies the attributes that make up the primary key for a table or an index. - // The attributes in KeySchema must also be defined in the AttributeDefinitions - // array. For more information, see [Data Model]in the Amazon DynamoDB Developer Guide. - // - // Each KeySchemaElement in the array is composed of: - // - // - AttributeName - The name of this key attribute. - // - // - KeyType - The role that the key attribute will assume: - // - // - HASH - partition key - // - // - RANGE - sort key - // - // The partition key of an item is also known as its hash attribute. The term - // "hash attribute" derives from the DynamoDB usage of an internal hash function to - // evenly distribute data items across partitions, based on their partition key - // values. - // - // The sort key of an item is also known as its range attribute. The term "range - // attribute" derives from the way DynamoDB stores items with the same partition - // key physically close together, in sorted order by the sort key value. - // - // For a simple primary key (partition key), you must provide exactly one element - // with a KeyType of HASH . - // - // For a composite primary key (partition key and sort key), you must provide - // exactly two elements, in this order: The first element must have a KeyType of - // HASH , and the second element must have a KeyType of RANGE . - // - // For more information, see [Working with Tables] in the Amazon DynamoDB Developer Guide. - // - // [Data Model]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html - // [Working with Tables]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#WorkingWithTables.primary.key - // - // This member is required. - KeySchema []types.KeySchemaElement - // The name of the table to create. You can also provide the Amazon Resource Name // (ARN) of the table in this parameter. // // This member is required. TableName *string + // An array of attributes that describe the key schema for the table and indexes. + AttributeDefinitions []types.AttributeDefinition + // Controls how you are charged for read and write throughput and how you manage // capacity. This setting can be changed later. // @@ -119,7 +79,8 @@ type CreateTableInput struct { // - IndexName - The name of the global secondary index. Must be unique only for // this table. // - // - KeySchema - Specifies the key schema for the global secondary index. + // - KeySchema - Specifies the key schema for the global secondary index. Each + // global secondary index supports up to 4 partition keys and up to 4 sort keys. // // - Projection - Specifies attributes that are copied (projected) from the table // into the index. These are in addition to the primary key attributes and index @@ -148,6 +109,52 @@ type CreateTableInput struct { // secondary index, consisting of read and write capacity units. GlobalSecondaryIndexes []types.GlobalSecondaryIndex + // Controls the settings synchronization mode for the global table. For + // multi-account global tables, this parameter is required and the only supported + // value is ENABLED. For same-account global tables, this parameter is set to + // ENABLED_WITH_OVERRIDES. + GlobalTableSettingsReplicationMode types.GlobalTableSettingsReplicationMode + + // The Amazon Resource Name (ARN) of the source table used for the creation of a + // multi-account global table. + GlobalTableSourceArn *string + + // Specifies the attributes that make up the primary key for a table or an index. + // The attributes in KeySchema must also be defined in the AttributeDefinitions + // array. For more information, see [Data Model]in the Amazon DynamoDB Developer Guide. + // + // Each KeySchemaElement in the array is composed of: + // + // - AttributeName - The name of this key attribute. + // + // - KeyType - The role that the key attribute will assume: + // + // - HASH - partition key + // + // - RANGE - sort key + // + // The partition key of an item is also known as its hash attribute. The term + // "hash attribute" derives from the DynamoDB usage of an internal hash function to + // evenly distribute data items across partitions, based on their partition key + // values. + // + // The sort key of an item is also known as its range attribute. The term "range + // attribute" derives from the way DynamoDB stores items with the same partition + // key physically close together, in sorted order by the sort key value. + // + // For a simple primary key (partition key), you must provide exactly one element + // with a KeyType of HASH . + // + // For a composite primary key (partition key and sort key), you must provide + // exactly two elements, in this order: The first element must have a KeyType of + // HASH , and the second element must have a KeyType of RANGE . + // + // For more information, see [Working with Tables] in the Amazon DynamoDB Developer Guide. + // + // [Data Model]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html + // [Working with Tables]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html#WorkingWithTables.primary.key + KeySchema []types.KeySchemaElement + // One or more local secondary indexes (the maximum is 5) to be created on the // table. Each index is scoped to a given partition key value. There is a 10 GB // size limit per partition key value; otherwise, the size of a local secondary @@ -312,7 +319,7 @@ func (c *Client) addOperationCreateTableMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -339,9 +346,6 @@ func (c *Client) addOperationCreateTableMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteBackup.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteBackup.go index 80f1a906013..9f63736a876 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteBackup.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteBackup.go @@ -91,7 +91,7 @@ func (c *Client) addOperationDeleteBackupMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -118,9 +118,6 @@ func (c *Client) addOperationDeleteBackupMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteItem.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteItem.go index b15f0f3edbb..13449481156 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteItem.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteItem.go @@ -287,7 +287,7 @@ func (c *Client) addOperationDeleteItemMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -314,9 +314,6 @@ func (c *Client) addOperationDeleteItemMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteResourcePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteResourcePolicy.go index 6eb78bfabf1..96b881a0ed6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteResourcePolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteResourcePolicy.go @@ -118,7 +118,7 @@ func (c *Client) addOperationDeleteResourcePolicyMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -145,9 +145,6 @@ func (c *Client) addOperationDeleteResourcePolicyMiddlewares(stack *middleware.S if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteTable.go index 4768b497308..42050bd76f7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DeleteTable.go @@ -112,7 +112,7 @@ func (c *Client) addOperationDeleteTableMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -139,9 +139,6 @@ func (c *Client) addOperationDeleteTableMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeBackup.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeBackup.go index 0ba89f0be26..84bad3ef47a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeBackup.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeBackup.go @@ -91,7 +91,7 @@ func (c *Client) addOperationDescribeBackupMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -118,9 +118,6 @@ func (c *Client) addOperationDescribeBackupMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContinuousBackups.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContinuousBackups.go index f82ed62343f..06caca26840 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContinuousBackups.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContinuousBackups.go @@ -107,7 +107,7 @@ func (c *Client) addOperationDescribeContinuousBackupsMiddlewares(stack *middlew if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -134,9 +134,6 @@ func (c *Client) addOperationDescribeContinuousBackupsMiddlewares(stack *middlew if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContributorInsights.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContributorInsights.go index dc54c3dbdf5..1eb97aabc51 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContributorInsights.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeContributorInsights.go @@ -8,7 +8,9 @@ import ( awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" "github.com/aws/smithy-go/middleware" + smithytime "github.com/aws/smithy-go/time" smithyhttp "github.com/aws/smithy-go/transport/http" + smithywaiter "github.com/aws/smithy-go/waiter" "time" ) @@ -129,7 +131,7 @@ func (c *Client) addOperationDescribeContributorInsightsMiddlewares(stack *middl if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -153,9 +155,6 @@ func (c *Client) addOperationDescribeContributorInsightsMiddlewares(stack *middl if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } @@ -204,6 +203,203 @@ func (c *Client) addOperationDescribeContributorInsightsMiddlewares(stack *middl return nil } +// ContributorInsightsEnabledWaiterOptions are waiter options for +// ContributorInsightsEnabledWaiter +type ContributorInsightsEnabledWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + // + // Passing options here is functionally equivalent to passing values to this + // config's ClientOptions field that extend the inner client's APIOptions directly. + APIOptions []func(*middleware.Stack) error + + // Functional options to be passed to all operations invoked by this client. + // + // Function values that modify the inner APIOptions are applied after the waiter + // config's own APIOptions modifiers. + ClientOptions []func(*Options) + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // ContributorInsightsEnabledWaiter will use default minimum delay of 20 seconds. + // Note that MinDelay must resolve to a value lesser than or equal to the MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or + // set to zero, ContributorInsightsEnabledWaiter will use default max delay of 120 + // seconds. Note that MaxDelay must resolve to value greater than or equal to the + // MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. + // + // By default service-modeled logic will populate this option. This option can + // thus be used to define a custom waiter state with fall-back to service-modeled + // waiter state mutators.The function returns an error in case of a failure state. + // In case of retry state, this function returns a bool value of true and nil + // error, while in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeContributorInsightsInput, *DescribeContributorInsightsOutput, error) (bool, error) +} + +// ContributorInsightsEnabledWaiter defines the waiters for +// ContributorInsightsEnabled +type ContributorInsightsEnabledWaiter struct { + client DescribeContributorInsightsAPIClient + + options ContributorInsightsEnabledWaiterOptions +} + +// NewContributorInsightsEnabledWaiter constructs a +// ContributorInsightsEnabledWaiter. +func NewContributorInsightsEnabledWaiter(client DescribeContributorInsightsAPIClient, optFns ...func(*ContributorInsightsEnabledWaiterOptions)) *ContributorInsightsEnabledWaiter { + options := ContributorInsightsEnabledWaiterOptions{} + options.MinDelay = 20 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = contributorInsightsEnabledStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &ContributorInsightsEnabledWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for ContributorInsightsEnabled waiter. The +// maxWaitDur is the maximum wait duration the waiter will wait. The maxWaitDur is +// required and must be greater than zero. +func (w *ContributorInsightsEnabledWaiter) Wait(ctx context.Context, params *DescribeContributorInsightsInput, maxWaitDur time.Duration, optFns ...func(*ContributorInsightsEnabledWaiterOptions)) error { + _, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...) + return err +} + +// WaitForOutput calls the waiter function for ContributorInsightsEnabled waiter +// and returns the output of the successful operation. The maxWaitDur is the +// maximum wait duration the waiter will wait. The maxWaitDur is required and must +// be greater than zero. +func (w *ContributorInsightsEnabledWaiter) WaitForOutput(ctx context.Context, params *DescribeContributorInsightsInput, maxWaitDur time.Duration, optFns ...func(*ContributorInsightsEnabledWaiterOptions)) (*DescribeContributorInsightsOutput, error) { + if maxWaitDur <= 0 { + return nil, fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return nil, fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeContributorInsights(ctx, params, func(o *Options) { + baseOpts := []func(*Options){ + addIsWaiterUserAgent, + } + o.APIOptions = append(o.APIOptions, apiOptions...) + for _, opt := range baseOpts { + opt(o) + } + for _, opt := range options.ClientOptions { + opt(o) + } + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return nil, err + } + if !retryable { + return out, nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return nil, fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return nil, fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return nil, fmt.Errorf("exceeded max wait time for ContributorInsightsEnabled waiter") +} + +func contributorInsightsEnabledStateRetryable(ctx context.Context, input *DescribeContributorInsightsInput, output *DescribeContributorInsightsOutput, err error) (bool, error) { + + if err == nil { + v1 := output.ContributorInsightsStatus + expectedValue := "ENABLED" + var pathValue string + pathValue = string(v1) + if pathValue == expectedValue { + return false, nil + } + } + + if err == nil { + v1 := output.ContributorInsightsStatus + expectedValue := "FAILED" + var pathValue string + pathValue = string(v1) + if pathValue == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + if err != nil { + return false, err + } + return true, nil +} + +// DescribeContributorInsightsAPIClient is a client that implements the +// DescribeContributorInsights operation. +type DescribeContributorInsightsAPIClient interface { + DescribeContributorInsights(context.Context, *DescribeContributorInsightsInput, ...func(*Options)) (*DescribeContributorInsightsOutput, error) +} + +var _ DescribeContributorInsightsAPIClient = (*Client)(nil) + func newServiceMetadataMiddleware_opDescribeContributorInsights(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeEndpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeEndpoints.go index 0818369b911..30e43f8bc71 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeEndpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeEndpoints.go @@ -81,7 +81,7 @@ func (c *Client) addOperationDescribeEndpointsMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -105,9 +105,6 @@ func (c *Client) addOperationDescribeEndpointsMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeExport.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeExport.go index 57fd40aaea1..59be55c3bf2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeExport.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeExport.go @@ -8,7 +8,10 @@ import ( awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" "github.com/aws/smithy-go/middleware" + smithytime "github.com/aws/smithy-go/time" smithyhttp "github.com/aws/smithy-go/transport/http" + smithywaiter "github.com/aws/smithy-go/waiter" + "time" ) // Describes an existing table export. @@ -88,7 +91,7 @@ func (c *Client) addOperationDescribeExportMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -112,9 +115,6 @@ func (c *Client) addOperationDescribeExportMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } @@ -163,6 +163,209 @@ func (c *Client) addOperationDescribeExportMiddlewares(stack *middleware.Stack, return nil } +// ExportCompletedWaiterOptions are waiter options for ExportCompletedWaiter +type ExportCompletedWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + // + // Passing options here is functionally equivalent to passing values to this + // config's ClientOptions field that extend the inner client's APIOptions directly. + APIOptions []func(*middleware.Stack) error + + // Functional options to be passed to all operations invoked by this client. + // + // Function values that modify the inner APIOptions are applied after the waiter + // config's own APIOptions modifiers. + ClientOptions []func(*Options) + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // ExportCompletedWaiter will use default minimum delay of 20 seconds. Note that + // MinDelay must resolve to a value lesser than or equal to the MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or + // set to zero, ExportCompletedWaiter will use default max delay of 120 seconds. + // Note that MaxDelay must resolve to value greater than or equal to the MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. + // + // By default service-modeled logic will populate this option. This option can + // thus be used to define a custom waiter state with fall-back to service-modeled + // waiter state mutators.The function returns an error in case of a failure state. + // In case of retry state, this function returns a bool value of true and nil + // error, while in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeExportInput, *DescribeExportOutput, error) (bool, error) +} + +// ExportCompletedWaiter defines the waiters for ExportCompleted +type ExportCompletedWaiter struct { + client DescribeExportAPIClient + + options ExportCompletedWaiterOptions +} + +// NewExportCompletedWaiter constructs a ExportCompletedWaiter. +func NewExportCompletedWaiter(client DescribeExportAPIClient, optFns ...func(*ExportCompletedWaiterOptions)) *ExportCompletedWaiter { + options := ExportCompletedWaiterOptions{} + options.MinDelay = 20 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = exportCompletedStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &ExportCompletedWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for ExportCompleted waiter. The maxWaitDur is +// the maximum wait duration the waiter will wait. The maxWaitDur is required and +// must be greater than zero. +func (w *ExportCompletedWaiter) Wait(ctx context.Context, params *DescribeExportInput, maxWaitDur time.Duration, optFns ...func(*ExportCompletedWaiterOptions)) error { + _, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...) + return err +} + +// WaitForOutput calls the waiter function for ExportCompleted waiter and returns +// the output of the successful operation. The maxWaitDur is the maximum wait +// duration the waiter will wait. The maxWaitDur is required and must be greater +// than zero. +func (w *ExportCompletedWaiter) WaitForOutput(ctx context.Context, params *DescribeExportInput, maxWaitDur time.Duration, optFns ...func(*ExportCompletedWaiterOptions)) (*DescribeExportOutput, error) { + if maxWaitDur <= 0 { + return nil, fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return nil, fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeExport(ctx, params, func(o *Options) { + baseOpts := []func(*Options){ + addIsWaiterUserAgent, + } + o.APIOptions = append(o.APIOptions, apiOptions...) + for _, opt := range baseOpts { + opt(o) + } + for _, opt := range options.ClientOptions { + opt(o) + } + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return nil, err + } + if !retryable { + return out, nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return nil, fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return nil, fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return nil, fmt.Errorf("exceeded max wait time for ExportCompleted waiter") +} + +func exportCompletedStateRetryable(ctx context.Context, input *DescribeExportInput, output *DescribeExportOutput, err error) (bool, error) { + + if err == nil { + v1 := output.ExportDescription + var v2 types.ExportStatus + if v1 != nil { + v3 := v1.ExportStatus + v2 = v3 + } + expectedValue := "COMPLETED" + var pathValue string + pathValue = string(v2) + if pathValue == expectedValue { + return false, nil + } + } + + if err == nil { + v1 := output.ExportDescription + var v2 types.ExportStatus + if v1 != nil { + v3 := v1.ExportStatus + v2 = v3 + } + expectedValue := "FAILED" + var pathValue string + pathValue = string(v2) + if pathValue == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + if err != nil { + return false, err + } + return true, nil +} + +// DescribeExportAPIClient is a client that implements the DescribeExport +// operation. +type DescribeExportAPIClient interface { + DescribeExport(context.Context, *DescribeExportInput, ...func(*Options)) (*DescribeExportOutput, error) +} + +var _ DescribeExportAPIClient = (*Client)(nil) + func newServiceMetadataMiddleware_opDescribeExport(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTable.go index 4e4a9d1cbd5..fd877c9dce6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTable.go @@ -101,7 +101,7 @@ func (c *Client) addOperationDescribeGlobalTableMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -128,9 +128,6 @@ func (c *Client) addOperationDescribeGlobalTableMiddlewares(stack *middleware.St if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTableSettings.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTableSettings.go index 3408736f217..976ea666ff5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTableSettings.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeGlobalTableSettings.go @@ -104,7 +104,7 @@ func (c *Client) addOperationDescribeGlobalTableSettingsMiddlewares(stack *middl if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -131,9 +131,6 @@ func (c *Client) addOperationDescribeGlobalTableSettingsMiddlewares(stack *middl if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeImport.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeImport.go index def30e72d9e..6a4cfea6978 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeImport.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeImport.go @@ -8,7 +8,10 @@ import ( awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" "github.com/aws/smithy-go/middleware" + smithytime "github.com/aws/smithy-go/time" smithyhttp "github.com/aws/smithy-go/transport/http" + smithywaiter "github.com/aws/smithy-go/waiter" + "time" ) // Represents the properties of the import. @@ -92,7 +95,7 @@ func (c *Client) addOperationDescribeImportMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -116,9 +119,6 @@ func (c *Client) addOperationDescribeImportMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } @@ -167,6 +167,224 @@ func (c *Client) addOperationDescribeImportMiddlewares(stack *middleware.Stack, return nil } +// ImportCompletedWaiterOptions are waiter options for ImportCompletedWaiter +type ImportCompletedWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + // + // Passing options here is functionally equivalent to passing values to this + // config's ClientOptions field that extend the inner client's APIOptions directly. + APIOptions []func(*middleware.Stack) error + + // Functional options to be passed to all operations invoked by this client. + // + // Function values that modify the inner APIOptions are applied after the waiter + // config's own APIOptions modifiers. + ClientOptions []func(*Options) + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // ImportCompletedWaiter will use default minimum delay of 20 seconds. Note that + // MinDelay must resolve to a value lesser than or equal to the MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or + // set to zero, ImportCompletedWaiter will use default max delay of 120 seconds. + // Note that MaxDelay must resolve to value greater than or equal to the MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. + // + // By default service-modeled logic will populate this option. This option can + // thus be used to define a custom waiter state with fall-back to service-modeled + // waiter state mutators.The function returns an error in case of a failure state. + // In case of retry state, this function returns a bool value of true and nil + // error, while in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeImportInput, *DescribeImportOutput, error) (bool, error) +} + +// ImportCompletedWaiter defines the waiters for ImportCompleted +type ImportCompletedWaiter struct { + client DescribeImportAPIClient + + options ImportCompletedWaiterOptions +} + +// NewImportCompletedWaiter constructs a ImportCompletedWaiter. +func NewImportCompletedWaiter(client DescribeImportAPIClient, optFns ...func(*ImportCompletedWaiterOptions)) *ImportCompletedWaiter { + options := ImportCompletedWaiterOptions{} + options.MinDelay = 20 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = importCompletedStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &ImportCompletedWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for ImportCompleted waiter. The maxWaitDur is +// the maximum wait duration the waiter will wait. The maxWaitDur is required and +// must be greater than zero. +func (w *ImportCompletedWaiter) Wait(ctx context.Context, params *DescribeImportInput, maxWaitDur time.Duration, optFns ...func(*ImportCompletedWaiterOptions)) error { + _, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...) + return err +} + +// WaitForOutput calls the waiter function for ImportCompleted waiter and returns +// the output of the successful operation. The maxWaitDur is the maximum wait +// duration the waiter will wait. The maxWaitDur is required and must be greater +// than zero. +func (w *ImportCompletedWaiter) WaitForOutput(ctx context.Context, params *DescribeImportInput, maxWaitDur time.Duration, optFns ...func(*ImportCompletedWaiterOptions)) (*DescribeImportOutput, error) { + if maxWaitDur <= 0 { + return nil, fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return nil, fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeImport(ctx, params, func(o *Options) { + baseOpts := []func(*Options){ + addIsWaiterUserAgent, + } + o.APIOptions = append(o.APIOptions, apiOptions...) + for _, opt := range baseOpts { + opt(o) + } + for _, opt := range options.ClientOptions { + opt(o) + } + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return nil, err + } + if !retryable { + return out, nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return nil, fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return nil, fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return nil, fmt.Errorf("exceeded max wait time for ImportCompleted waiter") +} + +func importCompletedStateRetryable(ctx context.Context, input *DescribeImportInput, output *DescribeImportOutput, err error) (bool, error) { + + if err == nil { + v1 := output.ImportTableDescription + var v2 types.ImportStatus + if v1 != nil { + v3 := v1.ImportStatus + v2 = v3 + } + expectedValue := "COMPLETED" + var pathValue string + pathValue = string(v2) + if pathValue == expectedValue { + return false, nil + } + } + + if err == nil { + v1 := output.ImportTableDescription + var v2 types.ImportStatus + if v1 != nil { + v3 := v1.ImportStatus + v2 = v3 + } + expectedValue := "FAILED" + var pathValue string + pathValue = string(v2) + if pathValue == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + if err == nil { + v1 := output.ImportTableDescription + var v2 types.ImportStatus + if v1 != nil { + v3 := v1.ImportStatus + v2 = v3 + } + expectedValue := "CANCELLED" + var pathValue string + pathValue = string(v2) + if pathValue == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + if err != nil { + return false, err + } + return true, nil +} + +// DescribeImportAPIClient is a client that implements the DescribeImport +// operation. +type DescribeImportAPIClient interface { + DescribeImport(context.Context, *DescribeImportInput, ...func(*Options)) (*DescribeImportOutput, error) +} + +var _ DescribeImportAPIClient = (*Client)(nil) + func newServiceMetadataMiddleware_opDescribeImport(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeKinesisStreamingDestination.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeKinesisStreamingDestination.go index c68f3529fbf..3ec8ba6c570 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeKinesisStreamingDestination.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeKinesisStreamingDestination.go @@ -9,7 +9,11 @@ import ( "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" internalEndpointDiscovery "github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery" "github.com/aws/smithy-go/middleware" + smithytime "github.com/aws/smithy-go/time" smithyhttp "github.com/aws/smithy-go/transport/http" + smithywaiter "github.com/aws/smithy-go/waiter" + "strconv" + "time" ) // Returns information about the status of Kinesis streaming. @@ -93,7 +97,7 @@ func (c *Client) addOperationDescribeKinesisStreamingDestinationMiddlewares(stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -120,9 +124,6 @@ func (c *Client) addOperationDescribeKinesisStreamingDestinationMiddlewares(stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } @@ -171,6 +172,231 @@ func (c *Client) addOperationDescribeKinesisStreamingDestinationMiddlewares(stac return nil } +// KinesisStreamingDestinationActiveWaiterOptions are waiter options for +// KinesisStreamingDestinationActiveWaiter +type KinesisStreamingDestinationActiveWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + // + // Passing options here is functionally equivalent to passing values to this + // config's ClientOptions field that extend the inner client's APIOptions directly. + APIOptions []func(*middleware.Stack) error + + // Functional options to be passed to all operations invoked by this client. + // + // Function values that modify the inner APIOptions are applied after the waiter + // config's own APIOptions modifiers. + ClientOptions []func(*Options) + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // KinesisStreamingDestinationActiveWaiter will use default minimum delay of 20 + // seconds. Note that MinDelay must resolve to a value lesser than or equal to the + // MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or + // set to zero, KinesisStreamingDestinationActiveWaiter will use default max delay + // of 120 seconds. Note that MaxDelay must resolve to value greater than or equal + // to the MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. + // + // By default service-modeled logic will populate this option. This option can + // thus be used to define a custom waiter state with fall-back to service-modeled + // waiter state mutators.The function returns an error in case of a failure state. + // In case of retry state, this function returns a bool value of true and nil + // error, while in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeKinesisStreamingDestinationInput, *DescribeKinesisStreamingDestinationOutput, error) (bool, error) +} + +// KinesisStreamingDestinationActiveWaiter defines the waiters for +// KinesisStreamingDestinationActive +type KinesisStreamingDestinationActiveWaiter struct { + client DescribeKinesisStreamingDestinationAPIClient + + options KinesisStreamingDestinationActiveWaiterOptions +} + +// NewKinesisStreamingDestinationActiveWaiter constructs a +// KinesisStreamingDestinationActiveWaiter. +func NewKinesisStreamingDestinationActiveWaiter(client DescribeKinesisStreamingDestinationAPIClient, optFns ...func(*KinesisStreamingDestinationActiveWaiterOptions)) *KinesisStreamingDestinationActiveWaiter { + options := KinesisStreamingDestinationActiveWaiterOptions{} + options.MinDelay = 20 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = kinesisStreamingDestinationActiveStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &KinesisStreamingDestinationActiveWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for KinesisStreamingDestinationActive waiter. +// The maxWaitDur is the maximum wait duration the waiter will wait. The maxWaitDur +// is required and must be greater than zero. +func (w *KinesisStreamingDestinationActiveWaiter) Wait(ctx context.Context, params *DescribeKinesisStreamingDestinationInput, maxWaitDur time.Duration, optFns ...func(*KinesisStreamingDestinationActiveWaiterOptions)) error { + _, err := w.WaitForOutput(ctx, params, maxWaitDur, optFns...) + return err +} + +// WaitForOutput calls the waiter function for KinesisStreamingDestinationActive +// waiter and returns the output of the successful operation. The maxWaitDur is the +// maximum wait duration the waiter will wait. The maxWaitDur is required and must +// be greater than zero. +func (w *KinesisStreamingDestinationActiveWaiter) WaitForOutput(ctx context.Context, params *DescribeKinesisStreamingDestinationInput, maxWaitDur time.Duration, optFns ...func(*KinesisStreamingDestinationActiveWaiterOptions)) (*DescribeKinesisStreamingDestinationOutput, error) { + if maxWaitDur <= 0 { + return nil, fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return nil, fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeKinesisStreamingDestination(ctx, params, func(o *Options) { + baseOpts := []func(*Options){ + addIsWaiterUserAgent, + } + o.APIOptions = append(o.APIOptions, apiOptions...) + for _, opt := range baseOpts { + opt(o) + } + for _, opt := range options.ClientOptions { + opt(o) + } + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return nil, err + } + if !retryable { + return out, nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return nil, fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return nil, fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return nil, fmt.Errorf("exceeded max wait time for KinesisStreamingDestinationActive waiter") +} + +func kinesisStreamingDestinationActiveStateRetryable(ctx context.Context, input *DescribeKinesisStreamingDestinationInput, output *DescribeKinesisStreamingDestinationOutput, err error) (bool, error) { + + if err == nil { + v1 := output.KinesisDataStreamDestinations + var v2 []types.DestinationStatus + for _, v := range v1 { + v3 := v.DestinationStatus + v2 = append(v2, v3) + } + expectedValue := "ACTIVE" + var match bool + for _, v := range v2 { + if string(v) == expectedValue { + match = true + break + } + } + + if match { + return false, nil + } + } + + if err == nil { + v1 := output.KinesisDataStreamDestinations + v2 := len(v1) + v3 := 0 + v4 := int64(v2) > int64(v3) + v5 := output.KinesisDataStreamDestinations + var v6 []types.KinesisDataStreamDestination + for _, v := range v5 { + v7 := v.DestinationStatus + v8 := "DISABLED" + v9 := string(v7) == string(v8) + v10 := v.DestinationStatus + v11 := "ENABLE_FAILED" + v12 := string(v10) == string(v11) + v13 := v9 || v12 + if v13 { + v6 = append(v6, v) + } + } + v14 := len(v6) + v15 := output.KinesisDataStreamDestinations + v16 := len(v15) + v17 := int64(v14) == int64(v16) + v18 := v4 && v17 + expectedValue := "true" + bv, err := strconv.ParseBool(expectedValue) + if err != nil { + return false, fmt.Errorf("error parsing boolean from string %w", err) + } + if v18 == bv { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + if err != nil { + return false, err + } + return true, nil +} + func addOpDescribeKinesisStreamingDestinationDiscoverEndpointMiddleware(stack *middleware.Stack, o Options, c *Client) error { return stack.Finalize.Insert(&internalEndpointDiscovery.DiscoverEndpoint{ Options: []func(*internalEndpointDiscovery.DiscoverEndpointOptions){ @@ -214,6 +440,14 @@ func (c *Client) fetchOpDescribeKinesisStreamingDestinationDiscoverEndpoint(ctx return internalEndpointDiscovery.WeightedAddress{}, nil } +// DescribeKinesisStreamingDestinationAPIClient is a client that implements the +// DescribeKinesisStreamingDestination operation. +type DescribeKinesisStreamingDestinationAPIClient interface { + DescribeKinesisStreamingDestination(context.Context, *DescribeKinesisStreamingDestinationInput, ...func(*Options)) (*DescribeKinesisStreamingDestinationOutput, error) +} + +var _ DescribeKinesisStreamingDestinationAPIClient = (*Client)(nil) + func newServiceMetadataMiddleware_opDescribeKinesisStreamingDestination(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeLimits.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeLimits.go index 2d09b8b1d47..816d0a22e40 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeLimits.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeLimits.go @@ -152,7 +152,7 @@ func (c *Client) addOperationDescribeLimitsMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -179,9 +179,6 @@ func (c *Client) addOperationDescribeLimitsMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTable.go index 291062aa42e..ff466be1a6b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTable.go @@ -103,7 +103,7 @@ func (c *Client) addOperationDescribeTableMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -130,9 +130,6 @@ func (c *Client) addOperationDescribeTableMiddlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTableReplicaAutoScaling.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTableReplicaAutoScaling.go index a5a888718bd..0c257504a02 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTableReplicaAutoScaling.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTableReplicaAutoScaling.go @@ -89,7 +89,7 @@ func (c *Client) addOperationDescribeTableReplicaAutoScalingMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -113,9 +113,6 @@ func (c *Client) addOperationDescribeTableReplicaAutoScalingMiddlewares(stack *m if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTimeToLive.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTimeToLive.go index 834ba374970..a721c806aad 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTimeToLive.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DescribeTimeToLive.go @@ -90,7 +90,7 @@ func (c *Client) addOperationDescribeTimeToLiveMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -117,9 +117,6 @@ func (c *Client) addOperationDescribeTimeToLiveMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DisableKinesisStreamingDestination.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DisableKinesisStreamingDestination.go index 2f5ea263fc3..d9b16f7e248 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DisableKinesisStreamingDestination.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_DisableKinesisStreamingDestination.go @@ -108,7 +108,7 @@ func (c *Client) addOperationDisableKinesisStreamingDestinationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -135,9 +135,6 @@ func (c *Client) addOperationDisableKinesisStreamingDestinationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_EnableKinesisStreamingDestination.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_EnableKinesisStreamingDestination.go index b7cbb83d3bc..7d1ce3032b3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_EnableKinesisStreamingDestination.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_EnableKinesisStreamingDestination.go @@ -110,7 +110,7 @@ func (c *Client) addOperationEnableKinesisStreamingDestinationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -137,9 +137,6 @@ func (c *Client) addOperationEnableKinesisStreamingDestinationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteStatement.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteStatement.go index 419cd10a616..70be0e8177c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteStatement.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteStatement.go @@ -166,7 +166,7 @@ func (c *Client) addOperationExecuteStatementMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -190,9 +190,6 @@ func (c *Client) addOperationExecuteStatementMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteTransaction.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteTransaction.go index 8d33b0c6940..8d61af04a58 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteTransaction.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExecuteTransaction.go @@ -105,7 +105,7 @@ func (c *Client) addOperationExecuteTransactionMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -129,9 +129,6 @@ func (c *Client) addOperationExecuteTransactionMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExportTableToPointInTime.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExportTableToPointInTime.go index 65f7de7f0f9..86ddbaef9b3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExportTableToPointInTime.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ExportTableToPointInTime.go @@ -53,7 +53,7 @@ type ExportTableToPointInTimeInput struct { // // If you submit a request with the same client token but a change in other // parameters within the 8-hour idempotency window, DynamoDB returns an - // ImportConflictException . + // ExportConflictException . ClientToken *string // The format for the exported data. Valid values for ExportFormat are @@ -151,7 +151,7 @@ func (c *Client) addOperationExportTableToPointInTimeMiddlewares(stack *middlewa if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -175,9 +175,6 @@ func (c *Client) addOperationExportTableToPointInTimeMiddlewares(stack *middlewa if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetItem.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetItem.go index 1186c3366a6..36aff61a38a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetItem.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetItem.go @@ -197,7 +197,7 @@ func (c *Client) addOperationGetItemMiddlewares(stack *middleware.Stack, options if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -224,9 +224,6 @@ func (c *Client) addOperationGetItemMiddlewares(stack *middleware.Stack, options if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetResourcePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetResourcePolicy.go index c4b6fb5c68f..8dd6248d542 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetResourcePolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_GetResourcePolicy.go @@ -123,7 +123,7 @@ func (c *Client) addOperationGetResourcePolicyMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -150,9 +150,6 @@ func (c *Client) addOperationGetResourcePolicyMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ImportTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ImportTable.go index e3cbba2674a..58b13766ae8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ImportTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ImportTable.go @@ -129,7 +129,7 @@ func (c *Client) addOperationImportTableMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -153,9 +153,6 @@ func (c *Client) addOperationImportTableMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListBackups.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListBackups.go index 7161f605b25..3c59aa95e8b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListBackups.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListBackups.go @@ -146,7 +146,7 @@ func (c *Client) addOperationListBackupsMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -173,9 +173,6 @@ func (c *Client) addOperationListBackupsMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListContributorInsights.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListContributorInsights.go index dc98ea16573..f3f2bab09d8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListContributorInsights.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListContributorInsights.go @@ -97,7 +97,7 @@ func (c *Client) addOperationListContributorInsightsMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -121,9 +121,6 @@ func (c *Client) addOperationListContributorInsightsMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListExports.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListExports.go index 8bd9e56a037..cfe6f4bbbb7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListExports.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListExports.go @@ -11,7 +11,8 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Lists completed exports within the past 90 days. +// Lists completed exports within the past 90 days, in reverse alphanumeric order +// of ExportArn . func (c *Client) ListExports(ctx context.Context, params *ListExportsInput, optFns ...func(*Options)) (*ListExportsOutput, error) { if params == nil { params = &ListExportsInput{} @@ -98,7 +99,7 @@ func (c *Client) addOperationListExportsMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -122,9 +123,6 @@ func (c *Client) addOperationListExportsMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListGlobalTables.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListGlobalTables.go index ef80d1c6172..f2a89ef4625 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListGlobalTables.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListGlobalTables.go @@ -108,7 +108,7 @@ func (c *Client) addOperationListGlobalTablesMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -135,9 +135,6 @@ func (c *Client) addOperationListGlobalTablesMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListImports.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListImports.go index 77b305d3da5..a3c0677e83b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListImports.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListImports.go @@ -98,7 +98,7 @@ func (c *Client) addOperationListImportsMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -122,9 +122,6 @@ func (c *Client) addOperationListImportsMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTables.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTables.go index 9b5cc6707d0..e981b95b39b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTables.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTables.go @@ -103,7 +103,7 @@ func (c *Client) addOperationListTablesMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -130,9 +130,6 @@ func (c *Client) addOperationListTablesMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTagsOfResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTagsOfResource.go index 0c6deb06341..eaf8002ec81 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTagsOfResource.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_ListTagsOfResource.go @@ -105,7 +105,7 @@ func (c *Client) addOperationListTagsOfResourceMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -132,9 +132,6 @@ func (c *Client) addOperationListTagsOfResourceMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutItem.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutItem.go index 2927b3e8f7a..dd5305dddcc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutItem.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutItem.go @@ -36,6 +36,10 @@ import ( // contain that attribute, the attribute_not_exists function will only succeed if // no matching item exists. // +// To determine whether PutItem overwrote an existing item, use ReturnValues set +// to ALL_OLD . If the response includes the Attributes element, an existing item +// was overwritten. +// // For more information about PutItem , see [Working with Items] in the Amazon DynamoDB Developer // Guide. // @@ -320,7 +324,7 @@ func (c *Client) addOperationPutItemMiddlewares(stack *middleware.Stack, options if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -347,9 +351,6 @@ func (c *Client) addOperationPutItemMiddlewares(stack *middleware.Stack, options if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutResourcePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutResourcePolicy.go index 2ef9ef2757b..599722ce72e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutResourcePolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_PutResourcePolicy.go @@ -147,7 +147,7 @@ func (c *Client) addOperationPutResourcePolicyMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -174,9 +174,6 @@ func (c *Client) addOperationPutResourcePolicyMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Query.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Query.go index 37c934bf499..81bee2d9c9c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Query.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Query.go @@ -489,7 +489,7 @@ func (c *Client) addOperationQueryMiddlewares(stack *middleware.Stack, options O if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -516,9 +516,6 @@ func (c *Client) addOperationQueryMiddlewares(stack *middleware.Stack, options O if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableFromBackup.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableFromBackup.go index 5e3f0fb737a..063a4f8fea6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableFromBackup.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableFromBackup.go @@ -135,7 +135,7 @@ func (c *Client) addOperationRestoreTableFromBackupMiddlewares(stack *middleware if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -162,9 +162,6 @@ func (c *Client) addOperationRestoreTableFromBackupMiddlewares(stack *middleware if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableToPointInTime.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableToPointInTime.go index fef6374a519..b937334d2a7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableToPointInTime.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_RestoreTableToPointInTime.go @@ -167,7 +167,7 @@ func (c *Client) addOperationRestoreTableToPointInTimeMiddlewares(stack *middlew if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -194,9 +194,6 @@ func (c *Client) addOperationRestoreTableToPointInTimeMiddlewares(stack *middlew if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Scan.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Scan.go index cb16c2804f5..c97ad4a9359 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Scan.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_Scan.go @@ -420,7 +420,7 @@ func (c *Client) addOperationScanMiddlewares(stack *middleware.Stack, options Op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -447,9 +447,6 @@ func (c *Client) addOperationScanMiddlewares(stack *middleware.Stack, options Op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TagResource.go index 8d23115e446..0b8830e7744 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TagResource.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TagResource.go @@ -110,7 +110,7 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -137,9 +137,6 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactGetItems.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactGetItems.go index 4a796353b0c..dc32f13815b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactGetItems.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactGetItems.go @@ -140,7 +140,7 @@ func (c *Client) addOperationTransactGetItemsMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -167,9 +167,6 @@ func (c *Client) addOperationTransactGetItemsMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactWriteItems.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactWriteItems.go index 2ec6d35b745..e2d78a2e939 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactWriteItems.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_TransactWriteItems.go @@ -242,7 +242,7 @@ func (c *Client) addOperationTransactWriteItemsMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -269,9 +269,6 @@ func (c *Client) addOperationTransactWriteItemsMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UntagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UntagResource.go index f887ae2575a..d22deea4d00 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UntagResource.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UntagResource.go @@ -108,7 +108,7 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -135,9 +135,6 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContinuousBackups.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContinuousBackups.go index 22112395ede..f4a7311ef5b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContinuousBackups.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContinuousBackups.go @@ -108,7 +108,7 @@ func (c *Client) addOperationUpdateContinuousBackupsMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -135,9 +135,6 @@ func (c *Client) addOperationUpdateContinuousBackupsMiddlewares(stack *middlewar if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContributorInsights.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContributorInsights.go index 62a46fed045..59cf359c050 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContributorInsights.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateContributorInsights.go @@ -118,7 +118,7 @@ func (c *Client) addOperationUpdateContributorInsightsMiddlewares(stack *middlew if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -142,9 +142,6 @@ func (c *Client) addOperationUpdateContributorInsightsMiddlewares(stack *middlew if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTable.go index 20000167cbb..2b20c4c7530 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTable.go @@ -129,7 +129,7 @@ func (c *Client) addOperationUpdateGlobalTableMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -156,9 +156,6 @@ func (c *Client) addOperationUpdateGlobalTableMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTableSettings.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTableSettings.go index 60050aa8c7e..fd333f3fafe 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTableSettings.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateGlobalTableSettings.go @@ -132,7 +132,7 @@ func (c *Client) addOperationUpdateGlobalTableSettingsMiddlewares(stack *middlew if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -159,9 +159,6 @@ func (c *Client) addOperationUpdateGlobalTableSettingsMiddlewares(stack *middlew if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateItem.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateItem.go index 36c44dbc112..3c66e1f4f3f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateItem.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateItem.go @@ -261,8 +261,7 @@ type UpdateItemInput struct { // Both sets must have the same primitive data type. For example, if the existing // data type is a set of strings, the Value must also be a set of strings. // - // The ADD action only supports Number and set data types. In addition, ADD can - // only be used on top-level attributes, not nested attributes. + // The ADD action only supports Number and set data types. // // - DELETE - Deletes an element from a set. // @@ -271,8 +270,7 @@ type UpdateItemInput struct { // action specifies [a,c] , then the final attribute value is [b] . Specifying an // empty set is an error. // - // The DELETE action only supports set data types. In addition, DELETE can only be - // used on top-level attributes, not nested attributes. + // The DELETE action only supports set data types. // // You can have many actions in a single expression, such as the following: SET // a=:value1, b=:value2 DELETE :value3, :value4, :value5 @@ -373,7 +371,7 @@ func (c *Client) addOperationUpdateItemMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -400,9 +398,6 @@ func (c *Client) addOperationUpdateItemMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateKinesisStreamingDestination.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateKinesisStreamingDestination.go index 127c84a2b5b..d1de5a64eb8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateKinesisStreamingDestination.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateKinesisStreamingDestination.go @@ -107,7 +107,7 @@ func (c *Client) addOperationUpdateKinesisStreamingDestinationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -134,9 +134,6 @@ func (c *Client) addOperationUpdateKinesisStreamingDestinationMiddlewares(stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go index 16bec163fc8..a8d94028bf0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTable.go @@ -96,6 +96,18 @@ type UpdateTableInput struct { // [Managing Global Secondary Indexes]: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.OnlineOps.html GlobalSecondaryIndexUpdates []types.GlobalSecondaryIndexUpdate + // Controls the settings replication mode for a global table replica. This + // attribute can be defined using UpdateTable operation only on a regional table + // with values: + // + // - ENABLED : Defines settings replication on a regional table to be used as a + // source table for creating Multi-Account Global Table. + // + // - DISABLED : Remove settings replication on a regional table. Settings + // replication needs to be defined to ENABLED again in order to create a + // Multi-Account Global Table using this table. + GlobalTableSettingsReplicationMode types.GlobalTableSettingsReplicationMode + // A list of witness updates for a MRSC global table. A witness provides a // cost-effective alternative to a full replica in a MRSC global table by // maintaining replicated change data written to global table replicas. You cannot @@ -218,7 +230,7 @@ func (c *Client) addOperationUpdateTableMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -245,9 +257,6 @@ func (c *Client) addOperationUpdateTableMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTableReplicaAutoScaling.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTableReplicaAutoScaling.go index a76d1bd08a3..273160bda8c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTableReplicaAutoScaling.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTableReplicaAutoScaling.go @@ -101,7 +101,7 @@ func (c *Client) addOperationUpdateTableReplicaAutoScalingMiddlewares(stack *mid if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -125,9 +125,6 @@ func (c *Client) addOperationUpdateTableReplicaAutoScalingMiddlewares(stack *mid if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTimeToLive.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTimeToLive.go index 451070a5320..99f89277b69 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTimeToLive.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/api_op_UpdateTimeToLive.go @@ -125,7 +125,7 @@ func (c *Client) addOperationUpdateTimeToLiveMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -152,9 +152,6 @@ func (c *Client) addOperationUpdateTimeToLiveMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/deserializers.go index fdf566c4c51..c80113170c7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/deserializers.go @@ -14387,6 +14387,15 @@ func awsAwsjson10_deserializeDocumentReplicaDescription(v **types.ReplicaDescrip return err } + case "GlobalTableSettingsReplicationMode": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected GlobalTableSettingsReplicationMode to be of type string, got %T instead", value) + } + sv.GlobalTableSettingsReplicationMode = types.GlobalTableSettingsReplicationMode(jtv) + } + case "KMSMasterKeyId": if value != nil { jtv, ok := value.(string) @@ -14415,6 +14424,15 @@ func awsAwsjson10_deserializeDocumentReplicaDescription(v **types.ReplicaDescrip sv.RegionName = ptr.String(jtv) } + case "ReplicaArn": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.ReplicaArn = ptr.String(jtv) + } + case "ReplicaInaccessibleDateTime": if value != nil { switch jtv := value.(type) { @@ -16045,6 +16063,15 @@ func awsAwsjson10_deserializeDocumentTableDescription(v **types.TableDescription return err } + case "GlobalTableSettingsReplicationMode": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected GlobalTableSettingsReplicationMode to be of type string, got %T instead", value) + } + sv.GlobalTableSettingsReplicationMode = types.GlobalTableSettingsReplicationMode(jtv) + } + case "GlobalTableVersion": if value != nil { jtv, ok := value.(string) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/generated.json index 5c4f744ee34..f306b0cb12e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/generated.json @@ -77,7 +77,6 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", "sra_operation_order_test.go", @@ -87,7 +86,7 @@ "types/types_exported_test.go", "validators.go" ], - "go": "1.23", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/dynamodb", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go index a0095b032b6..c238d83c458 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/go_module_metadata.go @@ -3,4 +3,4 @@ package dynamodb // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.53.5" +const goModuleVersion = "1.57.3" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/options.go index 743c048fb08..5db1ed2b917 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/options.go @@ -72,8 +72,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/serializers.go index 366d529669f..5316f9f4abd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/serializers.go @@ -5805,6 +5805,16 @@ func awsAwsjson10_serializeOpDocumentCreateTableInput(v *CreateTableInput, value } } + if len(v.GlobalTableSettingsReplicationMode) > 0 { + ok := object.Key("GlobalTableSettingsReplicationMode") + ok.String(string(v.GlobalTableSettingsReplicationMode)) + } + + if v.GlobalTableSourceArn != nil { + ok := object.Key("GlobalTableSourceArn") + ok.String(*v.GlobalTableSourceArn) + } + if v.KeySchema != nil { ok := object.Key("KeySchema") if err := awsAwsjson10_serializeDocumentKeySchema(v.KeySchema, ok); err != nil { @@ -7338,6 +7348,11 @@ func awsAwsjson10_serializeOpDocumentUpdateTableInput(v *UpdateTableInput, value } } + if len(v.GlobalTableSettingsReplicationMode) > 0 { + ok := object.Key("GlobalTableSettingsReplicationMode") + ok.String(string(v.GlobalTableSettingsReplicationMode)) + } + if v.GlobalTableWitnessUpdates != nil { ok := object.Key("GlobalTableWitnessUpdates") if err := awsAwsjson10_serializeDocumentGlobalTableWitnessGroupUpdateList(v.GlobalTableWitnessUpdates, ok); err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/enums.go index 47d43d57e56..c9beca8696c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/enums.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/enums.go @@ -411,6 +411,28 @@ func (ExportViewType) Values() []ExportViewType { } } +type GlobalTableSettingsReplicationMode string + +// Enum values for GlobalTableSettingsReplicationMode +const ( + GlobalTableSettingsReplicationModeEnabled GlobalTableSettingsReplicationMode = "ENABLED" + GlobalTableSettingsReplicationModeDisabled GlobalTableSettingsReplicationMode = "DISABLED" + GlobalTableSettingsReplicationModeEnabledWithOverrides GlobalTableSettingsReplicationMode = "ENABLED_WITH_OVERRIDES" +) + +// Values returns all known values for GlobalTableSettingsReplicationMode. Note +// that this can be expanded in the future, and so it is only as up to date as the +// client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (GlobalTableSettingsReplicationMode) Values() []GlobalTableSettingsReplicationMode { + return []GlobalTableSettingsReplicationMode{ + "ENABLED", + "DISABLED", + "ENABLED_WITH_OVERRIDES", + } +} + type GlobalTableStatus string // Enum values for GlobalTableStatus diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/errors.go index 45bf62b57d4..3774a406e5f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/errors.go @@ -959,8 +959,7 @@ func (e *ThrottlingException) ErrorFault() smithy.ErrorFault { return smithy.Fau // // - There is a user error, such as an invalid data format. // -// If using Java, DynamoDB lists the cancellation reasons on the -// CancellationReasons property. This property is not set for other languages. +// DynamoDB lists the cancellation reasons on the CancellationReasons property. // Transaction cancellation reasons are ordered in the order of requested items, if // an item has no error it will have None code and Null message. // diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/types.go index ce3801ef9cb..cfcc5041669 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/types/types.go @@ -947,7 +947,8 @@ type CreateGlobalSecondaryIndexAction struct { // This member is required. IndexName *string - // The key schema for the global secondary index. + // The key schema for the global secondary index. Global secondary index supports + // up to 4 partition and up to 4 sort keys. // // This member is required. KeySchema []KeySchemaElement @@ -2622,6 +2623,19 @@ type ReplicaDescription struct { // Replica-specific global secondary index settings. GlobalSecondaryIndexes []ReplicaGlobalSecondaryIndexDescription + // Indicates one of the settings synchronization modes for the global table + // replica: + // + // - ENABLED : Indicates that the settings synchronization mode for the global + // table replica is enabled. + // + // - DISABLED : Indicates that the settings synchronization mode for the global + // table replica is disabled. + // + // - ENABLED_WITH_OVERRIDES : This mode is set by default for a same account + // global table. Indicates that certain global table settings can be overridden. + GlobalTableSettingsReplicationMode GlobalTableSettingsReplicationMode + // The KMS key of the replica that will be used for KMS encryption. KMSMasterKeyId *string @@ -2636,6 +2650,9 @@ type ReplicaDescription struct { // The name of the Region. RegionName *string + // The Amazon Resource Name (ARN) of the global table replica. + ReplicaArn *string + // The time at which the replica was first detected as inaccessible. To determine // cause of inaccessibility check the ReplicaStatus property. ReplicaInaccessibleDateTime *time.Time @@ -3337,6 +3354,18 @@ type TableDescription struct { // returned. GlobalSecondaryIndexes []GlobalSecondaryIndexDescription + // Indicates one of the settings synchronization modes for the global table: + // + // - ENABLED : Indicates that the settings synchronization mode for the global + // table is enabled. + // + // - DISABLED : Indicates that the settings synchronization mode for the global + // table is disabled. + // + // - ENABLED_WITH_OVERRIDES : This mode is set by default for a same account + // global table. Indicates that certain global table settings can be overridden. + GlobalTableSettingsReplicationMode GlobalTableSettingsReplicationMode + // Represents the version of [global tables] in use, if the table is replicated across Amazon Web // Services Regions. // diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/validators.go index 781ef41cf36..cd5187a3076 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/dynamodb/validators.go @@ -2668,9 +2668,7 @@ func validateOpCreateTableInput(v *CreateTableInput) error { return nil } invalidParams := smithy.InvalidParamsError{Context: "CreateTableInput"} - if v.AttributeDefinitions == nil { - invalidParams.Add(smithy.NewErrParamRequired("AttributeDefinitions")) - } else if v.AttributeDefinitions != nil { + if v.AttributeDefinitions != nil { if err := validateAttributeDefinitions(v.AttributeDefinitions); err != nil { invalidParams.AddNested("AttributeDefinitions", err.(smithy.InvalidParamsError)) } @@ -2678,9 +2676,7 @@ func validateOpCreateTableInput(v *CreateTableInput) error { if v.TableName == nil { invalidParams.Add(smithy.NewErrParamRequired("TableName")) } - if v.KeySchema == nil { - invalidParams.Add(smithy.NewErrParamRequired("KeySchema")) - } else if v.KeySchema != nil { + if v.KeySchema != nil { if err := validateKeySchema(v.KeySchema); err != nil { invalidParams.AddNested("KeySchema", err.(smithy.InvalidParamsError)) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md index 6ffbf3fe4ac..cf6c5e09116 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md @@ -1,3 +1,23 @@ +# v1.13.9 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. + +# v1.13.8 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait + +# v1.13.7 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. + +# v1.13.6 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 + +# v1.13.5 (2026-02-23) + +* No change notes available for this release. + # v1.13.4 (2025-12-02) * **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go index 970bb210ec9..e145070706f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go @@ -3,4 +3,4 @@ package acceptencoding // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.4" +const goModuleVersion = "1.13.9" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md index 3b9d0f68496..f3442de4b75 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md @@ -1,3 +1,40 @@ +# v1.9.15 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.9.14 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.9.13 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.9.12 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.9.11 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.9.10 (2026-02-26) + +* **Bug Fix**: Allow sending unkown checksum values if the value is precalculated on the input request + +# v1.9.9 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.9.8 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.9.7 (2025-12-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go index 008265e37ac..7fa714cfb95 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go @@ -3,4 +3,4 @@ package checksum // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.9.7" +const goModuleVersion = "1.9.15" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_add.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_add.go index 274d649fb53..b1a46e58ac5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_add.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_add.go @@ -13,7 +13,7 @@ type InputMiddlewareOptions struct { // // Given the input parameter value, the function must return the algorithm // and true, or false if no algorithm is specified. - GetAlgorithm func(interface{}) (string, bool) + GetAlgorithm func(any) (string, bool) // RequireChecksum indicates whether operation model forces middleware to compute the input payload's checksum. // If RequireChecksum is set to true, checksum will be calculated and RequestChecksumCalculation will be ignored, @@ -111,10 +111,10 @@ type OutputMiddlewareOptions struct { // // Given the input parameter value, the function must return the validation // mode and true, or false if no mode is specified. - GetValidationMode func(interface{}) (string, bool) + GetValidationMode func(any) (string, bool) // SetValidationMode is a function to set the checksum validation mode of input parameters - SetValidationMode func(interface{}, string) + SetValidationMode func(any, string) // ResponseChecksumValidation is the user config to opt-in/out response checksum validation ResponseChecksumValidation aws.ResponseChecksumValidation diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go index 348264bdb25..8ac7f776ee4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_compute_input_checksum.go @@ -108,13 +108,7 @@ func (m *ComputeInputPayloadChecksum) HandleFinalize( out middleware.FinalizeOutput, metadata middleware.Metadata, err error, ) { var checksum string - algorithm, ok, err := getInputAlgorithm(ctx) - if err != nil { - return out, metadata, err - } - if !ok { - return next.HandleFinalize(ctx, in) - } + var algorithm Algorithm req, ok := in.Request.(*smithyhttp.Request) if !ok { @@ -137,13 +131,21 @@ func (m *ComputeInputPayloadChecksum) HandleFinalize( // If any checksum header is already set nothing to do. for header := range req.Header { h := strings.ToUpper(header) - if strings.HasPrefix(h, "X-AMZ-CHECKSUM-") { - algorithm = Algorithm(strings.TrimPrefix(h, "X-AMZ-CHECKSUM-")) + if after, ok0 := strings.CutPrefix(h, "X-AMZ-CHECKSUM-"); ok0 { + algorithm = Algorithm(after) checksum = req.Header.Get(header) return next.HandleFinalize(ctx, in) } } + algorithm, ok, err = getInputAlgorithm(ctx) + if err != nil { + return out, metadata, err + } + if !ok { + return next.HandleFinalize(ctx, in) + } + computePayloadHash := m.EnableComputePayloadHash if v := v4.GetPayloadHash(ctx); v != "" { computePayloadHash = false @@ -263,16 +265,6 @@ func (m *AddInputChecksumTrailer) HandleFinalize( ) ( out middleware.FinalizeOutput, metadata middleware.Metadata, err error, ) { - algorithm, ok, err := getInputAlgorithm(ctx) - if err != nil { - return out, metadata, computeInputTrailingChecksumError{ - Msg: "failed to get algorithm", - Err: err, - } - } else if !ok { - return next.HandleFinalize(ctx, in) - } - if enabled, _ := middleware.GetStackValue(ctx, useTrailer{}).(bool); !enabled { return next.HandleFinalize(ctx, in) } @@ -297,6 +289,16 @@ func (m *AddInputChecksumTrailer) HandleFinalize( } } + algorithm, ok, err := getInputAlgorithm(ctx) + if err != nil { + return out, metadata, computeInputTrailingChecksumError{ + Msg: "failed to get algorithm", + Err: err, + } + } else if !ok { + return next.HandleFinalize(ctx, in) + } + stream := req.GetStream() streamLength, err := getRequestStreamLength(req) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go index 3347e88cceb..1f77b332463 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/middleware_setup_context.go @@ -22,7 +22,7 @@ type SetupInputContext struct { // // Given the input parameter value, the function must return the algorithm // and true, or false if no algorithm is specified. - GetAlgorithm func(interface{}) (string, bool) + GetAlgorithm func(any) (string, bool) // RequireChecksum indicates whether operation model forces middleware to compute the input payload's checksum. // If RequireChecksum is set to true, checksum will be calculated and RequestChecksumCalculation will be ignored, @@ -68,10 +68,10 @@ type setupOutputContext struct { // // Given the input parameter value, the function must return the validation // mode and true, or false if no mode is specified. - GetValidationMode func(interface{}) (string, bool) + GetValidationMode func(any) (string, bool) // SetValidationMode is a function to set the checksum validation mode of input parameters - SetValidationMode func(interface{}, string) + SetValidationMode func(any, string) // ResponseChecksumValidation states user config to opt-in/out checksum validation ResponseChecksumValidation aws.ResponseChecksumValidation diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md index b47d431475d..0ded05824d0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/CHANGELOG.md @@ -1,3 +1,35 @@ +# v1.11.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.11.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.11.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.11.20 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.11.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.11.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.11.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.11.16 (2025-12-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/cache.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/cache.go index 6abd3029c05..3d5be480387 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/cache.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/cache.go @@ -87,7 +87,7 @@ func (c *EndpointCache) deleteRandomKey() bool { atomic.AddInt64(&c.size, -1) found := false - c.endpoints.Range(func(key, value interface{}) bool { + c.endpoints.Range(func(key, value any) bool { found = true c.endpoints.Delete(key) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go index 5e82d122edc..ac43cf12c34 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/go_module_metadata.go @@ -3,4 +3,4 @@ package endpointdiscovery // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.11.16" +const goModuleVersion = "1.11.23" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/middleware.go index c6b073d21fa..7e114709153 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery/middleware.go @@ -17,7 +17,7 @@ type DiscoverEndpointOptions struct { // EndpointResolverUsedForDiscovery is the endpoint resolver used to // resolve an endpoint for discovery api call. - EndpointResolverUsedForDiscovery interface{} + EndpointResolverUsedForDiscovery any // DisableHTTPS will disable tls for endpoint discovery call and // subsequent discovered endpoint if service did not return an diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md index 743183c8df6..96adad52610 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md @@ -1,3 +1,35 @@ +# v1.13.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.20 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.13.16 (2025-12-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go index a8a2e692bfc..5737e9c0c1b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go @@ -3,4 +3,4 @@ package presignedurl // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.16" +const goModuleVersion = "1.13.23" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go index 1e2f5c8122a..8b25d038745 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/middleware.go @@ -14,26 +14,26 @@ import ( // presigned URL. type URLPresigner interface { // PresignURL presigns a URL. - PresignURL(ctx context.Context, srcRegion string, params interface{}) (*v4.PresignedHTTPRequest, error) + PresignURL(ctx context.Context, srcRegion string, params any) (*v4.PresignedHTTPRequest, error) } // ParameterAccessor provides an collection of accessor to for retrieving and // setting the values needed to PresignedURL generation type ParameterAccessor struct { // GetPresignedURL accessor points to a function that retrieves a presigned url if present - GetPresignedURL func(interface{}) (string, bool, error) + GetPresignedURL func(any) (string, bool, error) // GetSourceRegion accessor points to a function that retrieves source region for presigned url - GetSourceRegion func(interface{}) (string, bool, error) + GetSourceRegion func(any) (string, bool, error) // CopyInput accessor points to a function that takes in an input, and returns a copy. - CopyInput func(interface{}) (interface{}, error) + CopyInput func(any) (any, error) // SetDestinationRegion accessor points to a function that sets destination region on api input struct - SetDestinationRegion func(interface{}, string) error + SetDestinationRegion func(any, string) error // SetPresignedURL accessor points to a function that sets presigned url on api input struct - SetPresignedURL func(interface{}, string) error + SetPresignedURL func(any, string) error } // Options provides the set of options needed by the presigned URL middleware. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md index 280be507cbc..329570ad12b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md @@ -1,3 +1,35 @@ +# v1.19.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.21 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.20 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.19.16 (2025-12-08) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn_lookup.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn_lookup.go index b51532085f6..e6588b8ce46 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn_lookup.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/arn_lookup.go @@ -16,7 +16,7 @@ import ( type ARNLookup struct { // GetARNValue takes in a input interface and returns a ptr to string and a bool - GetARNValue func(interface{}) (*string, bool) + GetARNValue func(any) (*string, bool) } // ID for the middleware diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go index 5e955a2fd42..6652be7f295 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go @@ -3,4 +3,4 @@ package s3shared // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.19.16" +const goModuleVersion = "1.19.23" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/response_error.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/response_error.go index 85733624306..94601e9a81d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/response_error.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/response_error.go @@ -28,6 +28,6 @@ func (e *ResponseError) Error() string { // As populates target and returns true if the type of target is a error type that // the ResponseError embeds, (e.g.S3 HTTP ResponseError) -func (e *ResponseError) As(target interface{}) bool { +func (e *ResponseError) As(target any) bool { return errors.As(e.ResponseError, target) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md index 8b3c267ab4d..5e65c3cfab1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md @@ -1,3 +1,70 @@ +# v1.100.1 (2026-04-29) + +* **Bug Fix**: Fix a memory leak in the credential cache used for S3 Express session credentials. +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.100.0 (2026-04-22) + +* **Feature**: This release adds five additional checksum algorithms for S3 data integrity (MD5, SHA-512, XXHash3, XXHash64, XXHash128) and support for S3 Inventory on directory buckets (S3 Express One Zone). + +# v1.99.1 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.99.0 (2026-04-07) + +* **Feature**: Updated list of the valid AWS Region values for the LocationConstraint parameter for general purpose buckets. + +# v1.98.0 (2026-03-31) + +* **Feature**: Add Bucket Metrics configuration support to directory buckets + +# v1.97.3 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.97.2 (2026-03-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.97.1 (2026-03-13) + +* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.97.0 (2026-03-12) + +* **Feature**: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. + +# v1.96.4 (2026-03-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.96.3 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.96.2 (2026-02-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.96.1 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.96.0 (2026-01-28) + +* **Feature**: Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets. + +# v1.95.1 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.95.0 (2025-12-23) * **Feature**: Add additional validation to Outpost bucket names. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go index e5e18d641cd..9263839542b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go @@ -16,7 +16,6 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" "github.com/aws/aws-sdk-go-v2/internal/v4a" acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding" internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum" @@ -25,7 +24,6 @@ import ( s3sharedconfig "github.com/aws/aws-sdk-go-v2/service/internal/s3shared/config" s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -758,10 +756,11 @@ func resolveIdempotencyTokenProvider(o *Options) { o.IdempotencyTokenProvider = smithyrand.NewUUIDIdempotencyToken(cryptorand.Reader) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/s3") + m.ClientSkew = c.timeOffset }) if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err @@ -832,18 +831,6 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } - - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) - } - - return nil -} - type httpSignerV4a interface { SignHTTP(ctx context.Context, credentials v4a.Credentials, r *http.Request, payloadHash, service string, regionSet []string, signingTime time.Time, @@ -864,13 +851,6 @@ func newDefaultV4aSigner(o Options) *v4a.Signer { }) } -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go index 6d7bdbe8f46..41d05d6f540 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go @@ -168,9 +168,8 @@ type AbortMultipartUploadInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -238,7 +237,7 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -265,9 +264,6 @@ func (c *Client) addOperationAbortMultipartUploadMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go index d63e0b0c598..f70ecc8982d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go @@ -238,6 +238,13 @@ type CompleteMultipartUploadInput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit MD5 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // This header can be used as a data integrity check to verify that the data // received is the same data that was originally sent. This header specifies the // Base64 encoded, 160-bit SHA1 digest of the object. For more information, see [Checking object integrity] @@ -254,6 +261,13 @@ type CompleteMultipartUploadInput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 512-bit SHA512 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // This header specifies the checksum type of the object, which determines how // part-level checksums are combined to create an object-level checksum for // multipart objects. You can use this header as a data integrity check to verify @@ -264,6 +278,30 @@ type CompleteMultipartUploadInput struct { // Guide. ChecksumType types.ChecksumType + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit XXHASH128 checksum of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH3 checksum of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH64 checksum of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). @@ -314,9 +352,8 @@ type CompleteMultipartUploadInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -403,6 +440,12 @@ type CompleteMultipartUploadOutput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide] + // . + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only // present if the checksum was uploaded with the object. When you use the API // operation on an object that was uploaded using multipart uploads, this value may @@ -425,6 +468,12 @@ type CompleteMultipartUploadOutput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // The checksum type, which determines how part-level checksums are combined to // create an object-level checksum for multipart objects. You can use this header // as a data integrity check to verify that the checksum type that is received is @@ -434,6 +483,24 @@ type CompleteMultipartUploadOutput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumType types.ChecksumType + // The Base64 encoded, 128-bit XXHASH128 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Entity tag that identifies the newly created object's data. Objects with // different object data will have different entity tags. The entity tag is an // opaque string. The entity tag may or may not be an MD5 digest of the object @@ -521,7 +588,7 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -548,9 +615,6 @@ func (c *Client) addOperationCompleteMultipartUploadMiddlewares(stack *middlewar if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go index 69bc6fe47c8..e7c8a69ec30 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go @@ -90,9 +90,11 @@ import ( // // - If the source object that you want to copy is in a directory bucket, you // must have the s3express:CreateSession permission in the Action element of a -// policy to read the object. By default, the session is in the ReadWrite mode. -// If you want to restrict the access, you can explicitly set the -// s3express:SessionMode condition key to ReadOnly on the copy source bucket. +// policy to read the object. If no session mode is specified, the session will be +// created with the maximum allowable privilege, attempting ReadWrite first, then +// ReadOnly if ReadWrite is not permitted. If you want to explicitly restrict the +// access to be read-only, you can set the s3express:SessionMode condition key to +// ReadOnly on the copy source bucket. // // - If the copy destination is a directory bucket, you must have the // s3express:CreateSession permission in the Action element of a policy to write @@ -584,9 +586,8 @@ type CopyObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -980,7 +981,7 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -1007,9 +1008,6 @@ func (c *Client) addOperationCopyObjectMiddlewares(stack *middleware.Stack, opti if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go index a889220ab18..33508514bc2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go @@ -25,6 +25,18 @@ import ( // There are two types of buckets: general purpose buckets and directory buckets. // For more information about these bucket types, see [Creating, configuring, and working with Amazon S3 buckets]in the Amazon S3 User Guide. // +// General purpose buckets exist in a global namespace, which means that each +// bucket name must be unique across all Amazon Web Services accounts in all the +// Amazon Web Services Regions within a partition. A partition is a grouping of +// Regions. Amazon Web Services currently has four partitions: aws (Standard +// Regions), aws-cn (China Regions), aws-us-gov (Amazon Web Services GovCloud +// (US)), and aws-eusc (European Sovereign Cloud). When you create a general +// purpose bucket, you can choose to create a bucket in the shared global namespace +// or you can choose to create a bucket in your account regional namespace. Your +// account regional namespace is a subdivision of the global namespace that only +// your account can create buckets in. For more information on account regional +// namespaces, see [Namespaces for general purpose buckets]. +// // - General purpose buckets - If you send your CreateBucket request to the // s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. So // the signature calculations in Signature Version 4 must use us-east-1 as the @@ -120,6 +132,7 @@ import ( // [Creating, configuring, and working with Amazon S3 buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html // [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [PutObject]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html +// [Namespaces for general purpose buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html // [DeleteBucket]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html // [CreateBucket]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html // [Virtual hosting of buckets]: https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html @@ -173,6 +186,27 @@ type CreateBucketInput struct { // This functionality is not supported for directory buckets. ACL types.BucketCannedACL + // Specifies the namespace where you want to create your general purpose bucket. + // When you create a general purpose bucket, you can choose to create a bucket in + // the shared global namespace or you can choose to create a bucket in your account + // regional namespace. Your account regional namespace is a subdivision of the + // global namespace that only your account can create buckets in. For more + // information on bucket namespaces, see [Namespaces for general purpose buckets]. + // + // General purpose buckets in your account regional namespace must follow a + // specific naming convention. These buckets consist of a bucket name prefix that + // you create, and a suffix that contains your 12-digit Amazon Web Services Account + // ID, the Amazon Web Services Region code, and ends with -an . Bucket names must + // follow the format bucket-name-prefix-accountId-region-an (for example, + // amzn-s3-demo-bucket-111122223333-us-west-2-an ). For information about bucket + // naming restrictions, see [Account regional namespace naming rules]in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // + // [Account regional namespace naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#account-regional-naming-rules + // [Namespaces for general purpose buckets]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html + BucketNamespace types.BucketNamespace + // The configuration information for the bucket. CreateBucketConfiguration *types.CreateBucketConfiguration @@ -301,7 +335,7 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -328,9 +362,6 @@ func (c *Client) addOperationCreateBucketMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataConfiguration.go index a46a907b853..66a605b0dfe 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataConfiguration.go @@ -160,7 +160,7 @@ func (c *Client) addOperationCreateBucketMetadataConfigurationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -187,9 +187,6 @@ func (c *Client) addOperationCreateBucketMetadataConfigurationMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataTableConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataTableConfiguration.go index 6976b1cefff..a50b8df6ba5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataTableConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucketMetadataTableConfiguration.go @@ -152,7 +152,7 @@ func (c *Client) addOperationCreateBucketMetadataTableConfigurationMiddlewares(s if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -179,9 +179,6 @@ func (c *Client) addOperationCreateBucketMetadataTableConfigurationMiddlewares(s if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go index 3f0f312ab17..776ceb2c5cb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go @@ -621,9 +621,8 @@ type CreateMultipartUploadInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -896,7 +895,7 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware. if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -923,9 +922,6 @@ func (c *Client) addOperationCreateMultipartUploadMiddlewares(stack *middleware. if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go index 3b9f1a5ea3d..65b52a5e9aa 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go @@ -234,11 +234,15 @@ type CreateSessionInput struct { ServerSideEncryption types.ServerSideEncryption // Specifies the mode of the session that will be created, either ReadWrite or - // ReadOnly . By default, a ReadWrite session is created. A ReadWrite session is - // capable of executing all the Zonal endpoint API operations on a directory - // bucket. A ReadOnly session is constrained to execute the following Zonal - // endpoint API operations: GetObject , HeadObject , ListObjectsV2 , - // GetObjectAttributes , ListParts , and ListMultipartUploads . + // ReadOnly . If no session mode is specified, the default behavior attempts to + // create a session with the maximum allowable privilege. It will first attempt to + // create a ReadWrite session, and if that is not allowed by permissions, it will + // attempt to create a ReadOnly session. If neither session type is allowed, the + // request will return an Access Denied error. A ReadWrite session is capable of + // executing all the Zonal endpoint API operations on a directory bucket. A + // ReadOnly session is constrained to execute the following Zonal endpoint API + // operations: GetObject , HeadObject , ListObjectsV2 , GetObjectAttributes , + // ListParts , and ListMultipartUploads . SessionMode types.SessionMode noSmithyDocumentSerde @@ -320,7 +324,7 @@ func (c *Client) addOperationCreateSessionMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -347,9 +351,6 @@ func (c *Client) addOperationCreateSessionMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go index 676ac76be5f..caf071af7dc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go @@ -150,7 +150,7 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -177,9 +177,6 @@ func (c *Client) addOperationDeleteBucketMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go index 9fef769a8e5..bf79ffa0ded 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go @@ -125,7 +125,7 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -152,9 +152,6 @@ func (c *Client) addOperationDeleteBucketAnalyticsConfigurationMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go index aa91cea7e94..618ddae1d73 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go @@ -113,7 +113,7 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -140,9 +140,6 @@ func (c *Client) addOperationDeleteBucketCorsMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go index a7fbc308a49..41551b37655 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go @@ -150,7 +150,7 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -177,9 +177,6 @@ func (c *Client) addOperationDeleteBucketEncryptionMiddlewares(stack *middleware if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go index 2e59d7e551d..6318458492a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go @@ -132,7 +132,7 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -159,9 +159,6 @@ func (c *Client) addOperationDeleteBucketIntelligentTieringConfigurationMiddlewa if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go index 86511bbb247..af1c47aba0f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go @@ -13,18 +13,39 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Deletes an S3 Inventory configuration (identified by the inventory ID) from the // bucket. // -// To use this operation, you must have permissions to perform the +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// +// Permissions To use this operation, you must have permissions to perform the // s3:PutInventoryConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. // +// - General purpose bucket permissions - The s3:PutInventoryConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:PutInventoryConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // For information about the Amazon S3 inventory feature, see [Amazon S3 Inventory]. // +// After deleting a configuration, Amazon S3 might still deliver one additional +// inventory report during a brief transition period while the system processes the +// deletion. +// // Operations related to DeleteBucketInventoryConfiguration include: // // [GetBucketInventoryConfiguration] @@ -37,11 +58,15 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Amazon S3 Inventory]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html // [ListBucketInventoryConfigurations]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html // [PutBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html // [GetBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html func (c *Client) DeleteBucketInventoryConfiguration(ctx context.Context, params *DeleteBucketInventoryConfigurationInput, optFns ...func(*Options)) (*DeleteBucketInventoryConfigurationOutput, error) { if params == nil { @@ -62,6 +87,17 @@ type DeleteBucketInventoryConfigurationInput struct { // The name of the bucket containing the inventory configuration to delete. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -73,6 +109,10 @@ type DeleteBucketInventoryConfigurationInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -125,7 +165,7 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -152,9 +192,6 @@ func (c *Client) addOperationDeleteBucketInventoryConfigurationMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go index e74e538deef..eeb9eb991e1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go @@ -152,7 +152,7 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware. if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -179,9 +179,6 @@ func (c *Client) addOperationDeleteBucketLifecycleMiddlewares(stack *middleware. if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataConfiguration.go index adbaa342e4f..132d9b2faee 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataConfiguration.go @@ -125,7 +125,7 @@ func (c *Client) addOperationDeleteBucketMetadataConfigurationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -152,9 +152,6 @@ func (c *Client) addOperationDeleteBucketMetadataConfigurationMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataTableConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataTableConfiguration.go index 1300dac9dde..fe51b009148 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataTableConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetadataTableConfiguration.go @@ -132,7 +132,7 @@ func (c *Client) addOperationDeleteBucketMetadataTableConfigurationMiddlewares(s if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -159,9 +159,6 @@ func (c *Client) addOperationDeleteBucketMetadataTableConfigurationMiddlewares(s if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go index cd65675d900..0535cad8046 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go @@ -13,17 +13,36 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Deletes a metrics configuration for the Amazon CloudWatch request metrics // (specified by the metrics configuration ID) from the bucket. Note that this // doesn't include the daily storage metrics. // -// To use this operation, you must have permissions to perform the +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// +// Permissions To use this operation, you must have permissions to perform the // s3:PutMetricsConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. // +// - General purpose bucket permissions - The s3:PutMetricsConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:PutMetricsConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to this +// API operation isn't supported. This operation can only be performed by the +// Amazon Web Services account that owns the resource. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // For information about CloudWatch request metrics for Amazon S3, see [Monitoring Metrics with Amazon CloudWatch]. // // The following operations are related to DeleteBucketMetricsConfiguration : @@ -40,12 +59,16 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources // [Monitoring Metrics with Amazon CloudWatch]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html // [GetBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html // [ListBucketMetricsConfigurations]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [PutBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html func (c *Client) DeleteBucketMetricsConfiguration(ctx context.Context, params *DeleteBucketMetricsConfigurationInput, optFns ...func(*Options)) (*DeleteBucketMetricsConfigurationOutput, error) { if params == nil { params = &DeleteBucketMetricsConfigurationInput{} @@ -65,6 +88,17 @@ type DeleteBucketMetricsConfigurationInput struct { // The name of the bucket containing the metrics configuration to delete. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -77,6 +111,10 @@ type DeleteBucketMetricsConfigurationInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -129,7 +167,7 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack * if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -156,9 +194,6 @@ func (c *Client) addOperationDeleteBucketMetricsConfigurationMiddlewares(stack * if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go index eba1b6675d1..d69c1b83cf8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go @@ -110,7 +110,7 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -137,9 +137,6 @@ func (c *Client) addOperationDeleteBucketOwnershipControlsMiddlewares(stack *mid if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go index 4febe901d8f..e4d25e2ed16 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go @@ -162,7 +162,7 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -189,9 +189,6 @@ func (c *Client) addOperationDeleteBucketPolicyMiddlewares(stack *middleware.Sta if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go index 990841f3c74..5c8a8291580 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go @@ -120,7 +120,7 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -147,9 +147,6 @@ func (c *Client) addOperationDeleteBucketReplicationMiddlewares(stack *middlewar if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go index d46c4a1350f..460ae7e667e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go @@ -19,9 +19,6 @@ import ( // (ABAC) is not enabled for the bucket. When you [enable ABAC for a general purpose bucket], you can no longer use this // operation for that bucket and must use [UntagResource]instead. // -// if ABAC is not enabled for the bucket. When you [enable ABAC for a general purpose bucket], you can no longer use this -// operation for that bucket and must use [UntagResource]instead. -// // To use this operation, you must have permission to perform the // s3:PutBucketTagging action. By default, the bucket owner has this permission and // can grant this permission to others. @@ -117,7 +114,7 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -144,9 +141,6 @@ func (c *Client) addOperationDeleteBucketTaggingMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go index 64364835410..9300b3ce54f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go @@ -119,7 +119,7 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -146,9 +146,6 @@ func (c *Client) addOperationDeleteBucketWebsiteMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go index d2c85ff846c..4f8e54f7cbf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go @@ -234,9 +234,8 @@ type DeleteObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -326,7 +325,7 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -353,9 +352,6 @@ func (c *Client) addOperationDeleteObjectMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go index f8a5a185eb0..e2ff27afefa 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go @@ -147,7 +147,7 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -174,9 +174,6 @@ func (c *Client) addOperationDeleteObjectTaggingMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go index 70fa67b9690..0fa0d66bca9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go @@ -205,10 +205,20 @@ type DeleteObjectsInput struct { // // - CRC64NVME // + // - MD5 + // // - SHA1 // // - SHA256 // + // - SHA512 + // + // - XXHASH3 + // + // - XXHASH64 + // + // - XXHASH128 + // // For more information, see [Checking object integrity] in the Amazon S3 User Guide. // // If the individual checksum value you provide through x-amz-checksum-algorithm @@ -248,9 +258,8 @@ type DeleteObjectsInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -325,7 +334,7 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -352,9 +361,6 @@ func (c *Client) addOperationDeleteObjectsMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go index baa8173c426..36b4d8c0e04 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go @@ -119,7 +119,7 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -146,9 +146,6 @@ func (c *Client) addOperationDeletePublicAccessBlockMiddlewares(stack *middlewar if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAbac.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAbac.go index 1d57cd20938..cfcbd034fd7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAbac.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAbac.go @@ -97,7 +97,7 @@ func (c *Client) addOperationGetBucketAbacMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -124,9 +124,6 @@ func (c *Client) addOperationGetBucketAbacMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go index cceb49efd83..50d259f3bcb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go @@ -78,9 +78,8 @@ type GetBucketAccelerateConfigurationInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -150,7 +149,7 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack * if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -177,9 +176,6 @@ func (c *Client) addOperationGetBucketAccelerateConfigurationMiddlewares(stack * if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go index 8c7b449dc1f..dec4bb21394 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go @@ -142,7 +142,7 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -169,9 +169,6 @@ func (c *Client) addOperationGetBucketAclMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go index 83c23dc0e4b..abbb68075db 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go @@ -131,7 +131,7 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -158,9 +158,6 @@ func (c *Client) addOperationGetBucketAnalyticsConfigurationMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go index d46b1a37580..0d0ba169380 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go @@ -141,7 +141,7 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -168,9 +168,6 @@ func (c *Client) addOperationGetBucketCorsMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go index f99e96ca1f3..9b075e58b61 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go @@ -159,7 +159,7 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -186,9 +186,6 @@ func (c *Client) addOperationGetBucketEncryptionMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go index 9ff70f9ab6d..e74e5ed6664 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go @@ -137,7 +137,7 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -164,9 +164,6 @@ func (c *Client) addOperationGetBucketIntelligentTieringConfigurationMiddlewares if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go index 8c39d00548c..592c4dd5ac5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go @@ -14,15 +14,32 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Returns an S3 Inventory configuration (identified by the inventory // configuration ID) from the bucket. // -// To use this operation, you must have permissions to perform the +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// +// Permissions To use this operation, you must have permissions to perform the // s3:GetInventoryConfiguration action. The bucket owner has this permission by -// default and can grant this permission to others. For more information about -// permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. +// default. The bucket owner can grant this permission to others. For more +// information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. +// +// - General purpose bucket permissions - The s3:GetInventoryConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:GetInventoryConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . // // For information about the Amazon S3 inventory feature, see [Amazon S3 Inventory]. // @@ -38,12 +55,16 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Amazon S3 Inventory]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html // [ListBucketInventoryConfigurations]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [DeleteBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html // [PutBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html func (c *Client) GetBucketInventoryConfiguration(ctx context.Context, params *GetBucketInventoryConfigurationInput, optFns ...func(*Options)) (*GetBucketInventoryConfigurationOutput, error) { if params == nil { params = &GetBucketInventoryConfigurationInput{} @@ -63,6 +84,17 @@ type GetBucketInventoryConfigurationInput struct { // The name of the bucket containing the inventory configuration to retrieve. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -74,6 +106,10 @@ type GetBucketInventoryConfigurationInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -130,7 +166,7 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -157,9 +193,6 @@ func (c *Client) addOperationGetBucketInventoryConfigurationMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go index b91ca5ffc07..13e69dd1cb3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go @@ -196,7 +196,7 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -223,9 +223,6 @@ func (c *Client) addOperationGetBucketLifecycleConfigurationMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go index 7b61199a971..6cea653acdc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go @@ -160,7 +160,7 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -190,9 +190,6 @@ func (c *Client) addOperationGetBucketLocationMiddlewares(stack *middleware.Stac if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go index 6387c434cef..11319d78cd7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go @@ -116,7 +116,7 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -143,9 +143,6 @@ func (c *Client) addOperationGetBucketLoggingMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataConfiguration.go index 4585291887b..6b4b91c5f46 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataConfiguration.go @@ -129,7 +129,7 @@ func (c *Client) addOperationGetBucketMetadataConfigurationMiddlewares(stack *mi if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -156,9 +156,6 @@ func (c *Client) addOperationGetBucketMetadataConfigurationMiddlewares(stack *mi if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataTableConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataTableConfiguration.go index dcf5355e110..945642c37f6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataTableConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetadataTableConfiguration.go @@ -137,7 +137,7 @@ func (c *Client) addOperationGetBucketMetadataTableConfigurationMiddlewares(stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -164,9 +164,6 @@ func (c *Client) addOperationGetBucketMetadataTableConfigurationMiddlewares(stac if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go index ea5293f95d0..5b18d0d66a5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go @@ -14,16 +14,35 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Gets a metrics configuration (specified by the metrics configuration ID) from // the bucket. Note that this doesn't include the daily storage metrics. // -// To use this operation, you must have permissions to perform the +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// +// Permissions To use this operation, you must have permissions to perform the // s3:GetMetricsConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. // +// - General purpose bucket permissions - The s3:GetMetricsConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:GetMetricsConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to this +// API operation isn't supported. This operation can only be performed by the +// Amazon Web Services account that owns the resource. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // For information about CloudWatch request metrics for Amazon S3, see [Monitoring Metrics with Amazon CloudWatch]. // // The following operations are related to GetBucketMetricsConfiguration : @@ -40,12 +59,16 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources // [Monitoring Metrics with Amazon CloudWatch]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html // [ListBucketMetricsConfigurations]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [PutBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html // [DeleteBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html func (c *Client) GetBucketMetricsConfiguration(ctx context.Context, params *GetBucketMetricsConfigurationInput, optFns ...func(*Options)) (*GetBucketMetricsConfigurationOutput, error) { if params == nil { params = &GetBucketMetricsConfigurationInput{} @@ -65,6 +88,17 @@ type GetBucketMetricsConfigurationInput struct { // The name of the bucket containing the metrics configuration to retrieve. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -77,6 +111,10 @@ type GetBucketMetricsConfigurationInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -133,7 +171,7 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -160,9 +198,6 @@ func (c *Client) addOperationGetBucketMetricsConfigurationMiddlewares(stack *mid if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go index a651f59c4d7..ed84a57b03c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go @@ -156,7 +156,7 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -183,9 +183,6 @@ func (c *Client) addOperationGetBucketNotificationConfigurationMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go index 1bc4048f8c0..31b8377bd6a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go @@ -126,7 +126,7 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -153,9 +153,6 @@ func (c *Client) addOperationGetBucketOwnershipControlsMiddlewares(stack *middle if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go index ce97110825b..eaefad93037 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go @@ -182,7 +182,7 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -209,9 +209,6 @@ func (c *Client) addOperationGetBucketPolicyMiddlewares(stack *middleware.Stack, if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go index 2edef93bbcb..2ccf9670bdf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go @@ -124,7 +124,7 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware. if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -151,9 +151,6 @@ func (c *Client) addOperationGetBucketPolicyStatusMiddlewares(stack *middleware. if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go index 338fb39b399..666cfae3db4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go @@ -131,7 +131,7 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -158,9 +158,6 @@ func (c *Client) addOperationGetBucketReplicationMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go index 64411ad6b4f..d4136f24319 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go @@ -110,7 +110,7 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -137,9 +137,6 @@ func (c *Client) addOperationGetBucketRequestPaymentMiddlewares(stack *middlewar if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go index c5bb22aac3a..cf95e4e6c9c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go @@ -18,9 +18,6 @@ import ( // // Returns the tag set associated with the general purpose bucket. // -// if ABAC is not enabled for the bucket. When you [enable ABAC for a general purpose bucket], you can no longer use this -// operation for that bucket and must use [ListTagsForResource]instead. -// // To use this operation, you must have permission to perform the // s3:GetBucketTagging action. By default, the bucket owner has this permission and // can grant this permission to others. @@ -42,9 +39,7 @@ import ( // URL encode this value to my%20%20file.txt . // // [PutBucketTagging]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html -// [enable ABAC for a general purpose bucket]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html // [DeleteBucketTagging]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html -// [ListTagsForResource]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListTagsForResource.html func (c *Client) GetBucketTagging(ctx context.Context, params *GetBucketTaggingInput, optFns ...func(*Options)) (*GetBucketTaggingOutput, error) { if params == nil { params = &GetBucketTaggingInput{} @@ -128,7 +123,7 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -155,9 +150,6 @@ func (c *Client) addOperationGetBucketTaggingMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go index 0ea29050667..f0f53cc04a4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go @@ -125,7 +125,7 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -152,9 +152,6 @@ func (c *Client) addOperationGetBucketVersioningMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go index b3ed6e4dc8a..7838fd0f3de 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go @@ -129,7 +129,7 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -156,9 +156,6 @@ func (c *Client) addOperationGetBucketWebsiteMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go index 73a7065ae8b..07a1b5bc87f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go @@ -309,9 +309,8 @@ type GetObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -467,6 +466,12 @@ type GetObjectOutput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide] + // . + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only // present if the checksum was uploaded with the object. For more information, see [Checking object integrity] // in the Amazon S3 User Guide. @@ -481,6 +486,12 @@ type GetObjectOutput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // The checksum type, which determines how part-level checksums are combined to // create an object-level checksum for multipart objects. You can use this header // response to verify that the checksum type that is received is the same checksum @@ -490,6 +501,24 @@ type GetObjectOutput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumType types.ChecksumType + // The Base64 encoded, 128-bit XXHASH128 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Specifies presentational information for the object. ContentDisposition *string @@ -709,7 +738,7 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -733,9 +762,6 @@ func (c *Client) addOperationGetObjectMiddlewares(stack *middleware.Stack, optio if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } @@ -831,7 +857,7 @@ func addGetObjectOutputChecksumMiddlewares(stack *middleware.Stack, options Opti GetValidationMode: getGetObjectRequestValidationModeMember, SetValidationMode: setGetObjectRequestValidationModeMember, ResponseChecksumValidation: options.ResponseChecksumValidation, - ValidationAlgorithms: []string{"CRC64NVME", "CRC32", "CRC32C", "SHA256", "SHA1"}, + ValidationAlgorithms: []string{"CRC64NVME", "CRC32", "CRC32C", "SHA256", "SHA1", "SHA512", "MD5", "XXHASH64", "XXHASH3", "XXHASH128"}, IgnoreMultipartValidation: true, LogValidationSkipped: !options.DisableLogOutputChecksumValidationSkipped, LogMultipartValidationSkipped: !options.DisableLogOutputChecksumValidationSkipped, diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go index ccd04143f89..bcc3307f1e0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go @@ -98,9 +98,8 @@ type GetObjectAclInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -179,7 +178,7 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -206,9 +205,6 @@ func (c *Client) addOperationGetObjectAclMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go index d5102cdfb24..609f1bd18ca 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go @@ -265,9 +265,8 @@ type GetObjectAttributesInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -405,7 +404,7 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -432,9 +431,6 @@ func (c *Client) addOperationGetObjectAttributesMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go index bb1047c5315..323bf44684e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go @@ -78,9 +78,8 @@ type GetObjectLegalHoldInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -144,7 +143,7 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -171,9 +170,6 @@ func (c *Client) addOperationGetObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go index 8be2b56fb82..eb241a994a7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go @@ -123,7 +123,7 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -150,9 +150,6 @@ func (c *Client) addOperationGetObjectLockConfigurationMiddlewares(stack *middle if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go index d11f79926fd..7cffef4bdef 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go @@ -78,9 +78,8 @@ type GetObjectRetentionInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -144,7 +143,7 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -171,9 +170,6 @@ func (c *Client) addOperationGetObjectRetentionMiddlewares(stack *middleware.Sta if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go index 4c51142dc58..242167dfd0a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go @@ -102,9 +102,8 @@ type GetObjectTaggingInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -173,7 +172,7 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -200,9 +199,6 @@ func (c *Client) addOperationGetObjectTaggingMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go index 08ba2dd78b0..586ac8441a1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go @@ -71,9 +71,8 @@ type GetObjectTorrentInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -143,7 +142,7 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -167,9 +166,6 @@ func (c *Client) addOperationGetObjectTorrentMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go index 070e9add500..4dfbafff1ce 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go @@ -137,7 +137,7 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -164,9 +164,6 @@ func (c *Client) addOperationGetPublicAccessBlockMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go index 29e413e143a..7140f3aabf3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go @@ -52,9 +52,11 @@ import ( // information about permissions, see [Managing access permissions to your Amazon S3 resources]in the Amazon S3 User Guide. // // - Directory bucket permissions - You must have the s3express:CreateSession -// permission in the Action element of a policy. By default, the session is in -// the ReadWrite mode. If you want to restrict the access, you can explicitly set -// the s3express:SessionMode condition key to ReadOnly on the bucket. +// permission in the Action element of a policy. If no session mode is specified, +// the session will be created with the maximum allowable privilege, attempting +// ReadWrite first, then ReadOnly if ReadWrite is not permitted. If you want to +// explicitly restrict the access to be read-only, you can set the +// s3express:SessionMode condition key to ReadOnly on the bucket. // // For more information about example bucket policies, see [Example bucket policies for S3 Express One Zone]and [Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone]in the Amazon S3 // @@ -229,7 +231,7 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -256,9 +258,6 @@ func (c *Client) addOperationHeadBucketMiddlewares(stack *middleware.Stack, opti if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go index 1d901913669..876ba6ef671 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go @@ -305,9 +305,8 @@ type HeadObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -414,6 +413,12 @@ type HeadObjectOutput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide] + // . + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only // present if the checksum was uploaded with the object. When you use the API // operation on an object that was uploaded using multipart uploads, this value may @@ -436,6 +441,12 @@ type HeadObjectOutput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // The checksum type, which determines how part-level checksums are combined to // create an object-level checksum for multipart objects. You can use this header // response to verify that the checksum type that is received is the same checksum @@ -445,6 +456,24 @@ type HeadObjectOutput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumType types.ChecksumType + // The Base64 encoded, 128-bit XXHASH128 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the object. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Specifies presentational information for the object. ContentDisposition *string @@ -714,7 +743,7 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -741,9 +770,6 @@ func (c *Client) addOperationHeadObjectMiddlewares(stack *middleware.Stack, opti if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go index dadb149af39..f5cbeeab1eb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go @@ -151,7 +151,7 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -178,9 +178,6 @@ func (c *Client) addOperationListBucketAnalyticsConfigurationsMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go index 3456ca9d475..ac695fc04b8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go @@ -150,7 +150,7 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -177,9 +177,6 @@ func (c *Client) addOperationListBucketIntelligentTieringConfigurationsMiddlewar if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go index e8f72db9dc4..29ea5932015 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go @@ -14,8 +14,6 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Returns a list of S3 Inventory configurations for the bucket. You can have up // to 1,000 inventory configurations per bucket. // @@ -27,11 +25,30 @@ import ( // continue the pagination of the list by passing the value in continuation-token // in the request to GET the next page. // -// To use this operation, you must have permissions to perform the +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// +// Permissions To use this operation, you must have permissions to perform the // s3:GetInventoryConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. // +// - General purpose bucket permissions - The s3:GetInventoryConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:GetInventoryConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // For information about the Amazon S3 inventory feature, see [Amazon S3 Inventory] // // The following operations are related to ListBucketInventoryConfigurations : @@ -46,11 +63,15 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Amazon S3 Inventory]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [DeleteBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html // [PutBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketInventoryConfiguration.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html // [GetBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html func (c *Client) ListBucketInventoryConfigurations(ctx context.Context, params *ListBucketInventoryConfigurationsInput, optFns ...func(*Options)) (*ListBucketInventoryConfigurationsOutput, error) { if params == nil { @@ -71,6 +92,17 @@ type ListBucketInventoryConfigurationsInput struct { // The name of the bucket containing the inventory configurations to retrieve. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -83,6 +115,10 @@ type ListBucketInventoryConfigurationsInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -153,7 +189,7 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -180,9 +216,6 @@ func (c *Client) addOperationListBucketInventoryConfigurationsMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go index 998a7b6845f..4a6121f4b0b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go @@ -10,15 +10,21 @@ import ( s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Lists the metrics configurations for the bucket. The metrics configurations are // only for the request metrics of the bucket and do not provide information on // daily storage metrics. You can have up to 1,000 configurations per bucket. // +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// // This action supports list pagination and does not return more than 100 // configurations at a time. Always check the IsTruncated element in the response. // If there are no more configurations to list, IsTruncated is set to false. If @@ -27,11 +33,25 @@ import ( // continue the pagination of the list by passing the value in continuation-token // in the request to GET the next page. // -// To use this operation, you must have permissions to perform the +// Permissions To use this operation, you must have permissions to perform the // s3:GetMetricsConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. // +// - General purpose bucket permissions - The s3:GetMetricsConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:GetMetricsConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to this +// API operation isn't supported. This operation can only be performed by the +// Amazon Web Services account that owns the resource. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // For more information about metrics configurations and CloudWatch request // metrics, see [Monitoring Metrics with Amazon CloudWatch]. // @@ -47,12 +67,16 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources // [Monitoring Metrics with Amazon CloudWatch]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html // [GetBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [PutBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html // [DeleteBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html func (c *Client) ListBucketMetricsConfigurations(ctx context.Context, params *ListBucketMetricsConfigurationsInput, optFns ...func(*Options)) (*ListBucketMetricsConfigurationsOutput, error) { if params == nil { params = &ListBucketMetricsConfigurationsInput{} @@ -72,6 +96,17 @@ type ListBucketMetricsConfigurationsInput struct { // The name of the bucket containing the metrics configurations to retrieve. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -84,6 +119,10 @@ type ListBucketMetricsConfigurationsInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -92,7 +131,7 @@ type ListBucketMetricsConfigurationsInput struct { func (in *ListBucketMetricsConfigurationsInput) bindEndpointParams(p *EndpointParameters) { p.Bucket = in.Bucket - + p.UseS3ExpressControlEndpoint = ptr.Bool(true) } type ListBucketMetricsConfigurationsOutput struct { @@ -155,7 +194,7 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -182,9 +221,6 @@ func (c *Client) addOperationListBucketMetricsConfigurationsMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go index ce0c5d4e694..ab62cb3f95e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go @@ -150,7 +150,7 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -177,9 +177,6 @@ func (c *Client) addOperationListBucketsMiddlewares(stack *middleware.Stack, opt if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go index 4fcf9258bd1..0f3c39c193f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go @@ -130,7 +130,7 @@ func (c *Client) addOperationListDirectoryBucketsMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -157,9 +157,6 @@ func (c *Client) addOperationListDirectoryBucketsMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go index 0a0cfee7851..675423107d2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go @@ -243,9 +243,8 @@ type ListMultipartUploadsInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -392,7 +391,7 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -419,9 +418,6 @@ func (c *Client) addOperationListMultipartUploadsMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go index ec2ba3123ad..d57b5aa6998 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go @@ -122,9 +122,8 @@ type ListObjectVersionsInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -257,7 +256,7 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -284,9 +283,6 @@ func (c *Client) addOperationListObjectVersionsMiddlewares(stack *middleware.Sta if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go index b524539688c..2fe4b6c2321 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go @@ -281,7 +281,7 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -308,9 +308,6 @@ func (c *Client) addOperationListObjectsMiddlewares(stack *middleware.Stack, opt if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go index f61df6e9ca2..04325f6fc05 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go @@ -375,7 +375,7 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -402,9 +402,6 @@ func (c *Client) addOperationListObjectsV2Middlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go index b26f4dff649..a77445d3e9e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go @@ -173,9 +173,8 @@ type ListPartsInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -355,7 +354,7 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -382,9 +381,6 @@ func (c *Client) addOperationListPartsMiddlewares(stack *middleware.Stack, optio if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAbac.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAbac.go index 6bba5d90b18..fcd69b60079 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAbac.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAbac.go @@ -124,7 +124,7 @@ func (c *Client) addOperationPutBucketAbacMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -151,9 +151,6 @@ func (c *Client) addOperationPutBucketAbacMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go index 6fed987c41b..b1a93c086f5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go @@ -153,7 +153,7 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack * if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -180,9 +180,6 @@ func (c *Client) addOperationPutBucketAccelerateConfigurationMiddlewares(stack * if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go index 25aaf33d482..77a257f1096 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go @@ -310,7 +310,7 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -337,9 +337,6 @@ func (c *Client) addOperationPutBucketAclMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go index 469ad37e1bb..ad39341f65b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go @@ -166,7 +166,7 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -193,9 +193,6 @@ func (c *Client) addOperationPutBucketAnalyticsConfigurationMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go index 65ff2da3307..0cb3ef3e318 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go @@ -175,7 +175,7 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -202,9 +202,6 @@ func (c *Client) addOperationPutBucketCorsMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go index 8a84adbf2db..dab33f3ea75 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go @@ -253,7 +253,7 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -280,9 +280,6 @@ func (c *Client) addOperationPutBucketEncryptionMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go index 715d193d33c..5319a3beddc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go @@ -158,7 +158,7 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -185,9 +185,6 @@ func (c *Client) addOperationPutBucketIntelligentTieringConfigurationMiddlewares if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go index 8138acc84cc..ce0438210b0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go @@ -14,8 +14,6 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // This implementation of the PUT action adds an S3 Inventory configuration // (identified by the inventory ID) to the bucket. You can have up to 1,000 // inventory configurations per bucket. @@ -36,6 +34,13 @@ import ( // to Amazon S3 to write objects to the bucket in the defined location. For an // example policy, see [Granting Permissions for Amazon S3 Inventory and Storage Class Analysis]. // +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// // Permissions To use this operation, you must have permission to perform the // s3:PutInventoryConfiguration action. The bucket owner has this permission by // default and can grant this permission to others. @@ -46,11 +51,23 @@ import ( // the destination bucket can also access all object metadata fields that are // available in the inventory report. // +// - General purpose bucket permissions - The s3:PutInventoryConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:PutInventoryConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// // To restrict access to an inventory report, see [Restricting access to an Amazon S3 Inventory report] in the Amazon S3 User Guide. // For more information about the metadata fields available in S3 Inventory, see [Amazon S3 Inventory lists] // in the Amazon S3 User Guide. For more information about permissions, see [Permissions related to bucket subresource operations]and [Identity and access management in Amazon S3] // in the Amazon S3 User Guide. // +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // PutBucketInventoryConfiguration has the following special errors: // // HTTP 400 Bad Request Error Code: InvalidArgument @@ -79,15 +96,19 @@ import ( // URL encode this value to my%20%20file.txt . // // [Granting Permissions for Amazon S3 Inventory and Storage Class Analysis]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-9 -// [Amazon S3 Inventory]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [ListBucketInventoryConfigurations]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketInventoryConfigurations.html // [S3 Inventory]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html +// [Restricting access to an Amazon S3 Inventory report]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-s3-inventory +// [Amazon S3 Inventory lists]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html +// [GetBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html +// [Amazon S3 Inventory]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html // [Permissions related to bucket subresource operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [DeleteBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketInventoryConfiguration.html // [Identity and access management in Amazon S3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html -// [Restricting access to an Amazon S3 Inventory report]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-10 -// [Amazon S3 Inventory lists]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html#storage-inventory-contents -// [GetBucketInventoryConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketInventoryConfiguration.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html func (c *Client) PutBucketInventoryConfiguration(ctx context.Context, params *PutBucketInventoryConfigurationInput, optFns ...func(*Options)) (*PutBucketInventoryConfigurationOutput, error) { if params == nil { params = &PutBucketInventoryConfigurationInput{} @@ -107,6 +128,17 @@ type PutBucketInventoryConfigurationInput struct { // The name of the bucket where the inventory configuration will be stored. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -123,6 +155,10 @@ type PutBucketInventoryConfigurationInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -175,7 +211,7 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -202,9 +238,6 @@ func (c *Client) addOperationPutBucketInventoryConfigurationMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go index d35367d91fb..d29a5a1aa08 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go @@ -28,10 +28,10 @@ import ( // prefix, which is supported for backward compatibility. For the related API // description, see [PutBucketLifecycle]. // -// Rules Permissions HTTP Host header syntax You specify the lifecycle -// configuration in your request body. The lifecycle configuration is specified as -// XML consisting of one or more rules. An Amazon S3 Lifecycle configuration can -// have up to 1,000 rules. This limit is not adjustable. +// Rules You specify the lifecycle configuration in your request body. The +// lifecycle configuration is specified as XML consisting of one or more rules. An +// Amazon S3 Lifecycle configuration can have up to 1,000 rules. This limit is not +// adjustable. // // Bucket lifecycle configuration supports specifying a lifecycle rule using an // object key name prefix, one or more object tags, object size, or any combination @@ -61,6 +61,7 @@ import ( // // For more information, see [Object Lifecycle Management] and [Lifecycle Configuration Elements]. // +// Permissions // - General purpose bucket permissions - By default, all Amazon S3 resources // are private, including buckets, objects, and related subresources (for example, // lifecycle configuration and website configuration). Only the resource owner @@ -102,7 +103,7 @@ import ( // endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more // information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. // -// Directory buckets - The HTTP Host header syntax is +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is // s3express-control.region.amazonaws.com . // // The following operations are related to PutBucketLifecycleConfiguration : @@ -261,7 +262,7 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -288,9 +289,6 @@ func (c *Client) addOperationPutBucketLifecycleConfigurationMiddlewares(stack *m if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go index 15b3fcc1ab5..64d7f89971c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go @@ -195,7 +195,7 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -222,9 +222,6 @@ func (c *Client) addOperationPutBucketLoggingMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go index 5e1ad6a1e7a..805c6c1ce85 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go @@ -14,19 +14,38 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// This operation is not supported for directory buckets. -// // Sets a metrics configuration (specified by the metrics configuration ID) for // the bucket. You can have up to 1,000 metrics configurations per bucket. If // you're updating an existing metrics configuration, note that this is a full // replacement of the existing metrics configuration. If you don't include the // elements you want to keep, they are erased. // -// To use this operation, you must have permissions to perform the +// Directory buckets - For directory buckets, you must make requests for this API +// operation to the Regional endpoint. These endpoints support path-style requests +// in the format https://s3express-control.region-code.amazonaws.com/bucket-name . +// Virtual-hosted-style requests aren't supported. For more information about +// endpoints in Availability Zones, see [Regional and Zonal endpoints for directory buckets in Availability Zones]in the Amazon S3 User Guide. For more +// information about endpoints in Local Zones, see [Concepts for directory buckets in Local Zones]in the Amazon S3 User Guide. +// +// Permissions To use this operation, you must have permissions to perform the // s3:PutMetricsConfiguration action. The bucket owner has this permission by // default. The bucket owner can grant this permission to others. For more // information about permissions, see [Permissions Related to Bucket Subresource Operations]and [Managing Access Permissions to Your Amazon S3 Resources]. // +// - General purpose bucket permissions - The s3:PutMetricsConfiguration +// permission is required in a policy. For more information about general purpose +// buckets permissions, see [Using Bucket Policies and User Policies]in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, you +// must have the s3express:PutMetricsConfiguration permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to this +// API operation isn't supported. This operation can only be performed by the +// Amazon Web Services account that owns the resource. For more information about +// directory bucket policies and permissions, see [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]in the Amazon S3 User Guide. +// +// HTTP Host header syntax Directory buckets - The HTTP Host header syntax is +// s3express-control.region-code.amazonaws.com . +// // For information about CloudWatch request metrics for Amazon S3, see [Monitoring Metrics with Amazon CloudWatch]. // // The following operations are related to PutBucketMetricsConfiguration : @@ -50,12 +69,16 @@ import ( // if your header value is my file.txt , containing two spaces after my , you must // URL encode this value to my%20%20file.txt . // +// [Concepts for directory buckets in Local Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html // [Permissions Related to Bucket Subresource Operations]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources // [Monitoring Metrics with Amazon CloudWatch]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html // [GetBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html // [ListBucketMetricsConfigurations]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html +// [Using Bucket Policies and User Policies]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html // [DeleteBucketMetricsConfiguration]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html // [Managing Access Permissions to Your Amazon S3 Resources]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html +// [Regional and Zonal endpoints for directory buckets in Availability Zones]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html +// [Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html func (c *Client) PutBucketMetricsConfiguration(ctx context.Context, params *PutBucketMetricsConfigurationInput, optFns ...func(*Options)) (*PutBucketMetricsConfigurationOutput, error) { if params == nil { params = &PutBucketMetricsConfigurationInput{} @@ -75,6 +98,17 @@ type PutBucketMetricsConfigurationInput struct { // The name of the bucket for which the metrics configuration is set. // + // Directory buckets - When you use this operation with a directory bucket, you + // must use path-style requests in the format + // https://s3express-control.region-code.amazonaws.com/bucket-name . + // Virtual-hosted-style requests aren't supported. Directory bucket names must be + // unique in the chosen Zone (Availability Zone or Local Zone). Bucket names must + // also follow the format bucket-base-name--zone-id--x-s3 (for example, + // DOC-EXAMPLE-BUCKET--usw2-az1--x-s3 ). For information about bucket naming + // restrictions, see [Directory bucket naming rules]in the Amazon S3 User Guide + // + // [Directory bucket naming rules]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html + // // This member is required. Bucket *string @@ -92,6 +126,10 @@ type PutBucketMetricsConfigurationInput struct { // The account ID of the expected bucket owner. If the account ID that you provide // does not match the actual owner of the bucket, the request fails with the HTTP // status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. If + // you specify this header, the request fails with the HTTP status code 501 Not + // Implemented . ExpectedBucketOwner *string noSmithyDocumentSerde @@ -144,7 +182,7 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -171,9 +209,6 @@ func (c *Client) addOperationPutBucketMetricsConfigurationMiddlewares(stack *mid if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go index 5eb942ee891..699d080ecff 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go @@ -158,7 +158,7 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -185,9 +185,6 @@ func (c *Client) addOperationPutBucketNotificationConfigurationMiddlewares(stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go index 3f212720027..158209ac8c9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go @@ -137,7 +137,7 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -164,9 +164,6 @@ func (c *Client) addOperationPutBucketOwnershipControlsMiddlewares(stack *middle if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go index a96c3fb0cab..9577fc7ca8b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go @@ -135,10 +135,20 @@ type PutBucketPolicyInput struct { // // - CRC64NVME // + // - MD5 + // // - SHA1 // // - SHA256 // + // - SHA512 + // + // - XXHASH3 + // + // - XXHASH64 + // + // - XXHASH128 + // // For more information, see [Checking object integrity] in the Amazon S3 User Guide. // // If the individual checksum value you provide through x-amz-checksum-algorithm @@ -225,7 +235,7 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -252,9 +262,6 @@ func (c *Client) addOperationPutBucketPolicyMiddlewares(stack *middleware.Stack, if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go index dc36ec94bfb..e131580b24e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go @@ -193,7 +193,7 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -220,9 +220,6 @@ func (c *Client) addOperationPutBucketReplicationMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go index 25504da9f10..a1e928dd4c3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go @@ -140,7 +140,7 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -167,9 +167,6 @@ func (c *Client) addOperationPutBucketRequestPaymentMiddlewares(stack *middlewar if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go index 50ff2251107..380bfbaab87 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go @@ -177,7 +177,7 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -204,9 +204,6 @@ func (c *Client) addOperationPutBucketTaggingMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go index 1d9154e2e85..624d097afa1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go @@ -183,7 +183,7 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -210,9 +210,6 @@ func (c *Client) addOperationPutBucketVersioningMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go index a558715e8c6..cffa381d68b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go @@ -195,7 +195,7 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -222,9 +222,6 @@ func (c *Client) addOperationPutBucketWebsiteMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go index e25a0c06f73..d0ad31e0d68 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go @@ -124,6 +124,19 @@ import ( // HTTP Host header syntax Directory buckets - The HTTP Host header syntax is // Bucket-name.s3express-zone-id.region-code.amazonaws.com . // +// Errors +// +// - You might receive an InvalidRequest error for several reasons. Depending on +// the reason for the error, you might receive one of the following messages: +// +// - Cannot specify both a write offset value and user-defined object metadata +// for existing objects. +// +// - Checksum Type mismatch occurred, expected checksum Type: sha1, actual +// checksum Type: crc32c. +// +// - Request body cannot be empty when 'write offset' is specified. +// // For more information about related Amazon S3 APIs, see the following: // // [CopyObject] @@ -277,10 +290,20 @@ type PutObjectInput struct { // // - CRC64NVME // + // - MD5 + // // - SHA1 // // - SHA256 // + // - SHA512 + // + // - XXHASH3 + // + // - XXHASH64 + // + // - XXHASH128 + // // For more information, see [Checking object integrity] in the Amazon S3 User Guide. // // If the individual checksum value you provide through x-amz-checksum-algorithm @@ -323,6 +346,13 @@ type PutObjectInput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit MD5 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // This header can be used as a data integrity check to verify that the data // received is the same data that was originally sent. This header specifies the // Base64 encoded, 160-bit SHA1 digest of the object. For more information, see [Checking object integrity] @@ -339,6 +369,37 @@ type PutObjectInput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 512-bit SHA512 digest of the object. For more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit XXHASH128 checksum of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH3 checksum of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH64 checksum of the object. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Specifies presentational information for the object. For more information, see [https://www.rfc-editor.org/rfc/rfc6266#section-4]. // // [https://www.rfc-editor.org/rfc/rfc6266#section-4]: https://www.rfc-editor.org/rfc/rfc6266#section-4 @@ -479,9 +540,8 @@ type PutObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -712,6 +772,13 @@ type PutObjectOutput struct { // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the object. This header is present if + // the object was uploaded with the MD5 checksum algorithm. For more information, + // see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only // present if the checksum was uploaded with the object. When you use the API // operation on an object that was uploaded using multipart uploads, this value may @@ -734,6 +801,13 @@ type PutObjectOutput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the object. This header is present + // if the object was uploaded with the SHA512 checksum algorithm. For more + // information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // This header specifies the checksum type of the object, which determines how // part-level checksums are combined to create an object-level checksum for // multipart objects. For PutObject uploads, the checksum type is always @@ -744,6 +818,27 @@ type PutObjectOutput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumType types.ChecksumType + // The Base64 encoded, 128-bit XXHASH128 checksum of the object. This header is + // present if the object was uploaded with the XXHASH128 checksum algorithm. For + // more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the object. This header is + // present if the object was uploaded with the XXHASH3 checksum algorithm. For + // more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the object. This header is + // present if the object was uploaded with the XXHASH64 checksum algorithm. For + // more information, see [Checking object integrity in the Amazon S3 User Guide]. + // + // [Checking object integrity in the Amazon S3 User Guide]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Entity tag for the uploaded object. // // General purpose buckets - To ensure that data is not corrupted traversing the @@ -869,7 +964,7 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -896,9 +991,6 @@ func (c *Client) addOperationPutObjectMiddlewares(stack *middleware.Stack, optio if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go index a7576d5b58c..595970ba5d5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go @@ -291,9 +291,8 @@ type PutObjectAclInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -366,7 +365,7 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -393,9 +392,6 @@ func (c *Client) addOperationPutObjectAclMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go index 2e68bb518c5..0802b9247d2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go @@ -97,9 +97,8 @@ type PutObjectLegalHoldInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -169,7 +168,7 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -196,9 +195,6 @@ func (c *Client) addOperationPutObjectLegalHoldMiddlewares(stack *middleware.Sta if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go index 9e6969e5d3a..1a54c63d1e7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go @@ -86,9 +86,8 @@ type PutObjectLockConfigurationInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -158,7 +157,7 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -185,9 +184,6 @@ func (c *Client) addOperationPutObjectLockConfigurationMiddlewares(stack *middle if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go index b6718dd3a62..7c8b7a9acaf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go @@ -100,9 +100,8 @@ type PutObjectRetentionInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -176,7 +175,7 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -203,9 +202,6 @@ func (c *Client) addOperationPutObjectRetentionMiddlewares(stack *middleware.Sta if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go index a6838041ec3..f36d5448826 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go @@ -201,7 +201,7 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -228,9 +228,6 @@ func (c *Client) addOperationPutObjectTaggingMiddlewares(stack *middleware.Stack if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go index 95541125933..5a81ef8a6c4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go @@ -159,7 +159,7 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -186,9 +186,6 @@ func (c *Client) addOperationPutPublicAccessBlockMiddlewares(stack *middleware.S if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RenameObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RenameObject.go index a97b8f2974e..ecd6ac49dd0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RenameObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RenameObject.go @@ -206,7 +206,7 @@ func (c *Client) addOperationRenameObjectMiddlewares(stack *middleware.Stack, op if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -233,9 +233,6 @@ func (c *Client) addOperationRenameObjectMiddlewares(stack *middleware.Stack, op if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go index ef5293069e0..a4e5b381814 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go @@ -233,9 +233,8 @@ type RestoreObjectInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -312,7 +311,7 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -339,9 +338,6 @@ func (c *Client) addOperationRestoreObjectMiddlewares(stack *middleware.Stack, o if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go index f9ad31539ae..45196304d21 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go @@ -269,7 +269,7 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -290,9 +290,6 @@ func (c *Client) addOperationSelectObjectContentMiddlewares(stack *middleware.St if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataInventoryTableConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataInventoryTableConfiguration.go index aff76062c1a..612c8c5cc1e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataInventoryTableConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataInventoryTableConfiguration.go @@ -151,7 +151,7 @@ func (c *Client) addOperationUpdateBucketMetadataInventoryTableConfigurationMidd if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -178,9 +178,6 @@ func (c *Client) addOperationUpdateBucketMetadataInventoryTableConfigurationMidd if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataJournalTableConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataJournalTableConfiguration.go index 22f33a8686a..fb5b41cc372 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataJournalTableConfiguration.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateBucketMetadataJournalTableConfiguration.go @@ -133,7 +133,7 @@ func (c *Client) addOperationUpdateBucketMetadataJournalTableConfigurationMiddle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -160,9 +160,6 @@ func (c *Client) addOperationUpdateBucketMetadataJournalTableConfigurationMiddle if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateObjectEncryption.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateObjectEncryption.go new file mode 100644 index 00000000000..5c074f8b927 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UpdateObjectEncryption.go @@ -0,0 +1,432 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package s3 + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + internalChecksum "github.com/aws/aws-sdk-go-v2/service/internal/checksum" + s3cust "github.com/aws/aws-sdk-go-v2/service/s3/internal/customizations" + "github.com/aws/aws-sdk-go-v2/service/s3/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// This operation is not supported for directory buckets or Amazon S3 on Outposts +// buckets. +// +// Updates the server-side encryption type of an existing encrypted object in a +// general purpose bucket. You can use the UpdateObjectEncryption operation to +// change encrypted objects from server-side encryption with Amazon S3 managed keys +// (SSE-S3) to server-side encryption with Key Management Service (KMS) keys +// (SSE-KMS), or to apply S3 Bucket Keys. You can also use the +// UpdateObjectEncryption operation to change the customer-managed KMS key used to +// encrypt your data so that you can comply with custom key-rotation standards. +// +// Using the UpdateObjectEncryption operation, you can atomically update the +// server-side encryption type of an existing object in a general purpose bucket +// without any data movement. The UpdateObjectEncryption operation uses envelope +// encryption to re-encrypt the data key used to encrypt and decrypt your object +// with your newly specified server-side encryption type. In other words, when you +// use the UpdateObjectEncryption operation, your data isn't copied, archived +// objects in the S3 Glacier Flexible Retrieval and S3 Glacier Deep Archive storage +// classes aren't restored, and objects in the S3 Intelligent-Tiering storage class +// aren't moved between tiers. Additionally, the UpdateObjectEncryption operation +// preserves all object metadata properties, including the storage class, creation +// date, last modified date, ETag, and checksum properties. For more information, +// see [Updating server-side encryption for existing objects]in the Amazon S3 User Guide. +// +// By default, all UpdateObjectEncryption requests that specify a customer-managed +// KMS key are restricted to KMS keys that are owned by the bucket owner's Amazon +// Web Services account. If you're using Organizations, you can request the ability +// to use KMS keys owned by other member accounts within your organization by +// contacting Amazon Web Services Support. +// +// Source objects that are unencrypted, or encrypted with either dual-layer +// server-side encryption with KMS keys (DSSE-KMS) or server-side encryption with +// customer-provided keys (SSE-C) aren't supported by this operation. Additionally, +// you cannot specify SSE-S3 encryption as the requested new encryption type +// UpdateObjectEncryption request. +// +// Permissions +// +// - To use the UpdateObjectEncryption operation, you must have the following +// permissions: +// +// - s3:PutObject +// +// - s3:UpdateObjectEncryption +// +// - kms:Encrypt +// +// - kms:Decrypt +// +// - kms:GenerateDataKey +// +// - kms:ReEncrypt* +// +// - If you're using Organizations, to use this operation with customer-managed +// KMS keys from other Amazon Web Services accounts within your organization, you +// must have the organizations:DescribeAccount permission. +// +// Errors +// +// - You might receive an InvalidRequest error for several reasons. Depending on +// the reason for the error, you might receive one of the following messages: +// +// - The UpdateObjectEncryption operation doesn't supported unencrypted source +// objects. Only source objects encrypted with SSE-S3 or SSE-KMS are supported. +// +// - The UpdateObjectEncryption operation doesn't support source objects with the +// encryption type DSSE-KMS or SSE-C. Only source objects encrypted with SSE-S3 or +// SSE-KMS are supported. +// +// - The UpdateObjectEncryption operation doesn't support updating the encryption +// type to DSSE-KMS or SSE-C. Modify the request to specify SSE-KMS for the updated +// encryption type, and then try again. +// +// - Requests that modify an object encryption configuration require Amazon Web +// Services Signature Version 4. Modify the request to use Amazon Web Services +// Signature Version 4, and then try again. +// +// - Requests that modify an object encryption configuration require a valid new +// encryption type. Valid values are SSEKMS . Modify the request to specify +// SSE-KMS for the updated encryption type, and then try again. +// +// - Requests that modify an object's encryption type to SSE-KMS require an +// Amazon Web Services KMS key Amazon Resource Name (ARN). Modify the request to +// specify a KMS key ARN, and then try again. +// +// - Requests that modify an object's encryption type to SSE-KMS require a valid +// Amazon Web Services KMS key Amazon Resource Name (ARN). Confirm that you have a +// correctly formatted KMS key ARN in your request, and then try again. +// +// - The BucketKeyEnabled value isn't valid. Valid values are true or false . +// Modify the request to specify a valid value, and then try again. +// +// - You might receive an AccessDenied error for several reasons. Depending on +// the reason for the error, you might receive one of the following messages: +// +// - The Amazon Web Services KMS key in the request must be owned by the same +// account as the bucket. Modify the request to specify a KMS key from the same +// account, and then try again. +// +// - The bucket owner's account was approved to make UpdateObjectEncryption +// requests that use any Amazon Web Services KMS key in their organization, but the +// bucket owner's account isn't part of an organization in Organizations. Make sure +// that the bucket owner's account and the specified KMS key belong to the same +// organization, and then try again. +// +// - The specified Amazon Web Services KMS key must be from the same +// organization in Organizations as the bucket. Specify a KMS key that belongs to +// the same organization as the bucket, and then try again. +// +// - The encryption type for the specified object can’t be updated because that +// object is protected by S3 Object Lock. If the object has a governance-mode +// retention period or a legal hold, you must first remove the Object Lock status +// on the object before you issue your UpdateObjectEncryption request. You can't +// use the UpdateObjectEncryption operation with objects that have an Object Lock +// compliance mode retention period applied to them. +// +// [Updating server-side encryption for existing objects]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/update-sse-encryption.html +func (c *Client) UpdateObjectEncryption(ctx context.Context, params *UpdateObjectEncryptionInput, optFns ...func(*Options)) (*UpdateObjectEncryptionOutput, error) { + if params == nil { + params = &UpdateObjectEncryptionInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "UpdateObjectEncryption", params, optFns, c.addOperationUpdateObjectEncryptionMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*UpdateObjectEncryptionOutput) + out.ResultMetadata = metadata + return out, nil +} + +type UpdateObjectEncryptionInput struct { + + // The name of the general purpose bucket that contains the specified object key + // name. + // + // When you use this operation with an access point attached to a general purpose + // bucket, you must either provide the alias of the access point in place of the + // bucket name or you must specify the access point Amazon Resource Name (ARN). + // When using the access point ARN, you must direct requests to the access point + // hostname. The access point hostname takes the form + // AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com . When using this + // operation with an access point through the Amazon Web Services SDKs, you provide + // the access point ARN in place of the bucket name. For more information about + // access point ARNs, see [Referencing access points]in the Amazon S3 User Guide. + // + // [Referencing access points]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-naming.html + // + // This member is required. + Bucket *string + + // The key name of the object that you want to update the server-side encryption + // type for. + // + // This member is required. + Key *string + + // The updated server-side encryption type for this object. The + // UpdateObjectEncryption operation supports the SSE-S3 and SSE-KMS encryption + // types. + // + // Valid Values: SSES3 | SSEKMS + // + // This member is required. + ObjectEncryption types.ObjectEncryption + + // Indicates the algorithm used to create the checksum for the object when you + // use an Amazon Web Services SDK. This header doesn't provide any additional + // functionality if you don't use the SDK. When you send this header, there must be + // a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request . For more + // information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // If you provide an individual checksum, Amazon S3 ignores any provided + // ChecksumAlgorithm parameter. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumAlgorithm types.ChecksumAlgorithm + + // The MD5 hash for the request body. For requests made using the Amazon Web + // Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is + // calculated automatically. + ContentMD5 *string + + // The account ID of the expected bucket owner. If the account ID that you + // provide doesn't match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + ExpectedBucketOwner *string + + // Confirms that the requester knows that they will be charged for the request. + // Bucket owners need not specify this parameter in their requests. If either the + // source or destination S3 bucket has Requester Pays enabled, the requester will + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. + // + // [Downloading Objects in Requester Pays Buckets]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html + RequestPayer types.RequestPayer + + // The version ID of the object that you want to update the server-side + // encryption type for. + VersionId *string + + noSmithyDocumentSerde +} + +func (in *UpdateObjectEncryptionInput) bindEndpointParams(p *EndpointParameters) { + + p.Bucket = in.Bucket + +} + +type UpdateObjectEncryptionOutput struct { + + // If present, indicates that the requester was successfully charged for the + // request. For more information, see [Using Requester Pays buckets for storage transfers and usage]in the Amazon Simple Storage Service user + // guide. + // + // This functionality is not supported for directory buckets. + // + // [Using Requester Pays buckets for storage transfers and usage]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html + RequestCharged types.RequestCharged + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationUpdateObjectEncryptionMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsRestxml_serializeOpUpdateObjectEncryption{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestxml_deserializeOpUpdateObjectEncryption{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "UpdateObjectEncryption"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addPutBucketContextMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addIsExpressUserAgent(stack); err != nil { + return err + } + if err = addRequestChecksumMetricsTracking(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpUpdateObjectEncryptionValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opUpdateObjectEncryption(options.Region), middleware.Before); err != nil { + return err + } + if err = addMetadataRetrieverMiddleware(stack); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addUpdateObjectEncryptionInputChecksumMiddlewares(stack, options); err != nil { + return err + } + if err = addUpdateObjectEncryptionUpdateEndpoint(stack, options); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = v4.AddContentSHA256HeaderMiddleware(stack); err != nil { + return err + } + if err = disableAcceptEncodingGzip(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addSerializeImmutableHostnameBucketMiddleware(stack, options); err != nil { + return err + } + if err = s3cust.AddExpressDefaultChecksumMiddleware(stack); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +func (v *UpdateObjectEncryptionInput) bucket() (string, bool) { + if v.Bucket == nil { + return "", false + } + return *v.Bucket, true +} + +func newServiceMetadataMiddleware_opUpdateObjectEncryption(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "UpdateObjectEncryption", + } +} + +// getUpdateObjectEncryptionRequestAlgorithmMember gets the request checksum +// algorithm value provided as input. +func getUpdateObjectEncryptionRequestAlgorithmMember(input interface{}) (string, bool) { + in := input.(*UpdateObjectEncryptionInput) + if len(in.ChecksumAlgorithm) == 0 { + return "", false + } + return string(in.ChecksumAlgorithm), true +} + +func addUpdateObjectEncryptionInputChecksumMiddlewares(stack *middleware.Stack, options Options) error { + return addInputChecksumMiddleware(stack, internalChecksum.InputMiddlewareOptions{ + GetAlgorithm: getUpdateObjectEncryptionRequestAlgorithmMember, + RequireChecksum: true, + RequestChecksumCalculation: options.RequestChecksumCalculation, + EnableTrailingChecksum: false, + EnableComputeSHA256PayloadHash: true, + EnableDecodedContentLengthHeader: true, + }) +} + +// getUpdateObjectEncryptionBucketMember returns a pointer to string denoting a +// provided bucket member valueand a boolean indicating if the input has a modeled +// bucket name, +func getUpdateObjectEncryptionBucketMember(input interface{}) (*string, bool) { + in := input.(*UpdateObjectEncryptionInput) + if in.Bucket == nil { + return nil, false + } + return in.Bucket, true +} +func addUpdateObjectEncryptionUpdateEndpoint(stack *middleware.Stack, options Options) error { + return s3cust.UpdateEndpoint(stack, s3cust.UpdateEndpointOptions{ + Accessor: s3cust.UpdateEndpointParameterAccessor{ + GetBucketFromInput: getUpdateObjectEncryptionBucketMember, + }, + UsePathStyle: options.UsePathStyle, + UseAccelerate: options.UseAccelerate, + SupportsAccelerate: true, + TargetS3ObjectLambda: false, + EndpointResolver: options.EndpointResolver, + EndpointResolverOptions: options.EndpointOptions, + UseARNRegion: options.UseARNRegion, + DisableMultiRegionAccessPoints: options.DisableMultiRegionAccessPoints, + }) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go index f2cfa0e010a..2c31671c480 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go @@ -299,6 +299,14 @@ type UploadPartInput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit MD5 digest of the part. For more information, see [Checking object integrity] in + // the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // This header can be used as a data integrity check to verify that the data // received is the same data that was originally sent. This header specifies the // Base64 encoded, 160-bit SHA1 digest of the object. For more information, see [Checking object integrity] @@ -315,6 +323,38 @@ type UploadPartInput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 512-bit SHA512 digest of the part. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit XXHASH128 checksum of the part. For more information, + // see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH3 checksum of the part. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH64 checksum of the part. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Size of the body in bytes. This parameter is useful when the size of the body // cannot be determined automatically. ContentLength *int64 @@ -334,9 +374,8 @@ type UploadPartInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -381,58 +420,76 @@ type UploadPartOutput struct { // encryption with Key Management Service (KMS) keys (SSE-KMS). BucketKeyEnabled *bool - // The Base64 encoded, 32-bit CRC32 checksum of the object. This checksum is only - // present if the checksum was uploaded with the object. When you use an API - // operation on an object that was uploaded using multipart uploads, this value may - // not be a direct checksum value of the full object. Instead, it's a calculation - // based on the checksum values of each individual part. For more information about - // how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User - // Guide. + // The Base64 encoded, 32-bit CRC32 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. // - // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC32 *string - // The Base64 encoded, 32-bit CRC32C checksum of the object. This checksum is only - // present if the checksum was uploaded with the object. When you use an API - // operation on an object that was uploaded using multipart uploads, this value may - // not be a direct checksum value of the full object. Instead, it's a calculation - // based on the checksum values of each individual part. For more information about - // how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User - // Guide. + // The Base64 encoded, 32-bit CRC32C checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. // - // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC32C *string - // This header can be used as a data integrity check to verify that the data - // received is the same data that was originally sent. This header specifies the - // Base64 encoded, 64-bit CRC64NVME checksum of the part. For more information, - // see [Checking object integrity]in the Amazon S3 User Guide. + // The Base64 encoded, 64-bit CRC64NVME checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string - // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only - // present if the checksum was uploaded with the object. When you use the API - // operation on an object that was uploaded using multipart uploads, this value may - // not be a direct checksum value of the full object. Instead, it's a calculation - // based on the checksum values of each individual part. For more information about - // how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User - // Guide. + // The Base64 encoded, 128-bit MD5 checksum of the part. This will only be present + // if the checksum was provided in the request. For more information, see [Checking object integrity]in the + // Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + + // The Base64 encoded, 160-bit SHA1 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. // - // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA1 *string - // The Base64 encoded, 256-bit SHA256 digest of the object. This checksum is only - // present if the checksum was uploaded with the object. When you use an API - // operation on an object that was uploaded using multipart uploads, this value may - // not be a direct checksum value of the full object. Instead, it's a calculation - // based on the checksum values of each individual part. For more information about - // how checksums are calculated with multipart uploads, see [Checking object integrity]in the Amazon S3 User - // Guide. + // The Base64 encoded, 256-bit SHA256 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. // - // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // The Base64 encoded, 128-bit XXHASH128 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the part. This will only be + // present if the checksum was provided in the request. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Entity tag for the uploaded object. ETag *string @@ -509,7 +566,7 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -536,9 +593,6 @@ func (c *Client) addOperationUploadPartMiddlewares(stack *middleware.Stack, opti if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go index edada5c9ed0..774dec961c3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go @@ -84,9 +84,11 @@ import ( // // - If the source object that you want to copy is in a directory bucket, you // must have the s3express:CreateSession permission in the Action element of a -// policy to read the object. By default, the session is in the ReadWrite mode. -// If you want to restrict the access, you can explicitly set the -// s3express:SessionMode condition key to ReadOnly on the copy source bucket. +// policy to read the object. If no session mode is specified, the session will be +// created with the maximum allowable privilege, attempting ReadWrite first, then +// ReadOnly if ReadWrite is not permitted. If you want to explicitly restrict the +// access to be read-only, you can set the s3express:SessionMode condition key to +// ReadOnly on the copy source bucket. // // - If the copy destination is a directory bucket, you must have the // s3express:CreateSession permission in the Action element of a policy to write @@ -414,9 +416,8 @@ type UploadPartCopyInput struct { // Confirms that the requester knows that they will be charged for the request. // Bucket owners need not specify this parameter in their requests. If either the // source or destination S3 bucket has Requester Pays enabled, the requester will - // pay for corresponding charges to copy the object. For information about - // downloading objects from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User - // Guide. + // pay for the corresponding charges. For information about downloading objects + // from Requester Pays buckets, see [Downloading Objects in Requester Pays Buckets]in the Amazon S3 User Guide. // // This functionality is not supported for directory buckets. // @@ -546,7 +547,7 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -573,9 +574,6 @@ func (c *Client) addOperationUploadPartCopyMiddlewares(stack *middleware.Stack, if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go index 45c3043d1f2..770483d497e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go @@ -147,6 +147,14 @@ type WriteGetObjectResponseInput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit MD5 digest of the part. For more information, see [Checking object integrity] in + // the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // This header can be used as a data integrity check to verify that the data // received is the same data that was originally sent. This specifies the Base64 // encoded, 160-bit SHA1 digest of the object returned by the Object Lambda @@ -175,6 +183,38 @@ type WriteGetObjectResponseInput struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 512-bit SHA512 digest of the part. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 128-bit XXHASH128 checksum of the part. For more information, + // see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH3 checksum of the part. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // This header can be used as a data integrity check to verify that the data + // received is the same data that was originally sent. This header specifies the + // Base64 encoded, 64-bit XXHASH64 checksum of the part. For more information, see [Checking object integrity] + // in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Specifies presentational information for the object. ContentDisposition *string @@ -393,7 +433,7 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware if err = addContentSHA256Header(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -420,9 +460,6 @@ func (c *Client) addOperationWriteGetObjectResponseMiddlewares(stack *middleware if err = addPutBucketContextMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { - return err - } if err = addUserAgentRetryMode(stack, options); err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go index 860af056aa2..a20bfebd17b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucket_context.go @@ -26,7 +26,7 @@ func (m *putBucketContextMiddleware) HandleSerialize( return next.HandleSerialize(ctx, in) } -func (m *putBucketContextMiddleware) bucketFromInput(params interface{}) (string, bool) { +func (m *putBucketContextMiddleware) bucketFromInput(params any) (string, bool) { v, ok := params.(bucketer) if !ok { return "", false diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go index 4e7f7e24e1c..6d12be52493 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/bucketer.go @@ -5,7 +5,7 @@ type bucketer interface { bucket() (string, bool) } -func bucketFromInput(params interface{}) (string, bool) { +func bucketFromInput(params any) (string, bool) { v, ok := params.(bucketer) if !ok { return "", false diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go index 23f271488e0..82efd40ca42 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go @@ -354,6 +354,19 @@ func awsRestxml_deserializeOpDocumentCompleteMultipartUploadOutput(v **CompleteM sv.ChecksumCRC64NVME = ptr.String(xtv) } + case strings.EqualFold("ChecksumMD5", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumMD5 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumSHA1", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -380,6 +393,19 @@ func awsRestxml_deserializeOpDocumentCompleteMultipartUploadOutput(v **CompleteM sv.ChecksumSHA256 = ptr.String(xtv) } + case strings.EqualFold("ChecksumSHA512", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumSHA512 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumType", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -393,6 +419,45 @@ func awsRestxml_deserializeOpDocumentCompleteMultipartUploadOutput(v **CompleteM sv.ChecksumType = types.ChecksumType(xtv) } + case strings.EqualFold("ChecksumXXHASH128", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH128 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH3", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH3 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH64", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH64 = ptr.String(xtv) + } + case strings.EqualFold("ETag", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -6516,6 +6581,11 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res v.ChecksumCRC64NVME = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-md5"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumMD5 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-sha1"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumSHA1 = ptr.String(headerValues[0]) @@ -6526,11 +6596,31 @@ func awsRestxml_deserializeOpHttpBindingsGetObjectOutput(v *GetObjectOutput, res v.ChecksumSHA256 = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-sha512"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumSHA512 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-type"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumType = types.ChecksumType(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-xxhash128"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH128 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash3"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH3 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash64"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH64 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("Content-Disposition"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ContentDisposition = ptr.String(headerValues[0]) @@ -8215,6 +8305,11 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r v.ChecksumCRC64NVME = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-md5"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumMD5 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-sha1"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumSHA1 = ptr.String(headerValues[0]) @@ -8225,11 +8320,31 @@ func awsRestxml_deserializeOpHttpBindingsHeadObjectOutput(v *HeadObjectOutput, r v.ChecksumSHA256 = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-sha512"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumSHA512 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-type"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumType = types.ChecksumType(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-xxhash128"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH128 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash3"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH3 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash64"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH64 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("Content-Disposition"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ContentDisposition = ptr.String(headerValues[0]) @@ -12674,6 +12789,11 @@ func awsRestxml_deserializeOpHttpBindingsPutObjectOutput(v *PutObjectOutput, res v.ChecksumCRC64NVME = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-md5"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumMD5 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-sha1"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumSHA1 = ptr.String(headerValues[0]) @@ -12684,11 +12804,31 @@ func awsRestxml_deserializeOpHttpBindingsPutObjectOutput(v *PutObjectOutput, res v.ChecksumSHA256 = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-sha512"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumSHA512 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-type"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumType = types.ChecksumType(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-xxhash128"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH128 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash3"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH3 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash64"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH64 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("ETag"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ETag = ptr.String(headerValues[0]) @@ -13700,6 +13840,107 @@ func awsRestxml_deserializeOpErrorUpdateBucketMetadataJournalTableConfiguration( } } +type awsRestxml_deserializeOpUpdateObjectEncryption struct { +} + +func (*awsRestxml_deserializeOpUpdateObjectEncryption) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestxml_deserializeOpUpdateObjectEncryption) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestxml_deserializeOpErrorUpdateObjectEncryption(response, &metadata) + } + output := &UpdateObjectEncryptionOutput{} + out.Result = output + + err = awsRestxml_deserializeOpHttpBindingsUpdateObjectEncryptionOutput(output, response) + if err != nil { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("failed to decode response with invalid Http bindings, %w", err)} + } + + span.End() + return out, metadata, err +} + +func awsRestxml_deserializeOpErrorUpdateObjectEncryption(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := s3shared.GetErrorResponseComponents(errorBody, s3shared.ErrorResponseDeserializerOptions{ + UseStatusCode: true, StatusCode: response.StatusCode, + }) + if err != nil { + return err + } + if hostID := errorComponents.HostID; len(hostID) != 0 { + s3shared.SetHostIDMetadata(metadata, hostID) + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + case strings.EqualFold("AccessDenied", errorCode): + return awsRestxml_deserializeErrorAccessDenied(response, errorBody) + + case strings.EqualFold("InvalidRequest", errorCode): + return awsRestxml_deserializeErrorInvalidRequest(response, errorBody) + + case strings.EqualFold("NoSuchKey", errorCode): + return awsRestxml_deserializeErrorNoSuchKey(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestxml_deserializeOpHttpBindingsUpdateObjectEncryptionOutput(v *UpdateObjectEncryptionOutput, response *smithyhttp.Response) error { + if v == nil { + return fmt.Errorf("unsupported deserialization for nil %T", v) + } + + if headerValues := response.Header.Values("x-amz-request-charged"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.RequestCharged = types.RequestCharged(headerValues[0]) + } + + return nil +} + type awsRestxml_deserializeOpUploadPart struct { } @@ -13808,6 +14049,11 @@ func awsRestxml_deserializeOpHttpBindingsUploadPartOutput(v *UploadPartOutput, r v.ChecksumCRC64NVME = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-md5"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumMD5 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("x-amz-checksum-sha1"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ChecksumSHA1 = ptr.String(headerValues[0]) @@ -13818,6 +14064,26 @@ func awsRestxml_deserializeOpHttpBindingsUploadPartOutput(v *UploadPartOutput, r v.ChecksumSHA256 = ptr.String(headerValues[0]) } + if headerValues := response.Header.Values("x-amz-checksum-sha512"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumSHA512 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash128"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH128 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash3"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH3 = ptr.String(headerValues[0]) + } + + if headerValues := response.Header.Values("x-amz-checksum-xxhash64"); len(headerValues) != 0 { + headerValues[0] = strings.TrimSpace(headerValues[0]) + v.ChecksumXXHASH64 = ptr.String(headerValues[0]) + } + if headerValues := response.Header.Values("ETag"); len(headerValues) != 0 { headerValues[0] = strings.TrimSpace(headerValues[0]) v.ETag = ptr.String(headerValues[0]) @@ -14634,6 +14900,39 @@ func awsRestxml_deserializeDocumentStats(v **types.Stats, decoder smithyxml.Node return nil } +func awsRestxml_deserializeErrorAccessDenied(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.AccessDenied{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + err = awsRestxml_deserializeDocumentAccessDenied(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + func awsRestxml_deserializeErrorBucketAlreadyExists(response *smithyhttp.Response, errorBody *bytes.Reader) error { output := &types.BucketAlreadyExists{} var buff [1024]byte @@ -15247,18 +15546,17 @@ func awsRestxml_deserializeDocumentAccessControlTranslation(v **types.AccessCont return nil } -func awsRestxml_deserializeDocumentAllowedHeaders(v *[]string, decoder smithyxml.NodeDecoder) error { +func awsRestxml_deserializeDocumentAccessDenied(v **types.AccessDenied, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv []string + var sv *types.AccessDenied if *v == nil { - sv = make([]string, 0) + sv = &types.AccessDenied{} } else { sv = *v } - originalDecoder := decoder for { t, done, err := decoder.Token() if err != nil { @@ -15267,11 +15565,10 @@ func awsRestxml_deserializeDocumentAllowedHeaders(v *[]string, decoder smithyxml if done { break } - memberDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) - decoder = memberDecoder + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) switch { - case strings.EqualFold("member", t.Name.Local): - var col string + case strings.EqualFold("Message", t.Name.Local): val, err := decoder.Value() if err != nil { return err @@ -15281,11 +15578,11 @@ func awsRestxml_deserializeDocumentAllowedHeaders(v *[]string, decoder smithyxml } { xtv := string(val) - col = xtv + sv.Message = ptr.String(xtv) } - sv = append(sv, col) default: + // Do nothing and ignore the unexpected tag element err = decoder.Decoder.Skip() if err != nil { return err @@ -15298,7 +15595,58 @@ func awsRestxml_deserializeDocumentAllowedHeaders(v *[]string, decoder smithyxml return nil } -func awsRestxml_deserializeDocumentAllowedHeadersUnwrapped(v *[]string, decoder smithyxml.NodeDecoder) error { +func awsRestxml_deserializeDocumentAllowedHeaders(v *[]string, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv []string + if *v == nil { + sv = make([]string, 0) + } else { + sv = *v + } + + originalDecoder := decoder + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + memberDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + decoder = memberDecoder + switch { + case strings.EqualFold("member", t.Name.Local): + var col string + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + col = xtv + } + sv = append(sv, col) + + default: + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsRestxml_deserializeDocumentAllowedHeadersUnwrapped(v *[]string, decoder smithyxml.NodeDecoder) error { var sv []string if *v == nil { sv = make([]string, 0) @@ -16233,6 +16581,19 @@ func awsRestxml_deserializeDocumentChecksum(v **types.Checksum, decoder smithyxm sv.ChecksumCRC64NVME = ptr.String(xtv) } + case strings.EqualFold("ChecksumMD5", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumMD5 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumSHA1", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -16259,6 +16620,19 @@ func awsRestxml_deserializeDocumentChecksum(v **types.Checksum, decoder smithyxm sv.ChecksumSHA256 = ptr.String(xtv) } + case strings.EqualFold("ChecksumSHA512", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumSHA512 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumType", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -16272,6 +16646,45 @@ func awsRestxml_deserializeDocumentChecksum(v **types.Checksum, decoder smithyxm sv.ChecksumType = types.ChecksumType(xtv) } + case strings.EqualFold("ChecksumXXHASH128", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH128 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH3", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH3 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH64", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH64 = ptr.String(xtv) + } + default: // Do nothing and ignore the unexpected tag element err = decoder.Decoder.Skip() @@ -16606,6 +17019,19 @@ func awsRestxml_deserializeDocumentCopyObjectResult(v **types.CopyObjectResult, sv.ChecksumCRC64NVME = ptr.String(xtv) } + case strings.EqualFold("ChecksumMD5", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumMD5 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumSHA1", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -16632,6 +17058,19 @@ func awsRestxml_deserializeDocumentCopyObjectResult(v **types.CopyObjectResult, sv.ChecksumSHA256 = ptr.String(xtv) } + case strings.EqualFold("ChecksumSHA512", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumSHA512 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumType", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -16645,6 +17084,45 @@ func awsRestxml_deserializeDocumentCopyObjectResult(v **types.CopyObjectResult, sv.ChecksumType = types.ChecksumType(xtv) } + case strings.EqualFold("ChecksumXXHASH128", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH128 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH3", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH3 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH64", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH64 = ptr.String(xtv) + } + case strings.EqualFold("ETag", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -16750,6 +17228,19 @@ func awsRestxml_deserializeDocumentCopyPartResult(v **types.CopyPartResult, deco sv.ChecksumCRC64NVME = ptr.String(xtv) } + case strings.EqualFold("ChecksumMD5", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumMD5 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumSHA1", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -16776,6 +17267,58 @@ func awsRestxml_deserializeDocumentCopyPartResult(v **types.CopyPartResult, deco sv.ChecksumSHA256 = ptr.String(xtv) } + case strings.EqualFold("ChecksumSHA512", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumSHA512 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH128", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH128 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH3", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH3 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH64", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH64 = ptr.String(xtv) + } + case strings.EqualFold("ETag", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -22513,6 +23056,19 @@ func awsRestxml_deserializeDocumentObjectPart(v **types.ObjectPart, decoder smit sv.ChecksumCRC64NVME = ptr.String(xtv) } + case strings.EqualFold("ChecksumMD5", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumMD5 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumSHA1", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -22539,6 +23095,58 @@ func awsRestxml_deserializeDocumentObjectPart(v **types.ObjectPart, decoder smit sv.ChecksumSHA256 = ptr.String(xtv) } + case strings.EqualFold("ChecksumSHA512", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumSHA512 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH128", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH128 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH3", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH3 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH64", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH64 = ptr.String(xtv) + } + case strings.EqualFold("PartNumber", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -23106,6 +23714,19 @@ func awsRestxml_deserializeDocumentPart(v **types.Part, decoder smithyxml.NodeDe sv.ChecksumCRC64NVME = ptr.String(xtv) } + case strings.EqualFold("ChecksumMD5", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumMD5 = ptr.String(xtv) + } + case strings.EqualFold("ChecksumSHA1", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -23132,6 +23753,58 @@ func awsRestxml_deserializeDocumentPart(v **types.Part, decoder smithyxml.NodeDe sv.ChecksumSHA256 = ptr.String(xtv) } + case strings.EqualFold("ChecksumSHA512", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumSHA512 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH128", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH128 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH3", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH3 = ptr.String(xtv) + } + + case strings.EqualFold("ChecksumXXHASH64", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.ChecksumXXHASH64 = ptr.String(xtv) + } + case strings.EqualFold("ETag", t.Name.Local): val, err := decoder.Value() if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go index 3b35a3e5748..21f69eac6e7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_default.go @@ -112,7 +112,7 @@ func (p *defaultS3ExpressCredentialsProvider) Retrieve(ctx context.Context, buck } func (p *defaultS3ExpressCredentialsProvider) doChanRetrieve(ctx context.Context, key cacheKey) <-chan singleflight.Result { - return p.sf.DoChan(key.Slug(), func() (interface{}, error) { + return p.sf.DoChan(key.Slug(), func() (any, error) { return p.retrieve(ctx, key) }) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json index 5704e92f3d4..a47010eb294 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/generated.json @@ -117,6 +117,7 @@ "api_op_SelectObjectContent.go", "api_op_UpdateBucketMetadataInventoryTableConfiguration.go", "api_op_UpdateBucketMetadataJournalTableConfiguration.go", + "api_op_UpdateObjectEncryption.go", "api_op_UploadPart.go", "api_op_UploadPartCopy.go", "api_op_WriteGetObjectResponse.go", @@ -131,7 +132,6 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", "sra_operation_order_test.go", @@ -141,7 +141,7 @@ "types/types_exported_test.go", "validators.go" ], - "go": "1.23", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/s3", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go index 5e7e6125294..4eb779006f2 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go @@ -3,4 +3,4 @@ package s3 // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.95.0" +const goModuleVersion = "1.100.1" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go index 9c1e834e464..7ad36bb1a02 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go @@ -77,8 +77,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // The credentials provider for S3Express requests. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/presign_post.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/presign_post.go index 491ed2e5da5..1295e712fba 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/presign_post.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/presign_post.go @@ -100,7 +100,7 @@ type postSignAdapter struct{} func (s *postSignAdapter) PresignPost( credentials aws.Credentials, bucket string, key string, - region string, service string, signingTime time.Time, conditions []interface{}, expirationTime time.Time, optFns ...func(*v4.SignerOptions), + region string, service string, signingTime time.Time, conditions []any, expirationTime time.Time, optFns ...func(*v4.SignerOptions), ) (fields map[string]string, err error) { credentialScope := buildCredentialScope(signingTime, region, service) credentialStr := credentials.AccessKeyID + "/" + credentialScope @@ -140,7 +140,7 @@ type PresignPost interface { PresignPost( credentials aws.Credentials, bucket string, key string, - region string, service string, signingTime time.Time, conditions []interface{}, expirationTime time.Time, + region string, service string, signingTime time.Time, conditions []any, expirationTime time.Time, optFns ...func(*v4.SignerOptions), ) (fields map[string]string, err error) } @@ -164,7 +164,7 @@ type PresignPostOptions struct { // Available conditions can be found [here] // // [here]https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html#sigv4-PolicyConditions - Conditions []interface{} + Conditions []any } type presignPostConverter PresignPostOptions @@ -175,7 +175,7 @@ type presignPostRequestMiddlewareOptions struct { Presigner PresignPost LogSigning bool ExpiresIn time.Duration - Conditions []interface{} + Conditions []any } type presignPostRequestMiddleware struct { @@ -183,7 +183,7 @@ type presignPostRequestMiddleware struct { presigner PresignPost logSigning bool expiresIn time.Duration - conditions []interface{} + conditions []any } // newPresignPostRequestMiddleware returns a new presignPostRequestMiddleware @@ -305,8 +305,8 @@ func (c presignPostConverter) ConvertToPresignMiddleware(stack *middleware.Stack return nil } -func createPolicyDocument(expirationTime time.Time, signingTime time.Time, bucket string, key string, credentialString string, securityToken *string, extraConditions []interface{}) (string, error) { - initialConditions := []interface{}{ +func createPolicyDocument(expirationTime time.Time, signingTime time.Time, bucket string, key string, credentialString string, securityToken *string, extraConditions []any) (string, error) { + initialConditions := []any{ map[string]string{ algorithmHeader: algorithm, }, @@ -321,7 +321,7 @@ func createPolicyDocument(expirationTime time.Time, signingTime time.Time, bucke }, } - var conditions []interface{} + var conditions []any for _, v := range initialConditions { conditions = append(conditions, v) } @@ -345,7 +345,7 @@ func createPolicyDocument(expirationTime time.Time, signingTime time.Time, bucke conditions = append(conditions, map[string]string{"key": key}) } - policyDoc := map[string]interface{}{ + policyDoc := map[string]any{ "conditions": conditions, "expiration": expirationTime.Format(time.RFC3339), } @@ -358,18 +358,18 @@ func createPolicyDocument(expirationTime time.Time, signingTime time.Time, bucke return base64.StdEncoding.EncodeToString(jsonBytes), nil } -func isAlreadyCheckingForKey(conditions []interface{}) bool { +func isAlreadyCheckingForKey(conditions []any) bool { // Need to check for two conditions: // 1. A condition of the form ["starts-with", "$key", "mykey"] // 2. A condition of the form {"key": "mykey"} for _, c := range conditions { - slice, ok := c.([]interface{}) + slice, ok := c.([]any) if ok && len(slice) > 1 { if slice[0] == "starts-with" && slice[1] == "$key" { return true } } - m, ok := c.(map[string]interface{}) + m, ok := c.(map[string]any) if ok && len(m) > 0 { for k := range m { if k == "key" { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go index 00f23d9e2dd..e08c677277d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go @@ -207,6 +207,11 @@ func awsRestxml_serializeOpHttpBindingsCompleteMultipartUploadInput(v *CompleteM encoder.SetHeader(locationName).String(*v.ChecksumCRC64NVME) } + if v.ChecksumMD5 != nil { + locationName := "X-Amz-Checksum-Md5" + encoder.SetHeader(locationName).String(*v.ChecksumMD5) + } + if v.ChecksumSHA1 != nil { locationName := "X-Amz-Checksum-Sha1" encoder.SetHeader(locationName).String(*v.ChecksumSHA1) @@ -217,11 +222,31 @@ func awsRestxml_serializeOpHttpBindingsCompleteMultipartUploadInput(v *CompleteM encoder.SetHeader(locationName).String(*v.ChecksumSHA256) } + if v.ChecksumSHA512 != nil { + locationName := "X-Amz-Checksum-Sha512" + encoder.SetHeader(locationName).String(*v.ChecksumSHA512) + } + if len(v.ChecksumType) > 0 { locationName := "X-Amz-Checksum-Type" encoder.SetHeader(locationName).String(string(v.ChecksumType)) } + if v.ChecksumXXHASH128 != nil { + locationName := "X-Amz-Checksum-Xxhash128" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH128) + } + + if v.ChecksumXXHASH3 != nil { + locationName := "X-Amz-Checksum-Xxhash3" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH3) + } + + if v.ChecksumXXHASH64 != nil { + locationName := "X-Amz-Checksum-Xxhash64" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH64) + } + if v.ExpectedBucketOwner != nil { locationName := "X-Amz-Expected-Bucket-Owner" encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner) @@ -644,6 +669,11 @@ func awsRestxml_serializeOpHttpBindingsCreateBucketInput(v *CreateBucketInput, e encoder.SetHeader(locationName).String(string(v.ACL)) } + if len(v.BucketNamespace) > 0 { + locationName := "X-Amz-Bucket-Namespace" + encoder.SetHeader(locationName).String(string(v.BucketNamespace)) + } + if v.GrantFullControl != nil { locationName := "X-Amz-Grant-Full-Control" encoder.SetHeader(locationName).String(*v.GrantFullControl) @@ -8204,6 +8234,11 @@ func awsRestxml_serializeOpHttpBindingsPutObjectInput(v *PutObjectInput, encoder encoder.SetHeader(locationName).String(*v.ChecksumCRC64NVME) } + if v.ChecksumMD5 != nil { + locationName := "X-Amz-Checksum-Md5" + encoder.SetHeader(locationName).String(*v.ChecksumMD5) + } + if v.ChecksumSHA1 != nil { locationName := "X-Amz-Checksum-Sha1" encoder.SetHeader(locationName).String(*v.ChecksumSHA1) @@ -8214,6 +8249,26 @@ func awsRestxml_serializeOpHttpBindingsPutObjectInput(v *PutObjectInput, encoder encoder.SetHeader(locationName).String(*v.ChecksumSHA256) } + if v.ChecksumSHA512 != nil { + locationName := "X-Amz-Checksum-Sha512" + encoder.SetHeader(locationName).String(*v.ChecksumSHA512) + } + + if v.ChecksumXXHASH128 != nil { + locationName := "X-Amz-Checksum-Xxhash128" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH128) + } + + if v.ChecksumXXHASH3 != nil { + locationName := "X-Amz-Checksum-Xxhash3" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH3) + } + + if v.ChecksumXXHASH64 != nil { + locationName := "X-Amz-Checksum-Xxhash64" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH64) + } + if v.ContentDisposition != nil { locationName := "Content-Disposition" encoder.SetHeader(locationName).String(*v.ContentDisposition) @@ -9721,6 +9776,125 @@ func awsRestxml_serializeOpHttpBindingsUpdateBucketMetadataJournalTableConfigura return nil } +type awsRestxml_serializeOpUpdateObjectEncryption struct { +} + +func (*awsRestxml_serializeOpUpdateObjectEncryption) ID() string { + return "OperationSerializer" +} + +func (m *awsRestxml_serializeOpUpdateObjectEncryption) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*UpdateObjectEncryptionInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/{Key+}?encryption") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "PUT" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if err := awsRestxml_serializeOpHttpBindingsUpdateObjectEncryptionInput(input, restEncoder); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if input.ObjectEncryption != nil { + if !restEncoder.HasHeader("Content-Type") { + ctx = smithyhttp.SetIsContentTypeDefaultValue(ctx, true) + restEncoder.SetHeader("Content-Type").String("application/xml") + } + + xmlEncoder := smithyxml.NewEncoder(bytes.NewBuffer(nil)) + payloadRootAttr := []smithyxml.Attr{} + payloadRoot := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "ObjectEncryption", + }, + Attr: payloadRootAttr, + } + payloadRoot.Attr = append(payloadRoot.Attr, smithyxml.NewNamespaceAttribute("", "http://s3.amazonaws.com/doc/2006-03-01/")) + if err := awsRestxml_serializeDocumentObjectEncryption(input.ObjectEncryption, xmlEncoder.RootElement(payloadRoot)); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + payload := bytes.NewReader(xmlEncoder.Bytes()) + if request, err = request.SetStream(payload); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestxml_serializeOpHttpBindingsUpdateObjectEncryptionInput(v *UpdateObjectEncryptionInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + if len(v.ChecksumAlgorithm) > 0 { + locationName := "X-Amz-Sdk-Checksum-Algorithm" + encoder.SetHeader(locationName).String(string(v.ChecksumAlgorithm)) + } + + if v.ContentMD5 != nil { + locationName := "Content-Md5" + encoder.SetHeader(locationName).String(*v.ContentMD5) + } + + if v.ExpectedBucketOwner != nil { + locationName := "X-Amz-Expected-Bucket-Owner" + encoder.SetHeader(locationName).String(*v.ExpectedBucketOwner) + } + + if v.Key == nil || len(*v.Key) == 0 { + return &smithy.SerializationError{Err: fmt.Errorf("input member Key must not be empty")} + } + if v.Key != nil { + if err := encoder.SetURI("Key").String(*v.Key); err != nil { + return err + } + } + + if len(v.RequestPayer) > 0 { + locationName := "X-Amz-Request-Payer" + encoder.SetHeader(locationName).String(string(v.RequestPayer)) + } + + if v.VersionId != nil { + encoder.SetQuery("versionId").String(*v.VersionId) + } + + return nil +} + type awsRestxml_serializeOpUploadPart struct { } @@ -9812,6 +9986,11 @@ func awsRestxml_serializeOpHttpBindingsUploadPartInput(v *UploadPartInput, encod encoder.SetHeader(locationName).String(*v.ChecksumCRC64NVME) } + if v.ChecksumMD5 != nil { + locationName := "X-Amz-Checksum-Md5" + encoder.SetHeader(locationName).String(*v.ChecksumMD5) + } + if v.ChecksumSHA1 != nil { locationName := "X-Amz-Checksum-Sha1" encoder.SetHeader(locationName).String(*v.ChecksumSHA1) @@ -9822,6 +10001,26 @@ func awsRestxml_serializeOpHttpBindingsUploadPartInput(v *UploadPartInput, encod encoder.SetHeader(locationName).String(*v.ChecksumSHA256) } + if v.ChecksumSHA512 != nil { + locationName := "X-Amz-Checksum-Sha512" + encoder.SetHeader(locationName).String(*v.ChecksumSHA512) + } + + if v.ChecksumXXHASH128 != nil { + locationName := "X-Amz-Checksum-Xxhash128" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH128) + } + + if v.ChecksumXXHASH3 != nil { + locationName := "X-Amz-Checksum-Xxhash3" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH3) + } + + if v.ChecksumXXHASH64 != nil { + locationName := "X-Amz-Checksum-Xxhash64" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH64) + } + if v.ContentLength != nil { locationName := "Content-Length" encoder.SetHeader(locationName).Long(*v.ContentLength) @@ -10132,6 +10331,11 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(*v.ChecksumCRC64NVME) } + if v.ChecksumMD5 != nil { + locationName := "X-Amz-Fwd-Header-X-Amz-Checksum-Md5" + encoder.SetHeader(locationName).String(*v.ChecksumMD5) + } + if v.ChecksumSHA1 != nil { locationName := "X-Amz-Fwd-Header-X-Amz-Checksum-Sha1" encoder.SetHeader(locationName).String(*v.ChecksumSHA1) @@ -10142,6 +10346,26 @@ func awsRestxml_serializeOpHttpBindingsWriteGetObjectResponseInput(v *WriteGetOb encoder.SetHeader(locationName).String(*v.ChecksumSHA256) } + if v.ChecksumSHA512 != nil { + locationName := "X-Amz-Fwd-Header-X-Amz-Checksum-Sha512" + encoder.SetHeader(locationName).String(*v.ChecksumSHA512) + } + + if v.ChecksumXXHASH128 != nil { + locationName := "X-Amz-Fwd-Header-X-Amz-Checksum-Xxhash128" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH128) + } + + if v.ChecksumXXHASH3 != nil { + locationName := "X-Amz-Fwd-Header-X-Amz-Checksum-Xxhash3" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH3) + } + + if v.ChecksumXXHASH64 != nil { + locationName := "X-Amz-Fwd-Header-X-Amz-Checksum-Xxhash64" + encoder.SetHeader(locationName).String(*v.ChecksumXXHASH64) + } + if v.ContentDisposition != nil { locationName := "X-Amz-Fwd-Header-Content-Disposition" encoder.SetHeader(locationName).String(*v.ContentDisposition) @@ -10760,6 +10984,17 @@ func awsRestxml_serializeDocumentCompletedPart(v *types.CompletedPart, value smi el := value.MemberElement(root) el.String(*v.ChecksumCRC64NVME) } + if v.ChecksumMD5 != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "ChecksumMD5", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.ChecksumMD5) + } if v.ChecksumSHA1 != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ @@ -10782,6 +11017,50 @@ func awsRestxml_serializeDocumentCompletedPart(v *types.CompletedPart, value smi el := value.MemberElement(root) el.String(*v.ChecksumSHA256) } + if v.ChecksumSHA512 != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "ChecksumSHA512", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.ChecksumSHA512) + } + if v.ChecksumXXHASH128 != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "ChecksumXXHASH128", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.ChecksumXXHASH128) + } + if v.ChecksumXXHASH3 != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "ChecksumXXHASH3", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.ChecksumXXHASH3) + } + if v.ChecksumXXHASH64 != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "ChecksumXXHASH64", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.ChecksumXXHASH64) + } if v.ETag != nil { rootAttr := []smithyxml.Attr{} root := smithyxml.StartElement{ @@ -13065,6 +13344,29 @@ func awsRestxml_serializeDocumentNotificationConfigurationFilter(v *types.Notifi return nil } +func awsRestxml_serializeDocumentObjectEncryption(v types.ObjectEncryption, value smithyxml.Value) error { + defer value.Close() + switch uv := v.(type) { + case *types.ObjectEncryptionMemberSSEKMS: + customMemberNameAttr := []smithyxml.Attr{} + customMemberName := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "SSE-KMS", + }, + Attr: customMemberNameAttr, + } + av := value.MemberElement(customMemberName) + if err := awsRestxml_serializeDocumentSSEKMSEncryption(&uv.Value, av); err != nil { + return err + } + + default: + return fmt.Errorf("attempted to serialize unknown member type %T for union %T", uv, v) + + } + return nil +} + func awsRestxml_serializeDocumentObjectIdentifier(v *types.ObjectIdentifier, value smithyxml.Value) error { defer value.Close() if v.ETag != nil { @@ -14466,6 +14768,33 @@ func awsRestxml_serializeDocumentSseKmsEncryptedObjects(v *types.SseKmsEncrypted return nil } +func awsRestxml_serializeDocumentSSEKMSEncryption(v *types.SSEKMSEncryption, value smithyxml.Value) error { + defer value.Close() + if v.BucketKeyEnabled != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "BucketKeyEnabled", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.Boolean(*v.BucketKeyEnabled) + } + if v.KMSKeyArn != nil { + rootAttr := []smithyxml.Attr{} + root := smithyxml.StartElement{ + Name: smithyxml.Name{ + Local: "KMSKeyArn", + }, + Attr: rootAttr, + } + el := value.MemberElement(root) + el.String(*v.KMSKeyArn) + } + return nil +} + func awsRestxml_serializeDocumentSSES3(v *types.SSES3, value smithyxml.Value) error { defer value.Close() return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go index 1a4d118f728..a84ece87b2b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go @@ -105,6 +105,7 @@ type BucketLocationConstraint string const ( BucketLocationConstraintAfSouth1 BucketLocationConstraint = "af-south-1" BucketLocationConstraintApEast1 BucketLocationConstraint = "ap-east-1" + BucketLocationConstraintApEast2 BucketLocationConstraint = "ap-east-2" BucketLocationConstraintApNortheast1 BucketLocationConstraint = "ap-northeast-1" BucketLocationConstraintApNortheast2 BucketLocationConstraint = "ap-northeast-2" BucketLocationConstraintApNortheast3 BucketLocationConstraint = "ap-northeast-3" @@ -115,7 +116,10 @@ const ( BucketLocationConstraintApSoutheast3 BucketLocationConstraint = "ap-southeast-3" BucketLocationConstraintApSoutheast4 BucketLocationConstraint = "ap-southeast-4" BucketLocationConstraintApSoutheast5 BucketLocationConstraint = "ap-southeast-5" + BucketLocationConstraintApSoutheast6 BucketLocationConstraint = "ap-southeast-6" + BucketLocationConstraintApSoutheast7 BucketLocationConstraint = "ap-southeast-7" BucketLocationConstraintCaCentral1 BucketLocationConstraint = "ca-central-1" + BucketLocationConstraintCaWest1 BucketLocationConstraint = "ca-west-1" BucketLocationConstraintCnNorth1 BucketLocationConstraint = "cn-north-1" BucketLocationConstraintCnNorthwest1 BucketLocationConstraint = "cn-northwest-1" BucketLocationConstraintEu BucketLocationConstraint = "EU" @@ -130,6 +134,7 @@ const ( BucketLocationConstraintIlCentral1 BucketLocationConstraint = "il-central-1" BucketLocationConstraintMeCentral1 BucketLocationConstraint = "me-central-1" BucketLocationConstraintMeSouth1 BucketLocationConstraint = "me-south-1" + BucketLocationConstraintMxCentral1 BucketLocationConstraint = "mx-central-1" BucketLocationConstraintSaEast1 BucketLocationConstraint = "sa-east-1" BucketLocationConstraintUsEast2 BucketLocationConstraint = "us-east-2" BucketLocationConstraintUsGovEast1 BucketLocationConstraint = "us-gov-east-1" @@ -146,6 +151,7 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint { return []BucketLocationConstraint{ "af-south-1", "ap-east-1", + "ap-east-2", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", @@ -156,7 +162,10 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint { "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", + "ap-southeast-6", + "ap-southeast-7", "ca-central-1", + "ca-west-1", "cn-north-1", "cn-northwest-1", "EU", @@ -171,6 +180,7 @@ func (BucketLocationConstraint) Values() []BucketLocationConstraint { "il-central-1", "me-central-1", "me-south-1", + "mx-central-1", "sa-east-1", "us-east-2", "us-gov-east-1", @@ -201,6 +211,25 @@ func (BucketLogsPermission) Values() []BucketLogsPermission { } } +type BucketNamespace string + +// Enum values for BucketNamespace +const ( + BucketNamespaceAccountRegional BucketNamespace = "account-regional" + BucketNamespaceGlobal BucketNamespace = "global" +) + +// Values returns all known values for BucketNamespace. Note that this can be +// expanded in the future, and so it is only as up to date as the client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (BucketNamespace) Values() []BucketNamespace { + return []BucketNamespace{ + "account-regional", + "global", + } +} + type BucketType string // Enum values for BucketType @@ -246,6 +275,11 @@ const ( ChecksumAlgorithmSha1 ChecksumAlgorithm = "SHA1" ChecksumAlgorithmSha256 ChecksumAlgorithm = "SHA256" ChecksumAlgorithmCrc64nvme ChecksumAlgorithm = "CRC64NVME" + ChecksumAlgorithmSha512 ChecksumAlgorithm = "SHA512" + ChecksumAlgorithmMd5 ChecksumAlgorithm = "MD5" + ChecksumAlgorithmXxhash64 ChecksumAlgorithm = "XXHASH64" + ChecksumAlgorithmXxhash3 ChecksumAlgorithm = "XXHASH3" + ChecksumAlgorithmXxhash128 ChecksumAlgorithm = "XXHASH128" ) // Values returns all known values for ChecksumAlgorithm. Note that this can be @@ -259,6 +293,11 @@ func (ChecksumAlgorithm) Values() []ChecksumAlgorithm { "SHA1", "SHA256", "CRC64NVME", + "SHA512", + "MD5", + "XXHASH64", + "XXHASH3", + "XXHASH128", } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go index 9de828f6fcf..eacb7ca466c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go @@ -7,6 +7,34 @@ import ( smithy "github.com/aws/smithy-go" ) +// You might receive this error for several reasons. For details, see the +// +// description of this API operation. +type AccessDenied struct { + Message *string + + ErrorCodeOverride *string + + noSmithyDocumentSerde +} + +func (e *AccessDenied) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *AccessDenied) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *AccessDenied) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "AccessDenied" + } + return *e.ErrorCodeOverride +} +func (e *AccessDenied) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // The requested bucket name is not available. The bucket namespace is shared by // all users of the system. Select a different name and try again. type BucketAlreadyExists struct { @@ -167,16 +195,8 @@ func (e *InvalidObjectState) ErrorCode() string { } func (e *InvalidObjectState) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// You may receive this error in multiple cases. Depending on the reason for the -// error, you may receive one of the messages below: -// -// - Cannot specify both a write offset value and user-defined object metadata -// for existing objects. -// -// - Checksum Type mismatch occurred, expected checksum Type: sha1, actual -// checksum Type: crc32c. -// -// - Request body cannot be empty when 'write offset' is specified. +// A parameter or header in your request isn't valid. For details, see the +// description of this API operation. type InvalidRequest struct { Message *string diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go index 76737fbd7af..f047e26ef7e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go @@ -338,6 +338,13 @@ type Checksum struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the object. This checksum is present + // if the object was uploaded with the MD5 checksum algorithm. For more + // information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only // present if the checksum was uploaded with the object. When you use the API // operation on an object that was uploaded using multipart uploads, this value may @@ -360,12 +367,40 @@ type Checksum struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the object. This checksum is + // present if the object was uploaded with the SHA512 checksum algorithm. For more + // information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // The checksum type that is used to calculate the object’s checksum value. For // more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumType ChecksumType + // The Base64 encoded, 128-bit XXHASH128 checksum of the object. This checksum is + // present if the object was uploaded with the XXHASH128 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the object. This checksum is + // present if the object was uploaded with the XXHASH3 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the object. This checksum is + // present if the object was uploaded with the XXHASH64 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + noSmithyDocumentSerde } @@ -413,12 +448,18 @@ type CompletedPart struct { // The Base64 encoded, 64-bit CRC64NVME checksum of the part. This checksum is // present if the multipart upload request was created with the CRC64NVME checksum - // algorithm to the uploaded object). For more information, see [Checking object integrity]in the Amazon S3 - // User Guide. + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the part. This checksum is present if + // the multipart upload request was created with the MD5 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 checksum of the part. This checksum is present // if the multipart upload request was created with the SHA1 checksum algorithm. // For more information, see [Checking object integrity]in the Amazon S3 User Guide. @@ -433,6 +474,34 @@ type CompletedPart struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the part. This checksum is present + // if the multipart upload request was created with the SHA512 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // The Base64 encoded, 128-bit XXHASH128 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH128 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH3 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH64 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Entity tag returned when the part was uploaded. ETag *string @@ -513,6 +582,13 @@ type CopyObjectResult struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the object. This checksum is only + // present if the object was uploaded with the MD5 checksum algorithm. For more + // information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 digest of the object. This checksum is only // present if the checksum was uploaded with the object. For more information, see [Checking object integrity] // in the Amazon S3 User Guide. @@ -527,12 +603,40 @@ type CopyObjectResult struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the object. This checksum is only + // present if the object was uploaded with the SHA512 checksum algorithm. For more + // information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + // The checksum type that is used to calculate the object’s checksum value. For // more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumType ChecksumType + // The Base64 encoded, 128-bit XXHASH128 checksum of the object. This checksum is + // only present if the object was uploaded with the XXHASH128 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the object. This checksum is + // only present if the object was uploaded with the XXHASH3 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the object. This checksum is + // only present if the object was uploaded with the XXHASH64 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Returns the ETag of the new object. The ETag reflects only changes to the // contents of an object, not its metadata. ETag *string @@ -546,46 +650,76 @@ type CopyObjectResult struct { // Container for all response elements. type CopyPartResult struct { - // This header can be used as a data integrity check to verify that the data - // received is the same data that was originally sent. This header specifies the - // Base64 encoded, 32-bit CRC32 checksum of the part. For more information, see [Checking object integrity] - // in the Amazon S3 User Guide. + // The Base64 encoded, 32-bit CRC32 checksum of the part. This checksum is present + // if the multipart upload request was created with the CRC32 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC32 *string - // This header can be used as a data integrity check to verify that the data - // received is the same data that was originally sent. This header specifies the - // Base64 encoded, 32-bit CRC32C checksum of the part. For more information, see [Checking object integrity] - // in the Amazon S3 User Guide. + // The Base64 encoded, 32-bit CRC32C checksum of the part. This checksum is + // present if the multipart upload request was created with the CRC32C checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC32C *string // The Base64 encoded, 64-bit CRC64NVME checksum of the part. This checksum is // present if the multipart upload request was created with the CRC64NVME checksum - // algorithm to the uploaded object). For more information, see [Checking object integrity]in the Amazon S3 - // User Guide. + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string - // This header can be used as a data integrity check to verify that the data - // received is the same data that was originally sent. This header specifies the - // Base64 encoded, 160-bit SHA1 checksum of the part. For more information, see [Checking object integrity] - // in the Amazon S3 User Guide. + // The Base64 encoded, 128-bit MD5 digest of the part. This checksum is present if + // the multipart upload request was created with the MD5 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + + // The Base64 encoded, 160-bit SHA1 digest of the part. This checksum is present + // if the multipart upload request was created with the SHA1 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA1 *string - // This header can be used as a data integrity check to verify that the data - // received is the same data that was originally sent. This header specifies the - // Base64 encoded, 256-bit SHA256 checksum of the part. For more information, see [Checking object integrity] - // in the Amazon S3 User Guide. + // The Base64 encoded, 256-bit SHA256 digest of the part. This checksum is present + // if the multipart upload request was created with the SHA256 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. // // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the part. This checksum is present + // if the multipart upload request was created with the SHA512 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // The Base64 encoded, 128-bit XXHASH128 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH128 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH3 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH64 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Entity tag of the object. ETag *string @@ -2360,6 +2494,11 @@ type InventoryConfiguration struct { Filter *InventoryFilter // Contains the optional fields that are included in the inventory results. + // + // The following optional fields are supported for directory buckets Size | + // LastModifiedDate | StorageClass | ETag | IsMultipartUploaded | EncryptionStatus + // | BucketKeyStatus | ChecksumAlgorithm | LifecycleExpirationDate. Throws + // MalformedXML error if unsupported optional field is provided. OptionalFields []InventoryOptionalField noSmithyDocumentSerde @@ -3009,6 +3148,8 @@ type MetricsAndOperator struct { Prefix *string // The list of tags used when evaluating an AND predicate. + // + // Tag filters are not supported for directory buckets. Tags []Tag noSmithyDocumentSerde @@ -3032,6 +3173,8 @@ type MetricsConfiguration struct { // Specifies a metrics configuration filter. The metrics configuration will only // include objects that meet the filter's criteria. A filter must be a prefix, an // object tag, an access point ARN, or a conjunction (MetricsAndOperator). + // + // Metrics configurations for directory buckets do not support tag filters. Filter MetricsFilter noSmithyDocumentSerde @@ -3084,6 +3227,8 @@ type MetricsFilterMemberPrefix struct { func (*MetricsFilterMemberPrefix) isMetricsFilter() {} // The tag used when evaluating a metrics filter. +// +// Tag filters are not supported for directory buckets. type MetricsFilterMemberTag struct { Value Tag @@ -3304,6 +3449,31 @@ type Object struct { noSmithyDocumentSerde } +// The updated server-side encryption type for this object. The +// +// UpdateObjectEncryption operation supports the SSE-S3 and SSE-KMS encryption +// types. +// +// Valid Values: SSES3 | SSEKMS +// +// The following types satisfy this interface: +// +// ObjectEncryptionMemberSSEKMS +type ObjectEncryption interface { + isObjectEncryption() +} + +// Specifies to update the object encryption type to server-side encryption with +// +// Key Management Service (KMS) keys (SSE-KMS). +type ObjectEncryptionMemberSSEKMS struct { + Value SSEKMSEncryption + + noSmithyDocumentSerde +} + +func (*ObjectEncryptionMemberSSEKMS) isObjectEncryption() {} + // Object Identifier is unique value to identify objects. type ObjectIdentifier struct { @@ -3420,6 +3590,13 @@ type ObjectPart struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the part. This checksum is present if + // the multipart upload request was created with the MD5 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 checksum of the part. This checksum is present // if the multipart upload request was created with the SHA1 checksum algorithm. // For more information, see [Checking object integrity]in the Amazon S3 User Guide. @@ -3434,6 +3611,34 @@ type ObjectPart struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the part. This checksum is present + // if the multipart upload request was created with the SHA512 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // The Base64 encoded, 128-bit XXHASH128 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH128 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH3 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH64 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // The part number identifying the part. This value is a positive integer between // 1 and 10,000. PartNumber *int32 @@ -3602,6 +3807,13 @@ type Part struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumCRC64NVME *string + // The Base64 encoded, 128-bit MD5 digest of the part. This checksum is present if + // the multipart upload request was created with the MD5 checksum algorithm. For + // more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumMD5 *string + // The Base64 encoded, 160-bit SHA1 checksum of the part. This checksum is present // if the object was uploaded with the SHA1 checksum algorithm. For more // information, see [Checking object integrity]in the Amazon S3 User Guide. @@ -3616,6 +3828,34 @@ type Part struct { // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html ChecksumSHA256 *string + // The Base64 encoded, 512-bit SHA512 digest of the part. This checksum is present + // if the multipart upload request was created with the SHA512 checksum algorithm. + // For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumSHA512 *string + + // The Base64 encoded, 128-bit XXHASH128 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH128 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH128 *string + + // The Base64 encoded, 64-bit XXHASH3 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH3 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH3 *string + + // The Base64 encoded, 64-bit XXHASH64 checksum of the part. This checksum is + // present if the multipart upload request was created with the XXHASH64 checksum + // algorithm. For more information, see [Checking object integrity]in the Amazon S3 User Guide. + // + // [Checking object integrity]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html + ChecksumXXHASH64 *string + // Entity tag returned when the part was uploaded. ETag *string @@ -4677,6 +4917,39 @@ type SseKmsEncryptedObjects struct { noSmithyDocumentSerde } +// If SSEKMS is specified for ObjectEncryption , this data type specifies the +// +// Amazon Web Services KMS key Amazon Resource Name (ARN) to use and whether to use +// an S3 Bucket Key for server-side encryption using Key Management Service (KMS) +// keys (SSE-KMS). +type SSEKMSEncryption struct { + + // Specifies the Amazon Web Services KMS key Amazon Resource Name (ARN) to use + // for the updated server-side encryption type. Required if ObjectEncryption + // specifies SSEKMS . + // + // You must specify the full Amazon Web Services KMS key ARN. The KMS key ID and + // KMS key alias aren't supported. + // + // Pattern: ( arn:aws[-a-z0-9]*:kms:[-a-z0-9]*:[0-9]{12}:key/.+ ) + // + // This member is required. + KMSKeyArn *string + + // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption + // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). + // If this value isn't specified, it defaults to false . Setting this value to true + // causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. For + // more information, see [Using Amazon S3 Bucket Keys]in the Amazon S3 User Guide. + // + // Valid Values: true | false + // + // [Using Amazon S3 Bucket Keys]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html + BucketKeyEnabled *bool + + noSmithyDocumentSerde +} + // Specifies the use of SSE-S3 to encrypt delivered inventory reports. type SSES3 struct { noSmithyDocumentSerde @@ -4928,4 +5201,5 @@ type UnknownUnionMember struct { func (*UnknownUnionMember) isAnalyticsFilter() {} func (*UnknownUnionMember) isMetricsFilter() {} +func (*UnknownUnionMember) isObjectEncryption() {} func (*UnknownUnionMember) isSelectObjectContentEventStream() {} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go index e720774c37e..47bbc2b238b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go @@ -2030,6 +2030,26 @@ func (m *validateOpUpdateBucketMetadataJournalTableConfiguration) HandleInitiali return next.HandleInitialize(ctx, in) } +type validateOpUpdateObjectEncryption struct { +} + +func (*validateOpUpdateObjectEncryption) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpUpdateObjectEncryption) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*UpdateObjectEncryptionInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpUpdateObjectEncryptionInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpUploadPartCopy struct { } @@ -2494,6 +2514,10 @@ func addOpUpdateBucketMetadataJournalTableConfigurationValidationMiddleware(stac return stack.Initialize.Add(&validateOpUpdateBucketMetadataJournalTableConfiguration{}, middleware.After) } +func addOpUpdateObjectEncryptionValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpUpdateObjectEncryption{}, middleware.After) +} + func addOpUploadPartCopyValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpUploadPartCopy{}, middleware.After) } @@ -3499,6 +3523,25 @@ func validateNotificationConfiguration(v *types.NotificationConfiguration) error } } +func validateObjectEncryption(v types.ObjectEncryption) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ObjectEncryption"} + switch uv := v.(type) { + case *types.ObjectEncryptionMemberSSEKMS: + if err := validateSSEKMSEncryption(&uv.Value); err != nil { + invalidParams.AddNested("[SSEKMS]", err.(smithy.InvalidParamsError)) + } + + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateObjectIdentifier(v *types.ObjectIdentifier) error { if v == nil { return nil @@ -4081,6 +4124,21 @@ func validateSseKmsEncryptedObjects(v *types.SseKmsEncryptedObjects) error { } } +func validateSSEKMSEncryption(v *types.SSEKMSEncryption) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "SSEKMSEncryption"} + if v.KMSKeyArn == nil { + invalidParams.Add(smithy.NewErrParamRequired("KMSKeyArn")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateStorageClassAnalysis(v *types.StorageClassAnalysis) error { if v == nil { return nil @@ -6133,6 +6191,31 @@ func validateOpUpdateBucketMetadataJournalTableConfigurationInput(v *UpdateBucke } } +func validateOpUpdateObjectEncryptionInput(v *UpdateObjectEncryptionInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "UpdateObjectEncryptionInput"} + if v.Bucket == nil { + invalidParams.Add(smithy.NewErrParamRequired("Bucket")) + } + if v.Key == nil { + invalidParams.Add(smithy.NewErrParamRequired("Key")) + } + if v.ObjectEncryption == nil { + invalidParams.Add(smithy.NewErrParamRequired("ObjectEncryption")) + } else if v.ObjectEncryption != nil { + if err := validateObjectEncryption(v.ObjectEncryption); err != nil { + invalidParams.AddNested("ObjectEncryption", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpUploadPartCopyInput(v *UploadPartCopyInput) error { if v == nil { return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md new file mode 100644 index 00000000000..253e0359678 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md @@ -0,0 +1,54 @@ +# v1.0.11 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.10 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.9 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.8 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.7 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.6 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.5 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.0.2 (2025-11-25) + +* **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 + +# v1.0.1 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.0 (2025-11-19) + +* **Release**: New AWS service client module +* **Feature**: AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools. This release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh tokens from Sign-In. + diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/LICENSE.txt b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/LICENSE.txt similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/LICENSE.txt rename to vendor/github.com/aws/aws-sdk-go-v2/service/signin/LICENSE.txt diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go new file mode 100644 index 00000000000..2c0413c16e8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go @@ -0,0 +1,929 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "errors" + "fmt" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/defaults" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/retry" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" + internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" + internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" + smithy "github.com/aws/smithy-go" + smithydocument "github.com/aws/smithy-go/document" + "github.com/aws/smithy-go/logging" + "github.com/aws/smithy-go/metrics" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/tracing" + smithyhttp "github.com/aws/smithy-go/transport/http" + "net" + "net/http" + "sync/atomic" + "time" +) + +const ServiceID = "Signin" +const ServiceAPIVersion = "2023-01-01" + +type operationMetrics struct { + Duration metrics.Float64Histogram + SerializeDuration metrics.Float64Histogram + ResolveIdentityDuration metrics.Float64Histogram + ResolveEndpointDuration metrics.Float64Histogram + SignRequestDuration metrics.Float64Histogram + DeserializeDuration metrics.Float64Histogram +} + +func (m *operationMetrics) histogramFor(name string) metrics.Float64Histogram { + switch name { + case "client.call.duration": + return m.Duration + case "client.call.serialization_duration": + return m.SerializeDuration + case "client.call.resolve_identity_duration": + return m.ResolveIdentityDuration + case "client.call.resolve_endpoint_duration": + return m.ResolveEndpointDuration + case "client.call.signing_duration": + return m.SignRequestDuration + case "client.call.deserialization_duration": + return m.DeserializeDuration + default: + panic("unrecognized operation metric") + } +} + +func timeOperationMetric[T any]( + ctx context.Context, metric string, fn func() (T, error), + opts ...metrics.RecordMetricOption, +) (T, error) { + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return fn() + } + + instr := mm.histogramFor(metric) + opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) + + start := time.Now() + v, err := fn() + end := time.Now() + + elapsed := end.Sub(start) + instr.Record(ctx, float64(elapsed)/1e9, opts...) + return v, err +} + +func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() { + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return func() {} + } + + instr := mm.histogramFor(metric) + opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) + + var ended bool + start := time.Now() + return func() { + if ended { + return + } + ended = true + + end := time.Now() + + elapsed := end.Sub(start) + instr.Record(ctx, float64(elapsed)/1e9, opts...) + } +} + +func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption { + return func(o *metrics.RecordMetricOptions) { + o.Properties.Set("rpc.service", middleware.GetServiceID(ctx)) + o.Properties.Set("rpc.method", middleware.GetOperationName(ctx)) + } +} + +type operationMetricsKey struct{} + +func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) { + if _, ok := mp.(metrics.NopMeterProvider); ok { + // not using the metrics system - setting up the metrics context is a memory-intensive operation + // so we should skip it in this case + return parent, nil + } + + meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/signin") + om := &operationMetrics{} + + var err error + + om.Duration, err = operationMetricTimer(meter, "client.call.duration", + "Overall call duration (including retries and time to send or receive request and response body)") + if err != nil { + return nil, err + } + om.SerializeDuration, err = operationMetricTimer(meter, "client.call.serialization_duration", + "The time it takes to serialize a message body") + if err != nil { + return nil, err + } + om.ResolveIdentityDuration, err = operationMetricTimer(meter, "client.call.auth.resolve_identity_duration", + "The time taken to acquire an identity (AWS credentials, bearer token, etc) from an Identity Provider") + if err != nil { + return nil, err + } + om.ResolveEndpointDuration, err = operationMetricTimer(meter, "client.call.resolve_endpoint_duration", + "The time it takes to resolve an endpoint (endpoint resolver, not DNS) for the request") + if err != nil { + return nil, err + } + om.SignRequestDuration, err = operationMetricTimer(meter, "client.call.auth.signing_duration", + "The time it takes to sign a request") + if err != nil { + return nil, err + } + om.DeserializeDuration, err = operationMetricTimer(meter, "client.call.deserialization_duration", + "The time it takes to deserialize a message body") + if err != nil { + return nil, err + } + + return context.WithValue(parent, operationMetricsKey{}, om), nil +} + +func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Histogram, error) { + return m.Float64Histogram(name, func(o *metrics.InstrumentOptions) { + o.UnitLabel = "s" + o.Description = desc + }) +} + +func getOperationMetrics(ctx context.Context) *operationMetrics { + if v := ctx.Value(operationMetricsKey{}); v != nil { + return v.(*operationMetrics) + } + return nil +} + +func operationTracer(p tracing.TracerProvider) tracing.Tracer { + return p.Tracer("github.com/aws/aws-sdk-go-v2/service/signin") +} + +// Client provides the API client to make operations call for AWS Sign-In Service. +type Client struct { + options Options + + // Difference between the time reported by the server and the client + timeOffset *atomic.Int64 +} + +// New returns an initialized Client based on the functional options. Provide +// additional functional options to further configure the behavior of the client, +// such as changing the client's endpoint or adding custom middleware behavior. +func New(options Options, optFns ...func(*Options)) *Client { + options = options.Copy() + + resolveDefaultLogger(&options) + + setResolvedDefaultsMode(&options) + + resolveRetryer(&options) + + resolveHTTPClient(&options) + + resolveHTTPSignerV4(&options) + + resolveEndpointResolverV2(&options) + + resolveTracerProvider(&options) + + resolveMeterProvider(&options) + + resolveAuthSchemeResolver(&options) + + for _, fn := range optFns { + fn(&options) + } + + finalizeRetryMaxAttempts(&options) + + ignoreAnonymousAuth(&options) + + wrapWithAnonymousAuth(&options) + + resolveAuthSchemes(&options) + + client := &Client{ + options: options, + } + + initializeTimeOffsetResolver(client) + + return client +} + +// Options returns a copy of the client configuration. +// +// Callers SHOULD NOT perform mutations on any inner structures within client +// config. Config overrides should instead be made on a per-operation basis through +// functional options. +func (c *Client) Options() Options { + return c.options.Copy() +} + +func (c *Client) invokeOperation( + ctx context.Context, opID string, params interface{}, optFns []func(*Options), stackFns ...func(*middleware.Stack, Options) error, +) ( + result interface{}, metadata middleware.Metadata, err error, +) { + ctx = middleware.ClearStackValues(ctx) + ctx = middleware.WithServiceID(ctx, ServiceID) + ctx = middleware.WithOperationName(ctx, opID) + + stack := middleware.NewStack(opID, smithyhttp.NewStackRequest) + options := c.options.Copy() + + for _, fn := range optFns { + fn(&options) + } + + finalizeOperationRetryMaxAttempts(&options, *c) + + finalizeClientEndpointResolverOptions(&options) + + for _, fn := range stackFns { + if err := fn(stack, options); err != nil { + return nil, metadata, err + } + } + + for _, fn := range options.APIOptions { + if err := fn(stack); err != nil { + return nil, metadata, err + } + } + + ctx, err = withOperationMetrics(ctx, options.MeterProvider) + if err != nil { + return nil, metadata, err + } + + tracer := operationTracer(options.TracerProvider) + spanName := fmt.Sprintf("%s.%s", ServiceID, opID) + + ctx = tracing.WithOperationTracer(ctx, tracer) + + ctx, span := tracer.StartSpan(ctx, spanName, func(o *tracing.SpanOptions) { + o.Kind = tracing.SpanKindClient + o.Properties.Set("rpc.system", "aws-api") + o.Properties.Set("rpc.method", opID) + o.Properties.Set("rpc.service", ServiceID) + }) + endTimer := startMetricTimer(ctx, "client.call.duration") + defer endTimer() + defer span.End() + + handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) { + o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/signin") + }) + decorated := middleware.DecorateHandler(handler, stack) + result, metadata, err = decorated.Handle(ctx, params) + if err != nil { + span.SetProperty("exception.type", fmt.Sprintf("%T", err)) + span.SetProperty("exception.message", err.Error()) + + var aerr smithy.APIError + if errors.As(err, &aerr) { + span.SetProperty("api.error_code", aerr.ErrorCode()) + span.SetProperty("api.error_message", aerr.ErrorMessage()) + span.SetProperty("api.error_fault", aerr.ErrorFault().String()) + } + + err = &smithy.OperationError{ + ServiceID: ServiceID, + OperationName: opID, + Err: err, + } + } + + span.SetProperty("error", err != nil) + if err == nil { + span.SetStatus(tracing.SpanStatusOK) + } else { + span.SetStatus(tracing.SpanStatusError) + } + + return result, metadata, err +} + +type operationInputKey struct{} + +func setOperationInput(ctx context.Context, input interface{}) context.Context { + return middleware.WithStackValue(ctx, operationInputKey{}, input) +} + +func getOperationInput(ctx context.Context) interface{} { + return middleware.GetStackValue(ctx, operationInputKey{}) +} + +type setOperationInputMiddleware struct { +} + +func (*setOperationInputMiddleware) ID() string { + return "setOperationInput" +} + +func (m *setOperationInputMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + ctx = setOperationInput(ctx, in.Parameters) + return next.HandleSerialize(ctx, in) +} + +func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, operation string) error { + if err := stack.Finalize.Add(&resolveAuthSchemeMiddleware{operation: operation, options: options}, middleware.Before); err != nil { + return fmt.Errorf("add ResolveAuthScheme: %w", err) + } + if err := stack.Finalize.Insert(&getIdentityMiddleware{options: options}, "ResolveAuthScheme", middleware.After); err != nil { + return fmt.Errorf("add GetIdentity: %v", err) + } + if err := stack.Finalize.Insert(&resolveEndpointV2Middleware{options: options}, "GetIdentity", middleware.After); err != nil { + return fmt.Errorf("add ResolveEndpointV2: %v", err) + } + if err := stack.Finalize.Insert(&signRequestMiddleware{options: options}, "ResolveEndpointV2", middleware.After); err != nil { + return fmt.Errorf("add Signing: %w", err) + } + return nil +} +func resolveAuthSchemeResolver(options *Options) { + if options.AuthSchemeResolver == nil { + options.AuthSchemeResolver = &defaultAuthSchemeResolver{} + } +} + +func resolveAuthSchemes(options *Options) { + if options.AuthSchemes == nil { + options.AuthSchemes = []smithyhttp.AuthScheme{ + internalauth.NewHTTPAuthScheme("aws.auth#sigv4", &internalauthsmithy.V4SignerAdapter{ + Signer: options.HTTPSignerV4, + Logger: options.Logger, + LogSigning: options.ClientLogMode.IsSigning(), + }), + } + } +} + +type noSmithyDocumentSerde = smithydocument.NoSerde + +type legacyEndpointContextSetter struct { + LegacyResolver EndpointResolver +} + +func (*legacyEndpointContextSetter) ID() string { + return "legacyEndpointContextSetter" +} + +func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + if m.LegacyResolver != nil { + ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true) + } + + return next.HandleInitialize(ctx, in) + +} +func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error { + return stack.Initialize.Add(&legacyEndpointContextSetter{ + LegacyResolver: o.EndpointResolver, + }, middleware.Before) +} + +func resolveDefaultLogger(o *Options) { + if o.Logger != nil { + return + } + o.Logger = logging.Nop{} +} + +func addSetLoggerMiddleware(stack *middleware.Stack, o Options) error { + return middleware.AddSetLoggerMiddleware(stack, o.Logger) +} + +func setResolvedDefaultsMode(o *Options) { + if len(o.resolvedDefaultsMode) > 0 { + return + } + + var mode aws.DefaultsMode + mode.SetFromString(string(o.DefaultsMode)) + + if mode == aws.DefaultsModeAuto { + mode = defaults.ResolveDefaultsModeAuto(o.Region, o.RuntimeEnvironment) + } + + o.resolvedDefaultsMode = mode +} + +// NewFromConfig returns a new client from the provided config. +func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client { + opts := Options{ + Region: cfg.Region, + DefaultsMode: cfg.DefaultsMode, + RuntimeEnvironment: cfg.RuntimeEnvironment, + HTTPClient: cfg.HTTPClient, + Credentials: cfg.Credentials, + APIOptions: cfg.APIOptions, + Logger: cfg.Logger, + ClientLogMode: cfg.ClientLogMode, + AppID: cfg.AppID, + AuthSchemePreference: cfg.AuthSchemePreference, + } + resolveAWSRetryerProvider(cfg, &opts) + resolveAWSRetryMaxAttempts(cfg, &opts) + resolveAWSRetryMode(cfg, &opts) + resolveAWSEndpointResolver(cfg, &opts) + resolveInterceptors(cfg, &opts) + resolveUseDualStackEndpoint(cfg, &opts) + resolveUseFIPSEndpoint(cfg, &opts) + resolveBaseEndpoint(cfg, &opts) + return New(opts, func(o *Options) { + for _, opt := range cfg.ServiceOptions { + opt(ServiceID, o) + } + for _, opt := range optFns { + opt(o) + } + }) +} + +func resolveHTTPClient(o *Options) { + var buildable *awshttp.BuildableClient + + if o.HTTPClient != nil { + var ok bool + buildable, ok = o.HTTPClient.(*awshttp.BuildableClient) + if !ok { + return + } + } else { + buildable = awshttp.NewBuildableClient() + } + + modeConfig, err := defaults.GetModeConfiguration(o.resolvedDefaultsMode) + if err == nil { + buildable = buildable.WithDialerOptions(func(dialer *net.Dialer) { + if dialerTimeout, ok := modeConfig.GetConnectTimeout(); ok { + dialer.Timeout = dialerTimeout + } + }) + + buildable = buildable.WithTransportOptions(func(transport *http.Transport) { + if tlsHandshakeTimeout, ok := modeConfig.GetTLSNegotiationTimeout(); ok { + transport.TLSHandshakeTimeout = tlsHandshakeTimeout + } + }) + } + + o.HTTPClient = buildable +} + +func resolveRetryer(o *Options) { + if o.Retryer != nil { + return + } + + if len(o.RetryMode) == 0 { + modeConfig, err := defaults.GetModeConfiguration(o.resolvedDefaultsMode) + if err == nil { + o.RetryMode = modeConfig.RetryMode + } + } + if len(o.RetryMode) == 0 { + o.RetryMode = aws.RetryModeStandard + } + + var standardOptions []func(*retry.StandardOptions) + if v := o.RetryMaxAttempts; v != 0 { + standardOptions = append(standardOptions, func(so *retry.StandardOptions) { + so.MaxAttempts = v + }) + } + + switch o.RetryMode { + case aws.RetryModeAdaptive: + var adaptiveOptions []func(*retry.AdaptiveModeOptions) + if len(standardOptions) != 0 { + adaptiveOptions = append(adaptiveOptions, func(ao *retry.AdaptiveModeOptions) { + ao.StandardOptions = append(ao.StandardOptions, standardOptions...) + }) + } + o.Retryer = retry.NewAdaptiveMode(adaptiveOptions...) + + default: + o.Retryer = retry.NewStandard(standardOptions...) + } +} + +func resolveAWSRetryerProvider(cfg aws.Config, o *Options) { + if cfg.Retryer == nil { + return + } + o.Retryer = cfg.Retryer() +} + +func resolveAWSRetryMode(cfg aws.Config, o *Options) { + if len(cfg.RetryMode) == 0 { + return + } + o.RetryMode = cfg.RetryMode +} +func resolveAWSRetryMaxAttempts(cfg aws.Config, o *Options) { + if cfg.RetryMaxAttempts == 0 { + return + } + o.RetryMaxAttempts = cfg.RetryMaxAttempts +} + +func finalizeRetryMaxAttempts(o *Options) { + if o.RetryMaxAttempts == 0 { + return + } + + o.Retryer = retry.AddWithMaxAttempts(o.Retryer, o.RetryMaxAttempts) +} + +func finalizeOperationRetryMaxAttempts(o *Options, client Client) { + if v := o.RetryMaxAttempts; v == 0 || v == client.options.RetryMaxAttempts { + return + } + + o.Retryer = retry.AddWithMaxAttempts(o.Retryer, o.RetryMaxAttempts) +} + +func resolveAWSEndpointResolver(cfg aws.Config, o *Options) { + if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil { + return + } + o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions) +} + +func resolveInterceptors(cfg aws.Config, o *Options) { + o.Interceptors = cfg.Interceptors.Copy() +} + +func addClientUserAgent(stack *middleware.Stack, options Options) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + ua.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "signin", goModuleVersion) + if len(options.AppID) > 0 { + ua.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID) + } + + return nil +} + +func getOrAddRequestUserAgent(stack *middleware.Stack) (*awsmiddleware.RequestUserAgent, error) { + id := (*awsmiddleware.RequestUserAgent)(nil).ID() + mw, ok := stack.Build.Get(id) + if !ok { + mw = awsmiddleware.NewRequestUserAgent() + if err := stack.Build.Add(mw, middleware.After); err != nil { + return nil, err + } + } + + ua, ok := mw.(*awsmiddleware.RequestUserAgent) + if !ok { + return nil, fmt.Errorf("%T for %s middleware did not match expected type", mw, id) + } + + return ua, nil +} + +type HTTPSignerV4 interface { + SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error +} + +func resolveHTTPSignerV4(o *Options) { + if o.HTTPSignerV4 != nil { + return + } + o.HTTPSignerV4 = newDefaultV4Signer(*o) +} + +func newDefaultV4Signer(o Options) *v4.Signer { + return v4.NewSigner(func(so *v4.SignerOptions) { + so.Logger = o.Logger + so.LogSigning = o.ClientLogMode.IsSigning() + }) +} + +func addClientRequestID(stack *middleware.Stack) error { + return stack.Build.Add(&awsmiddleware.ClientRequestID{}, middleware.After) +} + +func addComputeContentLength(stack *middleware.Stack) error { + return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After) +} + +func addRawResponseToMetadata(stack *middleware.Stack) error { + return stack.Deserialize.Add(&awsmiddleware.AddRawResponse{}, middleware.Before) +} + +func addRecordResponseTiming(stack *middleware.Stack) error { + return stack.Deserialize.Add(&awsmiddleware.RecordResponseTiming{}, middleware.After) +} + +func addSpanRetryLoop(stack *middleware.Stack, options Options) error { + return stack.Finalize.Insert(&spanRetryLoop{options: options}, "Retry", middleware.Before) +} + +type spanRetryLoop struct { + options Options +} + +func (*spanRetryLoop) ID() string { + return "spanRetryLoop" +} + +func (m *spanRetryLoop) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + middleware.FinalizeOutput, middleware.Metadata, error, +) { + tracer := operationTracer(m.options.TracerProvider) + ctx, span := tracer.StartSpan(ctx, "RetryLoop") + defer span.End() + + return next.HandleFinalize(ctx, in) +} +func addStreamingEventsPayload(stack *middleware.Stack) error { + return stack.Finalize.Add(&v4.StreamingEventsPayload{}, middleware.Before) +} + +func addUnsignedPayload(stack *middleware.Stack) error { + return stack.Finalize.Insert(&v4.UnsignedPayload{}, "ResolveEndpointV2", middleware.After) +} + +func addComputePayloadSHA256(stack *middleware.Stack) error { + return stack.Finalize.Insert(&v4.ComputePayloadSHA256{}, "ResolveEndpointV2", middleware.After) +} + +func addContentSHA256Header(stack *middleware.Stack) error { + return stack.Finalize.Insert(&v4.ContentSHA256Header{}, (*v4.ComputePayloadSHA256)(nil).ID(), middleware.After) +} + +func addIsWaiterUserAgent(o *Options) { + o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureWaiter) + return nil + }) +} + +func addIsPaginatorUserAgent(o *Options) { + o.APIOptions = append(o.APIOptions, func(stack *middleware.Stack) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + ua.AddUserAgentFeature(awsmiddleware.UserAgentFeaturePaginator) + return nil + }) +} + +func addRetry(stack *middleware.Stack, o Options, c *Client) error { + attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { + m.LogAttempts = o.ClientLogMode.IsRetries() + m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/signin") + m.ClientSkew = c.timeOffset + }) + if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { + return err + } + if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil { + return err + } + return nil +} + +// resolves dual-stack endpoint configuration +func resolveUseDualStackEndpoint(cfg aws.Config, o *Options) error { + if len(cfg.ConfigSources) == 0 { + return nil + } + value, found, err := internalConfig.ResolveUseDualStackEndpoint(context.Background(), cfg.ConfigSources) + if err != nil { + return err + } + if found { + o.EndpointOptions.UseDualStackEndpoint = value + } + return nil +} + +// resolves FIPS endpoint configuration +func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { + if len(cfg.ConfigSources) == 0 { + return nil + } + value, found, err := internalConfig.ResolveUseFIPSEndpoint(context.Background(), cfg.ConfigSources) + if err != nil { + return err + } + if found { + o.EndpointOptions.UseFIPSEndpoint = value + } + return nil +} + +func initializeTimeOffsetResolver(c *Client) { + c.timeOffset = new(atomic.Int64) +} + +func addUserAgentRetryMode(stack *middleware.Stack, options Options) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + switch options.Retryer.(type) { + case *retry.Standard: + ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeStandard) + case *retry.AdaptiveMode: + ua.AddUserAgentFeature(awsmiddleware.UserAgentFeatureRetryModeAdaptive) + } + return nil +} + +type setCredentialSourceMiddleware struct { + ua *awsmiddleware.RequestUserAgent + options Options +} + +func (m setCredentialSourceMiddleware) ID() string { return "SetCredentialSourceMiddleware" } + +func (m setCredentialSourceMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) ( + out middleware.BuildOutput, metadata middleware.Metadata, err error, +) { + asProviderSource, ok := m.options.Credentials.(aws.CredentialProviderSource) + if !ok { + return next.HandleBuild(ctx, in) + } + providerSources := asProviderSource.ProviderSources() + for _, source := range providerSources { + m.ua.AddCredentialsSource(source) + } + return next.HandleBuild(ctx, in) +} + +func addCredentialSource(stack *middleware.Stack, options Options) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + mw := setCredentialSourceMiddleware{ua: ua, options: options} + return stack.Build.Insert(&mw, "UserAgent", middleware.Before) +} + +func resolveTracerProvider(options *Options) { + if options.TracerProvider == nil { + options.TracerProvider = &tracing.NopTracerProvider{} + } +} + +func resolveMeterProvider(options *Options) { + if options.MeterProvider == nil { + options.MeterProvider = metrics.NopMeterProvider{} + } +} + +func addRecursionDetection(stack *middleware.Stack) error { + return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After) +} + +func addRequestIDRetrieverMiddleware(stack *middleware.Stack) error { + return stack.Deserialize.Insert(&awsmiddleware.RequestIDRetriever{}, "OperationDeserializer", middleware.Before) + +} + +func addResponseErrorMiddleware(stack *middleware.Stack) error { + return stack.Deserialize.Insert(&awshttp.ResponseErrorWrapper{}, "RequestIDRetriever", middleware.Before) + +} + +func addRequestResponseLogging(stack *middleware.Stack, o Options) error { + return stack.Deserialize.Add(&smithyhttp.RequestResponseLogger{ + LogRequest: o.ClientLogMode.IsRequest(), + LogRequestWithBody: o.ClientLogMode.IsRequestWithBody(), + LogResponse: o.ClientLogMode.IsResponse(), + LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(), + }, middleware.After) +} + +type disableHTTPSMiddleware struct { + DisableHTTPS bool +} + +func (*disableHTTPSMiddleware) ID() string { + return "disableHTTPS" +} + +func (m *disableHTTPSMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) + } + + if m.DisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) { + req.URL.Scheme = "http" + } + + return next.HandleFinalize(ctx, in) +} + +func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error { + return stack.Finalize.Insert(&disableHTTPSMiddleware{ + DisableHTTPS: o.EndpointOptions.DisableHTTPS, + }, "ResolveEndpointV2", middleware.After) +} + +func addInterceptBeforeRetryLoop(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptBeforeRetryLoop{ + Interceptors: opts.Interceptors.BeforeRetryLoop, + }, "Retry", middleware.Before) +} + +func addInterceptAttempt(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptAttempt{ + BeforeAttempt: opts.Interceptors.BeforeAttempt, + AfterAttempt: opts.Interceptors.AfterAttempt, + }, "Retry", middleware.After) +} + +func addInterceptors(stack *middleware.Stack, opts Options) error { + // middlewares are expensive, don't add all of these interceptor ones unless the caller + // actually has at least one interceptor configured + // + // at the moment it's all-or-nothing because some of the middlewares here are responsible for + // setting fields in the interceptor context for future ones + if len(opts.Interceptors.BeforeExecution) == 0 && + len(opts.Interceptors.BeforeSerialization) == 0 && len(opts.Interceptors.AfterSerialization) == 0 && + len(opts.Interceptors.BeforeRetryLoop) == 0 && + len(opts.Interceptors.BeforeAttempt) == 0 && + len(opts.Interceptors.BeforeSigning) == 0 && len(opts.Interceptors.AfterSigning) == 0 && + len(opts.Interceptors.BeforeTransmit) == 0 && len(opts.Interceptors.AfterTransmit) == 0 && + len(opts.Interceptors.BeforeDeserialization) == 0 && len(opts.Interceptors.AfterDeserialization) == 0 && + len(opts.Interceptors.AfterAttempt) == 0 && len(opts.Interceptors.AfterExecution) == 0 { + return nil + } + + return errors.Join( + stack.Initialize.Add(&smithyhttp.InterceptExecution{ + BeforeExecution: opts.Interceptors.BeforeExecution, + AfterExecution: opts.Interceptors.AfterExecution, + }, middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptBeforeSerialization{ + Interceptors: opts.Interceptors.BeforeSerialization, + }, "OperationSerializer", middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptAfterSerialization{ + Interceptors: opts.Interceptors.AfterSerialization, + }, "OperationSerializer", middleware.After), + stack.Finalize.Insert(&smithyhttp.InterceptBeforeSigning{ + Interceptors: opts.Interceptors.BeforeSigning, + }, "Signing", middleware.Before), + stack.Finalize.Insert(&smithyhttp.InterceptAfterSigning{ + Interceptors: opts.Interceptors.AfterSigning, + }, "Signing", middleware.After), + stack.Deserialize.Add(&smithyhttp.InterceptTransmit{ + BeforeTransmit: opts.Interceptors.BeforeTransmit, + AfterTransmit: opts.Interceptors.AfterTransmit, + }, middleware.After), + stack.Deserialize.Insert(&smithyhttp.InterceptBeforeDeserialization{ + Interceptors: opts.Interceptors.BeforeDeserialization, + }, "OperationDeserializer", middleware.After), // (deserialize stack is called in reverse) + stack.Deserialize.Insert(&smithyhttp.InterceptAfterDeserialization{ + Interceptors: opts.Interceptors.AfterDeserialization, + }, "OperationDeserializer", middleware.Before), + ) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go new file mode 100644 index 00000000000..dec8656f86d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go @@ -0,0 +1,206 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/signin/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// CreateOAuth2Token API +// +// Path: /v1/token Request Method: POST Content-Type: application/json or +// application/x-www-form-urlencoded +// +// This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting +// both: +// +// - Authorization code redemption (grant_type=authorization_code) - NOT +// idempotent +// - Token refresh (grant_type=refresh_token) - Idempotent within token validity +// window +// +// The operation behavior is determined by the grant_type parameter in the request +// body: +// +// Authorization Code Flow (NOT Idempotent): +// +// - JSON or form-encoded body with client_id, grant_type=authorization_code, +// code, redirect_uri, code_verifier +// - Returns access_token, token_type, expires_in, refresh_token, and id_token +// - Each authorization code can only be used ONCE for security (prevents replay +// attacks) +// +// Token Refresh Flow (Idempotent): +// +// - JSON or form-encoded body with client_id, grant_type=refresh_token, +// refresh_token +// - Returns access_token, token_type, expires_in, and refresh_token (no +// id_token) +// - Multiple calls with same refresh_token return consistent results within +// validity window +// +// Authentication and authorization: +// +// - Confidential clients: sigv4 signing required with signin:ExchangeToken +// permissions +// - CLI clients (public): authn/authz skipped based on client_id & grant_type +// +// Note: This operation cannot be marked as @idempotent because it handles both +// idempotent (token refresh) and non-idempotent (auth code redemption) flows in a +// single endpoint. +func (c *Client) CreateOAuth2Token(ctx context.Context, params *CreateOAuth2TokenInput, optFns ...func(*Options)) (*CreateOAuth2TokenOutput, error) { + if params == nil { + params = &CreateOAuth2TokenInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "CreateOAuth2Token", params, optFns, c.addOperationCreateOAuth2TokenMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*CreateOAuth2TokenOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input structure for CreateOAuth2Token operation +// +// Contains flattened token operation inputs for both authorization code and +// refresh token flows. The operation type is determined by the grant_type +// parameter in the request body. +type CreateOAuth2TokenInput struct { + + // Flattened token operation inputs The specific operation is determined by + // grant_type in the request body + // + // This member is required. + TokenInput *types.CreateOAuth2TokenRequestBody + + noSmithyDocumentSerde +} + +// Output structure for CreateOAuth2Token operation +// +// Contains flattened token operation outputs for both authorization code and +// refresh token flows. The response content depends on the grant_type from the +// original request. +type CreateOAuth2TokenOutput struct { + + // Flattened token operation outputs The specific response fields depend on the + // grant_type used in the request + // + // This member is required. + TokenOutput *types.CreateOAuth2TokenResponseBody + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationCreateOAuth2TokenMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateOAuth2Token{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateOAuth2Token{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "CreateOAuth2Token"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpCreateOAuth2TokenValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateOAuth2Token(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opCreateOAuth2Token(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "CreateOAuth2Token", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go new file mode 100644 index 00000000000..cf6b3650410 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go @@ -0,0 +1,351 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + smithy "github.com/aws/smithy-go" + smithyauth "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/metrics" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/tracing" + smithyhttp "github.com/aws/smithy-go/transport/http" + "slices" + "strings" +) + +func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) error { + params.Region = options.Region + return nil +} + +type setLegacyContextSigningOptionsMiddleware struct { +} + +func (*setLegacyContextSigningOptionsMiddleware) ID() string { + return "setLegacyContextSigningOptions" +} + +func (m *setLegacyContextSigningOptionsMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + rscheme := getResolvedAuthScheme(ctx) + schemeID := rscheme.Scheme.SchemeID() + + if sn := awsmiddleware.GetSigningName(ctx); sn != "" { + if schemeID == "aws.auth#sigv4" { + smithyhttp.SetSigV4SigningName(&rscheme.SignerProperties, sn) + } else if schemeID == "aws.auth#sigv4a" { + smithyhttp.SetSigV4ASigningName(&rscheme.SignerProperties, sn) + } + } + + if sr := awsmiddleware.GetSigningRegion(ctx); sr != "" { + if schemeID == "aws.auth#sigv4" { + smithyhttp.SetSigV4SigningRegion(&rscheme.SignerProperties, sr) + } else if schemeID == "aws.auth#sigv4a" { + smithyhttp.SetSigV4ASigningRegions(&rscheme.SignerProperties, []string{sr}) + } + } + + return next.HandleFinalize(ctx, in) +} + +func addSetLegacyContextSigningOptionsMiddleware(stack *middleware.Stack) error { + return stack.Finalize.Insert(&setLegacyContextSigningOptionsMiddleware{}, "Signing", middleware.Before) +} + +type withAnonymous struct { + resolver AuthSchemeResolver +} + +var _ AuthSchemeResolver = (*withAnonymous)(nil) + +func (v *withAnonymous) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) { + opts, err := v.resolver.ResolveAuthSchemes(ctx, params) + if err != nil { + return nil, err + } + + opts = append(opts, &smithyauth.Option{ + SchemeID: smithyauth.SchemeIDAnonymous, + }) + return opts, nil +} + +func wrapWithAnonymousAuth(options *Options) { + if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok { + return + } + + options.AuthSchemeResolver = &withAnonymous{ + resolver: options.AuthSchemeResolver, + } +} + +// AuthResolverParameters contains the set of inputs necessary for auth scheme +// resolution. +type AuthResolverParameters struct { + // The name of the operation being invoked. + Operation string + + // The region in which the operation is being invoked. + Region string +} + +func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) (*AuthResolverParameters, error) { + params := &AuthResolverParameters{ + Operation: operation, + } + + if err := bindAuthParamsRegion(ctx, params, input, options); err != nil { + return nil, err + } + + return params, nil +} + +// AuthSchemeResolver returns a set of possible authentication options for an +// operation. +type AuthSchemeResolver interface { + ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error) +} + +type defaultAuthSchemeResolver struct{} + +var _ AuthSchemeResolver = (*defaultAuthSchemeResolver)(nil) + +func (*defaultAuthSchemeResolver) ResolveAuthSchemes(ctx context.Context, params *AuthResolverParameters) ([]*smithyauth.Option, error) { + if overrides, ok := operationAuthOptions[params.Operation]; ok { + return overrides(params), nil + } + return serviceAuthOptions(params), nil +} + +var operationAuthOptions = map[string]func(*AuthResolverParameters) []*smithyauth.Option{ + "CreateOAuth2Token": func(params *AuthResolverParameters) []*smithyauth.Option { + return []*smithyauth.Option{ + {SchemeID: smithyauth.SchemeIDAnonymous}, + } + }, +} + +func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option { + return []*smithyauth.Option{ + { + SchemeID: smithyauth.SchemeIDSigV4, + SignerProperties: func() smithy.Properties { + var props smithy.Properties + smithyhttp.SetSigV4SigningName(&props, "signin") + smithyhttp.SetSigV4SigningRegion(&props, params.Region) + return props + }(), + }, + } +} + +type resolveAuthSchemeMiddleware struct { + operation string + options Options +} + +func (*resolveAuthSchemeMiddleware) ID() string { + return "ResolveAuthScheme" +} + +func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "ResolveAuthScheme") + defer span.End() + + params, err := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("bind auth scheme params: %w", err) + } + options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) + if err != nil { + return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) + } + + scheme, ok := m.selectScheme(options) + if !ok { + return out, metadata, fmt.Errorf("could not select an auth scheme") + } + + ctx = setResolvedAuthScheme(ctx, scheme) + + span.SetProperty("auth.scheme_id", scheme.Scheme.SchemeID()) + span.End() + return next.HandleFinalize(ctx, in) +} + +func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) (*resolvedAuthScheme, bool) { + sorted := sortAuthOptions(options, m.options.AuthSchemePreference) + for _, option := range sorted { + if option.SchemeID == smithyauth.SchemeIDAnonymous { + return newResolvedAuthScheme(smithyhttp.NewAnonymousScheme(), option), true + } + + for _, scheme := range m.options.AuthSchemes { + if scheme.SchemeID() != option.SchemeID { + continue + } + + if scheme.IdentityResolver(m.options) != nil { + return newResolvedAuthScheme(scheme, option), true + } + } + } + + return nil, false +} + +func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { + byPriority := make([]*smithyauth.Option, 0, len(options)) + for _, prefName := range preferred { + for _, option := range options { + optName := option.SchemeID + if parts := strings.Split(option.SchemeID, "#"); len(parts) == 2 { + optName = parts[1] + } + if prefName == optName { + byPriority = append(byPriority, option) + } + } + } + for _, option := range options { + if !slices.ContainsFunc(byPriority, func(o *smithyauth.Option) bool { + return o.SchemeID == option.SchemeID + }) { + byPriority = append(byPriority, option) + } + } + return byPriority +} + +type resolvedAuthSchemeKey struct{} + +type resolvedAuthScheme struct { + Scheme smithyhttp.AuthScheme + IdentityProperties smithy.Properties + SignerProperties smithy.Properties +} + +func newResolvedAuthScheme(scheme smithyhttp.AuthScheme, option *smithyauth.Option) *resolvedAuthScheme { + return &resolvedAuthScheme{ + Scheme: scheme, + IdentityProperties: option.IdentityProperties, + SignerProperties: option.SignerProperties, + } +} + +func setResolvedAuthScheme(ctx context.Context, scheme *resolvedAuthScheme) context.Context { + return middleware.WithStackValue(ctx, resolvedAuthSchemeKey{}, scheme) +} + +func getResolvedAuthScheme(ctx context.Context) *resolvedAuthScheme { + v, _ := middleware.GetStackValue(ctx, resolvedAuthSchemeKey{}).(*resolvedAuthScheme) + return v +} + +type getIdentityMiddleware struct { + options Options +} + +func (*getIdentityMiddleware) ID() string { + return "GetIdentity" +} + +func (m *getIdentityMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + innerCtx, span := tracing.StartSpan(ctx, "GetIdentity") + defer span.End() + + rscheme := getResolvedAuthScheme(innerCtx) + if rscheme == nil { + return out, metadata, fmt.Errorf("no resolved auth scheme") + } + + resolver := rscheme.Scheme.IdentityResolver(m.options) + if resolver == nil { + return out, metadata, fmt.Errorf("no identity resolver") + } + + identity, err := timeOperationMetric(ctx, "client.call.resolve_identity_duration", + func() (smithyauth.Identity, error) { + return resolver.GetIdentity(innerCtx, rscheme.IdentityProperties) + }, + func(o *metrics.RecordMetricOptions) { + o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID()) + }) + if err != nil { + return out, metadata, fmt.Errorf("get identity: %w", err) + } + + ctx = setIdentity(ctx, identity) + + span.End() + return next.HandleFinalize(ctx, in) +} + +type identityKey struct{} + +func setIdentity(ctx context.Context, identity smithyauth.Identity) context.Context { + return middleware.WithStackValue(ctx, identityKey{}, identity) +} + +func getIdentity(ctx context.Context) smithyauth.Identity { + v, _ := middleware.GetStackValue(ctx, identityKey{}).(smithyauth.Identity) + return v +} + +type signRequestMiddleware struct { + options Options +} + +func (*signRequestMiddleware) ID() string { + return "Signing" +} + +func (m *signRequestMiddleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "SignRequest") + defer span.End() + + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unexpected transport type %T", in.Request) + } + + rscheme := getResolvedAuthScheme(ctx) + if rscheme == nil { + return out, metadata, fmt.Errorf("no resolved auth scheme") + } + + identity := getIdentity(ctx) + if identity == nil { + return out, metadata, fmt.Errorf("no identity") + } + + signer := rscheme.Scheme.Signer() + if signer == nil { + return out, metadata, fmt.Errorf("no signer") + } + + _, err = timeOperationMetric(ctx, "client.call.signing_duration", func() (any, error) { + return nil, signer.SignRequest(ctx, req, identity, rscheme.SignerProperties) + }, func(o *metrics.RecordMetricOptions) { + o.Properties.Set("auth.scheme_id", rscheme.Scheme.SchemeID()) + }) + if err != nil { + return out, metadata, fmt.Errorf("sign request: %w", err) + } + + span.End() + return next.HandleFinalize(ctx, in) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go new file mode 100644 index 00000000000..b74b612e6b0 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go @@ -0,0 +1,655 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "github.com/aws/aws-sdk-go-v2/aws/protocol/restjson" + "github.com/aws/aws-sdk-go-v2/service/signin/types" + smithy "github.com/aws/smithy-go" + smithyio "github.com/aws/smithy-go/io" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + "github.com/aws/smithy-go/tracing" + smithyhttp "github.com/aws/smithy-go/transport/http" + "io" + "strings" +) + +type awsRestjson1_deserializeOpCreateOAuth2Token struct { +} + +func (*awsRestjson1_deserializeOpCreateOAuth2Token) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpCreateOAuth2Token) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorCreateOAuth2Token(response, &metadata) + } + output := &CreateOAuth2TokenOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(&output.TokenOutput, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorCreateOAuth2Token(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentCreateOAuth2TokenOutput(v **CreateOAuth2TokenOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *CreateOAuth2TokenOutput + if *v == nil { + sv = &CreateOAuth2TokenOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "tokenOutput": + if err := awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(&sv.TokenOutput, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeErrorAccessDeniedException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.AccessDeniedException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentAccessDeniedException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorInternalServerException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.InternalServerException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentInternalServerException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorTooManyRequestsError(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.TooManyRequestsError{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentTooManyRequestsError(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorValidationException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ValidationException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentValidationException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeDocumentAccessDeniedException(v **types.AccessDeniedException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.AccessDeniedException + if *v == nil { + sv = &types.AccessDeniedException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) + } + sv.Error_ = types.OAuth2ErrorCode(jtv) + } + + case "message", "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentAccessToken(v **types.AccessToken, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.AccessToken + if *v == nil { + sv = &types.AccessToken{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "accessKeyId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.AccessKeyId = ptr.String(jtv) + } + + case "secretAccessKey": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.SecretAccessKey = ptr.String(jtv) + } + + case "sessionToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.SessionToken = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(v **types.CreateOAuth2TokenResponseBody, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CreateOAuth2TokenResponseBody + if *v == nil { + sv = &types.CreateOAuth2TokenResponseBody{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "accessToken": + if err := awsRestjson1_deserializeDocumentAccessToken(&sv.AccessToken, value); err != nil { + return err + } + + case "expiresIn": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected ExpiresIn to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.ExpiresIn = ptr.Int32(int32(i64)) + } + + case "idToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected IdToken to be of type string, got %T instead", value) + } + sv.IdToken = ptr.String(jtv) + } + + case "refreshToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected RefreshToken to be of type string, got %T instead", value) + } + sv.RefreshToken = ptr.String(jtv) + } + + case "tokenType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TokenType to be of type string, got %T instead", value) + } + sv.TokenType = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentInternalServerException(v **types.InternalServerException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InternalServerException + if *v == nil { + sv = &types.InternalServerException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) + } + sv.Error_ = types.OAuth2ErrorCode(jtv) + } + + case "message", "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentTooManyRequestsError(v **types.TooManyRequestsError, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.TooManyRequestsError + if *v == nil { + sv = &types.TooManyRequestsError{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) + } + sv.Error_ = types.OAuth2ErrorCode(jtv) + } + + case "message", "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentValidationException(v **types.ValidationException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ValidationException + if *v == nil { + sv = &types.ValidationException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) + } + sv.Error_ = types.OAuth2ErrorCode(jtv) + } + + case "message", "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/doc.go new file mode 100644 index 00000000000..dc1a8b62f09 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/doc.go @@ -0,0 +1,9 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +// Package signin provides the API client, operations, and parameter types for AWS +// Sign-In Service. +// +// AWS Sign-In manages authentication for AWS services. This service provides +// secure authentication flows for accessing AWS resources from the console and +// developer tools. +package signin diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go new file mode 100644 index 00000000000..db2e6a62a38 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go @@ -0,0 +1,624 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "errors" + "fmt" + "github.com/aws/aws-sdk-go-v2/aws" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" + "github.com/aws/aws-sdk-go-v2/internal/endpoints" + "github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn" + internalendpoints "github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints" + smithyauth "github.com/aws/smithy-go/auth" + smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/rulesfn" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + "github.com/aws/smithy-go/tracing" + smithyhttp "github.com/aws/smithy-go/transport/http" + "net/http" + "net/url" + "os" + "strings" +) + +// EndpointResolverOptions is the service endpoint resolver options +type EndpointResolverOptions = internalendpoints.Options + +// EndpointResolver interface for resolving service endpoints. +type EndpointResolver interface { + ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error) +} + +var _ EndpointResolver = &internalendpoints.Resolver{} + +// NewDefaultEndpointResolver constructs a new service endpoint resolver +func NewDefaultEndpointResolver() *internalendpoints.Resolver { + return internalendpoints.New() +} + +// EndpointResolverFunc is a helper utility that wraps a function so it satisfies +// the EndpointResolver interface. This is useful when you want to add additional +// endpoint resolving logic, or stub out specific endpoints with custom values. +type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error) + +func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) { + return fn(region, options) +} + +// EndpointResolverFromURL returns an EndpointResolver configured using the +// provided endpoint url. By default, the resolved endpoint resolver uses the +// client region as signing region, and the endpoint source is set to +// EndpointSourceCustom.You can provide functional options to configure endpoint +// values for the resolved endpoint. +func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver { + e := aws.Endpoint{URL: url, Source: aws.EndpointSourceCustom} + for _, fn := range optFns { + fn(&e) + } + + return EndpointResolverFunc( + func(region string, options EndpointResolverOptions) (aws.Endpoint, error) { + if len(e.SigningRegion) == 0 { + e.SigningRegion = region + } + return e, nil + }, + ) +} + +type ResolveEndpoint struct { + Resolver EndpointResolver + Options EndpointResolverOptions +} + +func (*ResolveEndpoint) ID() string { + return "ResolveEndpoint" +} + +func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) { + return next.HandleSerialize(ctx, in) + } + + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) + } + + if m.Resolver == nil { + return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil") + } + + eo := m.Options + eo.Logger = middleware.GetLogger(ctx) + + var endpoint aws.Endpoint + endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo) + if err != nil { + nf := (&aws.EndpointNotFoundError{}) + if errors.As(err, &nf) { + ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false) + return next.HandleSerialize(ctx, in) + } + return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err) + } + + req.URL, err = url.Parse(endpoint.URL) + if err != nil { + return out, metadata, fmt.Errorf("failed to parse endpoint URL: %w", err) + } + + if len(awsmiddleware.GetSigningName(ctx)) == 0 { + signingName := endpoint.SigningName + if len(signingName) == 0 { + signingName = "signin" + } + ctx = awsmiddleware.SetSigningName(ctx, signingName) + } + ctx = awsmiddleware.SetEndpointSource(ctx, endpoint.Source) + ctx = smithyhttp.SetHostnameImmutable(ctx, endpoint.HostnameImmutable) + ctx = awsmiddleware.SetSigningRegion(ctx, endpoint.SigningRegion) + ctx = awsmiddleware.SetPartitionID(ctx, endpoint.PartitionID) + return next.HandleSerialize(ctx, in) +} +func addResolveEndpointMiddleware(stack *middleware.Stack, o Options) error { + return stack.Serialize.Insert(&ResolveEndpoint{ + Resolver: o.EndpointResolver, + Options: o.EndpointOptions, + }, "OperationSerializer", middleware.Before) +} + +func removeResolveEndpointMiddleware(stack *middleware.Stack) error { + _, err := stack.Serialize.Remove((&ResolveEndpoint{}).ID()) + return err +} + +type wrappedEndpointResolver struct { + awsResolver aws.EndpointResolverWithOptions +} + +func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) { + return w.awsResolver.ResolveEndpoint(ServiceID, region, options) +} + +type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error) + +func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, options ...interface{}) (aws.Endpoint, error) { + return a(service, region) +} + +var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil) + +// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver. +// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error, +// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked +// via its middleware. +// +// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated. +func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver { + var resolver aws.EndpointResolverWithOptions + + if awsResolverWithOptions != nil { + resolver = awsResolverWithOptions + } else if awsResolver != nil { + resolver = awsEndpointResolverAdaptor(awsResolver.ResolveEndpoint) + } + + return &wrappedEndpointResolver{ + awsResolver: resolver, + } +} + +func finalizeClientEndpointResolverOptions(options *Options) { + options.EndpointOptions.LogDeprecated = options.ClientLogMode.IsDeprecatedUsage() + + if len(options.EndpointOptions.ResolvedRegion) == 0 { + const fipsInfix = "-fips-" + const fipsPrefix = "fips-" + const fipsSuffix = "-fips" + + if strings.Contains(options.Region, fipsInfix) || + strings.Contains(options.Region, fipsPrefix) || + strings.Contains(options.Region, fipsSuffix) { + options.EndpointOptions.ResolvedRegion = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll( + options.Region, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "") + options.EndpointOptions.UseFIPSEndpoint = aws.FIPSEndpointStateEnabled + } + } + +} + +func resolveEndpointResolverV2(options *Options) { + if options.EndpointResolverV2 == nil { + options.EndpointResolverV2 = NewDefaultEndpointResolverV2() + } +} + +func resolveBaseEndpoint(cfg aws.Config, o *Options) { + if cfg.BaseEndpoint != nil { + o.BaseEndpoint = cfg.BaseEndpoint + } + + _, g := os.LookupEnv("AWS_ENDPOINT_URL") + _, s := os.LookupEnv("AWS_ENDPOINT_URL_SIGNIN") + + if g && !s { + return + } + + value, found, err := internalConfig.ResolveServiceBaseEndpoint(context.Background(), "Signin", cfg.ConfigSources) + if found && err == nil { + o.BaseEndpoint = &value + } +} + +func bindRegion(region string) (*string, error) { + if region == "" { + return nil, nil + } + if !rulesfn.IsValidHostLabel(region, true) { + return nil, fmt.Errorf("invalid input region %s", region) + } + + return aws.String(endpoints.MapFIPSRegion(region)), nil +} + +// EndpointParameters provides the parameters that influence how endpoints are +// resolved. +type EndpointParameters struct { + // When true, use the dual-stack endpoint. If the configured endpoint does not + // support dual-stack, dispatching the request MAY return an error. + // + // Defaults to + // false if no value is provided. + // + // AWS::UseDualStack + UseDualStack *bool + + // When true, send this request to the FIPS-compliant regional endpoint. If the + // configured endpoint does not have a FIPS compliant endpoint, dispatching the + // request will return an error. + // + // Defaults to false if no value is + // provided. + // + // AWS::UseFIPS + UseFIPS *bool + + // Override the endpoint used to send this request + // + // Parameter is + // required. + // + // SDK::Endpoint + Endpoint *string + + // The AWS region used to dispatch the request. + // + // Parameter is + // required. + // + // AWS::Region + Region *string +} + +// ValidateRequired validates required parameters are set. +func (p EndpointParameters) ValidateRequired() error { + if p.UseDualStack == nil { + return fmt.Errorf("parameter UseDualStack is required") + } + + if p.UseFIPS == nil { + return fmt.Errorf("parameter UseFIPS is required") + } + + return nil +} + +// WithDefaults returns a shallow copy of EndpointParameterswith default values +// applied to members where applicable. +func (p EndpointParameters) WithDefaults() EndpointParameters { + if p.UseDualStack == nil { + p.UseDualStack = ptr.Bool(false) + } + + if p.UseFIPS == nil { + p.UseFIPS = ptr.Bool(false) + } + return p +} + +type stringSlice []string + +func (s stringSlice) Get(i int) *string { + if i < 0 || i >= len(s) { + return nil + } + + v := s[i] + return &v +} + +// EndpointResolverV2 provides the interface for resolving service endpoints. +type EndpointResolverV2 interface { + // ResolveEndpoint attempts to resolve the endpoint with the provided options, + // returning the endpoint if found. Otherwise an error is returned. + ResolveEndpoint(ctx context.Context, params EndpointParameters) ( + smithyendpoints.Endpoint, error, + ) +} + +// resolver provides the implementation for resolving endpoints. +type resolver struct{} + +func NewDefaultEndpointResolverV2() EndpointResolverV2 { + return &resolver{} +} + +// ResolveEndpoint attempts to resolve the endpoint with the provided options, +// returning the endpoint if found. Otherwise an error is returned. +func (r *resolver) ResolveEndpoint( + ctx context.Context, params EndpointParameters, +) ( + endpoint smithyendpoints.Endpoint, err error, +) { + params = params.WithDefaults() + if err = params.ValidateRequired(); err != nil { + return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) + } + _UseDualStack := *params.UseDualStack + _ = _UseDualStack + _UseFIPS := *params.UseFIPS + _ = _UseFIPS + + if exprVal := params.Endpoint; exprVal != nil { + _Endpoint := *exprVal + _ = _Endpoint + if _UseFIPS == true { + return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + } + if _UseDualStack == true { + return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + } + uriString := _Endpoint + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + if exprVal := params.Region; exprVal != nil { + _Region := *exprVal + _ = _Region + if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { + _PartitionResult := *exprVal + _ = _PartitionResult + if _PartitionResult.Name == "aws" { + if _UseFIPS == false { + if _UseDualStack == false { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Region) + out.WriteString(".signin.aws.amazon.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + } + } + if _PartitionResult.Name == "aws-cn" { + if _UseFIPS == false { + if _UseDualStack == false { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Region) + out.WriteString(".signin.amazonaws.cn") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + } + } + if _PartitionResult.Name == "aws-us-gov" { + if _UseFIPS == false { + if _UseDualStack == false { + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(_Region) + out.WriteString(".signin.amazonaws-us-gov.com") + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + } + } + if _UseFIPS == true { + if _UseDualStack == true { + if true == _PartitionResult.SupportsFIPS { + if true == _PartitionResult.SupportsDualStack { + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin-fips.") + out.WriteString(_Region) + out.WriteString(".") + out.WriteString(_PartitionResult.DualStackDnsSuffix) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + } + } + if _UseFIPS == true { + if _UseDualStack == false { + if _PartitionResult.SupportsFIPS == true { + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin-fips.") + out.WriteString(_Region) + out.WriteString(".") + out.WriteString(_PartitionResult.DnsSuffix) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + } + } + if _UseFIPS == false { + if _UseDualStack == true { + if true == _PartitionResult.SupportsDualStack { + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(_Region) + out.WriteString(".") + out.WriteString(_PartitionResult.DualStackDnsSuffix) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + } + } + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(_Region) + out.WriteString(".") + out.WriteString(_PartitionResult.DnsSuffix) + return out.String() + }() + + uri, err := url.Parse(uriString) + if err != nil { + return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) + } + + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + } + return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") + } + return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") +} + +type endpointParamsBinder interface { + bindEndpointParams(*EndpointParameters) +} + +func bindEndpointParams(ctx context.Context, input interface{}, options Options) (*EndpointParameters, error) { + params := &EndpointParameters{} + + params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled) + params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled) + params.Endpoint = options.BaseEndpoint + region, err := bindRegion(options.Region) + if err != nil { + return nil, err + } + params.Region = region + + if b, ok := input.(endpointParamsBinder); ok { + b.bindEndpointParams(params) + } + + return params, nil +} + +type resolveEndpointV2Middleware struct { + options Options +} + +func (*resolveEndpointV2Middleware) ID() string { + return "ResolveEndpointV2" +} + +func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "ResolveEndpoint") + defer span.End() + + if awsmiddleware.GetRequiresLegacyEndpoints(ctx) { + return next.HandleFinalize(ctx, in) + } + + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unknown transport type %T", in.Request) + } + + if m.options.EndpointResolverV2 == nil { + return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil") + } + + params, err := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("failed to bind endpoint params, %w", err) + } + endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration", + func() (smithyendpoints.Endpoint, error) { + return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params) + }) + if err != nil { + return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err) + } + + span.SetProperty("client.call.resolved_endpoint", endpt.URI.String()) + + if endpt.URI.RawPath == "" && req.URL.RawPath != "" { + endpt.URI.RawPath = endpt.URI.Path + } + req.URL.Scheme = endpt.URI.Scheme + req.URL.Host = endpt.URI.Host + req.URL.Path = smithyhttp.JoinPath(endpt.URI.Path, req.URL.Path) + req.URL.RawPath = smithyhttp.JoinPath(endpt.URI.RawPath, req.URL.RawPath) + for k := range endpt.Headers { + req.Header.Set(k, endpt.Headers.Get(k)) + } + + rscheme := getResolvedAuthScheme(ctx) + if rscheme == nil { + return out, metadata, fmt.Errorf("no resolved auth scheme") + } + + opts, _ := smithyauth.GetAuthOptions(&endpt.Properties) + for _, o := range opts { + rscheme.SignerProperties.SetAll(&o.SignerProperties) + } + + span.End() + return next.HandleFinalize(ctx, in) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json new file mode 100644 index 00000000000..6043ab63f26 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json @@ -0,0 +1,33 @@ +{ + "dependencies": { + "github.com/aws/aws-sdk-go-v2": "v1.4.0", + "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000", + "github.com/aws/smithy-go": "v1.4.0" + }, + "files": [ + "api_client.go", + "api_client_test.go", + "api_op_CreateOAuth2Token.go", + "auth.go", + "deserializers.go", + "doc.go", + "endpoints.go", + "endpoints_config_test.go", + "endpoints_test.go", + "generated.json", + "internal/endpoints/endpoints.go", + "internal/endpoints/endpoints_test.go", + "options.go", + "serializers.go", + "snapshot_test.go", + "sra_operation_order_test.go", + "types/enums.go", + "types/errors.go", + "types/types.go", + "validators.go" + ], + "go": "1.24", + "module": "github.com/aws/aws-sdk-go-v2/service/signin", + "unstable": false +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go similarity index 73% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go rename to vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go index ef6a38110ed..eba7ad77743 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go @@ -1,6 +1,6 @@ // Code generated by internal/repotools/cmd/updatemodulemeta DO NOT EDIT. -package ini +package signin // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.8.1" +const goModuleVersion = "1.0.11" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints/endpoints.go new file mode 100644 index 00000000000..cfb2efea8a3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints/endpoints.go @@ -0,0 +1,333 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package endpoints + +import ( + "github.com/aws/aws-sdk-go-v2/aws" + endpoints "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2" + "github.com/aws/smithy-go/logging" + "regexp" +) + +// Options is the endpoint resolver configuration options +type Options struct { + // Logger is a logging implementation that log events should be sent to. + Logger logging.Logger + + // LogDeprecated indicates that deprecated endpoints should be logged to the + // provided logger. + LogDeprecated bool + + // ResolvedRegion is used to override the region to be resolved, rather then the + // using the value passed to the ResolveEndpoint method. This value is used by the + // SDK to translate regions like fips-us-east-1 or us-east-1-fips to an alternative + // name. You must not set this value directly in your application. + ResolvedRegion string + + // DisableHTTPS informs the resolver to return an endpoint that does not use the + // HTTPS scheme. + DisableHTTPS bool + + // UseDualStackEndpoint specifies the resolver must resolve a dual-stack endpoint. + UseDualStackEndpoint aws.DualStackEndpointState + + // UseFIPSEndpoint specifies the resolver must resolve a FIPS endpoint. + UseFIPSEndpoint aws.FIPSEndpointState +} + +func (o Options) GetResolvedRegion() string { + return o.ResolvedRegion +} + +func (o Options) GetDisableHTTPS() bool { + return o.DisableHTTPS +} + +func (o Options) GetUseDualStackEndpoint() aws.DualStackEndpointState { + return o.UseDualStackEndpoint +} + +func (o Options) GetUseFIPSEndpoint() aws.FIPSEndpointState { + return o.UseFIPSEndpoint +} + +func transformToSharedOptions(options Options) endpoints.Options { + return endpoints.Options{ + Logger: options.Logger, + LogDeprecated: options.LogDeprecated, + ResolvedRegion: options.ResolvedRegion, + DisableHTTPS: options.DisableHTTPS, + UseDualStackEndpoint: options.UseDualStackEndpoint, + UseFIPSEndpoint: options.UseFIPSEndpoint, + } +} + +// Resolver Signin endpoint resolver +type Resolver struct { + partitions endpoints.Partitions +} + +// ResolveEndpoint resolves the service endpoint for the given region and options +func (r *Resolver) ResolveEndpoint(region string, options Options) (endpoint aws.Endpoint, err error) { + if len(region) == 0 { + return endpoint, &aws.MissingRegionError{} + } + + opt := transformToSharedOptions(options) + return r.partitions.ResolveEndpoint(region, opt) +} + +// New returns a new Resolver +func New() *Resolver { + return &Resolver{ + partitions: defaultPartitions, + } +} + +var partitionRegexp = struct { + Aws *regexp.Regexp + AwsCn *regexp.Regexp + AwsEusc *regexp.Regexp + AwsIso *regexp.Regexp + AwsIsoB *regexp.Regexp + AwsIsoE *regexp.Regexp + AwsIsoF *regexp.Regexp + AwsUsGov *regexp.Regexp +}{ + + Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"), + AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"), + AwsEusc: regexp.MustCompile("^eusc\\-(de)\\-\\w+\\-\\d+$"), + AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"), + AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"), + AwsIsoE: regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"), + AwsIsoF: regexp.MustCompile("^us\\-isof\\-\\w+\\-\\d+$"), + AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"), +} + +var defaultPartitions = endpoints.Partitions{ + { + ID: "aws", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "signin.{region}.api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "signin-fips.{region}.api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.Aws, + IsRegionalized: true, + }, + { + ID: "aws-cn", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "signin.{region}.api.amazonwebservices.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.amazonaws.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "signin-fips.{region}.api.amazonwebservices.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.amazonaws.com.cn", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsCn, + IsRegionalized: true, + }, + { + ID: "aws-eusc", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "signin.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "signin-fips.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsEusc, + IsRegionalized: true, + }, + { + ID: "aws-iso", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.c2s.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.c2s.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsIso, + IsRegionalized: true, + }, + { + ID: "aws-iso-b", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.sc2s.sgov.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.sc2s.sgov.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsIsoB, + IsRegionalized: true, + }, + { + ID: "aws-iso-e", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.cloud.adc-e.uk", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.cloud.adc-e.uk", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsIsoE, + IsRegionalized: true, + }, + { + ID: "aws-iso-f", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.csp.hci.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.csp.hci.ic.gov", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsIsoF, + IsRegionalized: true, + }, + { + ID: "aws-us-gov", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "signin.{region}.api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "signin-fips.{region}.amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "signin-fips.{region}.api.aws", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "signin.{region}.amazonaws.com", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsUsGov, + IsRegionalized: true, + }, +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go new file mode 100644 index 00000000000..88559705f45 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go @@ -0,0 +1,238 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/aws-sdk-go-v2/aws" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + smithyauth "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/logging" + "github.com/aws/smithy-go/metrics" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/tracing" + smithyhttp "github.com/aws/smithy-go/transport/http" + "net/http" +) + +type HTTPClient interface { + Do(*http.Request) (*http.Response, error) +} + +type Options struct { + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + APIOptions []func(*middleware.Stack) error + + // The optional application specific identifier appended to the User-Agent header. + AppID string + + // This endpoint will be given as input to an EndpointResolverV2. It is used for + // providing a custom base endpoint that is subject to modifications by the + // processing EndpointResolverV2. + BaseEndpoint *string + + // Configures the events that will be sent to the configured logger. + ClientLogMode aws.ClientLogMode + + // The credentials object to use when signing requests. + Credentials aws.CredentialsProvider + + // The configuration DefaultsMode that the SDK should use when constructing the + // clients initial default settings. + DefaultsMode aws.DefaultsMode + + // The endpoint options to be used when attempting to resolve an endpoint. + EndpointOptions EndpointResolverOptions + + // The service endpoint resolver. + // + // Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a + // value for this field will likely prevent you from using any endpoint-related + // service features released after the introduction of EndpointResolverV2 and + // BaseEndpoint. + // + // To migrate an EndpointResolver implementation that uses a custom endpoint, set + // the client option BaseEndpoint instead. + EndpointResolver EndpointResolver + + // Resolves the endpoint used for a particular service operation. + EndpointResolverV2 EndpointResolverV2 + + // Signature Version 4 (SigV4) Signer + HTTPSignerV4 HTTPSignerV4 + + // The logger writer interface to write logging messages to. + Logger logging.Logger + + // The client meter provider. + MeterProvider metrics.MeterProvider + + // The region to send requests to. (Required) + Region string + + // RetryMaxAttempts specifies the maximum number attempts an API client will call + // an operation that fails with a retryable error. A value of 0 is ignored, and + // will not be used to configure the API client created default retryer, or modify + // per operation call's retry max attempts. + // + // If specified in an operation call's functional options with a value that is + // different than the constructed client's Options, the Client's Retryer will be + // wrapped to use the operation's specific RetryMaxAttempts value. + RetryMaxAttempts int + + // RetryMode specifies the retry mode the API client will be created with, if + // Retryer option is not also specified. + // + // When creating a new API Clients this member will only be used if the Retryer + // Options member is nil. This value will be ignored if Retryer is not nil. + // + // Currently does not support per operation call overrides, may in the future. + RetryMode aws.RetryMode + + // Retryer guides how HTTP requests should be retried in case of recoverable + // failures. When nil the API client will use a default retryer. The kind of + // default retry created by the API client can be changed with the RetryMode + // option. + Retryer aws.Retryer + + // The RuntimeEnvironment configuration, only populated if the DefaultsMode is set + // to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You + // should not populate this structure programmatically, or rely on the values here + // within your applications. + RuntimeEnvironment aws.RuntimeEnvironment + + // The client tracer provider. + TracerProvider tracing.TracerProvider + + // The initial DefaultsMode used when the client options were constructed. If the + // DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved + // value was at that point in time. + // + // Currently does not support per operation call overrides, may in the future. + resolvedDefaultsMode aws.DefaultsMode + + // The HTTP client to invoke API calls with. Defaults to client's default HTTP + // implementation if nil. + HTTPClient HTTPClient + + // Client registry of operation interceptors. + Interceptors smithyhttp.InterceptorRegistry + + // The auth scheme resolver which determines how to authenticate for each + // operation. + AuthSchemeResolver AuthSchemeResolver + + // The list of auth schemes supported by the client. + AuthSchemes []smithyhttp.AuthScheme + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string +} + +// Copy creates a clone where the APIOptions list is deep copied. +func (o Options) Copy() Options { + to := o + to.APIOptions = make([]func(*middleware.Stack) error, len(o.APIOptions)) + copy(to.APIOptions, o.APIOptions) + to.Interceptors = o.Interceptors.Copy() + + return to +} + +func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver { + if schemeID == "aws.auth#sigv4" { + return getSigV4IdentityResolver(o) + } + if schemeID == "smithy.api#noAuth" { + return &smithyauth.AnonymousIdentityResolver{} + } + return nil +} + +// WithAPIOptions returns a functional option for setting the Client's APIOptions +// option. +func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) { + return func(o *Options) { + o.APIOptions = append(o.APIOptions, optFns...) + } +} + +// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for +// this field will likely prevent you from using any endpoint-related service +// features released after the introduction of EndpointResolverV2 and BaseEndpoint. +// +// To migrate an EndpointResolver implementation that uses a custom endpoint, set +// the client option BaseEndpoint instead. +func WithEndpointResolver(v EndpointResolver) func(*Options) { + return func(o *Options) { + o.EndpointResolver = v + } +} + +// WithEndpointResolverV2 returns a functional option for setting the Client's +// EndpointResolverV2 option. +func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) { + return func(o *Options) { + o.EndpointResolverV2 = v + } +} + +func getSigV4IdentityResolver(o Options) smithyauth.IdentityResolver { + if o.Credentials != nil { + return &internalauthsmithy.CredentialsProviderAdapter{Provider: o.Credentials} + } + return nil +} + +// WithSigV4SigningName applies an override to the authentication workflow to +// use the given signing name for SigV4-authenticated operations. +// +// This is an advanced setting. The value here is FINAL, taking precedence over +// the resolved signing name from both auth scheme resolution and endpoint +// resolution. +func WithSigV4SigningName(name string) func(*Options) { + fn := func(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, + ) { + return next.HandleInitialize(awsmiddleware.SetSigningName(ctx, name), in) + } + return func(o *Options) { + o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error { + return s.Initialize.Add( + middleware.InitializeMiddlewareFunc("withSigV4SigningName", fn), + middleware.Before, + ) + }) + } +} + +// WithSigV4SigningRegion applies an override to the authentication workflow to +// use the given signing region for SigV4-authenticated operations. +// +// This is an advanced setting. The value here is FINAL, taking precedence over +// the resolved signing region from both auth scheme resolution and endpoint +// resolution. +func WithSigV4SigningRegion(region string) func(*Options) { + fn := func(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, + ) { + return next.HandleInitialize(awsmiddleware.SetSigningRegion(ctx, region), in) + } + return func(o *Options) { + o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error { + return s.Initialize.Add( + middleware.InitializeMiddlewareFunc("withSigV4SigningRegion", fn), + middleware.Before, + ) + }) + } +} + +func ignoreAnonymousAuth(options *Options) { + if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { + options.Credentials = nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go new file mode 100644 index 00000000000..958240275e3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go @@ -0,0 +1,135 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "bytes" + "context" + "fmt" + "github.com/aws/aws-sdk-go-v2/service/signin/types" + smithy "github.com/aws/smithy-go" + "github.com/aws/smithy-go/encoding/httpbinding" + smithyjson "github.com/aws/smithy-go/encoding/json" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/tracing" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +type awsRestjson1_serializeOpCreateOAuth2Token struct { +} + +func (*awsRestjson1_serializeOpCreateOAuth2Token) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpCreateOAuth2Token) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*CreateOAuth2TokenInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/v1/token") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if !restEncoder.HasHeader("Content-Type") { + ctx = smithyhttp.SetIsContentTypeDefaultValue(ctx, true) + restEncoder.SetHeader("Content-Type").String("application/json") + } + + if input.TokenInput != nil { + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeDocumentCreateOAuth2TokenRequestBody(input.TokenInput, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + payload := bytes.NewReader(jsonEncoder.Bytes()) + if request, err = request.SetStream(payload); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + } else { + jsonEncoder := smithyjson.NewEncoder() + jsonEncoder.Value.Object().Close() + payload := bytes.NewReader(jsonEncoder.Bytes()) + if request, err = request.SetStream(payload); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsCreateOAuth2TokenInput(v *CreateOAuth2TokenInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeDocumentCreateOAuth2TokenRequestBody(v *types.CreateOAuth2TokenRequestBody, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.ClientId != nil { + ok := object.Key("clientId") + ok.String(*v.ClientId) + } + + if v.Code != nil { + ok := object.Key("code") + ok.String(*v.Code) + } + + if v.CodeVerifier != nil { + ok := object.Key("codeVerifier") + ok.String(*v.CodeVerifier) + } + + if v.GrantType != nil { + ok := object.Key("grantType") + ok.String(*v.GrantType) + } + + if v.RedirectUri != nil { + ok := object.Key("redirectUri") + ok.String(*v.RedirectUri) + } + + if v.RefreshToken != nil { + ok := object.Key("refreshToken") + ok.String(*v.RefreshToken) + } + + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go new file mode 100644 index 00000000000..ecfabb81f74 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go @@ -0,0 +1,37 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package types + +type OAuth2ErrorCode string + +// Enum values for OAuth2ErrorCode +const ( + // Token has expired and needs to be refreshed + OAuth2ErrorCodeTokenExpired OAuth2ErrorCode = "TOKEN_EXPIRED" + // User credentials have been changed + OAuth2ErrorCodeUserCredentialsChanged OAuth2ErrorCode = "USER_CREDENTIALS_CHANGED" + // Insufficient permissions to perform this operation + OAuth2ErrorCodeInsufficientPermissions OAuth2ErrorCode = "INSUFFICIENT_PERMISSIONS" + // Authorization code has expired + OAuth2ErrorCodeAuthcodeExpired OAuth2ErrorCode = "AUTHCODE_EXPIRED" + // Internal server error occurred + OAuth2ErrorCodeServerError OAuth2ErrorCode = "server_error" + // The request is missing a required parameter, includes an invalid parameter + // value, or is otherwise malformed + OAuth2ErrorCodeInvalidRequest OAuth2ErrorCode = "INVALID_REQUEST" +) + +// Values returns all known values for OAuth2ErrorCode. Note that this can be +// expanded in the future, and so it is only as up to date as the client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (OAuth2ErrorCode) Values() []OAuth2ErrorCode { + return []OAuth2ErrorCode{ + "TOKEN_EXPIRED", + "USER_CREDENTIALS_CHANGED", + "INSUFFICIENT_PERMISSIONS", + "AUTHCODE_EXPIRED", + "server_error", + "INVALID_REQUEST", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go new file mode 100644 index 00000000000..ca4928a86c8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go @@ -0,0 +1,151 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package types + +import ( + "fmt" + smithy "github.com/aws/smithy-go" +) + +// Error thrown for access denied scenarios with flexible HTTP status mapping +// +// Runtime HTTP Status Code Mapping: +// +// - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED +// - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS +// +// The specific HTTP status code is determined at runtime based on the error enum +// value. Consumers should use the error field to determine the specific access +// denial reason. +type AccessDeniedException struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *AccessDeniedException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *AccessDeniedException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "AccessDeniedException" + } + return *e.ErrorCodeOverride +} +func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + +// Error thrown when an internal server error occurs +// +// HTTP Status Code: 500 Internal Server Error +// +// Used for unexpected server-side errors that prevent request processing. +type InternalServerException struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *InternalServerException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *InternalServerException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "InternalServerException" + } + return *e.ErrorCodeOverride +} +func (e *InternalServerException) ErrorFault() smithy.ErrorFault { return smithy.FaultServer } + +// Error thrown when rate limit is exceeded +// +// HTTP Status Code: 429 Too Many Requests +// +// Possible OAuth2ErrorCode values: +// +// - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention +// +// Possible causes: +// +// - Too many token requests from the same client +// - Rate limiting based on client_id or IP address +// - Abuse prevention mechanisms triggered +// - Service protection against excessive token generation +type TooManyRequestsError struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *TooManyRequestsError) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *TooManyRequestsError) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *TooManyRequestsError) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "TooManyRequestsError" + } + return *e.ErrorCodeOverride +} +func (e *TooManyRequestsError) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + +// Error thrown when request validation fails +// +// HTTP Status Code: 400 Bad Request +// +// Used for request validation errors such as malformed parameters, missing +// required fields, or invalid parameter values. +type ValidationException struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *ValidationException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *ValidationException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *ValidationException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "ValidationException" + } + return *e.ErrorCodeOverride +} +func (e *ValidationException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go new file mode 100644 index 00000000000..98afa20bfcb --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go @@ -0,0 +1,115 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package types + +import ( + smithydocument "github.com/aws/smithy-go/document" +) + +// AWS credentials structure containing temporary access credentials +// +// The scoped-down, 15 minute duration AWS credentials. Scoping down will be based +// on CLI policy (CLI team needs to create it). Similar to cloud shell +// implementation. +type AccessToken struct { + + // AWS access key ID for temporary credentials + // + // This member is required. + AccessKeyId *string + + // AWS secret access key for temporary credentials + // + // This member is required. + SecretAccessKey *string + + // AWS session token for temporary credentials + // + // This member is required. + SessionToken *string + + noSmithyDocumentSerde +} + +// Request body payload for CreateOAuth2Token operation +// +// The operation type is determined by the grant_type parameter: +// +// - grant_type=authorization_code: Requires code, redirect_uri, code_verifier +// - grant_type=refresh_token: Requires refresh_token +type CreateOAuth2TokenRequestBody struct { + + // The client identifier (ARN) used during Sign-In onboarding Required for both + // authorization code and refresh token flows + // + // This member is required. + ClientId *string + + // OAuth 2.0 grant type - determines which flow is used Must be + // "authorization_code" or "refresh_token" + // + // This member is required. + GrantType *string + + // The authorization code received from /v1/authorize Required only when + // grant_type=authorization_code + Code *string + + // PKCE code verifier to prove possession of the original code challenge Required + // only when grant_type=authorization_code + CodeVerifier *string + + // The redirect URI that must match the original authorization request Required + // only when grant_type=authorization_code + RedirectUri *string + + // The refresh token returned from auth_code redemption Required only when + // grant_type=refresh_token + RefreshToken *string + + noSmithyDocumentSerde +} + +// Response body payload for CreateOAuth2Token operation +// +// The response content depends on the grant_type from the request: +// +// - grant_type=authorization_code: Returns all fields including refresh_token +// and id_token +// - grant_type=refresh_token: Returns access_token, token_type, expires_in, +// refresh_token (no id_token) +type CreateOAuth2TokenResponseBody struct { + + // Scoped-down AWS credentials (15 minute duration) Present for both authorization + // code redemption and token refresh + // + // This member is required. + AccessToken *AccessToken + + // Time to expiry in seconds (maximum 900) Present for both authorization code + // redemption and token refresh + // + // This member is required. + ExpiresIn *int32 + + // Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of presented jwk) + // Always present in responses (required for both flows) + // + // This member is required. + RefreshToken *string + + // Token type indicating this is AWS SigV4 credentials Value is "aws_sigv4" for + // both flows + // + // This member is required. + TokenType *string + + // ID token containing user identity information Present only in authorization + // code redemption response (grant_type=authorization_code) Not included in token + // refresh responses + IdToken *string + + noSmithyDocumentSerde +} + +type noSmithyDocumentSerde = smithydocument.NoSerde diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go new file mode 100644 index 00000000000..f07252341ad --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go @@ -0,0 +1,72 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "fmt" + "github.com/aws/aws-sdk-go-v2/service/signin/types" + smithy "github.com/aws/smithy-go" + "github.com/aws/smithy-go/middleware" +) + +type validateOpCreateOAuth2Token struct { +} + +func (*validateOpCreateOAuth2Token) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpCreateOAuth2Token) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CreateOAuth2TokenInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpCreateOAuth2TokenInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + +func addOpCreateOAuth2TokenValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpCreateOAuth2Token{}, middleware.After) +} + +func validateCreateOAuth2TokenRequestBody(v *types.CreateOAuth2TokenRequestBody) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CreateOAuth2TokenRequestBody"} + if v.ClientId == nil { + invalidParams.Add(smithy.NewErrParamRequired("ClientId")) + } + if v.GrantType == nil { + invalidParams.Add(smithy.NewErrParamRequired("GrantType")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateOpCreateOAuth2TokenInput(v *CreateOAuth2TokenInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CreateOAuth2TokenInput"} + if v.TokenInput == nil { + invalidParams.Add(smithy.NewErrParamRequired("TokenInput")) + } else if v.TokenInput != nil { + if err := validateCreateOAuth2TokenRequestBody(v.TokenInput); err != nil { + invalidParams.AddNested("TokenInput", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md index 4d7a71c175e..26c80a2c233 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md @@ -1,3 +1,271 @@ +# v1.30.17 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.16 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.15 (2026-04-02) + +* No change notes available for this release. + +# v1.30.14 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.13 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.12 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.11 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.10 (2026-02-18) + +* No change notes available for this release. + +# v1.30.9 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.8 (2025-12-16) + +* No change notes available for this release. + +# v1.30.7 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.6 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.30.5 (2025-11-25) + +* **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 + +# v1.30.4 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.3 (2025-11-12) + +* **Bug Fix**: Further reduce allocation overhead when the metrics system isn't in-use. +* **Bug Fix**: Reduce allocation overhead when the client doesn't have any HTTP interceptors configured. +* **Bug Fix**: Remove blank trace spans towards the beginning of the request that added no additional information. This conveys a slight reduction in overall allocations. + +# v1.30.2 (2025-11-11) + +* **Bug Fix**: Return validation error if input region is not a valid host label. + +# v1.30.1 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.30.0 (2025-10-30) + +* **Feature**: Update endpoint ruleset parameters casing +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.8 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.7 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.6 (2025-09-29) + +* No change notes available for this release. + +# v1.29.5 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.4 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.3 (2025-09-10) + +* No change notes available for this release. + +# v1.29.2 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.1 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.29.0 (2025-08-28) + +* **Feature**: Remove incorrect endpoint tests + +# v1.28.3 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.2 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.1 (2025-08-20) + +* **Bug Fix**: Remove unused deserialization code. + +# v1.28.0 (2025-08-11) + +* **Feature**: Add support for configuring per-service Options via callback on global config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.0 (2025-08-04) + +* **Feature**: Support configurable auth scheme preferences in service clients via AWS_AUTH_SCHEME_PREFERENCE in the environment, auth_scheme_preference in the config file, and through in-code settings on LoadDefaultConfig and client constructor methods. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.26.1 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.26.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.6 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.5 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.4 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.25.3 (2025-04-03) + +* No change notes available for this release. + +# v1.25.2 (2025-03-25) + +* No change notes available for this release. + +# v1.25.1 (2025-03-04.2) + +* **Bug Fix**: Add assurance test for operation order. + +# v1.25.0 (2025-02-27) + +* **Feature**: Track credential providers via User-Agent Feature ids +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.16 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.15 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.14 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.13 (2025-01-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.12 (2025-01-24) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.24.11 (2025-01-17) + +* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop. + +# v1.24.10 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.9 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.8 (2024-12-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.7 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.6 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.5 (2024-11-07) + +* **Bug Fix**: Adds case-insensitive handling of error message fields in service responses + +# v1.24.4 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.3 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.2 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.1 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.24.0 (2024-10-04) + +* **Feature**: Add support for HTTP client metrics. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.23.4 (2024-10-03) + +* No change notes available for this release. + +# v1.23.3 (2024-09-27) + +* No change notes available for this release. + +# v1.23.2 (2024-09-25) + +* No change notes available for this release. + +# v1.23.1 (2024-09-23) + +* No change notes available for this release. + # v1.23.0 (2024-09-20) * **Feature**: Add tracing and metrics support to service clients. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go index fe8e46769da..ca5364792ac 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go @@ -15,9 +15,7 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -65,7 +63,12 @@ func timeOperationMetric[T any]( ctx context.Context, metric string, fn func() (T, error), opts ...metrics.RecordMetricOption, ) (T, error) { - instr := getOperationMetrics(ctx).histogramFor(metric) + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return fn() + } + + instr := mm.histogramFor(metric) opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) start := time.Now() @@ -78,7 +81,12 @@ func timeOperationMetric[T any]( } func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() { - instr := getOperationMetrics(ctx).histogramFor(metric) + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return func() {} + } + + instr := mm.histogramFor(metric) opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) var ended bool @@ -106,6 +114,12 @@ func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption { type operationMetricsKey struct{} func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) { + if _, ok := mp.(metrics.NopMeterProvider); ok { + // not using the metrics system - setting up the metrics context is a memory-intensive operation + // so we should skip it in this case + return parent, nil + } + meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/sso") om := &operationMetrics{} @@ -153,7 +167,10 @@ func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Hi } func getOperationMetrics(ctx context.Context) *operationMetrics { - return ctx.Value(operationMetricsKey{}).(*operationMetrics) + if v := ctx.Value(operationMetricsKey{}); v != nil { + return v.(*operationMetrics) + } + return nil } func operationTracer(p tracing.TracerProvider) tracing.Tracer { @@ -274,7 +291,9 @@ func (c *Client) invokeOperation( defer endTimer() defer span.End() - handler := smithyhttp.NewClientHandler(options.HTTPClient) + handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) { + o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso") + }) decorated := middleware.DecorateHandler(handler, stack) result, metadata, err = decorated.Handle(ctx, params) if err != nil { @@ -417,24 +436,33 @@ func setResolvedDefaultsMode(o *Options) { // NewFromConfig returns a new client from the provided config. func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client { opts := Options{ - Region: cfg.Region, - DefaultsMode: cfg.DefaultsMode, - RuntimeEnvironment: cfg.RuntimeEnvironment, - HTTPClient: cfg.HTTPClient, - Credentials: cfg.Credentials, - APIOptions: cfg.APIOptions, - Logger: cfg.Logger, - ClientLogMode: cfg.ClientLogMode, - AppID: cfg.AppID, + Region: cfg.Region, + DefaultsMode: cfg.DefaultsMode, + RuntimeEnvironment: cfg.RuntimeEnvironment, + HTTPClient: cfg.HTTPClient, + Credentials: cfg.Credentials, + APIOptions: cfg.APIOptions, + Logger: cfg.Logger, + ClientLogMode: cfg.ClientLogMode, + AppID: cfg.AppID, + AuthSchemePreference: cfg.AuthSchemePreference, } resolveAWSRetryerProvider(cfg, &opts) resolveAWSRetryMaxAttempts(cfg, &opts) resolveAWSRetryMode(cfg, &opts) resolveAWSEndpointResolver(cfg, &opts) + resolveInterceptors(cfg, &opts) resolveUseDualStackEndpoint(cfg, &opts) resolveUseFIPSEndpoint(cfg, &opts) resolveBaseEndpoint(cfg, &opts) - return New(opts, optFns...) + return New(opts, func(o *Options) { + for _, opt := range cfg.ServiceOptions { + opt(ServiceID, o) + } + for _, opt := range optFns { + opt(o) + } + }) } func resolveHTTPClient(o *Options) { @@ -548,6 +576,10 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) { o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions) } +func resolveInterceptors(cfg aws.Config, o *Options) { + o.Interceptors = cfg.Interceptors.Copy() +} + func addClientUserAgent(stack *middleware.Stack, options Options) error { ua, err := getOrAddRequestUserAgent(stack) if err != nil { @@ -677,12 +709,13 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sso") + m.ClientSkew = c.timeOffset }) - if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil { + if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err } if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil { @@ -721,25 +754,6 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } - - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) - } - - return nil -} - -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } @@ -759,6 +773,37 @@ func addUserAgentRetryMode(stack *middleware.Stack, options Options) error { return nil } +type setCredentialSourceMiddleware struct { + ua *awsmiddleware.RequestUserAgent + options Options +} + +func (m setCredentialSourceMiddleware) ID() string { return "SetCredentialSourceMiddleware" } + +func (m setCredentialSourceMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) ( + out middleware.BuildOutput, metadata middleware.Metadata, err error, +) { + asProviderSource, ok := m.options.Credentials.(aws.CredentialProviderSource) + if !ok { + return next.HandleBuild(ctx, in) + } + providerSources := asProviderSource.ProviderSources() + for _, source := range providerSources { + m.ua.AddCredentialsSource(source) + } + return next.HandleBuild(ctx, in) +} + +func addCredentialSource(stack *middleware.Stack, options Options) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + mw := setCredentialSourceMiddleware{ua: ua, options: options} + return stack.Build.Insert(&mw, "UserAgent", middleware.Before) +} + func resolveTracerProvider(options *Options) { if options.TracerProvider == nil { options.TracerProvider = &tracing.NopTracerProvider{} @@ -823,88 +868,62 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error { }, "ResolveEndpointV2", middleware.After) } -type spanInitializeStart struct { -} - -func (*spanInitializeStart) ID() string { - return "spanInitializeStart" -} - -func (m *spanInitializeStart) HandleInitialize( - ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, -) ( - middleware.InitializeOutput, middleware.Metadata, error, -) { - ctx, _ = tracing.StartSpan(ctx, "Initialize") - - return next.HandleInitialize(ctx, in) -} - -type spanInitializeEnd struct { -} - -func (*spanInitializeEnd) ID() string { - return "spanInitializeEnd" -} - -func (m *spanInitializeEnd) HandleInitialize( - ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, -) ( - middleware.InitializeOutput, middleware.Metadata, error, -) { - ctx, span := tracing.PopSpan(ctx) - span.End() - - return next.HandleInitialize(ctx, in) -} - -type spanBuildRequestStart struct { -} - -func (*spanBuildRequestStart) ID() string { - return "spanBuildRequestStart" -} - -func (m *spanBuildRequestStart) HandleSerialize( - ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler, -) ( - middleware.SerializeOutput, middleware.Metadata, error, -) { - ctx, _ = tracing.StartSpan(ctx, "BuildRequest") - - return next.HandleSerialize(ctx, in) -} - -type spanBuildRequestEnd struct { -} - -func (*spanBuildRequestEnd) ID() string { - return "spanBuildRequestEnd" -} - -func (m *spanBuildRequestEnd) HandleBuild( - ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler, -) ( - middleware.BuildOutput, middleware.Metadata, error, -) { - ctx, span := tracing.PopSpan(ctx) - span.End() - - return next.HandleBuild(ctx, in) -} - -func addSpanInitializeStart(stack *middleware.Stack) error { - return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before) -} - -func addSpanInitializeEnd(stack *middleware.Stack) error { - return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After) -} - -func addSpanBuildRequestStart(stack *middleware.Stack) error { - return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before) -} +func addInterceptBeforeRetryLoop(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptBeforeRetryLoop{ + Interceptors: opts.Interceptors.BeforeRetryLoop, + }, "Retry", middleware.Before) +} + +func addInterceptAttempt(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptAttempt{ + BeforeAttempt: opts.Interceptors.BeforeAttempt, + AfterAttempt: opts.Interceptors.AfterAttempt, + }, "Retry", middleware.After) +} + +func addInterceptors(stack *middleware.Stack, opts Options) error { + // middlewares are expensive, don't add all of these interceptor ones unless the caller + // actually has at least one interceptor configured + // + // at the moment it's all-or-nothing because some of the middlewares here are responsible for + // setting fields in the interceptor context for future ones + if len(opts.Interceptors.BeforeExecution) == 0 && + len(opts.Interceptors.BeforeSerialization) == 0 && len(opts.Interceptors.AfterSerialization) == 0 && + len(opts.Interceptors.BeforeRetryLoop) == 0 && + len(opts.Interceptors.BeforeAttempt) == 0 && + len(opts.Interceptors.BeforeSigning) == 0 && len(opts.Interceptors.AfterSigning) == 0 && + len(opts.Interceptors.BeforeTransmit) == 0 && len(opts.Interceptors.AfterTransmit) == 0 && + len(opts.Interceptors.BeforeDeserialization) == 0 && len(opts.Interceptors.AfterDeserialization) == 0 && + len(opts.Interceptors.AfterAttempt) == 0 && len(opts.Interceptors.AfterExecution) == 0 { + return nil + } -func addSpanBuildRequestEnd(stack *middleware.Stack) error { - return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After) + return errors.Join( + stack.Initialize.Add(&smithyhttp.InterceptExecution{ + BeforeExecution: opts.Interceptors.BeforeExecution, + AfterExecution: opts.Interceptors.AfterExecution, + }, middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptBeforeSerialization{ + Interceptors: opts.Interceptors.BeforeSerialization, + }, "OperationSerializer", middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptAfterSerialization{ + Interceptors: opts.Interceptors.AfterSerialization, + }, "OperationSerializer", middleware.After), + stack.Finalize.Insert(&smithyhttp.InterceptBeforeSigning{ + Interceptors: opts.Interceptors.BeforeSigning, + }, "Signing", middleware.Before), + stack.Finalize.Insert(&smithyhttp.InterceptAfterSigning{ + Interceptors: opts.Interceptors.AfterSigning, + }, "Signing", middleware.After), + stack.Deserialize.Add(&smithyhttp.InterceptTransmit{ + BeforeTransmit: opts.Interceptors.BeforeTransmit, + AfterTransmit: opts.Interceptors.AfterTransmit, + }, middleware.After), + stack.Deserialize.Insert(&smithyhttp.InterceptBeforeDeserialization{ + Interceptors: opts.Interceptors.BeforeDeserialization, + }, "OperationDeserializer", middleware.After), // (deserialize stack is called in reverse) + stack.Deserialize.Insert(&smithyhttp.InterceptAfterDeserialization{ + Interceptors: opts.Interceptors.AfterDeserialization, + }, "OperationDeserializer", middleware.Before), + ) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go index a6560202376..5482b7a0327 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go @@ -93,7 +93,7 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -117,10 +117,10 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetRoleCredentialsValidationMiddleware(stack); err != nil { @@ -144,16 +144,13 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go index 315526ef1a0..8759d525760 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go @@ -98,7 +98,7 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -122,10 +122,10 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpListAccountRolesValidationMiddleware(stack); err != nil { @@ -149,16 +149,13 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go index d867b78a6f2..fea5b439126 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go @@ -97,7 +97,7 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -121,10 +121,10 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpListAccountsValidationMiddleware(stack); err != nil { @@ -148,16 +148,13 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go index 434b430852e..84aef7ce5fc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go @@ -92,7 +92,7 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -116,10 +116,10 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpLogoutValidationMiddleware(stack); err != nil { @@ -143,16 +143,13 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go index 366963b49f6..c658615fdec 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go @@ -12,10 +12,13 @@ import ( "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" + "slices" + "strings" ) -func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) { +func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) error { params.Region = options.Region + return nil } type setLegacyContextSigningOptionsMiddleware struct { @@ -92,14 +95,16 @@ type AuthResolverParameters struct { Region string } -func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters { +func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) (*AuthResolverParameters, error) { params := &AuthResolverParameters{ Operation: operation, } - bindAuthParamsRegion(ctx, params, input, options) + if err := bindAuthParamsRegion(ctx, params, input, options); err != nil { + return nil, err + } - return params + return params, nil } // AuthSchemeResolver returns a set of possible authentication options for an @@ -174,7 +179,10 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid _, span := tracing.StartSpan(ctx, "ResolveAuthScheme") defer span.End() - params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + params, err := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("bind auth scheme params: %w", err) + } options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) @@ -193,7 +201,8 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid } func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) (*resolvedAuthScheme, bool) { - for _, option := range options { + sorted := sortAuthOptions(options, m.options.AuthSchemePreference) + for _, option := range sorted { if option.SchemeID == smithyauth.SchemeIDAnonymous { return newResolvedAuthScheme(smithyhttp.NewAnonymousScheme(), option), true } @@ -212,6 +221,29 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { + byPriority := make([]*smithyauth.Option, 0, len(options)) + for _, prefName := range preferred { + for _, option := range options { + optName := option.SchemeID + if parts := strings.Split(option.SchemeID, "#"); len(parts) == 2 { + optName = parts[1] + } + if prefName == optName { + byPriority = append(byPriority, option) + } + } + } + for _, option := range options { + if !slices.ContainsFunc(byPriority, func(o *smithyauth.Option) bool { + return o.SchemeID == option.SchemeID + }) { + byPriority = append(byPriority, option) + } + } + return byPriority +} + type resolvedAuthSchemeKey struct{} type resolvedAuthScheme struct { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go index 5f0cce2bf1e..a889f3c7a7f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go @@ -13,23 +13,13 @@ import ( smithyio "github.com/aws/smithy-go/io" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" - smithytime "github.com/aws/smithy-go/time" "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" "io" "io/ioutil" "strings" - "time" ) -func deserializeS3Expires(v string) (*time.Time, error) { - t, err := smithytime.ParseHTTPDate(v) - if err != nil { - return nil, nil - } - return &t, nil -} - type awsRestjson1_deserializeOpGetRoleCredentials struct { } @@ -889,7 +879,7 @@ func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRe for key, value := range shape { switch key { - case "message": + case "message", "Message": if value != nil { jtv, ok := value.(string) if !ok { @@ -929,7 +919,7 @@ func awsRestjson1_deserializeDocumentResourceNotFoundException(v **types.Resourc for key, value := range shape { switch key { - case "message": + case "message", "Message": if value != nil { jtv, ok := value.(string) if !ok { @@ -1123,7 +1113,7 @@ func awsRestjson1_deserializeDocumentTooManyRequestsException(v **types.TooManyR for key, value := range shape { switch key { - case "message": + case "message", "Message": if value != nil { jtv, ok := value.(string) if !ok { @@ -1163,7 +1153,7 @@ func awsRestjson1_deserializeDocumentUnauthorizedException(v **types.Unauthorize for key, value := range shape { switch key { - case "message": + case "message", "Message": if value != nil { jtv, ok := value.(string) if !ok { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go index 53c6bc75612..551f05974e8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go @@ -14,6 +14,7 @@ import ( internalendpoints "github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" "github.com/aws/smithy-go/tracing" @@ -217,11 +218,15 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) { } } -func bindRegion(region string) *string { +func bindRegion(region string) (*string, error) { if region == "" { - return nil + return nil, nil + } + if !rulesfn.IsValidHostLabel(region, true) { + return nil, fmt.Errorf("invalid input region %s", region) } - return aws.String(endpoints.MapFIPSRegion(region)) + + return aws.String(endpoints.MapFIPSRegion(region)), nil } // EndpointParameters provides the parameters that influence how endpoints are @@ -328,7 +333,9 @@ func (r *resolver) ResolveEndpoint( return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } _UseDualStack := *params.UseDualStack + _ = _UseDualStack _UseFIPS := *params.UseFIPS + _ = _UseFIPS if exprVal := params.Endpoint; exprVal != nil { _Endpoint := *exprVal @@ -385,8 +392,8 @@ func (r *resolver) ResolveEndpoint( } } if _UseFIPS == true { - if true == _PartitionResult.SupportsFIPS { - if "aws-us-gov" == _PartitionResult.Name { + if _PartitionResult.SupportsFIPS == true { + if _PartitionResult.Name == "aws-us-gov" { uriString := func() string { var out strings.Builder out.WriteString("https://portal.sso.") @@ -477,10 +484,15 @@ type endpointParamsBinder interface { bindEndpointParams(*EndpointParameters) } -func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters { +func bindEndpointParams(ctx context.Context, input interface{}, options Options) (*EndpointParameters, error) { params := &EndpointParameters{} - params.Region = bindRegion(options.Region) + region, err := bindRegion(options.Region) + if err != nil { + return nil, err + } + params.Region = region + params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled) params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled) params.Endpoint = options.BaseEndpoint @@ -489,7 +501,7 @@ func bindEndpointParams(ctx context.Context, input interface{}, options Options) b.bindEndpointParams(params) } - return params + return params, nil } type resolveEndpointV2Middleware struct { @@ -519,7 +531,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil") } - params := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + params, err := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("failed to bind endpoint params, %w", err) + } endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration", func() (smithyendpoints.Endpoint, error) { return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json index 936253d7cae..39a393d441c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/generated.json @@ -22,14 +22,14 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", + "sra_operation_order_test.go", "types/errors.go", "types/types.go", "validators.go" ], - "go": "1.15", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/sso", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go index 69b4efccbfe..9d12dd55bc3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go @@ -3,4 +3,4 @@ package sso // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.23.0" +const goModuleVersion = "1.30.17" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go index 081867b3daa..871275a6bfc 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go @@ -87,6 +87,7 @@ func New() *Resolver { var partitionRegexp = struct { Aws *regexp.Regexp AwsCn *regexp.Regexp + AwsEusc *regexp.Regexp AwsIso *regexp.Regexp AwsIsoB *regexp.Regexp AwsIsoE *regexp.Regexp @@ -96,6 +97,7 @@ var partitionRegexp = struct { Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"), AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"), + AwsEusc: regexp.MustCompile("^eusc\\-(de)\\-\\w+\\-\\d+$"), AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"), AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"), AwsIsoE: regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"), @@ -155,6 +157,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-east-1", }, }, + endpoints.EndpointKey{ + Region: "ap-east-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-northeast-1", }: endpoints.Endpoint{ @@ -227,6 +232,20 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-southeast-4", }, }, + endpoints.EndpointKey{ + Region: "ap-southeast-5", + }: endpoints.Endpoint{ + Hostname: "portal.sso.ap-southeast-5.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "ap-southeast-5", + }, + }, + endpoints.EndpointKey{ + Region: "ap-southeast-6", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-southeast-7", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ca-central-1", }: endpoints.Endpoint{ @@ -331,6 +350,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "me-south-1", }, }, + endpoints.EndpointKey{ + Region: "mx-central-1", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "sa-east-1", }: endpoints.Endpoint{ @@ -426,6 +448,46 @@ var defaultPartitions = endpoints.Partitions{ }, }, }, + { + ID: "aws-eusc", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "portal.sso.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "portal.sso-fips.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "portal.sso-fips.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "portal.sso.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsEusc, + IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, + }, { ID: "aws-iso", Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go index aa744f1594d..8b4e34d0642 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go @@ -58,8 +58,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer @@ -119,12 +118,18 @@ type Options struct { // implementation if nil. HTTPClient HTTPClient + // Client registry of operation interceptors. + Interceptors smithyhttp.InterceptorRegistry + // The auth scheme resolver which determines how to authenticate for each // operation. AuthSchemeResolver AuthSchemeResolver // The list of auth schemes supported by the client. AuthSchemes []smithyhttp.AuthScheme + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string } // Copy creates a clone where the APIOptions list is deep copied. @@ -132,6 +137,7 @@ func (o Options) Copy() Options { to := o to.APIOptions = make([]func(*middleware.Stack) error, len(o.APIOptions)) copy(to.APIOptions, o.APIOptions) + to.Interceptors = o.Interceptors.Copy() return to } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go index 4dacb14b68b..a7a5b57de08 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go @@ -71,7 +71,7 @@ func awsRestjson1_serializeOpHttpBindingsGetRoleCredentialsInput(v *GetRoleCrede return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.AccessToken != nil && len(*v.AccessToken) > 0 { + if v.AccessToken != nil { locationName := "X-Amz-Sso_bearer_token" encoder.SetHeader(locationName).String(*v.AccessToken) } @@ -146,7 +146,7 @@ func awsRestjson1_serializeOpHttpBindingsListAccountRolesInput(v *ListAccountRol return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.AccessToken != nil && len(*v.AccessToken) > 0 { + if v.AccessToken != nil { locationName := "X-Amz-Sso_bearer_token" encoder.SetHeader(locationName).String(*v.AccessToken) } @@ -225,7 +225,7 @@ func awsRestjson1_serializeOpHttpBindingsListAccountsInput(v *ListAccountsInput, return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.AccessToken != nil && len(*v.AccessToken) > 0 { + if v.AccessToken != nil { locationName := "X-Amz-Sso_bearer_token" encoder.SetHeader(locationName).String(*v.AccessToken) } @@ -300,7 +300,7 @@ func awsRestjson1_serializeOpHttpBindingsLogoutInput(v *LogoutInput, encoder *ht return fmt.Errorf("unsupported serialization of nil %T", v) } - if v.AccessToken != nil && len(*v.AccessToken) > 0 { + if v.AccessToken != nil { locationName := "X-Amz-Sso_bearer_token" encoder.SetHeader(locationName).String(*v.AccessToken) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md index 474e7f7f5b7..e645209405d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md @@ -1,3 +1,272 @@ +# v1.35.21 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.20 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.19 (2026-04-02) + +* No change notes available for this release. + +# v1.35.18 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.17 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.16 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.15 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.14 (2026-02-17) + +* No change notes available for this release. + +# v1.35.13 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.12 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.11 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.35.10 (2025-11-25) + +* **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 + +# v1.35.9 (2025-11-21) + +* No change notes available for this release. + +# v1.35.8 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.7 (2025-11-12) + +* **Bug Fix**: Further reduce allocation overhead when the metrics system isn't in-use. +* **Bug Fix**: Reduce allocation overhead when the client doesn't have any HTTP interceptors configured. +* **Bug Fix**: Remove blank trace spans towards the beginning of the request that added no additional information. This conveys a slight reduction in overall allocations. + +# v1.35.6 (2025-11-11) + +* **Bug Fix**: Return validation error if input region is not a valid host label. + +# v1.35.5 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.35.4 (2025-10-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.3 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.2 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.1 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.0 (2025-09-23) + +* **Feature**: This release includes exception definition and documentation updates. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.34.5 (2025-09-22) + +* No change notes available for this release. + +# v1.34.4 (2025-09-10) + +* No change notes available for this release. + +# v1.34.3 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.34.2 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.34.1 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.34.0 (2025-08-26) + +* **Feature**: Remove incorrect endpoint tests + +# v1.33.2 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.1 (2025-08-20) + +* **Bug Fix**: Remove unused deserialization code. + +# v1.33.0 (2025-08-11) + +* **Feature**: Add support for configuring per-service Options via callback on global config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.0 (2025-08-04) + +* **Feature**: Support configurable auth scheme preferences in service clients via AWS_AUTH_SCHEME_PREFERENCE in the environment, auth_scheme_preference in the config file, and through in-code settings on LoadDefaultConfig and client constructor methods. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.1 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.4 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.3 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.2 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.1 (2025-04-03) + +* No change notes available for this release. + +# v1.30.0 (2025-03-27) + +* **Feature**: This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response. + +# v1.29.2 (2025-03-24) + +* No change notes available for this release. + +# v1.29.1 (2025-03-04.2) + +* **Bug Fix**: Add assurance test for operation order. + +# v1.29.0 (2025-02-27) + +* **Feature**: Track credential providers via User-Agent Feature ids +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.15 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.14 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.13 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.12 (2025-01-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.11 (2025-01-24) + +* **Documentation**: Fixed typos in the descriptions. +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.28.10 (2025-01-17) + +* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop. + +# v1.28.9 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.8 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.7 (2024-12-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.6 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.5 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.4 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.3 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.2 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.1 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.28.0 (2024-10-04) + +* **Feature**: Add support for HTTP client metrics. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.27.4 (2024-10-03) + +* No change notes available for this release. + +# v1.27.3 (2024-09-27) + +* No change notes available for this release. + +# v1.27.2 (2024-09-25) + +* No change notes available for this release. + +# v1.27.1 (2024-09-23) + +* No change notes available for this release. + # v1.27.0 (2024-09-20) * **Feature**: Add tracing and metrics support to service clients. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go index aa1f3ab3160..2c0958ade2d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go @@ -15,9 +15,7 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -65,7 +63,12 @@ func timeOperationMetric[T any]( ctx context.Context, metric string, fn func() (T, error), opts ...metrics.RecordMetricOption, ) (T, error) { - instr := getOperationMetrics(ctx).histogramFor(metric) + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return fn() + } + + instr := mm.histogramFor(metric) opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) start := time.Now() @@ -78,7 +81,12 @@ func timeOperationMetric[T any]( } func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() { - instr := getOperationMetrics(ctx).histogramFor(metric) + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return func() {} + } + + instr := mm.histogramFor(metric) opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) var ended bool @@ -106,6 +114,12 @@ func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption { type operationMetricsKey struct{} func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) { + if _, ok := mp.(metrics.NopMeterProvider); ok { + // not using the metrics system - setting up the metrics context is a memory-intensive operation + // so we should skip it in this case + return parent, nil + } + meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc") om := &operationMetrics{} @@ -153,7 +167,10 @@ func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Hi } func getOperationMetrics(ctx context.Context) *operationMetrics { - return ctx.Value(operationMetricsKey{}).(*operationMetrics) + if v := ctx.Value(operationMetricsKey{}); v != nil { + return v.(*operationMetrics) + } + return nil } func operationTracer(p tracing.TracerProvider) tracing.Tracer { @@ -274,7 +291,9 @@ func (c *Client) invokeOperation( defer endTimer() defer span.End() - handler := smithyhttp.NewClientHandler(options.HTTPClient) + handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) { + o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc") + }) decorated := middleware.DecorateHandler(handler, stack) result, metadata, err = decorated.Handle(ctx, params) if err != nil { @@ -417,24 +436,33 @@ func setResolvedDefaultsMode(o *Options) { // NewFromConfig returns a new client from the provided config. func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client { opts := Options{ - Region: cfg.Region, - DefaultsMode: cfg.DefaultsMode, - RuntimeEnvironment: cfg.RuntimeEnvironment, - HTTPClient: cfg.HTTPClient, - Credentials: cfg.Credentials, - APIOptions: cfg.APIOptions, - Logger: cfg.Logger, - ClientLogMode: cfg.ClientLogMode, - AppID: cfg.AppID, + Region: cfg.Region, + DefaultsMode: cfg.DefaultsMode, + RuntimeEnvironment: cfg.RuntimeEnvironment, + HTTPClient: cfg.HTTPClient, + Credentials: cfg.Credentials, + APIOptions: cfg.APIOptions, + Logger: cfg.Logger, + ClientLogMode: cfg.ClientLogMode, + AppID: cfg.AppID, + AuthSchemePreference: cfg.AuthSchemePreference, } resolveAWSRetryerProvider(cfg, &opts) resolveAWSRetryMaxAttempts(cfg, &opts) resolveAWSRetryMode(cfg, &opts) resolveAWSEndpointResolver(cfg, &opts) + resolveInterceptors(cfg, &opts) resolveUseDualStackEndpoint(cfg, &opts) resolveUseFIPSEndpoint(cfg, &opts) resolveBaseEndpoint(cfg, &opts) - return New(opts, optFns...) + return New(opts, func(o *Options) { + for _, opt := range cfg.ServiceOptions { + opt(ServiceID, o) + } + for _, opt := range optFns { + opt(o) + } + }) } func resolveHTTPClient(o *Options) { @@ -548,6 +576,10 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) { o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions) } +func resolveInterceptors(cfg aws.Config, o *Options) { + o.Interceptors = cfg.Interceptors.Copy() +} + func addClientUserAgent(stack *middleware.Stack, options Options) error { ua, err := getOrAddRequestUserAgent(stack) if err != nil { @@ -677,12 +709,13 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/ssooidc") + m.ClientSkew = c.timeOffset }) - if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil { + if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err } if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil { @@ -721,25 +754,6 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } - - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) - } - - return nil -} - -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) -} func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } @@ -759,6 +773,37 @@ func addUserAgentRetryMode(stack *middleware.Stack, options Options) error { return nil } +type setCredentialSourceMiddleware struct { + ua *awsmiddleware.RequestUserAgent + options Options +} + +func (m setCredentialSourceMiddleware) ID() string { return "SetCredentialSourceMiddleware" } + +func (m setCredentialSourceMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) ( + out middleware.BuildOutput, metadata middleware.Metadata, err error, +) { + asProviderSource, ok := m.options.Credentials.(aws.CredentialProviderSource) + if !ok { + return next.HandleBuild(ctx, in) + } + providerSources := asProviderSource.ProviderSources() + for _, source := range providerSources { + m.ua.AddCredentialsSource(source) + } + return next.HandleBuild(ctx, in) +} + +func addCredentialSource(stack *middleware.Stack, options Options) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + mw := setCredentialSourceMiddleware{ua: ua, options: options} + return stack.Build.Insert(&mw, "UserAgent", middleware.Before) +} + func resolveTracerProvider(options *Options) { if options.TracerProvider == nil { options.TracerProvider = &tracing.NopTracerProvider{} @@ -823,88 +868,62 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error { }, "ResolveEndpointV2", middleware.After) } -type spanInitializeStart struct { -} - -func (*spanInitializeStart) ID() string { - return "spanInitializeStart" -} - -func (m *spanInitializeStart) HandleInitialize( - ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, -) ( - middleware.InitializeOutput, middleware.Metadata, error, -) { - ctx, _ = tracing.StartSpan(ctx, "Initialize") - - return next.HandleInitialize(ctx, in) -} - -type spanInitializeEnd struct { -} - -func (*spanInitializeEnd) ID() string { - return "spanInitializeEnd" -} - -func (m *spanInitializeEnd) HandleInitialize( - ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, -) ( - middleware.InitializeOutput, middleware.Metadata, error, -) { - ctx, span := tracing.PopSpan(ctx) - span.End() - - return next.HandleInitialize(ctx, in) -} - -type spanBuildRequestStart struct { -} - -func (*spanBuildRequestStart) ID() string { - return "spanBuildRequestStart" -} - -func (m *spanBuildRequestStart) HandleSerialize( - ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler, -) ( - middleware.SerializeOutput, middleware.Metadata, error, -) { - ctx, _ = tracing.StartSpan(ctx, "BuildRequest") - - return next.HandleSerialize(ctx, in) -} - -type spanBuildRequestEnd struct { -} - -func (*spanBuildRequestEnd) ID() string { - return "spanBuildRequestEnd" -} - -func (m *spanBuildRequestEnd) HandleBuild( - ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler, -) ( - middleware.BuildOutput, middleware.Metadata, error, -) { - ctx, span := tracing.PopSpan(ctx) - span.End() - - return next.HandleBuild(ctx, in) -} - -func addSpanInitializeStart(stack *middleware.Stack) error { - return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before) -} - -func addSpanInitializeEnd(stack *middleware.Stack) error { - return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After) -} - -func addSpanBuildRequestStart(stack *middleware.Stack) error { - return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before) -} +func addInterceptBeforeRetryLoop(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptBeforeRetryLoop{ + Interceptors: opts.Interceptors.BeforeRetryLoop, + }, "Retry", middleware.Before) +} + +func addInterceptAttempt(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptAttempt{ + BeforeAttempt: opts.Interceptors.BeforeAttempt, + AfterAttempt: opts.Interceptors.AfterAttempt, + }, "Retry", middleware.After) +} + +func addInterceptors(stack *middleware.Stack, opts Options) error { + // middlewares are expensive, don't add all of these interceptor ones unless the caller + // actually has at least one interceptor configured + // + // at the moment it's all-or-nothing because some of the middlewares here are responsible for + // setting fields in the interceptor context for future ones + if len(opts.Interceptors.BeforeExecution) == 0 && + len(opts.Interceptors.BeforeSerialization) == 0 && len(opts.Interceptors.AfterSerialization) == 0 && + len(opts.Interceptors.BeforeRetryLoop) == 0 && + len(opts.Interceptors.BeforeAttempt) == 0 && + len(opts.Interceptors.BeforeSigning) == 0 && len(opts.Interceptors.AfterSigning) == 0 && + len(opts.Interceptors.BeforeTransmit) == 0 && len(opts.Interceptors.AfterTransmit) == 0 && + len(opts.Interceptors.BeforeDeserialization) == 0 && len(opts.Interceptors.AfterDeserialization) == 0 && + len(opts.Interceptors.AfterAttempt) == 0 && len(opts.Interceptors.AfterExecution) == 0 { + return nil + } -func addSpanBuildRequestEnd(stack *middleware.Stack) error { - return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After) + return errors.Join( + stack.Initialize.Add(&smithyhttp.InterceptExecution{ + BeforeExecution: opts.Interceptors.BeforeExecution, + AfterExecution: opts.Interceptors.AfterExecution, + }, middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptBeforeSerialization{ + Interceptors: opts.Interceptors.BeforeSerialization, + }, "OperationSerializer", middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptAfterSerialization{ + Interceptors: opts.Interceptors.AfterSerialization, + }, "OperationSerializer", middleware.After), + stack.Finalize.Insert(&smithyhttp.InterceptBeforeSigning{ + Interceptors: opts.Interceptors.BeforeSigning, + }, "Signing", middleware.Before), + stack.Finalize.Insert(&smithyhttp.InterceptAfterSigning{ + Interceptors: opts.Interceptors.AfterSigning, + }, "Signing", middleware.After), + stack.Deserialize.Add(&smithyhttp.InterceptTransmit{ + BeforeTransmit: opts.Interceptors.BeforeTransmit, + AfterTransmit: opts.Interceptors.AfterTransmit, + }, middleware.After), + stack.Deserialize.Insert(&smithyhttp.InterceptBeforeDeserialization{ + Interceptors: opts.Interceptors.BeforeDeserialization, + }, "OperationDeserializer", middleware.After), // (deserialize stack is called in reverse) + stack.Deserialize.Insert(&smithyhttp.InterceptAfterDeserialization{ + Interceptors: opts.Interceptors.AfterDeserialization, + }, "OperationDeserializer", middleware.Before), + ) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go index 5fb8d2ab946..cd739d53f58 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go @@ -12,7 +12,7 @@ import ( // Creates and returns access and refresh tokens for clients that are // authenticated using client secrets. The access token can be used to fetch -// short-term credentials for the assigned AWS accounts or to access application +// short-lived credentials for the assigned AWS accounts or to access application // APIs using bearer authentication. func (c *Client) CreateToken(ctx context.Context, params *CreateTokenInput, optFns ...func(*Options)) (*CreateTokenOutput, error) { if params == nil { @@ -43,22 +43,21 @@ type CreateTokenInput struct { // This member is required. ClientSecret *string - // Supports the following OAuth grant types: Device Code and Refresh Token. - // Specify either of the following values, depending on the grant type that you - // want: + // Supports the following OAuth grant types: Authorization Code, Device Code, and + // Refresh Token. Specify one of the following values, depending on the grant type + // that you want: + // + // * Authorization Code - authorization_code // // * Device Code - urn:ietf:params:oauth:grant-type:device_code // // * Refresh Token - refresh_token // - // For information about how to obtain the device code, see the StartDeviceAuthorization topic. - // // This member is required. GrantType *string // Used only when calling this API for the Authorization Code grant type. The - // short-term code is used to identify this authorization request. This grant type - // is currently unsupported for the CreateTokenAPI. + // short-lived code is used to identify this authorization request. Code *string // Used only when calling this API for the Authorization Code grant type. This @@ -66,9 +65,9 @@ type CreateTokenInput struct { // challenge value the client passed at authorization time. CodeVerifier *string - // Used only when calling this API for the Device Code grant type. This short-term - // code is used to identify this authorization request. This comes from the result - // of the StartDeviceAuthorizationAPI. + // Used only when calling this API for the Device Code grant type. This + // short-lived code is used to identify this authorization request. This comes from + // the result of the StartDeviceAuthorizationAPI. DeviceCode *string // Used only when calling this API for the Authorization Code grant type. This @@ -77,7 +76,7 @@ type CreateTokenInput struct { RedirectUri *string // Used only when calling this API for the Refresh Token grant type. This token is - // used to refresh short-term tokens, such as the access token, that might expire. + // used to refresh short-lived tokens, such as the access token, that might expire. // // For more information about the features and limitations of the current IAM // Identity Center OIDC implementation, see Considerations for Using this Guide in @@ -86,10 +85,9 @@ type CreateTokenInput struct { // [IAM Identity Center OIDC API Reference]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html RefreshToken *string - // The list of scopes for which authorization is requested. The access token that - // is issued is limited to the scopes that are granted. If this value is not - // specified, IAM Identity Center authorizes all scopes that are configured for the - // client during the call to RegisterClient. + // The list of scopes for which authorization is requested. This parameter has no + // effect; the access token will always include all scopes configured during client + // registration. Scope []string noSmithyDocumentSerde @@ -165,7 +163,7 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -189,10 +187,10 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpCreateTokenValidationMiddleware(stack); err != nil { @@ -216,16 +214,13 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go index 8abd43690d2..a02f62a2862 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go @@ -6,14 +6,24 @@ import ( "context" "fmt" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/ssooidc/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates and returns access and refresh tokens for clients and applications that -// are authenticated using IAM entities. The access token can be used to fetch -// short-term credentials for the assigned Amazon Web Services accounts or to -// access application APIs using bearer authentication. +// Creates and returns access and refresh tokens for authorized client +// applications that are authenticated using any IAM entity, such as a service role +// or user. These tokens might contain defined scopes that specify permissions such +// as read:profile or write:data . Through downscoping, you can use the scopes +// parameter to request tokens with reduced permissions compared to the original +// client application's permissions or, if applicable, the refresh token's scopes. +// The access token can be used to fetch short-lived credentials for the assigned +// Amazon Web Services accounts or to access application APIs using bearer +// authentication. +// +// This API is used with Signature Version 4. For more information, see [Amazon Web Services Signature Version 4 for API Requests]. +// +// [Amazon Web Services Signature Version 4 for API Requests]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html func (c *Client) CreateTokenWithIAM(ctx context.Context, params *CreateTokenWithIAMInput, optFns ...func(*Options)) (*CreateTokenWithIAMOutput, error) { if params == nil { params = &CreateTokenWithIAMInput{} @@ -59,7 +69,7 @@ type CreateTokenWithIAMInput struct { Assertion *string // Used only when calling this API for the Authorization Code grant type. This - // short-term code is used to identify this authorization request. The code is + // short-lived code is used to identify this authorization request. The code is // obtained through a redirect from IAM Identity Center to a redirect URI persisted // in the Authorization Code GrantOptions for the application. Code *string @@ -75,7 +85,7 @@ type CreateTokenWithIAMInput struct { RedirectUri *string // Used only when calling this API for the Refresh Token grant type. This token is - // used to refresh short-term tokens, such as the access token, that might expire. + // used to refresh short-lived tokens, such as the access token, that might expire. // // For more information about the features and limitations of the current IAM // Identity Center OIDC implementation, see Considerations for Using this Guide in @@ -123,6 +133,10 @@ type CreateTokenWithIAMOutput struct { // to a user. AccessToken *string + // A structure containing information from IAM Identity Center managed user and + // group information. + AwsAdditionalDetails *types.AwsAdditionalDetails + // Indicates the time in seconds when an access token will expire. ExpiresIn int32 @@ -196,7 +210,7 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -220,10 +234,10 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil { @@ -247,16 +261,13 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go index 03a3594be0b..f32e86be9c3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go @@ -10,9 +10,9 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Registers a client with IAM Identity Center. This allows clients to initiate -// device authorization. The output should be persisted for reuse through many -// authentication requests. +// Registers a public client with IAM Identity Center. This allows clients to +// perform authorization using the authorization code grant with Proof Key for Code +// Exchange (PKCE) or the device code grant. func (c *Client) RegisterClient(ctx context.Context, params *RegisterClientInput, optFns ...func(*Options)) (*RegisterClientOutput, error) { if params == nil { params = &RegisterClientInput{} @@ -48,7 +48,15 @@ type RegisterClientInput struct { EntitledApplicationArn *string // The list of OAuth 2.0 grant types that are defined by the client. This list is - // used to restrict the token granting flows available to the client. + // used to restrict the token granting flows available to the client. Supports the + // following OAuth 2.0 grant types: Authorization Code, Device Code, and Refresh + // Token. + // + // * Authorization Code - authorization_code + // + // * Device Code - urn:ietf:params:oauth:grant-type:device_code + // + // * Refresh Token - refresh_token GrantTypes []string // The IAM Identity Center Issuer URL associated with an instance of IAM Identity @@ -126,7 +134,7 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -150,10 +158,10 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpRegisterClientValidationMiddleware(stack); err != nil { @@ -177,16 +185,13 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go index 203ca5e67b8..a35750b2279 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go @@ -116,7 +116,7 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -140,10 +140,10 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpStartDeviceAuthorizationValidationMiddleware(stack); err != nil { @@ -167,16 +167,13 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go index e4b87f5bc41..5f253df305e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go @@ -12,10 +12,13 @@ import ( "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" + "slices" + "strings" ) -func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) { +func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) error { params.Region = options.Region + return nil } type setLegacyContextSigningOptionsMiddleware struct { @@ -92,14 +95,16 @@ type AuthResolverParameters struct { Region string } -func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters { +func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) (*AuthResolverParameters, error) { params := &AuthResolverParameters{ Operation: operation, } - bindAuthParamsRegion(ctx, params, input, options) + if err := bindAuthParamsRegion(ctx, params, input, options); err != nil { + return nil, err + } - return params + return params, nil } // AuthSchemeResolver returns a set of possible authentication options for an @@ -168,7 +173,10 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid _, span := tracing.StartSpan(ctx, "ResolveAuthScheme") defer span.End() - params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + params, err := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("bind auth scheme params: %w", err) + } options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) @@ -187,7 +195,8 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid } func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) (*resolvedAuthScheme, bool) { - for _, option := range options { + sorted := sortAuthOptions(options, m.options.AuthSchemePreference) + for _, option := range sorted { if option.SchemeID == smithyauth.SchemeIDAnonymous { return newResolvedAuthScheme(smithyhttp.NewAnonymousScheme(), option), true } @@ -206,6 +215,29 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { + byPriority := make([]*smithyauth.Option, 0, len(options)) + for _, prefName := range preferred { + for _, option := range options { + optName := option.SchemeID + if parts := strings.Split(option.SchemeID, "#"); len(parts) == 2 { + optName = parts[1] + } + if prefName == optName { + byPriority = append(byPriority, option) + } + } + } + for _, option := range options { + if !slices.ContainsFunc(byPriority, func(o *smithyauth.Option) bool { + return o.SchemeID == option.SchemeID + }) { + byPriority = append(byPriority, option) + } + } + return byPriority +} + type resolvedAuthSchemeKey struct{} type resolvedAuthScheme struct { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go index ae9f145e627..fb9a0df5194 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go @@ -13,22 +13,12 @@ import ( smithyio "github.com/aws/smithy-go/io" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" - smithytime "github.com/aws/smithy-go/time" "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" "io" "strings" - "time" ) -func deserializeS3Expires(v string) (*time.Time, error) { - t, err := smithytime.ParseHTTPDate(v) - if err != nil { - return nil, nil - } - return &t, nil -} - type awsRestjson1_deserializeOpCreateToken struct { } @@ -435,6 +425,11 @@ func awsRestjson1_deserializeOpDocumentCreateTokenWithIAMOutput(v **CreateTokenW sv.AccessToken = ptr.String(jtv) } + case "awsAdditionalDetails": + if err := awsRestjson1_deserializeDocumentAwsAdditionalDetails(&sv.AwsAdditionalDetails, value); err != nil { + return err + } + case "expiresIn": if value != nil { jtv, ok := value.(json.Number) @@ -616,6 +611,9 @@ func awsRestjson1_deserializeOpErrorRegisterClient(response *smithyhttp.Response case strings.EqualFold("InvalidScopeException", errorCode): return awsRestjson1_deserializeErrorInvalidScopeException(response, errorBody) + case strings.EqualFold("SlowDownException", errorCode): + return awsRestjson1_deserializeErrorSlowDownException(response, errorBody) + case strings.EqualFold("UnsupportedGrantTypeException", errorCode): return awsRestjson1_deserializeErrorUnsupportedGrantTypeException(response, errorBody) @@ -1487,6 +1485,15 @@ func awsRestjson1_deserializeDocumentAccessDeniedException(v **types.AccessDenie sv.Error_description = ptr.String(jtv) } + case "reason": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected AccessDeniedExceptionReason to be of type string, got %T instead", value) + } + sv.Reason = types.AccessDeniedExceptionReason(jtv) + } + default: _, _ = key, value @@ -1545,6 +1552,46 @@ func awsRestjson1_deserializeDocumentAuthorizationPendingException(v **types.Aut return nil } +func awsRestjson1_deserializeDocumentAwsAdditionalDetails(v **types.AwsAdditionalDetails, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.AwsAdditionalDetails + if *v == nil { + sv = &types.AwsAdditionalDetails{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "identityContext": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected IdentityContext to be of type string, got %T instead", value) + } + sv.IdentityContext = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsRestjson1_deserializeDocumentExpiredTokenException(v **types.ExpiredTokenException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -1879,6 +1926,15 @@ func awsRestjson1_deserializeDocumentInvalidRequestException(v **types.InvalidRe sv.Error_description = ptr.String(jtv) } + case "reason": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected InvalidRequestExceptionReason to be of type string, got %T instead", value) + } + sv.Reason = types.InvalidRequestExceptionReason(jtv) + } + default: _, _ = key, value diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go index 1d258e5677b..aa9cf731d4c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go @@ -8,9 +8,12 @@ // Center. The service also enables the client to fetch the user’s access token // upon successful authentication and authorization with IAM Identity Center. // -// IAM Identity Center uses the sso and identitystore API namespaces. +// # API namespaces // -// # Considerations for Using This Guide +// IAM Identity Center uses the sso and identitystore API namespaces. IAM Identity +// Center OpenID Connect uses the sso-oauth namespace. +// +// # Considerations for using this guide // // Before you begin using this guide, we recommend that you first review the // following important information about how the IAM Identity Center OIDC service diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go index 6feea0c9fec..884983eb4d0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go @@ -14,6 +14,7 @@ import ( internalendpoints "github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" "github.com/aws/smithy-go/tracing" @@ -217,11 +218,15 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) { } } -func bindRegion(region string) *string { +func bindRegion(region string) (*string, error) { if region == "" { - return nil + return nil, nil + } + if !rulesfn.IsValidHostLabel(region, true) { + return nil, fmt.Errorf("invalid input region %s", region) } - return aws.String(endpoints.MapFIPSRegion(region)) + + return aws.String(endpoints.MapFIPSRegion(region)), nil } // EndpointParameters provides the parameters that influence how endpoints are @@ -328,7 +333,9 @@ func (r *resolver) ResolveEndpoint( return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } _UseDualStack := *params.UseDualStack + _ = _UseDualStack _UseFIPS := *params.UseFIPS + _ = _UseFIPS if exprVal := params.Endpoint; exprVal != nil { _Endpoint := *exprVal @@ -477,10 +484,15 @@ type endpointParamsBinder interface { bindEndpointParams(*EndpointParameters) } -func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters { +func bindEndpointParams(ctx context.Context, input interface{}, options Options) (*EndpointParameters, error) { params := &EndpointParameters{} - params.Region = bindRegion(options.Region) + region, err := bindRegion(options.Region) + if err != nil { + return nil, err + } + params.Region = region + params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled) params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled) params.Endpoint = options.BaseEndpoint @@ -489,7 +501,7 @@ func bindEndpointParams(ctx context.Context, input interface{}, options Options) b.bindEndpointParams(params) } - return params + return params, nil } type resolveEndpointV2Middleware struct { @@ -519,7 +531,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil") } - params := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + params, err := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("failed to bind endpoint params, %w", err) + } endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration", func() (smithyendpoints.Endpoint, error) { return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json index b2a52633ba6..1e34b9a9d50 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/generated.json @@ -22,14 +22,15 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", + "sra_operation_order_test.go", + "types/enums.go", "types/errors.go", "types/types.go", "validators.go" ], - "go": "1.15", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go index ba33b37ea5f..af00268dfc6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go @@ -3,4 +3,4 @@ package ssooidc // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.27.0" +const goModuleVersion = "1.35.21" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go index b4c61ebad93..4ab58f60bd6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go @@ -87,6 +87,7 @@ func New() *Resolver { var partitionRegexp = struct { Aws *regexp.Regexp AwsCn *regexp.Regexp + AwsEusc *regexp.Regexp AwsIso *regexp.Regexp AwsIsoB *regexp.Regexp AwsIsoE *regexp.Regexp @@ -96,6 +97,7 @@ var partitionRegexp = struct { Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"), AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"), + AwsEusc: regexp.MustCompile("^eusc\\-(de)\\-\\w+\\-\\d+$"), AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"), AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"), AwsIsoE: regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"), @@ -155,6 +157,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-east-1", }, }, + endpoints.EndpointKey{ + Region: "ap-east-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-northeast-1", }: endpoints.Endpoint{ @@ -227,6 +232,20 @@ var defaultPartitions = endpoints.Partitions{ Region: "ap-southeast-4", }, }, + endpoints.EndpointKey{ + Region: "ap-southeast-5", + }: endpoints.Endpoint{ + Hostname: "oidc.ap-southeast-5.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "ap-southeast-5", + }, + }, + endpoints.EndpointKey{ + Region: "ap-southeast-6", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-southeast-7", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ca-central-1", }: endpoints.Endpoint{ @@ -331,6 +350,9 @@ var defaultPartitions = endpoints.Partitions{ Region: "me-south-1", }, }, + endpoints.EndpointKey{ + Region: "mx-central-1", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "sa-east-1", }: endpoints.Endpoint{ @@ -426,6 +448,46 @@ var defaultPartitions = endpoints.Partitions{ }, }, }, + { + ID: "aws-eusc", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "oidc.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "oidc-fips.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "oidc-fips.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "oidc.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsEusc, + IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, + }, { ID: "aws-iso", Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go index 55dd80d0e05..c2eac091904 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go @@ -58,8 +58,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer @@ -119,12 +118,18 @@ type Options struct { // implementation if nil. HTTPClient HTTPClient + // Client registry of operation interceptors. + Interceptors smithyhttp.InterceptorRegistry + // The auth scheme resolver which determines how to authenticate for each // operation. AuthSchemeResolver AuthSchemeResolver // The list of auth schemes supported by the client. AuthSchemes []smithyhttp.AuthScheme + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string } // Copy creates a clone where the APIOptions list is deep copied. @@ -132,6 +137,7 @@ func (o Options) Copy() Options { to := o to.APIOptions = make([]func(*middleware.Stack) error, len(o.APIOptions)) copy(to.APIOptions, o.APIOptions) + to.Interceptors = o.Interceptors.Copy() return to } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/enums.go new file mode 100644 index 00000000000..b14a3c05810 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/enums.go @@ -0,0 +1,44 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package types + +type AccessDeniedExceptionReason string + +// Enum values for AccessDeniedExceptionReason +const ( + AccessDeniedExceptionReasonKmsAccessDenied AccessDeniedExceptionReason = "KMS_AccessDeniedException" +) + +// Values returns all known values for AccessDeniedExceptionReason. Note that this +// can be expanded in the future, and so it is only as up to date as the client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (AccessDeniedExceptionReason) Values() []AccessDeniedExceptionReason { + return []AccessDeniedExceptionReason{ + "KMS_AccessDeniedException", + } +} + +type InvalidRequestExceptionReason string + +// Enum values for InvalidRequestExceptionReason +const ( + InvalidRequestExceptionReasonKmsKeyNotFound InvalidRequestExceptionReason = "KMS_NotFoundException" + InvalidRequestExceptionReasonKmsInvalidKeyUsage InvalidRequestExceptionReason = "KMS_InvalidKeyUsageException" + InvalidRequestExceptionReasonKmsInvalidState InvalidRequestExceptionReason = "KMS_InvalidStateException" + InvalidRequestExceptionReasonKmsDisabledKey InvalidRequestExceptionReason = "KMS_DisabledException" +) + +// Values returns all known values for InvalidRequestExceptionReason. Note that +// this can be expanded in the future, and so it is only as up to date as the +// client. +// +// The ordering of this slice is not guaranteed to be stable across updates. +func (InvalidRequestExceptionReason) Values() []InvalidRequestExceptionReason { + return []InvalidRequestExceptionReason{ + "KMS_NotFoundException", + "KMS_InvalidKeyUsageException", + "KMS_InvalidStateException", + "KMS_DisabledException", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go index 2cfe7b48fed..a1a3c7ef0da 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go @@ -14,6 +14,7 @@ type AccessDeniedException struct { ErrorCodeOverride *string Error_ *string + Reason AccessDeniedExceptionReason Error_description *string noSmithyDocumentSerde @@ -255,6 +256,7 @@ type InvalidRequestException struct { ErrorCodeOverride *string Error_ *string + Reason InvalidRequestExceptionReason Error_description *string noSmithyDocumentSerde diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/types.go index 0ec0789f8d9..de15e8f0514 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/types.go @@ -6,4 +6,20 @@ import ( smithydocument "github.com/aws/smithy-go/document" ) +// This structure contains Amazon Web Services-specific parameter extensions and +// the [identity context]. +// +// [identity context]: https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-overview.html +type AwsAdditionalDetails struct { + + // The trusted context assertion is signed and encrypted by STS. It provides + // access to sts:identity_context claim in the idToken without JWT parsing + // + // Identity context comprises information that Amazon Web Services services use to + // make authorization decisions when they receive requests. + IdentityContext *string + + noSmithyDocumentSerde +} + type noSmithyDocumentSerde = smithydocument.NoSerde diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md index 82ff30c3114..199f7a79ce8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md @@ -1,3 +1,289 @@ +# v1.42.1 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.0 (2026-04-17) + +* **Feature**: The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.10 (2026-03-26) + +* **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.9 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.8 (2026-03-03) + +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.7 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.6 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.5 (2025-12-09) + +* No change notes available for this release. + +# v1.41.4 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.3 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.41.2 (2025-11-25) + +* **Bug Fix**: Add error check for endpoint param binding during auth scheme resolution to fix panic reported in #3234 + +# v1.41.1 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.41.0 (2025-11-19) + +* **Feature**: IAM now supports outbound identity federation via the STS GetWebIdentityToken API, enabling AWS workloads to securely authenticate with external services using short-lived JSON Web Tokens. + +# v1.40.2 (2025-11-12) + +* **Bug Fix**: Further reduce allocation overhead when the metrics system isn't in-use. +* **Bug Fix**: Reduce allocation overhead when the client doesn't have any HTTP interceptors configured. +* **Bug Fix**: Remove blank trace spans towards the beginning of the request that added no additional information. This conveys a slight reduction in overall allocations. + +# v1.40.1 (2025-11-11) + +* **Bug Fix**: Return validation error if input region is not a valid host label. + +# v1.40.0 (2025-11-10) + +* **Feature**: Added GetDelegatedAccessToken API, which is not available for general use at this time. + +# v1.39.1 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.39.0 (2025-10-30) + +* **Feature**: Update endpoint ruleset parameters casing +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.9 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.8 (2025-10-22) + +* No change notes available for this release. + +# v1.38.7 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.6 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.5 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.4 (2025-09-10) + +* No change notes available for this release. + +# v1.38.3 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.2 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.1 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.0 (2025-08-21) + +* **Feature**: Remove incorrect endpoint tests +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.37.1 (2025-08-20) + +* **Bug Fix**: Remove unused deserialization code. + +# v1.37.0 (2025-08-11) + +* **Feature**: Add support for configuring per-service Options via callback on global config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.0 (2025-08-04) + +* **Feature**: Support configurable auth scheme preferences in service clients via AWS_AUTH_SCHEME_PREFERENCE in the environment, auth_scheme_preference in the config file, and through in-code settings on LoadDefaultConfig and client constructor methods. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.1 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.34.1 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.34.0 (2025-06-17) + +* **Feature**: The AWS Security Token Service APIs AssumeRoleWithSAML and AssumeRoleWithWebIdentity can now be invoked without pre-configured AWS credentials in the SDK configuration. +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.21 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.20 (2025-06-06) + +* No change notes available for this release. + +# v1.33.19 (2025-04-10) + +* No change notes available for this release. + +# v1.33.18 (2025-04-03) + +* No change notes available for this release. + +# v1.33.17 (2025-03-04.2) + +* **Bug Fix**: Add assurance test for operation order. + +# v1.33.16 (2025-02-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.15 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.14 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.13 (2025-02-04) + +* No change notes available for this release. + +# v1.33.12 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.11 (2025-01-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.10 (2025-01-24) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.33.9 (2025-01-17) + +* **Bug Fix**: Fix bug where credentials weren't refreshed during retry loop. + +# v1.33.8 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.7 (2025-01-14) + +* No change notes available for this release. + +# v1.33.6 (2025-01-10) + +* **Documentation**: Fixed typos in the descriptions. + +# v1.33.5 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.4 (2025-01-08) + +* No change notes available for this release. + +# v1.33.3 (2024-12-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.2 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.1 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.33.0 (2024-11-14) + +* **Feature**: This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks. + +# v1.32.4 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.3 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.2 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.1 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.0 (2024-10-04) + +* **Feature**: Add support for HTTP client metrics. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.4 (2024-10-03) + +* No change notes available for this release. + +# v1.31.3 (2024-09-27) + +* No change notes available for this release. + +# v1.31.2 (2024-09-25) + +* No change notes available for this release. + +# v1.31.1 (2024-09-23) + +* No change notes available for this release. + # v1.31.0 (2024-09-20) * **Feature**: Add tracing and metrics support to service clients. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go index 0df1bddf741..958c83c1a89 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go @@ -16,11 +16,10 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" - internalmiddleware "github.com/aws/aws-sdk-go-v2/internal/middleware" + "github.com/aws/aws-sdk-go-v2/internal/v4a" acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding" presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url" smithy "github.com/aws/smithy-go" - smithyauth "github.com/aws/smithy-go/auth" smithydocument "github.com/aws/smithy-go/document" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -68,7 +67,12 @@ func timeOperationMetric[T any]( ctx context.Context, metric string, fn func() (T, error), opts ...metrics.RecordMetricOption, ) (T, error) { - instr := getOperationMetrics(ctx).histogramFor(metric) + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return fn() + } + + instr := mm.histogramFor(metric) opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) start := time.Now() @@ -81,7 +85,12 @@ func timeOperationMetric[T any]( } func startMetricTimer(ctx context.Context, metric string, opts ...metrics.RecordMetricOption) func() { - instr := getOperationMetrics(ctx).histogramFor(metric) + mm := getOperationMetrics(ctx) + if mm == nil { // not using the metrics system + return func() {} + } + + instr := mm.histogramFor(metric) opts = append([]metrics.RecordMetricOption{withOperationMetadata(ctx)}, opts...) var ended bool @@ -109,6 +118,12 @@ func withOperationMetadata(ctx context.Context) metrics.RecordMetricOption { type operationMetricsKey struct{} func withOperationMetrics(parent context.Context, mp metrics.MeterProvider) (context.Context, error) { + if _, ok := mp.(metrics.NopMeterProvider); ok { + // not using the metrics system - setting up the metrics context is a memory-intensive operation + // so we should skip it in this case + return parent, nil + } + meter := mp.Meter("github.com/aws/aws-sdk-go-v2/service/sts") om := &operationMetrics{} @@ -156,7 +171,10 @@ func operationMetricTimer(m metrics.Meter, name, desc string) (metrics.Float64Hi } func getOperationMetrics(ctx context.Context) *operationMetrics { - return ctx.Value(operationMetricsKey{}).(*operationMetrics) + if v := ctx.Value(operationMetricsKey{}); v != nil { + return v.(*operationMetrics) + } + return nil } func operationTracer(p tracing.TracerProvider) tracing.Tracer { @@ -190,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client { resolveEndpointResolverV2(&options) + resolveHTTPSignerV4a(&options) + resolveTracerProvider(&options) resolveMeterProvider(&options) @@ -278,7 +298,9 @@ func (c *Client) invokeOperation( defer endTimer() defer span.End() - handler := smithyhttp.NewClientHandler(options.HTTPClient) + handler := smithyhttp.NewClientHandlerWithOptions(options.HTTPClient, func(o *smithyhttp.ClientHandler) { + o.Meter = options.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sts") + }) decorated := middleware.DecorateHandler(handler, stack) result, metadata, err = decorated.Handle(ctx, params) if err != nil { @@ -362,6 +384,11 @@ func resolveAuthSchemes(options *Options) { Logger: options.Logger, LogSigning: options.ClientLogMode.IsSigning(), }), + internalauth.NewHTTPAuthScheme("aws.auth#sigv4a", &v4a.SignerAdapter{ + Signer: options.httpSignerV4a, + Logger: options.Logger, + LogSigning: options.ClientLogMode.IsSigning(), + }), } } } @@ -421,24 +448,33 @@ func setResolvedDefaultsMode(o *Options) { // NewFromConfig returns a new client from the provided config. func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client { opts := Options{ - Region: cfg.Region, - DefaultsMode: cfg.DefaultsMode, - RuntimeEnvironment: cfg.RuntimeEnvironment, - HTTPClient: cfg.HTTPClient, - Credentials: cfg.Credentials, - APIOptions: cfg.APIOptions, - Logger: cfg.Logger, - ClientLogMode: cfg.ClientLogMode, - AppID: cfg.AppID, + Region: cfg.Region, + DefaultsMode: cfg.DefaultsMode, + RuntimeEnvironment: cfg.RuntimeEnvironment, + HTTPClient: cfg.HTTPClient, + Credentials: cfg.Credentials, + APIOptions: cfg.APIOptions, + Logger: cfg.Logger, + ClientLogMode: cfg.ClientLogMode, + AppID: cfg.AppID, + AuthSchemePreference: cfg.AuthSchemePreference, } resolveAWSRetryerProvider(cfg, &opts) resolveAWSRetryMaxAttempts(cfg, &opts) resolveAWSRetryMode(cfg, &opts) resolveAWSEndpointResolver(cfg, &opts) + resolveInterceptors(cfg, &opts) resolveUseDualStackEndpoint(cfg, &opts) resolveUseFIPSEndpoint(cfg, &opts) resolveBaseEndpoint(cfg, &opts) - return New(opts, optFns...) + return New(opts, func(o *Options) { + for _, opt := range cfg.ServiceOptions { + opt(ServiceID, o) + } + for _, opt := range optFns { + opt(o) + } + }) } func resolveHTTPClient(o *Options) { @@ -552,6 +588,10 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) { o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions) } +func resolveInterceptors(cfg aws.Config, o *Options) { + o.Interceptors = cfg.Interceptors.Copy() +} + func addClientUserAgent(stack *middleware.Stack, options Options) error { ua, err := getOrAddRequestUserAgent(stack) if err != nil { @@ -681,12 +721,13 @@ func addIsPaginatorUserAgent(o *Options) { }) } -func addRetry(stack *middleware.Stack, o Options) error { +func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() m.OperationMeter = o.MeterProvider.Meter("github.com/aws/aws-sdk-go-v2/service/sts") + m.ClientSkew = c.timeOffset }) - if err := stack.Finalize.Insert(attempt, "Signing", middleware.Before); err != nil { + if err := stack.Finalize.Insert(attempt, "ResolveAuthScheme", middleware.Before); err != nil { return err } if err := stack.Finalize.Insert(&retry.MetricsHeader{}, attempt.ID(), middleware.After); err != nil { @@ -725,25 +766,26 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } -func resolveAccountID(identity smithyauth.Identity, mode aws.AccountIDEndpointMode) *string { - if mode == aws.AccountIDEndpointModeDisabled { - return nil - } +type httpSignerV4a interface { + SignHTTP(ctx context.Context, credentials v4a.Credentials, r *http.Request, payloadHash, + service string, regionSet []string, signingTime time.Time, + optFns ...func(*v4a.SignerOptions)) error +} - if ca, ok := identity.(*internalauthsmithy.CredentialsAdapter); ok && ca.Credentials.AccountID != "" { - return aws.String(ca.Credentials.AccountID) +func resolveHTTPSignerV4a(o *Options) { + if o.httpSignerV4a != nil { + return } - - return nil + o.httpSignerV4a = newDefaultV4aSigner(*o) } -func addTimeOffsetBuild(stack *middleware.Stack, c *Client) error { - mw := internalmiddleware.AddTimeOffsetMiddleware{Offset: c.timeOffset} - if err := stack.Build.Add(&mw, middleware.After); err != nil { - return err - } - return stack.Deserialize.Insert(&mw, "RecordResponseTiming", middleware.Before) +func newDefaultV4aSigner(o Options) *v4a.Signer { + return v4a.NewSigner(func(so *v4a.SignerOptions) { + so.Logger = o.Logger + so.LogSigning = o.ClientLogMode.IsSigning() + }) } + func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } @@ -763,6 +805,37 @@ func addUserAgentRetryMode(stack *middleware.Stack, options Options) error { return nil } +type setCredentialSourceMiddleware struct { + ua *awsmiddleware.RequestUserAgent + options Options +} + +func (m setCredentialSourceMiddleware) ID() string { return "SetCredentialSourceMiddleware" } + +func (m setCredentialSourceMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) ( + out middleware.BuildOutput, metadata middleware.Metadata, err error, +) { + asProviderSource, ok := m.options.Credentials.(aws.CredentialProviderSource) + if !ok { + return next.HandleBuild(ctx, in) + } + providerSources := asProviderSource.ProviderSources() + for _, source := range providerSources { + m.ua.AddCredentialsSource(source) + } + return next.HandleBuild(ctx, in) +} + +func addCredentialSource(stack *middleware.Stack, options Options) error { + ua, err := getOrAddRequestUserAgent(stack) + if err != nil { + return err + } + + mw := setCredentialSourceMiddleware{ua: ua, options: options} + return stack.Build.Insert(&mw, "UserAgent", middleware.Before) +} + func resolveTracerProvider(options *Options) { if options.TracerProvider == nil { options.TracerProvider = &tracing.NopTracerProvider{} @@ -975,88 +1048,62 @@ func addDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error { }, "ResolveEndpointV2", middleware.After) } -type spanInitializeStart struct { -} - -func (*spanInitializeStart) ID() string { - return "spanInitializeStart" -} - -func (m *spanInitializeStart) HandleInitialize( - ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, -) ( - middleware.InitializeOutput, middleware.Metadata, error, -) { - ctx, _ = tracing.StartSpan(ctx, "Initialize") - - return next.HandleInitialize(ctx, in) -} - -type spanInitializeEnd struct { -} - -func (*spanInitializeEnd) ID() string { - return "spanInitializeEnd" -} - -func (m *spanInitializeEnd) HandleInitialize( - ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, -) ( - middleware.InitializeOutput, middleware.Metadata, error, -) { - ctx, span := tracing.PopSpan(ctx) - span.End() - - return next.HandleInitialize(ctx, in) -} - -type spanBuildRequestStart struct { -} - -func (*spanBuildRequestStart) ID() string { - return "spanBuildRequestStart" -} - -func (m *spanBuildRequestStart) HandleSerialize( - ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler, -) ( - middleware.SerializeOutput, middleware.Metadata, error, -) { - ctx, _ = tracing.StartSpan(ctx, "BuildRequest") - - return next.HandleSerialize(ctx, in) -} - -type spanBuildRequestEnd struct { -} - -func (*spanBuildRequestEnd) ID() string { - return "spanBuildRequestEnd" -} - -func (m *spanBuildRequestEnd) HandleBuild( - ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler, -) ( - middleware.BuildOutput, middleware.Metadata, error, -) { - ctx, span := tracing.PopSpan(ctx) - span.End() - - return next.HandleBuild(ctx, in) -} - -func addSpanInitializeStart(stack *middleware.Stack) error { - return stack.Initialize.Add(&spanInitializeStart{}, middleware.Before) -} - -func addSpanInitializeEnd(stack *middleware.Stack) error { - return stack.Initialize.Add(&spanInitializeEnd{}, middleware.After) -} - -func addSpanBuildRequestStart(stack *middleware.Stack) error { - return stack.Serialize.Add(&spanBuildRequestStart{}, middleware.Before) -} +func addInterceptBeforeRetryLoop(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptBeforeRetryLoop{ + Interceptors: opts.Interceptors.BeforeRetryLoop, + }, "Retry", middleware.Before) +} + +func addInterceptAttempt(stack *middleware.Stack, opts Options) error { + return stack.Finalize.Insert(&smithyhttp.InterceptAttempt{ + BeforeAttempt: opts.Interceptors.BeforeAttempt, + AfterAttempt: opts.Interceptors.AfterAttempt, + }, "Retry", middleware.After) +} + +func addInterceptors(stack *middleware.Stack, opts Options) error { + // middlewares are expensive, don't add all of these interceptor ones unless the caller + // actually has at least one interceptor configured + // + // at the moment it's all-or-nothing because some of the middlewares here are responsible for + // setting fields in the interceptor context for future ones + if len(opts.Interceptors.BeforeExecution) == 0 && + len(opts.Interceptors.BeforeSerialization) == 0 && len(opts.Interceptors.AfterSerialization) == 0 && + len(opts.Interceptors.BeforeRetryLoop) == 0 && + len(opts.Interceptors.BeforeAttempt) == 0 && + len(opts.Interceptors.BeforeSigning) == 0 && len(opts.Interceptors.AfterSigning) == 0 && + len(opts.Interceptors.BeforeTransmit) == 0 && len(opts.Interceptors.AfterTransmit) == 0 && + len(opts.Interceptors.BeforeDeserialization) == 0 && len(opts.Interceptors.AfterDeserialization) == 0 && + len(opts.Interceptors.AfterAttempt) == 0 && len(opts.Interceptors.AfterExecution) == 0 { + return nil + } -func addSpanBuildRequestEnd(stack *middleware.Stack) error { - return stack.Build.Add(&spanBuildRequestEnd{}, middleware.After) + return errors.Join( + stack.Initialize.Add(&smithyhttp.InterceptExecution{ + BeforeExecution: opts.Interceptors.BeforeExecution, + AfterExecution: opts.Interceptors.AfterExecution, + }, middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptBeforeSerialization{ + Interceptors: opts.Interceptors.BeforeSerialization, + }, "OperationSerializer", middleware.Before), + stack.Serialize.Insert(&smithyhttp.InterceptAfterSerialization{ + Interceptors: opts.Interceptors.AfterSerialization, + }, "OperationSerializer", middleware.After), + stack.Finalize.Insert(&smithyhttp.InterceptBeforeSigning{ + Interceptors: opts.Interceptors.BeforeSigning, + }, "Signing", middleware.Before), + stack.Finalize.Insert(&smithyhttp.InterceptAfterSigning{ + Interceptors: opts.Interceptors.AfterSigning, + }, "Signing", middleware.After), + stack.Deserialize.Add(&smithyhttp.InterceptTransmit{ + BeforeTransmit: opts.Interceptors.BeforeTransmit, + AfterTransmit: opts.Interceptors.AfterTransmit, + }, middleware.After), + stack.Deserialize.Insert(&smithyhttp.InterceptBeforeDeserialization{ + Interceptors: opts.Interceptors.BeforeDeserialization, + }, "OperationDeserializer", middleware.After), // (deserialize stack is called in reverse) + stack.Deserialize.Insert(&smithyhttp.InterceptAfterDeserialization{ + Interceptors: opts.Interceptors.AfterDeserialization, + }, "OperationDeserializer", middleware.Before), + ) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go index be03f017d47..83aa65a5a21 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go @@ -16,7 +16,7 @@ import ( // Amazon Web Services resources. These temporary credentials consist of an access // key ID, a secret access key, and a security token. Typically, you use AssumeRole // within your account or for cross-account access. For a comparison of AssumeRole -// with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the +// with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the // IAM User Guide. // // # Permissions @@ -26,16 +26,16 @@ import ( // cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken // API operations. // -// (Optional) You can pass inline or managed [session policies] to this operation. You can pass a -// single JSON policy document to use as an inline session policy. You can also -// specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed -// session policies. The plaintext that you use for both inline and managed session -// policies can't exceed 2,048 characters. Passing policies to this operation -// returns new temporary credentials. The resulting session's permissions are the -// intersection of the role's identity-based policy and the session policies. You -// can use the role's temporary credentials in subsequent Amazon Web Services API -// calls to access resources in the account that owns the role. You cannot use -// session policies to grant more permissions than those allowed by the +// (Optional) You can pass inline or managed session policies to this operation. +// You can pass a single JSON policy document to use as an inline session policy. +// You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use +// as managed session policies. The plaintext that you use for both inline and +// managed session policies can't exceed 2,048 characters. Passing policies to this +// operation returns new temporary credentials. The resulting session's permissions +// are the intersection of the role's identity-based policy and the session +// policies. You can use the role's temporary credentials in subsequent Amazon Web +// Services API calls to access resources in the account that owns the role. You +// cannot use session policies to grant more permissions than those allowed by the // identity-based policy of the role that is being assumed. For more information, // see [Session Policies]in the IAM User Guide. // @@ -104,10 +104,9 @@ import ( // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html // [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining -// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison -// [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html +// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) { if params == nil { @@ -141,9 +140,17 @@ type AssumeRoleInput struct { // the temporary security credentials will expose the role session name to the // external account in their CloudTrail logs. // + // For security purposes, administrators can view this field in [CloudTrail logs] to help identify + // who performed an action in Amazon Web Services. Your administrator might require + // that you specify your user name as the session name when you assume the role. + // For more information, see [sts:RoleSessionName]sts:RoleSessionName . + // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can also - // include underscores or any of the following characters: =,.@- + // include underscores or any of the following characters: +=,.@- + // + // [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds + // [sts:RoleSessionName]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname // // This member is required. RoleSessionName *string @@ -163,7 +170,7 @@ type AssumeRoleInput struct { // 43200 seconds (12 hours), depending on the maximum session duration setting for // your role. However, if you assume a role using role chaining and provide a // DurationSeconds parameter value greater than one hour, the operation fails. To - // learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. + // learn how to view the maximum value for your role, see [Update the maximum session duration for a role]. // // By default, the value is set to 3600 seconds. // @@ -173,7 +180,7 @@ type AssumeRoleInput struct { // parameter that specifies the maximum length of the console session. For more // information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide. // - // [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session + // [Update the maximum session duration for a role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration // [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html DurationSeconds *int32 @@ -189,7 +196,7 @@ type AssumeRoleInput struct { // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can also - // include underscores or any of the following characters: =,.@:/- + // include underscores or any of the following characters: +=,.@:\/- // // [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html ExternalId *string @@ -218,7 +225,10 @@ type AssumeRoleInput struct { // by percentage how close the policies and tags for your request are to the upper // size limit. // + // For more information about role session permissions, see [Session policies]. + // // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session + // [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session Policy *string // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to @@ -269,14 +279,14 @@ type AssumeRoleInput struct { // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can also - // include underscores or any of the following characters: =,.@- + // include underscores or any of the following characters: +=/:,.@- SerialNumber *string // The source identity specified by the principal that is calling the AssumeRole - // operation. + // operation. The source identity value persists across [chained role]sessions. // // You can require users to specify a source identity when they assume a role. You - // do this by using the sts:SourceIdentity condition key in a role trust policy. + // do this by using the [sts:SourceIdentity]sts:SourceIdentity condition key in a role trust policy. // You can use source identity information in CloudTrail logs to determine who took // actions with a role. You can use the aws:SourceIdentity condition key to // further control access to Amazon Web Services resources based on the value of @@ -285,11 +295,13 @@ type AssumeRoleInput struct { // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can also - // include underscores or any of the following characters: =,.@-. You cannot use a + // include underscores or any of the following characters: +=,.@-. You cannot use a // value that begins with the text aws: . This prefix is reserved for Amazon Web // Services internal use. // + // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html + // [sts:SourceIdentity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity SourceIdentity *string // A list of session tags that you want to pass. Each session tag consists of a @@ -342,8 +354,8 @@ type AssumeRoleInput struct { // a tag key as transitive, the corresponding key and value passes to subsequent // sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide. // - // This parameter is optional. When you set session tags as transitive, the - // session policy and session tags packed binary limit is not affected. + // This parameter is optional. The transitive status of a session tag does not + // impact its packed binary size. // // If you choose not to specify a transitive tag key, then no tags are passed from // this session to any subsequent sessions. @@ -436,7 +448,7 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -460,10 +472,10 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRoleValidationMiddleware(stack); err != nil { @@ -487,16 +499,13 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go index b8b0c095f7e..520e6e1c611 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go @@ -16,13 +16,16 @@ import ( // mechanism for tying an enterprise identity store or directory to role-based // Amazon Web Services access without user-specific credentials or configuration. // For a comparison of AssumeRoleWithSAML with the other API operations that -// produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. +// produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide. // // The temporary security credentials returned by this operation consist of an // access key ID, a secret access key, and a security token. Applications can use // these temporary security credentials to sign calls to Amazon Web Services // services. // +// AssumeRoleWithSAML will not work on IAM Identity Center managed roles. These +// roles' names start with AWSReservedSSO_ . +// // # Session Duration // // By default, the temporary security credentials created by AssumeRoleWithSAML @@ -130,10 +133,10 @@ import ( // [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session // [Creating a Role for SAML 2.0 Federation]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html // [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length -// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison // [Creating SAML Identity Providers]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html // [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html +// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html // [Configuring a Relying Party and Claims]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html // [Role chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining @@ -219,6 +222,8 @@ type AssumeRoleWithSAMLInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // + // For more information about role session permissions, see [Session policies]. + // // An Amazon Web Services conversion compresses the passed inline session policy, // managed policy ARNs, and session tags into a packed binary format that has a // separate limit. Your request can fail for this limit even if your plaintext @@ -227,6 +232,7 @@ type AssumeRoleWithSAMLInput struct { // size limit. // // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session + // [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session Policy *string // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to @@ -304,7 +310,8 @@ type AssumeRoleWithSAMLOutput struct { // allowed space. PackedPolicySize *int32 - // The value in the SourceIdentity attribute in the SAML assertion. + // The value in the SourceIdentity attribute in the SAML assertion. The source + // identity value persists across [chained role]sessions. // // You can require users to set a source identity value when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust @@ -321,7 +328,7 @@ type AssumeRoleWithSAMLOutput struct { // of upper- and lower-case alphanumeric characters with no spaces. You can also // include underscores or any of the following characters: =,.@- // - // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining + // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html SourceIdentity *string @@ -376,7 +383,7 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -400,10 +407,10 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil { @@ -427,16 +434,13 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go index ffe2479f636..8a164be5bed 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go @@ -31,7 +31,7 @@ import ( // Services credentials. Instead, the identity of the caller is validated by using // a token from the web identity provider. For a comparison of // AssumeRoleWithWebIdentity with the other API operations that produce temporary -// credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. +// credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide. // // The temporary security credentials returned by this API consist of an access // key ID, a secret access key, and a security token. Applications can use these @@ -45,7 +45,7 @@ import ( // DurationSeconds parameter to specify the duration of your session. You can // provide a value from 900 seconds (15 minutes) up to the maximum session duration // setting for the role. This setting can have a value from 1 hour to 12 hours. To -// learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role]in the IAM User Guide. +// learn how to view the maximum value for your role, see [Update the maximum session duration for a role]in the IAM User Guide. // The maximum session duration limit applies when you use the AssumeRole* API // operations or the assume-role* CLI commands. However the limit does not apply // when you use those operations to create a console URL. For more information, see @@ -75,7 +75,7 @@ import ( // // (Optional) You can configure your IdP to pass attributes into your web identity // token as session tags. Each session tag consists of a key name and an associated -// value. For more information about session tags, see [Passing Session Tags in STS]in the IAM User Guide. +// value. For more information about session tags, see [Passing session tags using AssumeRoleWithWebIdentity]in the IAM User Guide. // // You can pass up to 50 session tags. The plaintext session tag keys can’t exceed // 128 characters and the values can’t exceed 256 characters. For these and @@ -111,34 +111,24 @@ import ( // that you avoid using any personally identifiable information (PII) in this // field. For example, you could instead use a GUID or a pairwise identifier, as [suggested in the OIDC specification]. // -// For more information about how to use web identity federation and the +// For more information about how to use OIDC federation and the // AssumeRoleWithWebIdentity API, see the following resources: // // [Using Web Identity Federation API Operations for Mobile Apps] // - and [Federation Through a Web-based Identity Provider]. // -// [Web Identity Federation Playground] -// - . Walk through the process of authenticating through Login with Amazon, -// Facebook, or Google, getting temporary security credentials, and then using -// those credentials to make a request to Amazon Web Services. -// // [Amazon Web Services SDK for iOS Developer Guide] // - and [Amazon Web Services SDK for Android Developer Guide]. These toolkits contain sample apps that show how to invoke the // identity providers. The toolkits then show how to use the information from these // providers to get and use temporary security credentials. // -// [Web Identity Federation with Mobile Applications] -// - . This article discusses web identity federation and shows an example of -// how to use web identity federation to get access to content in Amazon S3. -// // [Amazon Web Services SDK for iOS Developer Guide]: http://aws.amazon.com/sdkforios/ -// [View the Maximum Session Duration Setting for a Role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session -// [Web Identity Federation Playground]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/ +// [Passing session tags using AssumeRoleWithWebIdentity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp // [Amazon Web Services SDK for Android Developer Guide]: http://aws.amazon.com/sdkforandroid/ // [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length -// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison // [session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html +// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html // [Subject]: http://openid.net/specs/openid-connect-core-1_0.html#Claims // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html // [Amazon Cognito identity pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html @@ -146,9 +136,8 @@ import ( // [Using IAM Roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Amazon Cognito federated identities]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html -// [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html // [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining -// [Web Identity Federation with Mobile Applications]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications +// [Update the maximum session duration for a role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration // [Using Web Identity Federation API Operations for Mobile Apps]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html // [suggested in the OIDC specification]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes func (c *Client) AssumeRoleWithWebIdentity(ctx context.Context, params *AssumeRoleWithWebIdentityInput, optFns ...func(*Options)) (*AssumeRoleWithWebIdentityOutput, error) { @@ -170,6 +159,17 @@ type AssumeRoleWithWebIdentityInput struct { // The Amazon Resource Name (ARN) of the role that the caller is assuming. // + // Additional considerations apply to Amazon Cognito identity pools that assume [cross-account IAM roles]. + // The trust policies of these roles must accept the cognito-identity.amazonaws.com + // service principal and must contain the cognito-identity.amazonaws.com:aud + // condition key to restrict role assumption to users from your intended identity + // pools. A policy that trusts Amazon Cognito identity pools without this condition + // creates a risk that a user from an unintended identity pool can assume the role. + // For more information, see [Trust policies for IAM roles in Basic (Classic) authentication]in the Amazon Cognito Developer Guide. + // + // [cross-account IAM roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html + // [Trust policies for IAM roles in Basic (Classic) authentication]: https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#trust-policies + // // This member is required. RoleArn *string @@ -179,18 +179,28 @@ type AssumeRoleWithWebIdentityInput struct { // associated with that user. This session name is included as part of the ARN and // assumed role ID in the AssumedRoleUser response element. // + // For security purposes, administrators can view this field in [CloudTrail logs] to help identify + // who performed an action in Amazon Web Services. Your administrator might require + // that you specify your user name as the session name when you assume the role. + // For more information, see [sts:RoleSessionName]sts:RoleSessionName . + // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can also // include underscores or any of the following characters: =,.@- // + // [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds + // [sts:RoleSessionName]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname + // // This member is required. RoleSessionName *string // The OAuth 2.0 access token or OpenID Connect ID token that is provided by the // identity provider. Your application must get this token by authenticating the // user who is using your application with a web identity provider before the - // application makes an AssumeRoleWithWebIdentity call. Only tokens with RSA - // algorithms (RS256) are supported. + // application makes an AssumeRoleWithWebIdentity call. Timestamps in the token + // must be formatted as either an integer or a long integer. Tokens must be signed + // using either RSA keys (RS256, RS384, or RS512) or ECDSA keys (ES256, ES384, or + // ES512). // // This member is required. WebIdentityToken *string @@ -232,6 +242,8 @@ type AssumeRoleWithWebIdentityInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // + // For more information about role session permissions, see [Session policies]. + // // An Amazon Web Services conversion compresses the passed inline session policy, // managed policy ARNs, and session tags into a packed binary format that has a // separate limit. Your request can fail for this limit even if your plaintext @@ -240,6 +252,7 @@ type AssumeRoleWithWebIdentityInput struct { // size limit. // // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session + // [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session Policy *string // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to @@ -337,7 +350,7 @@ type AssumeRoleWithWebIdentityOutput struct { // of upper- and lower-case alphanumeric characters with no spaces. You can also // include underscores or any of the following characters: =,.@- // - // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining + // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html // [Using Tokens with User Pools]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html SourceIdentity *string @@ -387,7 +400,7 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -411,10 +424,10 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil { @@ -438,16 +451,13 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go new file mode 100644 index 00000000000..b52a372dba8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go @@ -0,0 +1,229 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package sts + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/sts/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Returns a set of short term credentials you can use to perform privileged tasks +// on a member account in your organization. You must use credentials from an +// Organizations management account or a delegated administrator account for IAM to +// call AssumeRoot . You cannot use root user credentials to make this call. +// +// Before you can launch a privileged session, you must have centralized root +// access in your organization. For steps to enable this feature, see [Centralize root access for member accounts]in the IAM +// User Guide. +// +// The STS global endpoint is not supported for AssumeRoot. You must send this +// request to a Regional STS endpoint. For more information, see [Endpoints]. +// +// You can track AssumeRoot in CloudTrail logs to determine what actions were +// performed in a session. For more information, see [Track privileged tasks in CloudTrail]in the IAM User Guide. +// +// When granting access to privileged tasks you should only grant the necessary +// permissions required to perform that task. For more information, see [Security best practices in IAM]. In +// addition, you can use [service control policies](SCPs) to manage and limit permissions in your +// organization. See [General examples]in the Organizations User Guide for more information on SCPs. +// +// [Endpoints]: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints +// [Security best practices in IAM]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html +// [Track privileged tasks in CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html +// [General examples]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html +// [service control policies]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html +// [Centralize root access for member accounts]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html +func (c *Client) AssumeRoot(ctx context.Context, params *AssumeRootInput, optFns ...func(*Options)) (*AssumeRootOutput, error) { + if params == nil { + params = &AssumeRootInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "AssumeRoot", params, optFns, c.addOperationAssumeRootMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*AssumeRootOutput) + out.ResultMetadata = metadata + return out, nil +} + +type AssumeRootInput struct { + + // The member account principal ARN or account ID. + // + // This member is required. + TargetPrincipal *string + + // The identity based policy that scopes the session to the privileged tasks that + // can be performed. You must + // + // use one of following Amazon Web Services managed policies to scope root session + // actions: + // + // [IAMAuditRootUserCredentials] + // + // [IAMCreateRootUserPassword] + // + // [IAMDeleteRootUserCredentials] + // + // [S3UnlockBucketPolicy] + // + // [SQSUnlockQueuePolicy] + // + // [IAMDeleteRootUserCredentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials + // [IAMCreateRootUserPassword]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword + // [IAMAuditRootUserCredentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials + // [S3UnlockBucketPolicy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy + // [SQSUnlockQueuePolicy]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy + // + // This member is required. + TaskPolicyArn *types.PolicyDescriptorType + + // The duration, in seconds, of the privileged session. The value can range from 0 + // seconds up to the maximum session duration of 900 seconds (15 minutes). If you + // specify a value higher than this setting, the operation fails. + // + // By default, the value is set to 900 seconds. + DurationSeconds *int32 + + noSmithyDocumentSerde +} + +type AssumeRootOutput struct { + + // The temporary security credentials, which include an access key ID, a secret + // access key, and a security token. + // + // The size of the security token that STS API operations return is not fixed. We + // strongly recommend that you make no assumptions about the maximum size. + Credentials *types.Credentials + + // The source identity specified by the principal that is calling the AssumeRoot + // operation. + // + // You can use the aws:SourceIdentity condition key to control access based on the + // value of source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles] + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can also + // include underscores or any of the following characters: =,.@- + // + // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html + SourceIdentity *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoot{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsquery_deserializeOpAssumeRoot{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoot"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpAssumeRootValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoot(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opAssumeRoot(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "AssumeRoot", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go index a56840e1b0d..eaeab8a6832 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go @@ -117,7 +117,7 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -141,10 +141,10 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil { @@ -168,16 +168,13 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go index c80b0550b04..2f7adb2f531 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go @@ -108,7 +108,7 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -132,10 +132,10 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil { @@ -159,16 +159,13 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go index 49304bdaf7e..f2d4fbc240e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go @@ -99,7 +99,7 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -123,10 +123,10 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil { @@ -147,16 +147,13 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go new file mode 100644 index 00000000000..78d688acc7e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go @@ -0,0 +1,169 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package sts + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/sts/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Exchanges a trade-in token for temporary Amazon Web Services credentials with +// the permissions associated with the assumed principal. This operation allows you +// to obtain credentials for a specific principal based on a trade-in token, +// enabling delegation of access to Amazon Web Services resources. +func (c *Client) GetDelegatedAccessToken(ctx context.Context, params *GetDelegatedAccessTokenInput, optFns ...func(*Options)) (*GetDelegatedAccessTokenOutput, error) { + if params == nil { + params = &GetDelegatedAccessTokenInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "GetDelegatedAccessToken", params, optFns, c.addOperationGetDelegatedAccessTokenMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*GetDelegatedAccessTokenOutput) + out.ResultMetadata = metadata + return out, nil +} + +type GetDelegatedAccessTokenInput struct { + + // The token to exchange for temporary Amazon Web Services credentials. This token + // must be valid and unexpired at the time of the request. + // + // This member is required. + TradeInToken *string + + noSmithyDocumentSerde +} + +type GetDelegatedAccessTokenOutput struct { + + // The Amazon Resource Name (ARN) of the principal that was assumed when obtaining + // the delegated access token. This ARN identifies the IAM entity whose permissions + // are granted by the temporary credentials. + AssumedPrincipal *string + + // Amazon Web Services credentials for API authentication. + Credentials *types.Credentials + + // The percentage of the maximum policy size that is used by the session policy. + // The policy size is calculated as the sum of all the session policies and + // permission boundaries attached to the session. If the packed size exceeds 100%, + // the request fails. + PackedPolicySize *int32 + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsAwsquery_serializeOpGetDelegatedAccessToken{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsquery_deserializeOpGetDelegatedAccessToken{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "GetDelegatedAccessToken"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpGetDelegatedAccessTokenValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetDelegatedAccessToken(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opGetDelegatedAccessToken(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "GetDelegatedAccessToken", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go index 96f59ec63da..57b77ebcc3b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go @@ -20,7 +20,7 @@ import ( // credentials of an IAM user. As a result, this call is appropriate in contexts // where those credentials can be safeguarded, usually in a server-based // application. For a comparison of GetFederationToken with the other API -// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. +// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide. // // Although it is possible to call GetFederationToken using the security // credentials of an Amazon Web Services account root user rather than an IAM user @@ -104,9 +104,9 @@ import ( // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session // [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html // [GetFederationToken—Federation Through a Custom Identity Broker]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken -// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison // [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html +// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html func (c *Client) GetFederationToken(ctx context.Context, params *GetFederationTokenInput, optFns ...func(*Options)) (*GetFederationTokenOutput, error) { if params == nil { @@ -321,7 +321,7 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -345,10 +345,10 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil { @@ -372,16 +372,13 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go index 0ed9ecbc74e..4b4083501d7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go @@ -22,7 +22,7 @@ import ( // the call returns, IAM users can then make programmatic calls to API operations // that require MFA authentication. An incorrect MFA code causes the API to return // an access denied error. For a comparison of GetSessionToken with the other API -// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Comparing the Amazon Web Services STS API operations] in the IAM User Guide. +// operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the IAM User Guide. // // No permissions are required for users to perform this operation. The purpose of // the sts:GetSessionToken operation is to authenticate the user using MFA. You @@ -63,10 +63,10 @@ import ( // credentials, see [Temporary Credentials for Users in Untrusted Environments]in the IAM User Guide. // // [Permissions for GetSessionToken]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html -// [Comparing the Amazon Web Services STS API operations]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison // [Temporary Credentials for Users in Untrusted Environments]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken // [Safeguard your root user credentials and don't use them for everyday tasks]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html +// [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) { if params == nil { params = &GetSessionTokenInput{} @@ -170,7 +170,7 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options); err != nil { + if err = addRetry(stack, options, c); err != nil { return err } if err = addRawResponseToMetadata(stack); err != nil { @@ -194,10 +194,10 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { return err } - if err = addTimeOffsetBuild(stack, c); err != nil { + if err = addUserAgentRetryMode(stack, options); err != nil { return err } - if err = addUserAgentRetryMode(stack, options); err != nil { + if err = addCredentialSource(stack, options); err != nil { return err } if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil { @@ -218,16 +218,13 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addSpanInitializeStart(stack); err != nil { - return err - } - if err = addSpanInitializeEnd(stack); err != nil { + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { return err } - if err = addSpanBuildRequestStart(stack); err != nil { + if err = addInterceptAttempt(stack, options); err != nil { return err } - if err = addSpanBuildRequestEnd(stack); err != nil { + if err = addInterceptors(stack, options); err != nil { return err } return nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go new file mode 100644 index 00000000000..7738de5f60a --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go @@ -0,0 +1,192 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package sts + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/sts/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" + "time" +) + +// Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web +// Services identity. The returned JWT can be used to authenticate with external +// services that support OIDC discovery. The token is signed by Amazon Web Services +// STS and can be publicly verified using the verification keys published at the +// issuer's JWKS endpoint. +func (c *Client) GetWebIdentityToken(ctx context.Context, params *GetWebIdentityTokenInput, optFns ...func(*Options)) (*GetWebIdentityTokenOutput, error) { + if params == nil { + params = &GetWebIdentityTokenInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "GetWebIdentityToken", params, optFns, c.addOperationGetWebIdentityTokenMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*GetWebIdentityTokenOutput) + out.ResultMetadata = metadata + return out, nil +} + +type GetWebIdentityTokenInput struct { + + // The intended recipient of the web identity token. This value populates the aud + // claim in the JWT and should identify the service or application that will + // validate and use the token. The external service should verify this claim to + // ensure the token was intended for their use. + // + // This member is required. + Audience []string + + // The cryptographic algorithm to use for signing the JSON Web Token (JWT). Valid + // values are RS256 (RSA with SHA-256) and ES384 (ECDSA using P-384 curve with + // SHA-384). + // + // This member is required. + SigningAlgorithm *string + + // The duration, in seconds, for which the JSON Web Token (JWT) will remain valid. + // The value can range from 60 seconds (1 minute) to 3600 seconds (1 hour). If not + // specified, the default duration is 300 seconds (5 minutes). The token is + // designed to be short-lived and should be used for proof of identity, then + // exchanged for credentials or short-lived tokens in the external service. + DurationSeconds *int32 + + // An optional list of tags to include in the JSON Web Token (JWT). These tags are + // added as custom claims to the JWT and can be used by the downstream service for + // authorization decisions. + Tags []types.Tag + + noSmithyDocumentSerde +} + +type GetWebIdentityTokenOutput struct { + + // The date and time when the web identity token expires, in UTC. The expiration + // is determined by adding the DurationSeconds value to the time the token was + // issued. After this time, the token should no longer be considered valid. + Expiration *time.Time + + // A signed JSON Web Token (JWT) that represents the caller's Amazon Web Services + // identity. The token contains standard JWT claims such as subject, audience, + // expiration time, and additional identity attributes added by STS as custom + // claims. You can also add your own custom claims to the token by passing tags as + // request parameters to the GetWebIdentityToken API. The token is signed using + // the specified signing algorithm and can be verified using the verification keys + // available at the issuer's JWKS endpoint. + WebIdentityToken *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsAwsquery_serializeOpGetWebIdentityToken{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsquery_deserializeOpGetWebIdentityToken{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "GetWebIdentityToken"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpGetWebIdentityTokenValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetWebIdentityToken(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opGetWebIdentityToken(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "GetWebIdentityToken", + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go index a90b2b7362d..71c5db38b76 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go @@ -12,10 +12,13 @@ import ( "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" + "slices" + "strings" ) -func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) { +func bindAuthParamsRegion(_ interface{}, params *AuthResolverParameters, _ interface{}, options Options) error { params.Region = options.Region + return nil } type setLegacyContextSigningOptionsMiddleware struct { @@ -92,14 +95,16 @@ type AuthResolverParameters struct { Region string } -func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) *AuthResolverParameters { +func bindAuthResolverParams(ctx context.Context, operation string, input interface{}, options Options) (*AuthResolverParameters, error) { params := &AuthResolverParameters{ Operation: operation, } - bindAuthParamsRegion(ctx, params, input, options) + if err := bindAuthParamsRegion(ctx, params, input, options); err != nil { + return nil, err + } - return params + return params, nil } // AuthSchemeResolver returns a set of possible authentication options for an @@ -144,6 +149,16 @@ func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option { return props }(), }, + + { + SchemeID: smithyauth.SchemeIDSigV4A, + SignerProperties: func() smithy.Properties { + var props smithy.Properties + smithyhttp.SetSigV4ASigningName(&props, "sts") + smithyhttp.SetSigV4ASigningRegions(&props, []string{params.Region}) + return props + }(), + }, } } @@ -162,7 +177,10 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid _, span := tracing.StartSpan(ctx, "ResolveAuthScheme") defer span.End() - params := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + params, err := bindAuthResolverParams(ctx, m.operation, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("bind auth scheme params: %w", err) + } options, err := m.options.AuthSchemeResolver.ResolveAuthSchemes(ctx, params) if err != nil { return out, metadata, fmt.Errorf("resolve auth scheme: %w", err) @@ -181,7 +199,8 @@ func (m *resolveAuthSchemeMiddleware) HandleFinalize(ctx context.Context, in mid } func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) (*resolvedAuthScheme, bool) { - for _, option := range options { + sorted := sortAuthOptions(options, m.options.AuthSchemePreference) + for _, option := range sorted { if option.SchemeID == smithyauth.SchemeIDAnonymous { return newResolvedAuthScheme(smithyhttp.NewAnonymousScheme(), option), true } @@ -200,6 +219,29 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { + byPriority := make([]*smithyauth.Option, 0, len(options)) + for _, prefName := range preferred { + for _, option := range options { + optName := option.SchemeID + if parts := strings.Split(option.SchemeID, "#"); len(parts) == 2 { + optName = parts[1] + } + if prefName == optName { + byPriority = append(byPriority, option) + } + } + } + for _, option := range options { + if !slices.ContainsFunc(byPriority, func(o *smithyauth.Option) bool { + return o.SchemeID == option.SchemeID + }) { + byPriority = append(byPriority, option) + } + } + return byPriority +} + type resolvedAuthSchemeKey struct{} type resolvedAuthScheme struct { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go index cf0cc54e2af..8c1ce351616 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/deserializers.go @@ -21,17 +21,8 @@ import ( "io" "strconv" "strings" - "time" ) -func deserializeS3Expires(v string) (*time.Time, error) { - t, err := smithytime.ParseHTTPDate(v) - if err != nil { - return nil, nil - } - return &t, nil -} - type awsAwsquery_deserializeOpAssumeRole struct { } @@ -410,14 +401,14 @@ func awsAwsquery_deserializeOpErrorAssumeRoleWithWebIdentity(response *smithyhtt } } -type awsAwsquery_deserializeOpDecodeAuthorizationMessage struct { +type awsAwsquery_deserializeOpAssumeRoot struct { } -func (*awsAwsquery_deserializeOpDecodeAuthorizationMessage) ID() string { +func (*awsAwsquery_deserializeOpAssumeRoot) ID() string { return "OperationDeserializer" } -func (m *awsAwsquery_deserializeOpDecodeAuthorizationMessage) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( +func (m *awsAwsquery_deserializeOpAssumeRoot) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( out middleware.DeserializeOutput, metadata middleware.Metadata, err error, ) { out, metadata, err = next.HandleDeserialize(ctx, in) @@ -435,9 +426,9 @@ func (m *awsAwsquery_deserializeOpDecodeAuthorizationMessage) HandleDeserialize( } if response.StatusCode < 200 || response.StatusCode >= 300 { - return out, metadata, awsAwsquery_deserializeOpErrorDecodeAuthorizationMessage(response, &metadata) + return out, metadata, awsAwsquery_deserializeOpErrorAssumeRoot(response, &metadata) } - output := &DecodeAuthorizationMessageOutput{} + output := &AssumeRootOutput{} out.Result = output var buff [1024]byte @@ -458,7 +449,7 @@ func (m *awsAwsquery_deserializeOpDecodeAuthorizationMessage) HandleDeserialize( } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("DecodeAuthorizationMessageResult") + t, err = decoder.GetElement("AssumeRootResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -470,7 +461,7 @@ func (m *awsAwsquery_deserializeOpDecodeAuthorizationMessage) HandleDeserialize( } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeOpDocumentDecodeAuthorizationMessageOutput(&output, decoder) + err = awsAwsquery_deserializeOpDocumentAssumeRootOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -484,7 +475,7 @@ func (m *awsAwsquery_deserializeOpDecodeAuthorizationMessage) HandleDeserialize( return out, metadata, err } -func awsAwsquery_deserializeOpErrorDecodeAuthorizationMessage(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsAwsquery_deserializeOpErrorAssumeRoot(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -509,8 +500,11 @@ func awsAwsquery_deserializeOpErrorDecodeAuthorizationMessage(response *smithyht } errorBody.Seek(0, io.SeekStart) switch { - case strings.EqualFold("InvalidAuthorizationMessageException", errorCode): - return awsAwsquery_deserializeErrorInvalidAuthorizationMessageException(response, errorBody) + case strings.EqualFold("ExpiredTokenException", errorCode): + return awsAwsquery_deserializeErrorExpiredTokenException(response, errorBody) + + case strings.EqualFold("RegionDisabledException", errorCode): + return awsAwsquery_deserializeErrorRegionDisabledException(response, errorBody) default: genericError := &smithy.GenericAPIError{ @@ -522,14 +516,14 @@ func awsAwsquery_deserializeOpErrorDecodeAuthorizationMessage(response *smithyht } } -type awsAwsquery_deserializeOpGetAccessKeyInfo struct { +type awsAwsquery_deserializeOpDecodeAuthorizationMessage struct { } -func (*awsAwsquery_deserializeOpGetAccessKeyInfo) ID() string { +func (*awsAwsquery_deserializeOpDecodeAuthorizationMessage) ID() string { return "OperationDeserializer" } -func (m *awsAwsquery_deserializeOpGetAccessKeyInfo) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( +func (m *awsAwsquery_deserializeOpDecodeAuthorizationMessage) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( out middleware.DeserializeOutput, metadata middleware.Metadata, err error, ) { out, metadata, err = next.HandleDeserialize(ctx, in) @@ -547,9 +541,9 @@ func (m *awsAwsquery_deserializeOpGetAccessKeyInfo) HandleDeserialize(ctx contex } if response.StatusCode < 200 || response.StatusCode >= 300 { - return out, metadata, awsAwsquery_deserializeOpErrorGetAccessKeyInfo(response, &metadata) + return out, metadata, awsAwsquery_deserializeOpErrorDecodeAuthorizationMessage(response, &metadata) } - output := &GetAccessKeyInfoOutput{} + output := &DecodeAuthorizationMessageOutput{} out.Result = output var buff [1024]byte @@ -570,7 +564,7 @@ func (m *awsAwsquery_deserializeOpGetAccessKeyInfo) HandleDeserialize(ctx contex } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("GetAccessKeyInfoResult") + t, err = decoder.GetElement("DecodeAuthorizationMessageResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -582,7 +576,7 @@ func (m *awsAwsquery_deserializeOpGetAccessKeyInfo) HandleDeserialize(ctx contex } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeOpDocumentGetAccessKeyInfoOutput(&output, decoder) + err = awsAwsquery_deserializeOpDocumentDecodeAuthorizationMessageOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -596,7 +590,7 @@ func (m *awsAwsquery_deserializeOpGetAccessKeyInfo) HandleDeserialize(ctx contex return out, metadata, err } -func awsAwsquery_deserializeOpErrorGetAccessKeyInfo(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsAwsquery_deserializeOpErrorDecodeAuthorizationMessage(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -621,6 +615,9 @@ func awsAwsquery_deserializeOpErrorGetAccessKeyInfo(response *smithyhttp.Respons } errorBody.Seek(0, io.SeekStart) switch { + case strings.EqualFold("InvalidAuthorizationMessageException", errorCode): + return awsAwsquery_deserializeErrorInvalidAuthorizationMessageException(response, errorBody) + default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -631,14 +628,14 @@ func awsAwsquery_deserializeOpErrorGetAccessKeyInfo(response *smithyhttp.Respons } } -type awsAwsquery_deserializeOpGetCallerIdentity struct { +type awsAwsquery_deserializeOpGetAccessKeyInfo struct { } -func (*awsAwsquery_deserializeOpGetCallerIdentity) ID() string { +func (*awsAwsquery_deserializeOpGetAccessKeyInfo) ID() string { return "OperationDeserializer" } -func (m *awsAwsquery_deserializeOpGetCallerIdentity) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( +func (m *awsAwsquery_deserializeOpGetAccessKeyInfo) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( out middleware.DeserializeOutput, metadata middleware.Metadata, err error, ) { out, metadata, err = next.HandleDeserialize(ctx, in) @@ -656,9 +653,9 @@ func (m *awsAwsquery_deserializeOpGetCallerIdentity) HandleDeserialize(ctx conte } if response.StatusCode < 200 || response.StatusCode >= 300 { - return out, metadata, awsAwsquery_deserializeOpErrorGetCallerIdentity(response, &metadata) + return out, metadata, awsAwsquery_deserializeOpErrorGetAccessKeyInfo(response, &metadata) } - output := &GetCallerIdentityOutput{} + output := &GetAccessKeyInfoOutput{} out.Result = output var buff [1024]byte @@ -679,7 +676,7 @@ func (m *awsAwsquery_deserializeOpGetCallerIdentity) HandleDeserialize(ctx conte } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("GetCallerIdentityResult") + t, err = decoder.GetElement("GetAccessKeyInfoResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -691,7 +688,7 @@ func (m *awsAwsquery_deserializeOpGetCallerIdentity) HandleDeserialize(ctx conte } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeOpDocumentGetCallerIdentityOutput(&output, decoder) + err = awsAwsquery_deserializeOpDocumentGetAccessKeyInfoOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -705,7 +702,7 @@ func (m *awsAwsquery_deserializeOpGetCallerIdentity) HandleDeserialize(ctx conte return out, metadata, err } -func awsAwsquery_deserializeOpErrorGetCallerIdentity(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsAwsquery_deserializeOpErrorGetAccessKeyInfo(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -740,14 +737,14 @@ func awsAwsquery_deserializeOpErrorGetCallerIdentity(response *smithyhttp.Respon } } -type awsAwsquery_deserializeOpGetFederationToken struct { +type awsAwsquery_deserializeOpGetCallerIdentity struct { } -func (*awsAwsquery_deserializeOpGetFederationToken) ID() string { +func (*awsAwsquery_deserializeOpGetCallerIdentity) ID() string { return "OperationDeserializer" } -func (m *awsAwsquery_deserializeOpGetFederationToken) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( +func (m *awsAwsquery_deserializeOpGetCallerIdentity) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( out middleware.DeserializeOutput, metadata middleware.Metadata, err error, ) { out, metadata, err = next.HandleDeserialize(ctx, in) @@ -765,9 +762,9 @@ func (m *awsAwsquery_deserializeOpGetFederationToken) HandleDeserialize(ctx cont } if response.StatusCode < 200 || response.StatusCode >= 300 { - return out, metadata, awsAwsquery_deserializeOpErrorGetFederationToken(response, &metadata) + return out, metadata, awsAwsquery_deserializeOpErrorGetCallerIdentity(response, &metadata) } - output := &GetFederationTokenOutput{} + output := &GetCallerIdentityOutput{} out.Result = output var buff [1024]byte @@ -788,7 +785,7 @@ func (m *awsAwsquery_deserializeOpGetFederationToken) HandleDeserialize(ctx cont } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("GetFederationTokenResult") + t, err = decoder.GetElement("GetCallerIdentityResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -800,7 +797,7 @@ func (m *awsAwsquery_deserializeOpGetFederationToken) HandleDeserialize(ctx cont } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeOpDocumentGetFederationTokenOutput(&output, decoder) + err = awsAwsquery_deserializeOpDocumentGetCallerIdentityOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -814,7 +811,7 @@ func (m *awsAwsquery_deserializeOpGetFederationToken) HandleDeserialize(ctx cont return out, metadata, err } -func awsAwsquery_deserializeOpErrorGetFederationToken(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsAwsquery_deserializeOpErrorGetCallerIdentity(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -839,15 +836,6 @@ func awsAwsquery_deserializeOpErrorGetFederationToken(response *smithyhttp.Respo } errorBody.Seek(0, io.SeekStart) switch { - case strings.EqualFold("MalformedPolicyDocument", errorCode): - return awsAwsquery_deserializeErrorMalformedPolicyDocumentException(response, errorBody) - - case strings.EqualFold("PackedPolicyTooLarge", errorCode): - return awsAwsquery_deserializeErrorPackedPolicyTooLargeException(response, errorBody) - - case strings.EqualFold("RegionDisabledException", errorCode): - return awsAwsquery_deserializeErrorRegionDisabledException(response, errorBody) - default: genericError := &smithy.GenericAPIError{ Code: errorCode, @@ -858,14 +846,14 @@ func awsAwsquery_deserializeOpErrorGetFederationToken(response *smithyhttp.Respo } } -type awsAwsquery_deserializeOpGetSessionToken struct { +type awsAwsquery_deserializeOpGetDelegatedAccessToken struct { } -func (*awsAwsquery_deserializeOpGetSessionToken) ID() string { +func (*awsAwsquery_deserializeOpGetDelegatedAccessToken) ID() string { return "OperationDeserializer" } -func (m *awsAwsquery_deserializeOpGetSessionToken) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( +func (m *awsAwsquery_deserializeOpGetDelegatedAccessToken) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( out middleware.DeserializeOutput, metadata middleware.Metadata, err error, ) { out, metadata, err = next.HandleDeserialize(ctx, in) @@ -883,9 +871,9 @@ func (m *awsAwsquery_deserializeOpGetSessionToken) HandleDeserialize(ctx context } if response.StatusCode < 200 || response.StatusCode >= 300 { - return out, metadata, awsAwsquery_deserializeOpErrorGetSessionToken(response, &metadata) + return out, metadata, awsAwsquery_deserializeOpErrorGetDelegatedAccessToken(response, &metadata) } - output := &GetSessionTokenOutput{} + output := &GetDelegatedAccessTokenOutput{} out.Result = output var buff [1024]byte @@ -906,7 +894,7 @@ func (m *awsAwsquery_deserializeOpGetSessionToken) HandleDeserialize(ctx context } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("GetSessionTokenResult") + t, err = decoder.GetElement("GetDelegatedAccessTokenResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -918,7 +906,7 @@ func (m *awsAwsquery_deserializeOpGetSessionToken) HandleDeserialize(ctx context } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeOpDocumentGetSessionTokenOutput(&output, decoder) + err = awsAwsquery_deserializeOpDocumentGetDelegatedAccessTokenOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -932,7 +920,7 @@ func (m *awsAwsquery_deserializeOpGetSessionToken) HandleDeserialize(ctx context return out, metadata, err } -func awsAwsquery_deserializeOpErrorGetSessionToken(response *smithyhttp.Response, metadata *middleware.Metadata) error { +func awsAwsquery_deserializeOpErrorGetDelegatedAccessToken(response *smithyhttp.Response, metadata *middleware.Metadata) error { var errorBuffer bytes.Buffer if _, err := io.Copy(&errorBuffer, response.Body); err != nil { return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} @@ -957,6 +945,12 @@ func awsAwsquery_deserializeOpErrorGetSessionToken(response *smithyhttp.Response } errorBody.Seek(0, io.SeekStart) switch { + case strings.EqualFold("ExpiredTradeInTokenException", errorCode): + return awsAwsquery_deserializeErrorExpiredTradeInTokenException(response, errorBody) + + case strings.EqualFold("PackedPolicyTooLarge", errorCode): + return awsAwsquery_deserializeErrorPackedPolicyTooLargeException(response, errorBody) + case strings.EqualFold("RegionDisabledException", errorCode): return awsAwsquery_deserializeErrorRegionDisabledException(response, errorBody) @@ -970,140 +964,620 @@ func awsAwsquery_deserializeOpErrorGetSessionToken(response *smithyhttp.Response } } -func awsAwsquery_deserializeErrorExpiredTokenException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.ExpiredTokenException{} +type awsAwsquery_deserializeOpGetFederationToken struct { +} + +func (*awsAwsquery_deserializeOpGetFederationToken) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsquery_deserializeOpGetFederationToken) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsquery_deserializeOpErrorGetFederationToken(response, &metadata) + } + output := &GetFederationTokenOutput{} + out.Result = output + var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) - body := io.TeeReader(errorBody, ringBuffer) + body := io.TeeReader(response.Body, ringBuffer) rootDecoder := xml.NewDecoder(body) t, err := smithyxml.FetchRootElement(rootDecoder) if err == io.EOF { - return output + return out, metadata, nil } if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ + return out, metadata, &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("Error") + t, err = decoder.GetElement("GetFederationTokenResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ + err = &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } + return out, metadata, err } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeDocumentExpiredTokenException(&output, decoder) + err = awsAwsquery_deserializeOpDocumentGetFederationTokenOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ + err = &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } + return out, metadata, err } - return output + return out, metadata, err } -func awsAwsquery_deserializeErrorIDPCommunicationErrorException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.IDPCommunicationErrorException{} - var buff [1024]byte - ringBuffer := smithyio.NewRingBuffer(buff[:]) - body := io.TeeReader(errorBody, ringBuffer) - rootDecoder := xml.NewDecoder(body) - t, err := smithyxml.FetchRootElement(rootDecoder) - if err == io.EOF { - return output +func awsAwsquery_deserializeOpErrorGetFederationToken(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := awsxml.GetErrorResponseComponents(errorBody, false) if err != nil { - var snapshot bytes.Buffer - io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ - Err: fmt.Errorf("failed to decode response body, %w", err), - Snapshot: snapshot.Bytes(), - } + return err + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message } + errorBody.Seek(0, io.SeekStart) + switch { + case strings.EqualFold("MalformedPolicyDocument", errorCode): + return awsAwsquery_deserializeErrorMalformedPolicyDocumentException(response, errorBody) - decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("Error") - if err != nil { - var snapshot bytes.Buffer - io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ - Err: fmt.Errorf("failed to decode response body, %w", err), - Snapshot: snapshot.Bytes(), + case strings.EqualFold("PackedPolicyTooLarge", errorCode): + return awsAwsquery_deserializeErrorPackedPolicyTooLargeException(response, errorBody) + + case strings.EqualFold("RegionDisabledException", errorCode): + return awsAwsquery_deserializeErrorRegionDisabledException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, } + return genericError + } +} - decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeDocumentIDPCommunicationErrorException(&output, decoder) +type awsAwsquery_deserializeOpGetSessionToken struct { +} + +func (*awsAwsquery_deserializeOpGetSessionToken) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsquery_deserializeOpGetSessionToken) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) if err != nil { - var snapshot bytes.Buffer - io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ - Err: fmt.Errorf("failed to decode response body, %w", err), - Snapshot: snapshot.Bytes(), - } + return out, metadata, err } - return output -} + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsquery_deserializeOpErrorGetSessionToken(response, &metadata) + } + output := &GetSessionTokenOutput{} + out.Result = output -func awsAwsquery_deserializeErrorIDPRejectedClaimException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.IDPRejectedClaimException{} var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) - body := io.TeeReader(errorBody, ringBuffer) + body := io.TeeReader(response.Body, ringBuffer) rootDecoder := xml.NewDecoder(body) t, err := smithyxml.FetchRootElement(rootDecoder) if err == io.EOF { - return output + return out, metadata, nil } if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ + return out, metadata, &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } } decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) - t, err = decoder.GetElement("Error") + t, err = decoder.GetElement("GetSessionTokenResult") if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ + err = &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } + return out, metadata, err } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeDocumentIDPRejectedClaimException(&output, decoder) + err = awsAwsquery_deserializeOpDocumentGetSessionTokenOutput(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - return &smithy.DeserializationError{ + err = &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } + return out, metadata, err } - return output + return out, metadata, err +} + +func awsAwsquery_deserializeOpErrorGetSessionToken(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := awsxml.GetErrorResponseComponents(errorBody, false) + if err != nil { + return err + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + case strings.EqualFold("RegionDisabledException", errorCode): + return awsAwsquery_deserializeErrorRegionDisabledException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +type awsAwsquery_deserializeOpGetWebIdentityToken struct { +} + +func (*awsAwsquery_deserializeOpGetWebIdentityToken) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsquery_deserializeOpGetWebIdentityToken) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsquery_deserializeOpErrorGetWebIdentityToken(response, &metadata) + } + output := &GetWebIdentityTokenOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(response.Body, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return out, metadata, nil + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("GetWebIdentityTokenResult") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeOpDocumentGetWebIdentityTokenOutput(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsAwsquery_deserializeOpErrorGetWebIdentityToken(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := awsxml.GetErrorResponseComponents(errorBody, false) + if err != nil { + return err + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + case strings.EqualFold("JWTPayloadSizeExceededException", errorCode): + return awsAwsquery_deserializeErrorJWTPayloadSizeExceededException(response, errorBody) + + case strings.EqualFold("OutboundWebIdentityFederationDisabledException", errorCode): + return awsAwsquery_deserializeErrorOutboundWebIdentityFederationDisabledException(response, errorBody) + + case strings.EqualFold("SessionDurationEscalationException", errorCode): + return awsAwsquery_deserializeErrorSessionDurationEscalationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsAwsquery_deserializeErrorExpiredTokenException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ExpiredTokenException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentExpiredTokenException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + +func awsAwsquery_deserializeErrorExpiredTradeInTokenException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ExpiredTradeInTokenException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentExpiredTradeInTokenException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + +func awsAwsquery_deserializeErrorIDPCommunicationErrorException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.IDPCommunicationErrorException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentIDPCommunicationErrorException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + +func awsAwsquery_deserializeErrorIDPRejectedClaimException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.IDPRejectedClaimException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentIDPRejectedClaimException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + +func awsAwsquery_deserializeErrorInvalidAuthorizationMessageException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.InvalidAuthorizationMessageException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentInvalidAuthorizationMessageException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + +func awsAwsquery_deserializeErrorInvalidIdentityTokenException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.InvalidIdentityTokenException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentInvalidIdentityTokenException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output } -func awsAwsquery_deserializeErrorInvalidAuthorizationMessageException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.InvalidAuthorizationMessageException{} +func awsAwsquery_deserializeErrorJWTPayloadSizeExceededException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.JWTPayloadSizeExceededException{} var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) body := io.TeeReader(errorBody, ringBuffer) @@ -1133,7 +1607,7 @@ func awsAwsquery_deserializeErrorInvalidAuthorizationMessageException(response * } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeDocumentInvalidAuthorizationMessageException(&output, decoder) + err = awsAwsquery_deserializeDocumentJWTPayloadSizeExceededException(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -1146,8 +1620,8 @@ func awsAwsquery_deserializeErrorInvalidAuthorizationMessageException(response * return output } -func awsAwsquery_deserializeErrorInvalidIdentityTokenException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.InvalidIdentityTokenException{} +func awsAwsquery_deserializeErrorMalformedPolicyDocumentException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.MalformedPolicyDocumentException{} var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) body := io.TeeReader(errorBody, ringBuffer) @@ -1177,7 +1651,7 @@ func awsAwsquery_deserializeErrorInvalidIdentityTokenException(response *smithyh } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeDocumentInvalidIdentityTokenException(&output, decoder) + err = awsAwsquery_deserializeDocumentMalformedPolicyDocumentException(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -1190,8 +1664,8 @@ func awsAwsquery_deserializeErrorInvalidIdentityTokenException(response *smithyh return output } -func awsAwsquery_deserializeErrorMalformedPolicyDocumentException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.MalformedPolicyDocumentException{} +func awsAwsquery_deserializeErrorOutboundWebIdentityFederationDisabledException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.OutboundWebIdentityFederationDisabledException{} var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) body := io.TeeReader(errorBody, ringBuffer) @@ -1221,7 +1695,7 @@ func awsAwsquery_deserializeErrorMalformedPolicyDocumentException(response *smit } decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) - err = awsAwsquery_deserializeDocumentMalformedPolicyDocumentException(&output, decoder) + err = awsAwsquery_deserializeDocumentOutboundWebIdentityFederationDisabledException(&output, decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -1322,6 +1796,50 @@ func awsAwsquery_deserializeErrorRegionDisabledException(response *smithyhttp.Re return output } +func awsAwsquery_deserializeErrorSessionDurationEscalationException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.SessionDurationEscalationException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return output + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("Error") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeDocumentSessionDurationEscalationException(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + return output +} + func awsAwsquery_deserializeDocumentAssumedRoleUser(v **types.AssumedRoleUser, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -1459,7 +1977,216 @@ func awsAwsquery_deserializeDocumentCredentials(v **types.Credentials, decoder s } { xtv := string(val) - sv.SessionToken = ptr.String(xtv) + sv.SessionToken = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsAwsquery_deserializeDocumentExpiredTokenException(v **types.ExpiredTokenException, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.ExpiredTokenException + if *v == nil { + sv = &types.ExpiredTokenException{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("message", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Message = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsAwsquery_deserializeDocumentExpiredTradeInTokenException(v **types.ExpiredTradeInTokenException, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.ExpiredTradeInTokenException + if *v == nil { + sv = &types.ExpiredTradeInTokenException{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("message", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Message = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsAwsquery_deserializeDocumentFederatedUser(v **types.FederatedUser, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.FederatedUser + if *v == nil { + sv = &types.FederatedUser{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("Arn", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Arn = ptr.String(xtv) + } + + case strings.EqualFold("FederatedUserId", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.FederatedUserId = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + +func awsAwsquery_deserializeDocumentIDPCommunicationErrorException(v **types.IDPCommunicationErrorException, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.IDPCommunicationErrorException + if *v == nil { + sv = &types.IDPCommunicationErrorException{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("message", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.Message = ptr.String(xtv) } default: @@ -1476,13 +2203,13 @@ func awsAwsquery_deserializeDocumentCredentials(v **types.Credentials, decoder s return nil } -func awsAwsquery_deserializeDocumentExpiredTokenException(v **types.ExpiredTokenException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentIDPRejectedClaimException(v **types.IDPRejectedClaimException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.ExpiredTokenException + var sv *types.IDPRejectedClaimException if *v == nil { - sv = &types.ExpiredTokenException{} + sv = &types.IDPRejectedClaimException{} } else { sv = *v } @@ -1525,13 +2252,13 @@ func awsAwsquery_deserializeDocumentExpiredTokenException(v **types.ExpiredToken return nil } -func awsAwsquery_deserializeDocumentFederatedUser(v **types.FederatedUser, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentInvalidAuthorizationMessageException(v **types.InvalidAuthorizationMessageException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.FederatedUser + var sv *types.InvalidAuthorizationMessageException if *v == nil { - sv = &types.FederatedUser{} + sv = &types.InvalidAuthorizationMessageException{} } else { sv = *v } @@ -1547,20 +2274,7 @@ func awsAwsquery_deserializeDocumentFederatedUser(v **types.FederatedUser, decod originalDecoder := decoder decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) switch { - case strings.EqualFold("Arn", t.Name.Local): - val, err := decoder.Value() - if err != nil { - return err - } - if val == nil { - break - } - { - xtv := string(val) - sv.Arn = ptr.String(xtv) - } - - case strings.EqualFold("FederatedUserId", t.Name.Local): + case strings.EqualFold("message", t.Name.Local): val, err := decoder.Value() if err != nil { return err @@ -1570,7 +2284,7 @@ func awsAwsquery_deserializeDocumentFederatedUser(v **types.FederatedUser, decod } { xtv := string(val) - sv.FederatedUserId = ptr.String(xtv) + sv.Message = ptr.String(xtv) } default: @@ -1587,13 +2301,13 @@ func awsAwsquery_deserializeDocumentFederatedUser(v **types.FederatedUser, decod return nil } -func awsAwsquery_deserializeDocumentIDPCommunicationErrorException(v **types.IDPCommunicationErrorException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentInvalidIdentityTokenException(v **types.InvalidIdentityTokenException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.IDPCommunicationErrorException + var sv *types.InvalidIdentityTokenException if *v == nil { - sv = &types.IDPCommunicationErrorException{} + sv = &types.InvalidIdentityTokenException{} } else { sv = *v } @@ -1636,13 +2350,13 @@ func awsAwsquery_deserializeDocumentIDPCommunicationErrorException(v **types.IDP return nil } -func awsAwsquery_deserializeDocumentIDPRejectedClaimException(v **types.IDPRejectedClaimException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentJWTPayloadSizeExceededException(v **types.JWTPayloadSizeExceededException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.IDPRejectedClaimException + var sv *types.JWTPayloadSizeExceededException if *v == nil { - sv = &types.IDPRejectedClaimException{} + sv = &types.JWTPayloadSizeExceededException{} } else { sv = *v } @@ -1685,13 +2399,13 @@ func awsAwsquery_deserializeDocumentIDPRejectedClaimException(v **types.IDPRejec return nil } -func awsAwsquery_deserializeDocumentInvalidAuthorizationMessageException(v **types.InvalidAuthorizationMessageException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentMalformedPolicyDocumentException(v **types.MalformedPolicyDocumentException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.InvalidAuthorizationMessageException + var sv *types.MalformedPolicyDocumentException if *v == nil { - sv = &types.InvalidAuthorizationMessageException{} + sv = &types.MalformedPolicyDocumentException{} } else { sv = *v } @@ -1734,13 +2448,13 @@ func awsAwsquery_deserializeDocumentInvalidAuthorizationMessageException(v **typ return nil } -func awsAwsquery_deserializeDocumentInvalidIdentityTokenException(v **types.InvalidIdentityTokenException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentOutboundWebIdentityFederationDisabledException(v **types.OutboundWebIdentityFederationDisabledException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.InvalidIdentityTokenException + var sv *types.OutboundWebIdentityFederationDisabledException if *v == nil { - sv = &types.InvalidIdentityTokenException{} + sv = &types.OutboundWebIdentityFederationDisabledException{} } else { sv = *v } @@ -1783,13 +2497,13 @@ func awsAwsquery_deserializeDocumentInvalidIdentityTokenException(v **types.Inva return nil } -func awsAwsquery_deserializeDocumentMalformedPolicyDocumentException(v **types.MalformedPolicyDocumentException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentPackedPolicyTooLargeException(v **types.PackedPolicyTooLargeException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.MalformedPolicyDocumentException + var sv *types.PackedPolicyTooLargeException if *v == nil { - sv = &types.MalformedPolicyDocumentException{} + sv = &types.PackedPolicyTooLargeException{} } else { sv = *v } @@ -1832,13 +2546,13 @@ func awsAwsquery_deserializeDocumentMalformedPolicyDocumentException(v **types.M return nil } -func awsAwsquery_deserializeDocumentPackedPolicyTooLargeException(v **types.PackedPolicyTooLargeException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentRegionDisabledException(v **types.RegionDisabledException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.PackedPolicyTooLargeException + var sv *types.RegionDisabledException if *v == nil { - sv = &types.PackedPolicyTooLargeException{} + sv = &types.RegionDisabledException{} } else { sv = *v } @@ -1881,13 +2595,13 @@ func awsAwsquery_deserializeDocumentPackedPolicyTooLargeException(v **types.Pack return nil } -func awsAwsquery_deserializeDocumentRegionDisabledException(v **types.RegionDisabledException, decoder smithyxml.NodeDecoder) error { +func awsAwsquery_deserializeDocumentSessionDurationEscalationException(v **types.SessionDurationEscalationException, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } - var sv *types.RegionDisabledException + var sv *types.SessionDurationEscalationException if *v == nil { - sv = &types.RegionDisabledException{} + sv = &types.SessionDurationEscalationException{} } else { sv = *v } @@ -2268,6 +2982,61 @@ func awsAwsquery_deserializeOpDocumentAssumeRoleWithWebIdentityOutput(v **Assume return nil } +func awsAwsquery_deserializeOpDocumentAssumeRootOutput(v **AssumeRootOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *AssumeRootOutput + if *v == nil { + sv = &AssumeRootOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("Credentials", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsAwsquery_deserializeDocumentCredentials(&sv.Credentials, nodeDecoder); err != nil { + return err + } + + case strings.EqualFold("SourceIdentity", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.SourceIdentity = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsAwsquery_deserializeOpDocumentDecodeAuthorizationMessageOutput(v **DecodeAuthorizationMessageOutput, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -2441,6 +3210,78 @@ func awsAwsquery_deserializeOpDocumentGetCallerIdentityOutput(v **GetCallerIdent return nil } +func awsAwsquery_deserializeOpDocumentGetDelegatedAccessTokenOutput(v **GetDelegatedAccessTokenOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *GetDelegatedAccessTokenOutput + if *v == nil { + sv = &GetDelegatedAccessTokenOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("AssumedPrincipal", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.AssumedPrincipal = ptr.String(xtv) + } + + case strings.EqualFold("Credentials", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsAwsquery_deserializeDocumentCredentials(&sv.Credentials, nodeDecoder); err != nil { + return err + } + + case strings.EqualFold("PackedPolicySize", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + i64, err := strconv.ParseInt(xtv, 10, 64) + if err != nil { + return err + } + sv.PackedPolicySize = ptr.Int32(int32(i64)) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsAwsquery_deserializeOpDocumentGetFederationTokenOutput(v **GetFederationTokenOutput, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -2547,3 +3388,69 @@ func awsAwsquery_deserializeOpDocumentGetSessionTokenOutput(v **GetSessionTokenO *v = sv return nil } + +func awsAwsquery_deserializeOpDocumentGetWebIdentityTokenOutput(v **GetWebIdentityTokenOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *GetWebIdentityTokenOutput + if *v == nil { + sv = &GetWebIdentityTokenOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("Expiration", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + t, err := smithytime.ParseDateTime(xtv) + if err != nil { + return err + } + sv.Expiration = ptr.Time(t) + } + + case strings.EqualFold("WebIdentityToken", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.WebIdentityToken = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go index dca2ce3599e..c8f9526c78a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go @@ -15,6 +15,7 @@ import ( smithy "github.com/aws/smithy-go" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" "github.com/aws/smithy-go/tracing" @@ -218,11 +219,15 @@ func resolveBaseEndpoint(cfg aws.Config, o *Options) { } } -func bindRegion(region string) *string { +func bindRegion(region string) (*string, error) { if region == "" { - return nil + return nil, nil + } + if !rulesfn.IsValidHostLabel(region, true) { + return nil, fmt.Errorf("invalid input region %s", region) } - return aws.String(endpoints.MapFIPSRegion(region)) + + return aws.String(endpoints.MapFIPSRegion(region)), nil } // EndpointParameters provides the parameters that influence how endpoints are @@ -346,8 +351,11 @@ func (r *resolver) ResolveEndpoint( return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } _UseDualStack := *params.UseDualStack + _ = _UseDualStack _UseFIPS := *params.UseFIPS + _ = _UseFIPS _UseGlobalEndpoint := *params.UseGlobalEndpoint + _ = _UseGlobalEndpoint if _UseGlobalEndpoint == true { if !(params.Endpoint != nil) { @@ -1057,10 +1065,15 @@ type endpointParamsBinder interface { bindEndpointParams(*EndpointParameters) } -func bindEndpointParams(ctx context.Context, input interface{}, options Options) *EndpointParameters { +func bindEndpointParams(ctx context.Context, input interface{}, options Options) (*EndpointParameters, error) { params := &EndpointParameters{} - params.Region = bindRegion(options.Region) + region, err := bindRegion(options.Region) + if err != nil { + return nil, err + } + params.Region = region + params.UseDualStack = aws.Bool(options.EndpointOptions.UseDualStackEndpoint == aws.DualStackEndpointStateEnabled) params.UseFIPS = aws.Bool(options.EndpointOptions.UseFIPSEndpoint == aws.FIPSEndpointStateEnabled) params.Endpoint = options.BaseEndpoint @@ -1069,7 +1082,7 @@ func bindEndpointParams(ctx context.Context, input interface{}, options Options) b.bindEndpointParams(params) } - return params + return params, nil } type resolveEndpointV2Middleware struct { @@ -1099,7 +1112,10 @@ func (m *resolveEndpointV2Middleware) HandleFinalize(ctx context.Context, in mid return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil") } - params := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + params, err := bindEndpointParams(ctx, getOperationInput(ctx), m.options) + if err != nil { + return out, metadata, fmt.Errorf("failed to bind endpoint params, %w", err) + } endpt, err := timeOperationMetric(ctx, "client.call.resolve_endpoint_duration", func() (smithyendpoints.Endpoint, error) { return m.options.EndpointResolverV2.ResolveEndpoint(ctx, *params) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json index 6b6e839e6c9..2fc7b400f7c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json @@ -3,6 +3,7 @@ "github.com/aws/aws-sdk-go-v2": "v1.4.0", "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000", + "github.com/aws/aws-sdk-go-v2/internal/v4a": "v0.0.0-00010101000000-000000000000", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding": "v1.0.5", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7", "github.com/aws/smithy-go": "v1.4.0" @@ -13,11 +14,14 @@ "api_op_AssumeRole.go", "api_op_AssumeRoleWithSAML.go", "api_op_AssumeRoleWithWebIdentity.go", + "api_op_AssumeRoot.go", "api_op_DecodeAuthorizationMessage.go", "api_op_GetAccessKeyInfo.go", "api_op_GetCallerIdentity.go", + "api_op_GetDelegatedAccessToken.go", "api_op_GetFederationToken.go", "api_op_GetSessionToken.go", + "api_op_GetWebIdentityToken.go", "auth.go", "deserializers.go", "doc.go", @@ -28,14 +32,14 @@ "internal/endpoints/endpoints.go", "internal/endpoints/endpoints_test.go", "options.go", - "protocol_test.go", "serializers.go", "snapshot_test.go", + "sra_operation_order_test.go", "types/errors.go", "types/types.go", "validators.go" ], - "go": "1.15", + "go": "1.24", "module": "github.com/aws/aws-sdk-go-v2/service/sts", "unstable": false } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go index 8b3c00566d1..bdd6a15d8f0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go @@ -3,4 +3,4 @@ package sts // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.31.0" +const goModuleVersion = "1.42.1" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go index 9fe930b8d7b..be72d93dccd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go @@ -87,6 +87,7 @@ func New() *Resolver { var partitionRegexp = struct { Aws *regexp.Regexp AwsCn *regexp.Regexp + AwsEusc *regexp.Regexp AwsIso *regexp.Regexp AwsIsoB *regexp.Regexp AwsIsoE *regexp.Regexp @@ -96,6 +97,7 @@ var partitionRegexp = struct { Aws: regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il|mx)\\-\\w+\\-\\d+$"), AwsCn: regexp.MustCompile("^cn\\-\\w+\\-\\d+$"), + AwsEusc: regexp.MustCompile("^eusc\\-(de)\\-\\w+\\-\\d+$"), AwsIso: regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"), AwsIsoB: regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"), AwsIsoE: regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"), @@ -145,6 +147,9 @@ var defaultPartitions = endpoints.Partitions{ endpoints.EndpointKey{ Region: "ap-east-1", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-east-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-northeast-1", }: endpoints.Endpoint{}, @@ -175,6 +180,12 @@ var defaultPartitions = endpoints.Partitions{ endpoints.EndpointKey{ Region: "ap-southeast-5", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-southeast-6", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-southeast-7", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "aws-global", }: endpoints.Endpoint{ @@ -222,6 +233,9 @@ var defaultPartitions = endpoints.Partitions{ endpoints.EndpointKey{ Region: "me-south-1", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "mx-central-1", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "sa-east-1", }: endpoints.Endpoint{}, @@ -342,6 +356,46 @@ var defaultPartitions = endpoints.Partitions{ }: endpoints.Endpoint{}, }, }, + { + ID: "aws-eusc", + Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ + { + Variant: endpoints.DualStackVariant, + }: { + Hostname: "sts.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant, + }: { + Hostname: "sts-fips.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: endpoints.FIPSVariant | endpoints.DualStackVariant, + }: { + Hostname: "sts-fips.{region}.api.amazonwebservices.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + { + Variant: 0, + }: { + Hostname: "sts.{region}.amazonaws.eu", + Protocols: []string{"https"}, + SignatureVersions: []string{"v4"}, + }, + }, + RegionRegex: partitionRegexp.AwsEusc, + IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, + }, { ID: "aws-iso", Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{ @@ -395,6 +449,9 @@ var defaultPartitions = endpoints.Partitions{ endpoints.EndpointKey{ Region: "us-isob-east-1", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "us-isob-west-1", + }: endpoints.Endpoint{}, }, }, { @@ -417,6 +474,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsIsoE, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eu-isoe-west-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-iso-f", @@ -438,6 +500,14 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsIsoF, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "us-isof-east-1", + }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "us-isof-south-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-us-gov", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go index e1398f3bb85..a9f2361fd32 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go @@ -4,9 +4,11 @@ package sts import ( "context" + "fmt" "github.com/aws/aws-sdk-go-v2/aws" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + "github.com/aws/aws-sdk-go-v2/internal/v4a" smithyauth "github.com/aws/smithy-go/auth" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -58,8 +60,7 @@ type Options struct { // the client option BaseEndpoint instead. EndpointResolver EndpointResolver - // Resolves the endpoint used for a particular service operation. This should be - // used over the deprecated EndpointResolver. + // Resolves the endpoint used for a particular service operation. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer @@ -108,6 +109,9 @@ type Options struct { // The client tracer provider. TracerProvider tracing.TracerProvider + // Signature Version 4a (SigV4a) Signer + httpSignerV4a httpSignerV4a + // The initial DefaultsMode used when the client options were constructed. If the // DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved // value was at that point in time. @@ -119,12 +123,18 @@ type Options struct { // implementation if nil. HTTPClient HTTPClient + // Client registry of operation interceptors. + Interceptors smithyhttp.InterceptorRegistry + // The auth scheme resolver which determines how to authenticate for each // operation. AuthSchemeResolver AuthSchemeResolver // The list of auth schemes supported by the client. AuthSchemes []smithyhttp.AuthScheme + + // Priority list of preferred auth scheme names (e.g. sigv4a). + AuthSchemePreference []string } // Copy creates a clone where the APIOptions list is deep copied. @@ -132,6 +142,7 @@ func (o Options) Copy() Options { to := o to.APIOptions = make([]func(*middleware.Stack) error, len(o.APIOptions)) copy(to.APIOptions, o.APIOptions) + to.Interceptors = o.Interceptors.Copy() return to } @@ -140,6 +151,9 @@ func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolve if schemeID == "aws.auth#sigv4" { return getSigV4IdentityResolver(o) } + if schemeID == "aws.auth#sigv4a" { + return getSigV4AIdentityResolver(o) + } if schemeID == "smithy.api#noAuth" { return &smithyauth.AnonymousIdentityResolver{} } @@ -225,6 +239,46 @@ func WithSigV4SigningRegion(region string) func(*Options) { } } +func getSigV4AIdentityResolver(o Options) smithyauth.IdentityResolver { + if o.Credentials != nil { + return &v4a.CredentialsProviderAdapter{ + Provider: &v4a.SymmetricCredentialAdaptor{ + SymmetricProvider: o.Credentials, + }, + } + } + return nil +} + +// WithSigV4ASigningRegions applies an override to the authentication workflow to +// use the given signing region set for SigV4A-authenticated operations. +// +// This is an advanced setting. The value here is FINAL, taking precedence over +// the resolved signing region set from both auth scheme resolution and endpoint +// resolution. +func WithSigV4ASigningRegions(regions []string) func(*Options) { + fn := func(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, + ) { + rscheme := getResolvedAuthScheme(ctx) + if rscheme == nil { + return out, metadata, fmt.Errorf("no resolved auth scheme") + } + + smithyhttp.SetSigV4ASigningRegions(&rscheme.SignerProperties, regions) + return next.HandleFinalize(ctx, in) + } + return func(o *Options) { + o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error { + return s.Finalize.Insert( + middleware.FinalizeMiddlewareFunc("withSigV4ASigningRegions", fn), + "Signing", + middleware.Before, + ) + }) + } +} + func ignoreAnonymousAuth(options *Options) { if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go index 1bcbc828423..5e227387827 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/serializers.go @@ -226,6 +226,76 @@ func (m *awsAwsquery_serializeOpAssumeRoleWithWebIdentity) HandleSerialize(ctx c return next.HandleSerialize(ctx, in) } +type awsAwsquery_serializeOpAssumeRoot struct { +} + +func (*awsAwsquery_serializeOpAssumeRoot) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsquery_serializeOpAssumeRoot) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*AssumeRootInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded") + + bodyWriter := bytes.NewBuffer(nil) + bodyEncoder := query.NewEncoder(bodyWriter) + body := bodyEncoder.Object() + body.Key("Action").String("AssumeRoot") + body.Key("Version").String("2011-06-15") + + if err := awsAwsquery_serializeOpDocumentAssumeRootInput(input, bodyEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + err = bodyEncoder.Encode() + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} + type awsAwsquery_serializeOpDecodeAuthorizationMessage struct { } @@ -432,6 +502,76 @@ func (m *awsAwsquery_serializeOpGetCallerIdentity) HandleSerialize(ctx context.C return next.HandleSerialize(ctx, in) } +type awsAwsquery_serializeOpGetDelegatedAccessToken struct { +} + +func (*awsAwsquery_serializeOpGetDelegatedAccessToken) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsquery_serializeOpGetDelegatedAccessToken) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*GetDelegatedAccessTokenInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded") + + bodyWriter := bytes.NewBuffer(nil) + bodyEncoder := query.NewEncoder(bodyWriter) + body := bodyEncoder.Object() + body.Key("Action").String("GetDelegatedAccessToken") + body.Key("Version").String("2011-06-15") + + if err := awsAwsquery_serializeOpDocumentGetDelegatedAccessTokenInput(input, bodyEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + err = bodyEncoder.Encode() + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} + type awsAwsquery_serializeOpGetFederationToken struct { } @@ -571,6 +711,76 @@ func (m *awsAwsquery_serializeOpGetSessionToken) HandleSerialize(ctx context.Con span.End() return next.HandleSerialize(ctx, in) } + +type awsAwsquery_serializeOpGetWebIdentityToken struct { +} + +func (*awsAwsquery_serializeOpGetWebIdentityToken) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsquery_serializeOpGetWebIdentityToken) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*GetWebIdentityTokenInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded") + + bodyWriter := bytes.NewBuffer(nil) + bodyEncoder := query.NewEncoder(bodyWriter) + body := bodyEncoder.Object() + body.Key("Action").String("GetWebIdentityToken") + body.Key("Version").String("2011-06-15") + + if err := awsAwsquery_serializeOpDocumentGetWebIdentityTokenInput(input, bodyEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + err = bodyEncoder.Encode() + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} func awsAwsquery_serializeDocumentPolicyDescriptorListType(v []types.PolicyDescriptorType, value query.Value) error { array := value.Array("member") @@ -663,6 +873,16 @@ func awsAwsquery_serializeDocumentTagListType(v []types.Tag, value query.Value) return nil } +func awsAwsquery_serializeDocumentWebIdentityTokenAudienceListType(v []string, value query.Value) error { + array := value.Array("member") + + for i := range v { + av := array.Value() + av.String(v[i]) + } + return nil +} + func awsAwsquery_serializeOpDocumentAssumeRoleInput(v *AssumeRoleInput, value query.Value) error { object := value.Object() _ = object @@ -821,6 +1041,30 @@ func awsAwsquery_serializeOpDocumentAssumeRoleWithWebIdentityInput(v *AssumeRole return nil } +func awsAwsquery_serializeOpDocumentAssumeRootInput(v *AssumeRootInput, value query.Value) error { + object := value.Object() + _ = object + + if v.DurationSeconds != nil { + objectKey := object.Key("DurationSeconds") + objectKey.Integer(*v.DurationSeconds) + } + + if v.TargetPrincipal != nil { + objectKey := object.Key("TargetPrincipal") + objectKey.String(*v.TargetPrincipal) + } + + if v.TaskPolicyArn != nil { + objectKey := object.Key("TaskPolicyArn") + if err := awsAwsquery_serializeDocumentPolicyDescriptorType(v.TaskPolicyArn, objectKey); err != nil { + return err + } + } + + return nil +} + func awsAwsquery_serializeOpDocumentDecodeAuthorizationMessageInput(v *DecodeAuthorizationMessageInput, value query.Value) error { object := value.Object() _ = object @@ -852,6 +1096,18 @@ func awsAwsquery_serializeOpDocumentGetCallerIdentityInput(v *GetCallerIdentityI return nil } +func awsAwsquery_serializeOpDocumentGetDelegatedAccessTokenInput(v *GetDelegatedAccessTokenInput, value query.Value) error { + object := value.Object() + _ = object + + if v.TradeInToken != nil { + objectKey := object.Key("TradeInToken") + objectKey.String(*v.TradeInToken) + } + + return nil +} + func awsAwsquery_serializeOpDocumentGetFederationTokenInput(v *GetFederationTokenInput, value query.Value) error { object := value.Object() _ = object @@ -909,3 +1165,34 @@ func awsAwsquery_serializeOpDocumentGetSessionTokenInput(v *GetSessionTokenInput return nil } + +func awsAwsquery_serializeOpDocumentGetWebIdentityTokenInput(v *GetWebIdentityTokenInput, value query.Value) error { + object := value.Object() + _ = object + + if v.Audience != nil { + objectKey := object.Key("Audience") + if err := awsAwsquery_serializeDocumentWebIdentityTokenAudienceListType(v.Audience, objectKey); err != nil { + return err + } + } + + if v.DurationSeconds != nil { + objectKey := object.Key("DurationSeconds") + objectKey.Integer(*v.DurationSeconds) + } + + if v.SigningAlgorithm != nil { + objectKey := object.Key("SigningAlgorithm") + objectKey.String(*v.SigningAlgorithm) + } + + if v.Tags != nil { + objectKey := object.Key("Tags") + if err := awsAwsquery_serializeDocumentTagListType(v.Tags, objectKey); err != nil { + return err + } + } + + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go index 9573a4b6461..70d99a220b8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/types/errors.go @@ -34,6 +34,33 @@ func (e *ExpiredTokenException) ErrorCode() string { } func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// The trade-in token provided in the request has expired and can no longer be +// exchanged for credentials. Request a new token and retry the operation. +type ExpiredTradeInTokenException struct { + Message *string + + ErrorCodeOverride *string + + noSmithyDocumentSerde +} + +func (e *ExpiredTradeInTokenException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *ExpiredTradeInTokenException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *ExpiredTradeInTokenException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "ExpiredTradeInTokenException" + } + return *e.ErrorCodeOverride +} +func (e *ExpiredTradeInTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // The request could not be fulfilled because the identity provider (IDP) that was // asked to verify the incoming identity token could not be reached. This is often // a transient error caused by network conditions. Retry the request a limited @@ -95,8 +122,8 @@ func (e *IDPRejectedClaimException) ErrorCode() string { func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } // The error returned if the message passed to DecodeAuthorizationMessage was -// invalid. This can happen if the token contains invalid characters, such as -// linebreaks. +// invalid. This can happen if the token contains invalid characters, such as line +// breaks, or if the message has expired. type InvalidAuthorizationMessageException struct { Message *string @@ -152,6 +179,34 @@ func (e *InvalidIdentityTokenException) ErrorCode() string { } func (e *InvalidIdentityTokenException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// The requested token payload size exceeds the maximum allowed size. Reduce the +// number of request tags included in the GetWebIdentityToken API call to reduce +// the token payload size. +type JWTPayloadSizeExceededException struct { + Message *string + + ErrorCodeOverride *string + + noSmithyDocumentSerde +} + +func (e *JWTPayloadSizeExceededException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *JWTPayloadSizeExceededException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *JWTPayloadSizeExceededException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "JWTPayloadSizeExceededException" + } + return *e.ErrorCodeOverride +} +func (e *JWTPayloadSizeExceededException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // The request was rejected because the policy document was malformed. The error // message describes the specific error. type MalformedPolicyDocumentException struct { @@ -179,6 +234,36 @@ func (e *MalformedPolicyDocumentException) ErrorCode() string { } func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// The outbound web identity federation feature is not enabled for this account. +// To use this feature, you must first enable it through the Amazon Web Services +// Management Console or API. +type OutboundWebIdentityFederationDisabledException struct { + Message *string + + ErrorCodeOverride *string + + noSmithyDocumentSerde +} + +func (e *OutboundWebIdentityFederationDisabledException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *OutboundWebIdentityFederationDisabledException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *OutboundWebIdentityFederationDisabledException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "OutboundWebIdentityFederationDisabledException" + } + return *e.ErrorCodeOverride +} +func (e *OutboundWebIdentityFederationDisabledException) ErrorFault() smithy.ErrorFault { + return smithy.FaultClient +} + // The request was rejected because the total packed size of the session policies // and session tags combined was too large. An Amazon Web Services conversion // compresses the session policy document, session policy ARNs, and session tags @@ -218,10 +303,10 @@ func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault { return // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM -// console to activate STS in that region. For more information, see [Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region]in the IAM +// console to activate STS in that region. For more information, see [Activating and Deactivating STS in an Amazon Web Services Region]in the IAM // User Guide. // -// [Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html +// [Activating and Deactivating STS in an Amazon Web Services Region]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate type RegionDisabledException struct { Message *string @@ -246,3 +331,33 @@ func (e *RegionDisabledException) ErrorCode() string { return *e.ErrorCodeOverride } func (e *RegionDisabledException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + +// The requested token duration would extend the session beyond its original +// expiration time. You cannot use this operation to extend the lifetime of a +// session beyond what was granted when the session was originally created. +type SessionDurationEscalationException struct { + Message *string + + ErrorCodeOverride *string + + noSmithyDocumentSerde +} + +func (e *SessionDurationEscalationException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *SessionDurationEscalationException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *SessionDurationEscalationException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "SessionDurationEscalationException" + } + return *e.ErrorCodeOverride +} +func (e *SessionDurationEscalationException) ErrorFault() smithy.ErrorFault { + return smithy.FaultClient +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/validators.go index 3e4bad2a925..4d37dd22a1d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/validators.go @@ -70,6 +70,26 @@ func (m *validateOpAssumeRoleWithWebIdentity) HandleInitialize(ctx context.Conte return next.HandleInitialize(ctx, in) } +type validateOpAssumeRoot struct { +} + +func (*validateOpAssumeRoot) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpAssumeRoot) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*AssumeRootInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpAssumeRootInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpDecodeAuthorizationMessage struct { } @@ -110,6 +130,26 @@ func (m *validateOpGetAccessKeyInfo) HandleInitialize(ctx context.Context, in mi return next.HandleInitialize(ctx, in) } +type validateOpGetDelegatedAccessToken struct { +} + +func (*validateOpGetDelegatedAccessToken) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpGetDelegatedAccessToken) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*GetDelegatedAccessTokenInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpGetDelegatedAccessTokenInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpGetFederationToken struct { } @@ -130,6 +170,26 @@ func (m *validateOpGetFederationToken) HandleInitialize(ctx context.Context, in return next.HandleInitialize(ctx, in) } +type validateOpGetWebIdentityToken struct { +} + +func (*validateOpGetWebIdentityToken) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpGetWebIdentityToken) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*GetWebIdentityTokenInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpGetWebIdentityTokenInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + func addOpAssumeRoleValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpAssumeRole{}, middleware.After) } @@ -142,6 +202,10 @@ func addOpAssumeRoleWithWebIdentityValidationMiddleware(stack *middleware.Stack) return stack.Initialize.Add(&validateOpAssumeRoleWithWebIdentity{}, middleware.After) } +func addOpAssumeRootValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpAssumeRoot{}, middleware.After) +} + func addOpDecodeAuthorizationMessageValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpDecodeAuthorizationMessage{}, middleware.After) } @@ -150,10 +214,18 @@ func addOpGetAccessKeyInfoValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpGetAccessKeyInfo{}, middleware.After) } +func addOpGetDelegatedAccessTokenValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpGetDelegatedAccessToken{}, middleware.After) +} + func addOpGetFederationTokenValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpGetFederationToken{}, middleware.After) } +func addOpGetWebIdentityTokenValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpGetWebIdentityToken{}, middleware.After) +} + func validateTag(v *types.Tag) error { if v == nil { return nil @@ -254,6 +326,24 @@ func validateOpAssumeRoleWithWebIdentityInput(v *AssumeRoleWithWebIdentityInput) } } +func validateOpAssumeRootInput(v *AssumeRootInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "AssumeRootInput"} + if v.TargetPrincipal == nil { + invalidParams.Add(smithy.NewErrParamRequired("TargetPrincipal")) + } + if v.TaskPolicyArn == nil { + invalidParams.Add(smithy.NewErrParamRequired("TaskPolicyArn")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpDecodeAuthorizationMessageInput(v *DecodeAuthorizationMessageInput) error { if v == nil { return nil @@ -284,6 +374,21 @@ func validateOpGetAccessKeyInfoInput(v *GetAccessKeyInfoInput) error { } } +func validateOpGetDelegatedAccessTokenInput(v *GetDelegatedAccessTokenInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "GetDelegatedAccessTokenInput"} + if v.TradeInToken == nil { + invalidParams.Add(smithy.NewErrParamRequired("TradeInToken")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpGetFederationTokenInput(v *GetFederationTokenInput) error { if v == nil { return nil @@ -303,3 +408,26 @@ func validateOpGetFederationTokenInput(v *GetFederationTokenInput) error { return nil } } + +func validateOpGetWebIdentityTokenInput(v *GetWebIdentityTokenInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "GetWebIdentityTokenInput"} + if v.Audience == nil { + invalidParams.Add(smithy.NewErrParamRequired("Audience")) + } + if v.SigningAlgorithm == nil { + invalidParams.Add(smithy.NewErrParamRequired("SigningAlgorithm")) + } + if v.Tags != nil { + if err := validateTagListType(v.Tags); err != nil { + invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} diff --git a/vendor/github.com/aws/smithy-go/AGENTS.md b/vendor/github.com/aws/smithy-go/AGENTS.md new file mode 100644 index 00000000000..e2a75b8ea19 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/AGENTS.md @@ -0,0 +1,172 @@ +# AGENTS.md + +## Project overview + +smithy-go is the Go code generator and runtime for [Smithy](https://smithy.io/). +It has two major components: + +1. **Codegen** (`codegen/`) — A Smithy build plugin written in Java that + generates Go client/server/shape code from Smithy models. +2. **Runtime** (`./`, top-level Go module) — The Go packages that generated + code depends on at runtime. + +The primary downstream consumer is +[aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). + +## Repository layout + +``` +. # Root Go module (github.com/aws/smithy-go) +├── auth/ # Auth identity + scheme interfaces +│ └── bearer/ # Bearer token auth +├── aws-http-auth/ # Separate module: AWS SigV4/SigV4A HTTP signing +├── codegen/ # Java/Gradle: Smithy code generator +│ ├── smithy-go-codegen/ # Main codegen source (Java) +│ └── smithy-go-codegen-test/ # Codegen integration tests +├── container/ # Generic container types +├── context/ # Context helpers +├── document/ # Smithy document type abstraction +│ └── json/ # JSON document codec +├── encoding/ # Wire format encoders/decoders +│ ├── cbor/ # CBOR (used by rpcv2Cbor) +│ ├── httpbinding/ # HTTP binding serde helpers +│ ├── json/ # JSON encoder/decoder +│ └── xml/ # XML encoder/decoder +├── endpoints/ # Endpoint resolution types +├── internal/ # Internal utilities (singleflight, etc.) +├── io/ # I/O helpers +├── logging/ # Logging interfaces +├── metrics/ # Metrics interfaces +│ └── smithyotelmetrics/ # Separate module: OpenTelemetry metrics adapter +├── middleware/ # Middleware stack (the core of the operation pipeline) +├── ptr/ # Pointer-to/from-value helpers +├── testing/ # Test assertion helpers for generated protocol tests +│ └── xml/ # XML comparison utilities +├── time/ # Smithy timestamp format helpers +├── tracing/ # Tracing interfaces +│ └── smithyoteltracing/ # Separate module: OpenTelemetry tracing adapter +└── transport/ + └── http/ # HTTP request/response types and middleware +``` + +## Building and testing + +### Runtime (Go) + +```bash +# Run unit tests +make unit +``` + +### Codegen (Java) + +```bash +# Build and test codegen +cd codegen && ./gradlew build + +# Publish to local Maven for downstream use +cd codegen && ./gradlew publishToMavenLocal +``` + +The codegen artifact version is fixed at `0.1.0` and is not published to +Maven Central — you **MUST** `publishToMavenLocal`. + +## Runtime architecture + +### Middleware stack + +The operation pipeline is built on a middleware stack defined in `middleware/`. +Steps execute in order: Initialize → Serialize → Build → Finalize → +Deserialize. Each step is a `middleware.Step` that holds an ordered list of +middleware. The codegen generates middleware registrations for each operation. + +### Encoding packages + +Each wire format has its own encoder/decoder under `encoding/`. These are +low-level — they produce/consume raw tokens or values, not full Smithy shapes. +Generated serde code calls into these packages. + +## Codegen: GoWriter and template system + +GoWriter extends Smithy's `SymbolWriter` and is the primary mechanism for +generating Go source. It has **two distinct writing styles** that must not be +confused. + +### Style 1: Positional args (`writer.write` / `writer.openBlock`) + +Inherited from `SymbolWriter`. Arguments are positional and referenced with +`$`-prefixed format characters. Each `$X` consumes the next argument in order. + +Format characters: +- `$L` — Literal (toString). Strings, names, anything that should be inserted + verbatim. +- `$S` — String, quoted. Wraps the value in Go double-quotes. +- `$T` — Type (Symbol). Inserts the symbol name and auto-adds its import. +- `$P` — Pointable type (Symbol). Like `$T` but prepends `*` if the symbol is + marked pointable. +- `$W` — Writable. Evaluates a `Writable` (lambda/closure) inline. +- `$D` — Dependency. Adds a `GoDependency` import, expands to empty string. + +Numbered variants (`$1L`, `$2T`, etc.) allow reusing the same argument +multiple times. The number is 1-indexed and refers to the position in the +argument list: + +```java +// $1L is used twice, $2L once — only 2 args needed +writer.write("type $1L struct{}\nvar _ $2L = (*$1L)(nil)", + DEFAULT_NAME, INTERFACE_NAME); +``` + +`openBlock`/`closeBlock` manage indentation for braced blocks. Arguments are +positional: + +```java +writer.openBlock("func (c $P) $T(ctx $T) ($P, error) {", "}", + serviceSymbol, operationSymbol, contextSymbol, outputSymbol, + () -> { + writer.write("return nil, nil"); + }); +``` + +### Style 2: Named template args (`goTemplate` / `writeGoTemplate`) + +Uses `$name:X` syntax where `name` is a key in a `Map` and `X` +is the format character. Arguments are passed as one or more maps. This is the +**preferred style for new code** — it is more readable and less error-prone +than positional args. + +```java +return goTemplate(""" + func $name:L(v $cborValue:T) ($type:T, error) { + return $coercer:T(v) + } + """, + Map.of( + "name", getDeserializerName(shape), + "cborValue", SmithyGoTypes.Encoding.Cbor.Value, + "type", symbolProvider.toSymbol(shape), + "coercer", coercer + )); +``` + +Rules: +- `goTemplate(String, Map...)` is a **static** method that returns a + `Writable` (a `Consumer` lambda). It does NOT write immediately. +- `writeGoTemplate(String, Map...)` is an **instance** method that writes + immediately to the writer. +- Maps are merged into the writer's context scope for the duration of the + template. Multiple maps can be passed and are applied in order. +- The writer pre-populates common symbols in context: `fmt.Sprintf`, + `fmt.Errorf`, `errors.As`, `context.Context`, `time.Now`. + +### Composing writables + +- `ChainWritable` — Collects multiple `Writable`s and composes them with + newlines between each. Use `.compose()` (with newlines) or + `.compose(false)` (without). + +### Symbol constants + +For symbols, use `SmithyGoDependency.*.valueSymbol("Name")` or +`SmithyGoDependency.*.pointableSymbol("Name")`. + diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md index 27fc881232a..b9cd114ed16 100644 --- a/vendor/github.com/aws/smithy-go/CHANGELOG.md +++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md @@ -1,8 +1,37 @@ -# Release (2026-02-27) +# Release (2026-04-23) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.1 + * **Bug Fix**: Fixed a memory leak in the LRU cache implementation used by some AWS services. + +# Release (2026-04-15) ## General Highlights * **Dependency Update**: Updated to the latest SDK module versions +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.0 + * **Feature**: Add support for endpointBdd trait + +# Release (2026-04-02) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.24.3 + * **Bug Fix**: Add additional sigv4 configuration. +* `github.com/aws/smithy-go/aws-http-auth`: [v1.1.3](aws-http-auth/CHANGELOG.md#v113-2026-04-02) + * **Bug Fix**: Add additional sigv4 configuration. + +# Release (2026-02-27) + +## General Highlights +* **Dependency Update**: Bump minimum go version to 1.24. + # Release (2026-02-20) ## General Highlights diff --git a/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go b/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go index 02ecb0a3277..6db123a75a3 100644 --- a/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go +++ b/vendor/github.com/aws/smithy-go/container/private/cache/lru/lru.go @@ -45,6 +45,12 @@ func (l *lru) Get(k interface{}) (interface{}, bool) { } func (l *lru) Put(k interface{}, v interface{}) { + if e, ok := l.entries[k]; ok { + e.Value.(*element).value = v + l.mru.MoveToFront(e) + return + } + if len(l.entries) == l.cap { l.evict() } diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go new file mode 100644 index 00000000000..f8b30789a01 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go @@ -0,0 +1,16 @@ +package rulesfn + +import "strings" + +// Split splits the input string by the delimiter and returns the resulting +// parts. If limit is > 0, at most limit substrings are returned. +// Returns a slice with a single empty string if the input is empty. +func Split(input, delimiter string, limit int) []string { + if len(input) == 0 { + return []string{""} + } + if limit > 0 { + return strings.SplitN(input, delimiter, limit) + } + return strings.Split(input, delimiter) +} diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go index dc9dfd0d86d..a1e928754a1 100644 --- a/vendor/github.com/aws/smithy-go/go_module_metadata.go +++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go @@ -3,4 +3,4 @@ package smithy // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.24.2" +const goModuleVersion = "1.25.1" diff --git a/vendor/github.com/cert-manager/cert-manager/LICENSES b/vendor/github.com/cert-manager/cert-manager/LICENSES index 0c644fe5a34..d6e7b21152f 100644 --- a/vendor/github.com/cert-manager/cert-manager/LICENSES +++ b/vendor/github.com/cert-manager/cert-manager/LICENSES @@ -1,196 +1,241 @@ -cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.9.4/auth/LICENSE,Apache-2.0 -cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.4/auth/oauth2adapt/LICENSE,Apache-2.0 -cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.5.1/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.14.0/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.7.0/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.10.0/sdk/internal/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT -github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT -github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT -github.com/Khan/genqlient/graphql,https://github.com/Khan/genqlient/blob/v0.7.0/LICENSE,MIT -github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0 -github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.7.1/LICENSE,Apache-2.0 -github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 -github.com/antlr4-go/antlr/v4,https://github.com/antlr4-go/antlr/blob/v4.13.0/LICENSE,BSD-3-Clause -github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE,MIT -github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.31.0/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.36/config/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.34/credentials/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.16.14/feature/ec2/imds/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.18/internal/configsources/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.18/internal/endpoints/v2/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.8.1/internal/ini/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.31.0/internal/sync/singleflight/LICENSE,BSD-3-Clause -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.11.5/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.20/service/internal/presigned-url/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.44.0/service/route53/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.23.0/service/sso/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.27.0/service/ssooidc/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.31.0/service/sts/LICENSE.txt,Apache-2.0 -github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.21.0/LICENSE,Apache-2.0 -github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.21.0/internal/sync/singleflight/LICENSE,BSD-3-Clause -github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT -github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT -github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.3.0/LICENSE,MIT -github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 -github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/azuredns/LICENSE,MIT -github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/clouddns/LICENSE,MIT -github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/cloudflare/LICENSE,MIT -github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/route53/LICENSE,MIT -github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/util/LICENSE,MIT -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT -github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.1/LICENSE,Apache-2.0 -github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.5.0/LICENSE,Apache-2.0 -github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT -github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.125.0/LICENSE.txt,MIT -github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.125.0/LICENSE.txt,BSD-3-Clause -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.1/LICENSE,MIT -github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause -github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT -github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause -github.com/fxamacker/cbor/v2,https://github.com/fxamacker/cbor/blob/v2.7.0/LICENSE,MIT -github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT -github.com/go-http-utils/headers,https://github.com/go-http-utils/headers/blob/fed159eddc2a/LICENSE,MIT -github.com/go-jose/go-jose/v4,https://github.com/go-jose/go-jose/blob/v4.0.2/LICENSE,Apache-2.0 -github.com/go-jose/go-jose/v4/json,https://github.com/go-jose/go-jose/blob/v4.0.2/json/LICENSE,BSD-3-Clause -github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT -github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.2/LICENSE,Apache-2.0 -github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 -github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 -github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause -github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.1/LICENSE,MIT -github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause -github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.20.1/LICENSE,Apache-2.0 -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.20.1/LICENSE,BSD-3-Clause -github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 -github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause -github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause -github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 -github.com/google/s2a-go,https://github.com/google/s2a-go/blob/v0.1.8/LICENSE.md,Apache-2.0 -github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause -github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.3.4/LICENSE,Apache-2.0 -github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.13.0/v2/LICENSE,BSD-3-Clause -github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.1/LICENSE,BSD-3-Clause -github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 -github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.20.0/LICENSE,BSD-3-Clause -github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 -github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 -github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 -github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 -github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 -github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 -github.com/hashicorp/go-sockaddr,https://github.com/hashicorp/go-sockaddr/blob/v1.0.6/LICENSE,MPL-2.0 -github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.1-vault-5/LICENSE,MPL-2.0 -github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.15.0/api/LICENSE,MPL-2.0 -github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.14.0/sdk/LICENSE,MPL-2.0 -github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.16/LICENSE,BSD-3-Clause -github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/b0104c826a24/LICENSE,Apache-2.0 -github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT -github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT -github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.17.9/LICENSE,MIT -github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.17.9/LICENSE,Apache-2.0 -github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.17.9/LICENSE,BSD-3-Clause -github.com/klauspost/compress/internal/snapref,https://github.com/klauspost/compress/blob/v1.17.9/internal/snapref/LICENSE,BSD-3-Clause -github.com/klauspost/compress/zstd/internal/xxhash,https://github.com/klauspost/compress/blob/v1.17.9/zstd/internal/xxhash/LICENSE.txt,MIT -github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT -github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT -github.com/kylelemons/godebug,https://github.com/kylelemons/godebug/blob/v1.1.0/LICENSE,Apache-2.0 -github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.7/LICENSE,MIT -github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.62/LICENSE,BSD-3-Clause -github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT -github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE,MIT -github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 -github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 -github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause -github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT -github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.5.0/LICENSE,MIT -github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.6.1/LICENSE,BSD-3-Clause -github.com/pkg/browser,https://github.com/pkg/browser/blob/5ac0b6a4141c/LICENSE,BSD-2-Clause -github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause -github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil,https://github.com/prometheus/client_golang/blob/v1.20.4/internal/github.com/golang/gddo/LICENSE,BSD-3-Clause -github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.20.4/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 -github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.55.0/LICENSE,Apache-2.0 -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.1/LICENSE,Apache-2.0 -github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.12.0/LICENSE,BSD-3-Clause -github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT -github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.3/LICENSE,MIT -github.com/sosodev/duration,https://github.com/sosodev/duration/blob/v1.3.1/LICENSE,MIT -github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.1/LICENSE.txt,Apache-2.0 -github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause -github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.3.0/LICENSE,MIT -github.com/vektah/gqlparser/v2,https://github.com/vektah/gqlparser/blob/v2.5.15/LICENSE,MIT -github.com/x448/float16,https://github.com/x448/float16/blob/v0.8.4/LICENSE,MIT -github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/3c2c7870ae76/LICENSE,MIT -go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.14/api/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.14/client/pkg/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.14/client/v3/LICENSE,Apache-2.0 -go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.54.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.54.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.29.0/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.28.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.27.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.29.0/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.28.0/sdk/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.29.0/trace/LICENSE,Apache-2.0 -go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.3.1/otlp/LICENSE,Apache-2.0 -go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.31.0:LICENSE,BSD-3-Clause -golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/8a7402ab:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.33.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.23.0:LICENSE,BSD-3-Clause -golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.10.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.28.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.27.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.21.0:LICENSE,BSD-3-Clause -golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.6.0:LICENSE,BSD-3-Clause -gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.198.0/LICENSE,BSD-3-Clause -google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.198.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause -google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/7e3bb234dfed/googleapis/api/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/8af14fe29dc1/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.66.2/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.2/LICENSE,BSD-3-Clause -gopkg.in/evanphx/json-patch.v4,https://github.com/evanphx/json-patch/blob/v4.12.0/LICENSE,BSD-3-Clause -gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause -gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 -gopkg.in/natefinch/lumberjack.v2,https://github.com/natefinch/lumberjack/blob/v2.2.1/LICENSE,MIT -gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 -gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.31.1/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.130.1/LICENSE,Apache-2.0 -k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.31.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/9e1beecbcb38/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/9e1beecbcb38/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/9e1beecbcb38/pkg/validation/errors/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/9e1beecbcb38/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/9e1beecbcb38/pkg/validation/strfmt/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/49e7df575cb6/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/49e7df575cb6/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.30.3/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.19.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 -sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 -sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause -sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 -sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.4.0/LICENSE,MIT -sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.4.0/LICENSE,Apache-2.0 -sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.4.0/LICENSE,BSD-3-Clause -sigs.k8s.io/yaml/goyaml.v2,https://github.com/kubernetes-sigs/yaml/blob/v1.4.0/goyaml.v2/LICENSE,Apache-2.0 -software.sslmate.com/src/go-pkcs12,https://github.com/SSLMate/go-pkcs12/blob/v0.5.0/LICENSE,BSD-3-Clause +This LICENSES file is generated by the `licenses` module in makefile-modules[0]. + +The licenses below the "---" are determined by the go-licenses tool[1]. + +The aim of this file is to collect the licenses of all dependencies, and provide +a single source of truth for licenses used by this project. + +## For Developers + +If CI reports that this file is out of date, you should be careful to check that the +new licenses are acceptable for this project before running `make generate-go-licenses` +to update this file. + +Acceptable licenses are those allowlisted by the CNCF[2]. + +You MUST NOT add any new dependencies whose licenses are not allowlisted by the CNCF, +or which do not have an explicit license exception[3]. + +## For Users + +If this file was included in a release artifact, it is a snapshot of the licenses of all dependencies at the time of the release. + +You can retrieve the actual license text by following these steps: + +1. Find the dependency name in this file +2. Go to the source code repository of this project, and go to the tag corresponding to this release. +3. Find the exact version of the dependency in the `go.mod` file +4. Search for the dependency at the correct version in the [Go package index](https://pkg.go.dev/). + +## Links + +[0]: https://github.com/cert-manager/makefile-modules/ +[1]: https://github.com/google/go-licenses +[2]: https://github.com/cncf/foundation/blob/db4179134ebe7fa00b140a050c19147db808b6fa/policies-guidance/allowed-third-party-license-policy.md#cncf-allowlist-license-policy +[3]: https://github.com/cncf/foundation/blob/db4179134ebe7fa00b140a050c19147db808b6fa/license-exceptions/README.md + +--- + +cel.dev/expr,Apache-2.0 +cloud.google.com/go/auth,Apache-2.0 +cloud.google.com/go/auth/oauth2adapt,Apache-2.0 +cloud.google.com/go/compute/metadata,Apache-2.0 +github.com/Azure/azure-sdk-for-go/sdk/azcore,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,MIT +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,MIT +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns,MIT +github.com/Azure/go-ntlmssp,MIT +github.com/AzureAD/microsoft-authentication-library-for-go/apps,MIT +github.com/Khan/genqlient/graphql,MIT +github.com/NYTimes/gziphandler,Apache-2.0 +github.com/Venafi/vcert/v5,Apache-2.0 +github.com/akamai/AkamaiOPEN-edgegrid-golang/v13/pkg,Apache-2.0 +github.com/antlr4-go/antlr/v4,BSD-3-Clause +github.com/aws/aws-sdk-go-v2,Apache-2.0 +github.com/aws/aws-sdk-go-v2/config,Apache-2.0 +github.com/aws/aws-sdk-go-v2/credentials,Apache-2.0 +github.com/aws/aws-sdk-go-v2/feature/ec2/imds,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/configsources,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/ini,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/route53,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/signin,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sso,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/ssooidc,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sts,Apache-2.0 +github.com/aws/smithy-go,Apache-2.0 +github.com/aws/smithy-go/internal/sync/singleflight,BSD-3-Clause +github.com/benbjohnson/clock,MIT +github.com/beorn7/perks/quantile,MIT +github.com/blang/semver/v4,MIT +github.com/cenkalti/backoff/v4,MIT +github.com/cenkalti/backoff/v5,MIT +github.com/cert-manager/cert-manager,Apache-2.0 +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,MIT +github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,MIT +github.com/cert-manager/cert-manager/third_party/forked/acme,BSD-3-Clause +github.com/cespare/xxhash/v2,MIT +github.com/coreos/go-semver/semver,Apache-2.0 +github.com/coreos/go-systemd/v22,Apache-2.0 +github.com/davecgh/go-spew/spew,ISC +github.com/digitalocean/godo,MIT +github.com/digitalocean/godo,BSD-3-Clause +github.com/emicklei/go-restful/v3,MIT +github.com/evanphx/json-patch/v5,BSD-3-Clause +github.com/felixge/httpsnoop,MIT +github.com/fsnotify/fsnotify,BSD-3-Clause +github.com/fxamacker/cbor/v2,MIT +github.com/go-asn1-ber/asn1-ber,MIT +github.com/go-http-utils/headers,MIT +github.com/go-jose/go-jose/v4,Apache-2.0 +github.com/go-jose/go-jose/v4/json,BSD-3-Clause +github.com/go-ldap/ldap/v3,MIT +github.com/go-logr/logr,Apache-2.0 +github.com/go-logr/stdr,Apache-2.0 +github.com/go-logr/zapr,Apache-2.0 +github.com/go-openapi/jsonpointer,Apache-2.0 +github.com/go-openapi/jsonreference,Apache-2.0 +github.com/go-openapi/swag,Apache-2.0 +github.com/go-openapi/swag/jsonname,Apache-2.0 +github.com/go-ozzo/ozzo-validation/v4,MIT +github.com/gogo/protobuf,BSD-3-Clause +github.com/golang-jwt/jwt/v5,MIT +github.com/golang/protobuf/proto,BSD-3-Clause +github.com/golang/snappy,BSD-3-Clause +github.com/google/btree,Apache-2.0 +github.com/google/cel-go,Apache-2.0 +github.com/google/cel-go,BSD-3-Clause +github.com/google/certificate-transparency-go,Apache-2.0 +github.com/google/gnostic-models,Apache-2.0 +github.com/google/go-cmp/cmp,BSD-3-Clause +github.com/google/go-querystring/query,BSD-3-Clause +github.com/google/s2a-go,Apache-2.0 +github.com/google/uuid,BSD-3-Clause +github.com/googleapis/enterprise-certificate-proxy/client,Apache-2.0 +github.com/googleapis/gax-go/v2,BSD-3-Clause +github.com/gorilla/websocket,BSD-2-Clause +github.com/grpc-ecosystem/go-grpc-prometheus,Apache-2.0 +github.com/grpc-ecosystem/grpc-gateway/v2,BSD-3-Clause +github.com/hashicorp/errwrap,MPL-2.0 +github.com/hashicorp/go-cleanhttp,MPL-2.0 +github.com/hashicorp/go-hmac-drbg/hmacdrbg,MIT +github.com/hashicorp/go-multierror,MPL-2.0 +github.com/hashicorp/go-retryablehttp,MPL-2.0 +github.com/hashicorp/go-rootcerts,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/cryptoutil,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/parseutil,MPL-2.0 +github.com/hashicorp/go-secure-stdlib/strutil,MPL-2.0 +github.com/hashicorp/go-sockaddr,MPL-2.0 +github.com/hashicorp/hcl,MPL-2.0 +github.com/hashicorp/vault/api,MPL-2.0 +github.com/hashicorp/vault/sdk/helper,MPL-2.0 +github.com/josharian/intern,MIT +github.com/json-iterator/go,MIT +github.com/kylelemons/godebug,Apache-2.0 +github.com/mailru/easyjson,MIT +github.com/miekg/dns,BSD-3-Clause +github.com/mitchellh/go-homedir,MIT +github.com/mitchellh/mapstructure,MIT +github.com/modern-go/concurrent,Apache-2.0 +github.com/modern-go/reflect2,Apache-2.0 +github.com/munnerz/goautoneg,BSD-3-Clause +github.com/nrdcg/goacmedns,MIT +github.com/pavlo-v-chernykh/keystore-go/v4,MIT +github.com/pierrec/lz4,BSD-3-Clause +github.com/pkg/browser,BSD-2-Clause +github.com/pmezard/go-difflib/difflib,BSD-3-Clause +github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil,BSD-3-Clause +github.com/prometheus/client_golang/prometheus,Apache-2.0 +github.com/prometheus/client_model/go,Apache-2.0 +github.com/prometheus/common,Apache-2.0 +github.com/prometheus/procfs,Apache-2.0 +github.com/ryanuber/go-glob,MIT +github.com/sosodev/duration,MIT +github.com/spf13/cobra,Apache-2.0 +github.com/spf13/pflag,BSD-3-Clause +github.com/stoewer/go-strcase,MIT +github.com/stretchr/objx,MIT +github.com/stretchr/testify,MIT +github.com/vektah/gqlparser/v2,MIT +github.com/x448/float16,MIT +github.com/youmark/pkcs8,MIT +go.etcd.io/etcd/api/v3,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,Apache-2.0 +go.etcd.io/etcd/client/v3,Apache-2.0 +go.opentelemetry.io/auto/sdk,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,Apache-2.0 +go.opentelemetry.io/otel,Apache-2.0 +go.opentelemetry.io/otel,BSD-3-Clause +go.opentelemetry.io/otel/exporters/otlp/otlptrace,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,Apache-2.0 +go.opentelemetry.io/otel/metric,Apache-2.0 +go.opentelemetry.io/otel/metric,BSD-3-Clause +go.opentelemetry.io/otel/sdk,Apache-2.0 +go.opentelemetry.io/otel/sdk,BSD-3-Clause +go.opentelemetry.io/otel/trace,Apache-2.0 +go.opentelemetry.io/otel/trace,BSD-3-Clause +go.opentelemetry.io/proto/otlp,Apache-2.0 +go.uber.org/multierr,MIT +go.uber.org/ratelimit,MIT +go.uber.org/zap,MIT +go.yaml.in/yaml/v2,Apache-2.0 +go.yaml.in/yaml/v3,MIT +golang.org/x/crypto,BSD-3-Clause +golang.org/x/exp/slices,BSD-3-Clause +golang.org/x/net,BSD-3-Clause +golang.org/x/oauth2,BSD-3-Clause +golang.org/x/sync,BSD-3-Clause +golang.org/x/sys,BSD-3-Clause +golang.org/x/term,BSD-3-Clause +golang.org/x/text,BSD-3-Clause +golang.org/x/time/rate,BSD-3-Clause +gomodules.xyz/jsonpatch/v2,Apache-2.0 +google.golang.org/api,BSD-3-Clause +google.golang.org/api/internal/third_party/uritemplates,BSD-3-Clause +google.golang.org/genproto/googleapis/api,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,Apache-2.0 +google.golang.org/grpc,Apache-2.0 +google.golang.org/protobuf,BSD-3-Clause +gopkg.in/evanphx/json-patch.v4,BSD-3-Clause +gopkg.in/inf.v0,BSD-3-Clause +gopkg.in/ini.v1,Apache-2.0 +gopkg.in/natefinch/lumberjack.v2,MIT +gopkg.in/yaml.v2,Apache-2.0 +gopkg.in/yaml.v3,MIT +k8s.io/api,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,Apache-2.0 +k8s.io/apimachinery/pkg,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,BSD-3-Clause +k8s.io/apiserver,Apache-2.0 +k8s.io/client-go,Apache-2.0 +k8s.io/component-base,Apache-2.0 +k8s.io/klog/v2,Apache-2.0 +k8s.io/kms,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,Apache-2.0 +k8s.io/kube-openapi/pkg,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,BSD-3-Clause +k8s.io/kube-openapi/pkg/internal/third_party/govalidator,MIT +k8s.io/kube-openapi/pkg/validation/errors,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/spec,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/strfmt,Apache-2.0 +k8s.io/utils,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,Apache-2.0 +sigs.k8s.io/controller-runtime,Apache-2.0 +sigs.k8s.io/gateway-api,Apache-2.0 +sigs.k8s.io/json,Apache-2.0 +sigs.k8s.io/json,BSD-3-Clause +sigs.k8s.io/randfill,Apache-2.0 +sigs.k8s.io/structured-merge-diff/v6,Apache-2.0 +sigs.k8s.io/yaml,MIT +sigs.k8s.io/yaml,Apache-2.0 +sigs.k8s.io/yaml,BSD-3-Clause +software.sslmate.com/src/go-pkcs12,BSD-3-Clause diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go index 92b6583d629..5ba5e8f1c45 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/doc.go @@ -16,5 +16,6 @@ limitations under the License. // Package v1 is the v1 version of the API. // +k8s:deepcopy-gen=package,register +// +k8s:openapi-gen=true // +groupName=acme.cert-manager.io package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go index edfc16f1e65..8e1375f1613 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types.go @@ -34,6 +34,15 @@ const ( // solver for each ingress class. ACMECertificateHTTP01IngressClassOverride = "acme.cert-manager.io/http01-override-ingress-class" + // ACMECertificateHTTP01IngressClassNameOverride is annotation to override ingressClassName. + // If this annotation is specified on a Certificate or Order resource when + // using the HTTP01 solver type, the ingress.ingressClassName field of the HTTP01 + // solver's configuration will be set to the value given here. + // This is especially useful for users deploying many different ingress + // classes into a single cluster that want to be able to re-use a single + // solver for each ingress class. + ACMECertificateHTTP01IngressClassNameOverride = "acme.cert-manager.io/http01-override-ingress-ingressclassname" + // IngressEditInPlaceAnnotationKey is used to toggle the use of ingressClass instead // of ingress on the created Certificate resource IngressEditInPlaceAnnotationKey = "acme.cert-manager.io/http01-edit-in-place" @@ -49,6 +58,15 @@ const ( // SolverIdentificationLabelKey is added to the labels of a Pod serving an ACME challenge. // Its value will be the "true" if the Pod is an HTTP-01 solver. SolverIdentificationLabelKey = "acme.cert-manager.io/http01-solver" + + // ACMECertificateHTTP01ParentRefName is an annotation to specify the parent ref + // for the HTTPRoute that would be created by using the HTTP01 solver. If not specified + // then parentRef mentioned in the HTTP01 solver config will be used. + ACMECertificateHTTP01ParentRefName = "acme.cert-manager.io/http01-parentrefname" + + // ACMECertificateHTTP01ParentRefKind is an annotation to specify the parent ref kind + // for the HTTPRoute that would be created by using the HTTP01 solver. + ACMECertificateHTTP01ParentRefKind = "acme.cert-manager.io/http01-parentrefkind" ) const ( diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go index cfc4f241429..eca29e56e7a 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_challenge.go @@ -25,15 +25,17 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:storageversion - -// Challenge is a type to represent a Challenge request with an ACME server -// +k8s:openapi-gen=true // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state" // +kubebuilder:printcolumn:name="Domain",type="string",JSONPath=".spec.dnsName" // +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:resource:scope=Namespaced,categories={cert-manager,cert-manager-acme} +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.group +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.kind +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.name // +kubebuilder:subresource:status -// +kubebuilder:resource:path=challenges + +// Challenge is a type to represent a Challenge request with an ACME server type Challenge struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -62,9 +64,9 @@ type ChallengeSpec struct { // challenge is a part of. AuthorizationURL string `json:"authorizationURL"` - // dnsName is the identifier that this challenge is for, e.g. example.com. + // dnsName is the identifier that this challenge is for, e.g., example.com. // If the requested DNSName is a 'wildcard', this field MUST be set to the - // non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + // non-wildcard domain, e.g., for `*.example.com`, it must be `example.com`. DNSName string `json:"dnsName"` // wildcard will be true if this challenge is for a wildcard identifier, @@ -98,7 +100,7 @@ type ChallengeSpec struct { // If the Issuer does not exist, processing will be retried. // If the Issuer is not an 'ACME' Issuer, an error will be returned and the // Challenge will be marked as failed. - IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + IssuerRef cmmeta.IssuerReference `json:"issuerRef"` } // The type of ACME challenge. Only HTTP-01 and DNS-01 are supported. diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go index 04daf9dec5f..adb6ab137cb 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_issuer.go @@ -46,7 +46,7 @@ type ACMEIssuer struct { // PreferredChain is the chain to use if the ACME server outputs multiple. // PreferredChain is no guarantee that this one gets delivered by the ACME // endpoint. - // For example, for Let's Encrypt's DST crosssign you would use: + // For example, for Let's Encrypt's DST cross-sign you would use: // "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. // This value picks the first certificate bundle in the combined set of // ACME default and alternative chains that has a root-most certificate with @@ -96,6 +96,7 @@ type ACMEIssuer struct { // from an ACME server. // For more information, see: https://cert-manager.io/docs/configuration/acme/ // +optional + // +listType=atomic Solvers []ACMEChallengeSolver `json:"solvers,omitempty"` // Enables or disables generating a new ACME account key. @@ -114,6 +115,11 @@ type ACMEIssuer struct { // Defaults to false. // +optional EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` + + // Profile allows requesting a certificate profile from the ACME server. + // Supported profiles are listed by the server's ACME directory URL. + // +optional + Profile string `json:"profile,omitempty"` } // ACMEExternalAccountBinding is a reference to a CA external account of the ACME @@ -163,7 +169,7 @@ type ACMEChallengeSolver struct { // Configures cert-manager to attempt to complete authorizations by // performing the HTTP01 challenge flow. // It is not possible to obtain certificates for wildcard domain names - // (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + // (e.g., `*.example.com`) using the HTTP01 challenge mechanism. // +optional HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"` @@ -191,6 +197,7 @@ type CertificateDNSNameSelector struct { // If neither has more matches, the solver defined earlier in the list // will be selected. // +optional + // +listType=atomic DNSNames []string `json:"dnsNames,omitempty"` // List of DNSZones that this solver will be used to solve. @@ -203,6 +210,7 @@ type CertificateDNSNameSelector struct { // If neither has more matches, the solver defined earlier in the list // will be selected. // +optional + // +listType=atomic DNSZones []string `json:"dnsZones,omitempty"` } @@ -285,6 +293,8 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // cert-manager needs to know which parentRefs should be used when creating // the HTTPRoute. Usually, the parentRef references a Gateway. See: // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + // +optional + // +listType=atomic ParentRefs []gwapi.ParentReference `json:"parentRefs,omitempty"` // Optional pod template used to configure the ACME challenge solver pods @@ -331,6 +341,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's tolerations. // +optional + // +listType=atomic Tolerations []corev1.Toleration `json:"tolerations,omitempty"` // If specified, the pod's priorityClassName. @@ -343,11 +354,24 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's imagePullSecrets // +optional + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"` // If specified, the pod's security context // +optional SecurityContext *ACMEChallengeSolverHTTP01IngressPodSecurityContext `json:"securityContext,omitempty"` + + // If specified, the pod's resource requirements. + // These values override the global resource configuration flags. + // Note that when only specifying resource limits, ensure they are greater than or equal + // to the corresponding global resource requests configured via controller flags + // (--acme-http01-solver-resource-request-cpu, --acme-http01-solver-resource-request-memory). + // Kubernetes will reject pod creation if limits are lower than requests, causing challenge failures. + // +optional + Resources *ACMEChallengeSolverHTTP01IngressPodResources `json:"resources,omitempty"` } type ACMEChallengeSolverHTTP01IngressTemplate struct { @@ -459,6 +483,7 @@ type ACMEChallengeSolverHTTP01IngressPodSecurityContext struct { // even if they are not included in this list. // Note that this field cannot be set when spec.os.name is windows. // +optional + // +listType=atomic SupplementalGroups []int64 `json:"supplementalGroups,omitempty"` // A special supplemental group that applies to all containers in a pod. // Some volume types allow the Kubelet to change the ownership of that volume @@ -476,6 +501,7 @@ type ACMEChallengeSolverHTTP01IngressPodSecurityContext struct { // sysctls (by the container runtime) might fail to launch. // Note that this field cannot be set when spec.os.name is windows. // +optional + // +listType=atomic Sysctls []corev1.Sysctl `json:"sysctls,omitempty"` // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume // before being exposed inside Pod. This field will only apply to @@ -492,6 +518,21 @@ type ACMEChallengeSolverHTTP01IngressPodSecurityContext struct { SeccompProfile *corev1.SeccompProfile `json:"seccompProfile,omitempty"` } +// ACMEChallengeSolverHTTP01IngressPodResources defines resource requirements for ACME HTTP01 solver pods. +// To keep API surface essential, this trims down the 'corev1.ResourceRequirements' type to only include the Requests and Limits fields. +type ACMEChallengeSolverHTTP01IngressPodResources struct { + // Limits describes the maximum amount of compute resources allowed. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + Limits corev1.ResourceList `json:"limits,omitempty"` + // Requests describes the minimum amount of compute resources required. + // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + // otherwise to the global values configured via controller flags. Requests cannot exceed Limits. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + Requests corev1.ResourceList `json:"requests,omitempty"` +} + // CNAMEStrategy configures how the DNS01 provider should handle CNAME records // when found in DNS zones. // By default, the None strategy will be applied (i.e. do not follow CNAMEs). @@ -568,8 +609,8 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // The AccessKeyID is used for authentication. // Cannot be set when SecretAccessKeyID is set. - // If neither the Access Key nor Key ID are set, we fall-back to using env - // vars, shared credentials file or AWS Instance metadata, + // If neither the Access Key nor Key ID are set, we fall back to using env + // vars, shared credentials file, or AWS Instance metadata, // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional AccessKeyID string `json:"accessKeyID,omitempty"` @@ -577,15 +618,15 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // The SecretAccessKey is used for authentication. If set, pull the AWS // access key ID from a key within a Kubernetes Secret. // Cannot be set when AccessKeyID is set. - // If neither the Access Key nor Key ID are set, we fall-back to using env - // vars, shared credentials file or AWS Instance metadata, + // If neither the Access Key nor Key ID are set, we fall back to using env + // vars, shared credentials file, or AWS Instance metadata, // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional SecretAccessKeyID *cmmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication. - // If neither the Access Key nor Key ID are set, we fall-back to using env - // vars, shared credentials file or AWS Instance metadata, + // If neither the Access Key nor Key ID are set, we fall back to using env + // vars, shared credentials file, or AWS Instance metadata, // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional SecretAccessKey cmmeta.SecretKeySelector `json:"secretAccessKeySecretRef"` @@ -653,6 +694,7 @@ type ServiceAccountRef struct { // and name is always included. // If unset the audience defaults to `sts.amazonaws.com`. // +optional + // +listType=atomic TokenAudiences []string `json:"audiences,omitempty"` } @@ -696,20 +738,45 @@ type ACMEIssuerDNS01ProviderAzureDNS struct { // If set, ClientID, ClientSecret and TenantID must not be set. // +optional ManagedIdentity *AzureManagedIdentity `json:"managedIdentity,omitempty"` + + // ZoneType determines which type of Azure DNS zone to use. + // + // Valid values are: + // - AzurePublicZone (default): Use a public Azure DNS zone. + // - AzurePrivateZone: Use an Azure Private DNS zone. + // + // If not specified, AzurePublicZone is used. + // + // Support for Azure Private DNS zones is currently + // experimental and may change in future releases. + // +optional + ZoneType AzureZoneType `json:"zoneType,omitempty"` } +// +kubebuilder:validation:Enum=AzurePublicZone;AzurePrivateZone +type AzureZoneType string + +const ( + PrivateAzureZone AzureZoneType = "AzurePrivateZone" + PublicAzureZone AzureZoneType = "AzurePublicZone" +) + // AzureManagedIdentity contains the configuration for Azure Workload Identity or Azure Managed Service Identity // If the AZURE_FEDERATED_TOKEN_FILE environment variable is set, the Azure Workload Identity will be used. -// Otherwise, we fall-back to using Azure Managed Service Identity. +// Otherwise, we fall back to using Azure Managed Service Identity. type AzureManagedIdentity struct { - // client ID of the managed identity, can not be used at the same time as resourceID + // client ID of the managed identity, cannot be used at the same time as resourceID // +optional ClientID string `json:"clientID,omitempty"` - // resource ID of the managed identity, can not be used at the same time as clientID + // resource ID of the managed identity, cannot be used at the same time as clientID // Cannot be used for Azure Managed Service Identity // +optional ResourceID string `json:"resourceID,omitempty"` + + // tenant ID of the managed identity, cannot be used at the same time as resourceID + // +optional + TenantID string `json:"tenantID,omitempty"` } // +kubebuilder:validation:Enum=AzurePublicCloud;AzureChinaCloud;AzureGermanCloud;AzureUSGovernmentCloud @@ -735,7 +802,7 @@ type ACMEIssuerDNS01ProviderAcmeDNS struct { type ACMEIssuerDNS01ProviderRFC2136 struct { // The IP address or hostname of an authoritative DNS server supporting // RFC2136 in the form host:port. If the host is an IPv6 address it must be - // enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + // enclosed in square brackets (e.g [2001:db8::1]); port is optional. // This field is required. Nameserver string `json:"nameserver"` @@ -755,8 +822,22 @@ type ACMEIssuerDNS01ProviderRFC2136 struct { // ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. // +optional TSIGAlgorithm string `json:"tsigAlgorithm,omitempty"` + + // Protocol to use for dynamic DNS update queries. Valid values are (case-sensitive) ``TCP`` and ``UDP``; ``UDP`` (default). + // +optional + Protocol RFC2136UpdateProtocol `json:"protocol,omitempty"` } +// +kubebuilder:validation:Enum=TCP;UDP +type RFC2136UpdateProtocol string + +const ( + // RFC2136UpdateProtocolTCP utilizes TCP to update queries. + RFC2136UpdateProtocolTCP RFC2136UpdateProtocol = "TCP" + // RFC2136UpdateProtocolUDP utilizes UDP to update queries. + RFC2136UpdateProtocolUDP RFC2136UpdateProtocol = "UDP" +) + // ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01 // provider, including where to POST ChallengePayload resources. type ACMEIssuerDNS01ProviderWebhook struct { @@ -768,14 +849,14 @@ type ACMEIssuerDNS01ProviderWebhook struct { // The name of the solver to use, as defined in the webhook provider // implementation. - // This will typically be the name of the provider, e.g. 'cloudflare'. + // This will typically be the name of the provider, e.g., 'cloudflare'. SolverName string `json:"solverName"` // Additional configuration that should be passed to the webhook apiserver // when challenges are processed. // This can contain arbitrary JSON data. // Secret values should not be specified in this stanza. - // If secret values are needed (e.g. credentials for a DNS service), you + // If secret values are needed (e.g., credentials for a DNS service), you // should use a SecretKeySelector to reference a Secret resource. // For details on the schema of this field, consult the webhook provider // implementation's documentation. diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go index f945a43ff00..018109ad470 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/types_order.go @@ -25,9 +25,17 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:storageversion +// +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.state" +// +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=".spec.issuerRef.name",priority=1 +// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason",description="",priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:resource:scope=Namespaced,categories={cert-manager,cert-manager-acme} +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.group +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.kind +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.name +// +kubebuilder:subresource:status // Order is a type to represent an Order with an ACME server -// +k8s:openapi-gen=true type Order struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -58,7 +66,7 @@ type OrderSpec struct { // If the Issuer does not exist, processing will be retried. // If the Issuer is not an 'ACME' Issuer, an error will be returned and the // Order will be marked as failed. - IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + IssuerRef cmmeta.IssuerReference `json:"issuerRef"` // CommonName is the common name as specified on the DER encoded CSR. // If specified, this value must also be present in `dnsNames` or `ipAddresses`. @@ -69,19 +77,26 @@ type OrderSpec struct { // DNSNames is a list of DNS names that should be included as part of the Order // validation process. // This field must match the corresponding field on the DER encoded CSR. - //+optional + // +optional + // +listType=atomic DNSNames []string `json:"dnsNames,omitempty"` // IPAddresses is a list of IP addresses that should be included as part of the Order // validation process. // This field must match the corresponding field on the DER encoded CSR. // +optional + // +listType=atomic IPAddresses []string `json:"ipAddresses,omitempty"` // Duration is the duration for the not after date for the requested certificate. // this is set on order creation as pe the ACME spec. // +optional Duration *metav1.Duration `json:"duration,omitempty"` + + // Profile allows requesting a certificate profile from the ACME server. + // Supported profiles are listed by the server's ACME directory URL. + // +optional + Profile string `json:"profile,omitempty"` } type OrderStatus struct { @@ -101,6 +116,7 @@ type OrderStatus struct { // authorizations must be completed in order to validate the DNS names // specified on the Order. // +optional + // +listType=atomic Authorizations []ACMEAuthorization `json:"authorizations,omitempty"` // Certificate is a copy of the PEM encoded certificate for this Order. @@ -161,6 +177,7 @@ type ACMEAuthorization struct { // name and an appropriate Challenge resource will be created to perform // the ACME challenge process. // +optional + // +listType=atomic Challenges []ACMEChallenge `json:"challenges,omitempty"` } @@ -176,7 +193,7 @@ type ACMEChallenge struct { // This is used to compute the 'key' that must also be presented. Token string `json:"token"` - // Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', + // Type is the type of challenge being offered, e.g., 'http-01', 'dns-01', // 'tls-sni-01', etc. // This is the raw value retrieved from the ACME server. // Only 'http-01' and 'dns-01' are supported by cert-manager, other values diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go index 09f27f5cc5f..e1b4500daab 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/acme/v1/zz_generated.deepcopy.go @@ -321,6 +321,36 @@ func (in *ACMEChallengeSolverHTTP01IngressPodObjectMeta) DeepCopy() *ACMEChallen return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ACMEChallengeSolverHTTP01IngressPodResources) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodResources) { + *out = *in + if in.Limits != nil { + in, out := &in.Limits, &out.Limits + *out = make(corev1.ResourceList, len(*in)) + for key, val := range *in { + (*out)[key] = val.DeepCopy() + } + } + if in.Requests != nil { + in, out := &in.Requests, &out.Requests + *out = make(corev1.ResourceList, len(*in)) + for key, val := range *in { + (*out)[key] = val.DeepCopy() + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ACMEChallengeSolverHTTP01IngressPodResources. +func (in *ACMEChallengeSolverHTTP01IngressPodResources) DeepCopy() *ACMEChallengeSolverHTTP01IngressPodResources { + if in == nil { + return nil + } + out := new(ACMEChallengeSolverHTTP01IngressPodResources) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEChallengeSolverHTTP01IngressPodSecurityContext) DeepCopyInto(out *ACMEChallengeSolverHTTP01IngressPodSecurityContext) { *out = *in @@ -414,6 +444,11 @@ func (in *ACMEChallengeSolverHTTP01IngressPodSpec) DeepCopyInto(out *ACMEChallen *out = new(ACMEChallengeSolverHTTP01IngressPodSecurityContext) (*in).DeepCopyInto(*out) } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = new(ACMEChallengeSolverHTTP01IngressPodResources) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go index 348211c6859..3830f7af353 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/doc.go @@ -16,6 +16,7 @@ limitations under the License. // Package v1 is the v1 version of the API. // +k8s:deepcopy-gen=package,register +// +k8s:openapi-gen=true // +groupName=cert-manager.io // +groupGoName=Certmanager package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go index d757978fe0c..db262ef80d9 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/generic_issuer.go @@ -27,6 +27,7 @@ type GenericIssuer interface { runtime.Object metav1.Object + // Deprecated: Use the metav1.Object functions directly instead. GetObjectMeta() *metav1.ObjectMeta GetSpec() *IssuerSpec GetStatus() *IssuerStatus @@ -35,6 +36,7 @@ type GenericIssuer interface { var _ GenericIssuer = &Issuer{} var _ GenericIssuer = &ClusterIssuer{} +// Deprecated: Use the metav1.Object functions directly instead. func (c *ClusterIssuer) GetObjectMeta() *metav1.ObjectMeta { return &c.ObjectMeta } @@ -53,6 +55,8 @@ func (c *ClusterIssuer) SetStatus(status IssuerStatus) { func (c *ClusterIssuer) Copy() GenericIssuer { return c.DeepCopy() } + +// Deprecated: Use the metav1.Object functions directly instead. func (c *Issuer) GetObjectMeta() *metav1.ObjectMeta { return &c.ObjectMeta } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go index 1afeedf022e..17c5750e70c 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types.go @@ -143,6 +143,9 @@ const ( // IngressACMEIssuerHTTP01IngressClassAnnotationKey holds the acmeIssuerHTTP01IngressClassAnnotation value // which can be used to override the http01 ingressClass if the challenge type is set to http01 IngressACMEIssuerHTTP01IngressClassAnnotationKey = "acme.cert-manager.io/http01-ingress-class" + // IngressACMEIssuerHTTP01IngressClassNameAnnotationKey holds the annotation value + // which can be used to override the http01 ingressClassName if the challenge type is set to http01 + IngressACMEIssuerHTTP01IngressClassNameAnnotationKey = "acme.cert-manager.io/http01-ingress-ingressclassname" // IngressClassAnnotationKey picks a specific "class" for the Ingress. The // controller only processes Ingresses with this annotation either unset, or @@ -211,15 +214,15 @@ const ( // Issuer specific Annotations const ( - // VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Venafi issuer - // This will only work with Venafi TPP v19.3 and higher + // VenafiCustomFieldsAnnotationKey is the annotation that passes on JSON encoded custom fields to the Certificate Manager issuer + // This will only work with CyberArk Certificate Manager Self-Hosted v19.3 and higher // The value is an array with objects containing the name and value keys // for example: `[{"name": "custom-field", "value": "custom-value"}]` VenafiCustomFieldsAnnotationKey = "venafi.cert-manager.io/custom-fields" // VenafiPickupIDAnnotationKey is the annotation key used to record the - // Venafi Pickup ID of a certificate signing request that has been submitted - // to the Venafi API for collection later. + // Certificate Manager Pickup ID of a certificate signing request that has been submitted + // to the Certificate Manager for collection later. VenafiPickupIDAnnotationKey = "venafi.cert-manager.io/pickup-id" ) @@ -294,6 +297,9 @@ const ( JKSSecretKey = "keystore.jks" // Data Entry Name in the Secret resource for JKS containing Certificate Authority JKSTruststoreKey = "truststore.jks" + + // The password used to encrypt the keystore and truststore + KeystorePassword = "keystorePassword" ) // DefaultKeyUsages contains the default list of key usages diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go index 68e2ccfb753..80e641520fb 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificate.go @@ -27,6 +27,16 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:storageversion +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].status` +// +kubebuilder:printcolumn:name="Secret",type="string",JSONPath=`.spec.secretName` +// +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=`.spec.issuerRef.name`,priority=1 +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].message`,priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp`,description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:resource:scope=Namespaced,shortName={cert,certs},categories=cert-manager +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.group +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.kind +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.name +// +kubebuilder:subresource:status // A Certificate resource should be created to ensure an up to date and signed // X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. @@ -85,11 +95,9 @@ type PrivateKeyEncoding string const ( // PKCS1 private key encoding. - // PKCS1 produces a PEM block that contains the private key algorithm - // in the header and the private key in the body. A key that uses this - // can be recognised by its `BEGIN RSA PRIVATE KEY` or `BEGIN EC PRIVATE KEY` header. - // NOTE: This encoding is not supported for Ed25519 keys. Attempting to use - // this encoding with an Ed25519 key will be ignored and default to PKCS8. + // For RSA keys: produces PEM block with `BEGIN RSA PRIVATE KEY` header and private key in PKCS#1 format. + // For EC keys: produces PEM block with `BEGIN EC PRIVATE KEY` header and private key in SEC 1 format. + // For Ed25519 keys: option will be ignored and PKCS8 encoding will be used instead. PKCS1 PrivateKeyEncoding = "PKCS1" // PKCS8 private key encoding. @@ -99,6 +107,19 @@ const ( PKCS8 PrivateKeyEncoding = "PKCS8" ) +// +kubebuilder:validation:Enum=SHA256WithRSA;SHA384WithRSA;SHA512WithRSA;ECDSAWithSHA256;ECDSAWithSHA384;ECDSAWithSHA512;PureEd25519 +type SignatureAlgorithm string + +const ( + SHA256WithRSA SignatureAlgorithm = "SHA256WithRSA" + SHA384WithRSA SignatureAlgorithm = "SHA384WithRSA" + SHA512WithRSA SignatureAlgorithm = "SHA512WithRSA" + ECDSAWithSHA256 SignatureAlgorithm = "ECDSAWithSHA256" + ECDSAWithSHA384 SignatureAlgorithm = "ECDSAWithSHA384" + ECDSAWithSHA512 SignatureAlgorithm = "ECDSAWithSHA512" + PureEd25519 SignatureAlgorithm = "PureEd25519" +) + // CertificateSpec defines the desired state of Certificate. // // NOTE: The specification contains a lot of "requested" certificate attributes, it is @@ -187,14 +208,17 @@ type CertificateSpec struct { // Requested DNS subject alternative names. // +optional + // +listType=atomic DNSNames []string `json:"dnsNames,omitempty"` // Requested IP address subject alternative names. // +optional + // +listType=atomic IPAddresses []string `json:"ipAddresses,omitempty"` // Requested URI subject alternative names. // +optional + // +listType=atomic URIs []string `json:"uris,omitempty"` // `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 @@ -202,10 +226,12 @@ type CertificateSpec struct { // Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 // You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. // +optional + // +listType=atomic OtherNames []OtherName `json:"otherNames,omitempty"` // Requested email subject alternative names. // +optional + // +listType=atomic EmailAddresses []string `json:"emailAddresses,omitempty"` // Name of the Secret resource that will be automatically created and @@ -232,7 +258,7 @@ type CertificateSpec struct { // from any namespace. // // The `name` field of the reference must always be specified. - IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + IssuerRef cmmeta.IssuerReference `json:"issuerRef"` // Requested basic constraints isCA value. // The isCA value is used to set the `isCA` field on the created CertificateRequest @@ -251,6 +277,7 @@ type CertificateSpec struct { // // If unset, defaults to `digital signature` and `key encipherment`. // +optional + // +listType=atomic Usages []KeyUsage `json:"usages,omitempty"` // Private key options. These include the key algorithm and size, the used @@ -258,6 +285,13 @@ type CertificateSpec struct { // +optional PrivateKey *CertificatePrivateKey `json:"privateKey,omitempty"` + // Signature algorithm to use. + // Allowed values for RSA keys: SHA256WithRSA, SHA384WithRSA, SHA512WithRSA. + // Allowed values for ECDSA keys: ECDSAWithSHA256, ECDSAWithSHA384, ECDSAWithSHA512. + // Allowed values for Ed25519 keys: PureEd25519. + // +optional + SignatureAlgorithm SignatureAlgorithm `json:"signatureAlgorithm,omitempty"` + // Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. // // This option defaults to true, and should only be disabled if the target @@ -272,18 +306,14 @@ type CertificateSpec struct { // revisions exceeds this number. // // If set, revisionHistoryLimit must be a value of `1` or greater. - // If unset (`nil`), revisions will not be garbage collected. - // Default value is `nil`. + // Default value is `1`. // +optional RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"` // Defines extra output formats of the private key and signed certificate chain // to be written to this Certificate's target Secret. - // - // This is a Beta Feature enabled by default. It can be disabled with the - // `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both - // the controller and webhook components. // +optional + // +listType=atomic AdditionalOutputFormats []CertificateAdditionalOutputFormat `json:"additionalOutputFormats,omitempty"` // x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. @@ -321,7 +351,8 @@ type CertificatePrivateKey struct { // to await user intervention. // If set to `Always`, a private key matching the specified requirements // will be generated whenever a re-issuance occurs. - // Default is `Never` for backward compatibility. + // Default is `Always`. + // The default was changed from `Never` to `Always` in cert-manager >=v1.18.0. // +optional RotationPolicy PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"` @@ -420,24 +451,31 @@ type CertificateAdditionalOutputFormat struct { type X509Subject struct { // Organizations to be used on the Certificate. // +optional + // +listType=atomic Organizations []string `json:"organizations,omitempty"` // Countries to be used on the Certificate. // +optional + // +listType=atomic Countries []string `json:"countries,omitempty"` // Organizational Units to be used on the Certificate. // +optional + // +listType=atomic OrganizationalUnits []string `json:"organizationalUnits,omitempty"` // Cities to be used on the Certificate. // +optional + // +listType=atomic Localities []string `json:"localities,omitempty"` // State/Provinces to be used on the Certificate. // +optional + // +listType=atomic Provinces []string `json:"provinces,omitempty"` // Street addresses to be used on the Certificate. // +optional + // +listType=atomic StreetAddresses []string `json:"streetAddresses,omitempty"` // Postal codes to be used on the Certificate. // +optional + // +listType=atomic PostalCodes []string `json:"postalCodes,omitempty"` // Serial number to be used on the Certificate. // +optional @@ -458,13 +496,13 @@ type CertificateKeystores struct { PKCS12 *PKCS12Keystore `json:"pkcs12,omitempty"` } -// JKS configures options for storing a JKS keystore in the `spec.secretName` -// Secret resource. +// JKS configures options for storing a JKS keystore in the target secret. +// Either PasswordSecretRef or Password must be provided. type JKSKeystore struct { // Create enables JKS keystore creation for the Certificate. // If true, a file named `keystore.jks` will be created in the target // Secret resource, encrypted using the password stored in - // `passwordSecretRef`. + // `passwordSecretRef` or `password`. // The keystore file will be updated immediately. // If the issuer provided a CA certificate, a file named `truststore.jks` // will also be created in the target Secret resource, encrypted using the @@ -472,14 +510,23 @@ type JKSKeystore struct { // containing the issuing Certificate Authority Create bool `json:"create"` - // PasswordSecretRef is a reference to a key in a Secret resource - // containing the password used to encrypt the JKS keystore. - PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"` - // Alias specifies the alias of the key in the keystore, required by the JKS format. // If not provided, the default alias `certificate` will be used. // +optional Alias *string `json:"alias,omitempty"` + + // PasswordSecretRef is a reference to a non-empty key in a Secret resource + // containing the password used to encrypt the JKS keystore. + // Mutually exclusive with password. + // One of password or passwordSecretRef must provide a password with a non-zero length. + // +optional + PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef,omitempty"` + + // Password provides a literal password used to encrypt the JKS keystore. + // Mutually exclusive with passwordSecretRef. + // One of password or passwordSecretRef must provide a password with a non-zero length. + // +optional + Password *string `json:"password,omitempty"` // #nosec G117 -- field is part of API spec and may contain a secret; not hardcoded } // PKCS12 configures options for storing a PKCS12 keystore in the @@ -488,7 +535,7 @@ type PKCS12Keystore struct { // Create enables PKCS12 keystore creation for the Certificate. // If true, a file named `keystore.p12` will be created in the target // Secret resource, encrypted using the password stored in - // `passwordSecretRef`. + // `passwordSecretRef` or in `password`. // The keystore file will be updated immediately. // If the issuer provided a CA certificate, a file named `truststore.p12` will // also be created in the target Secret resource, encrypted using the @@ -496,10 +543,6 @@ type PKCS12Keystore struct { // Authority Create bool `json:"create"` - // PasswordSecretRef is a reference to a key in a Secret resource - // containing the password used to encrypt the PKCS12 keystore. - PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef"` - // Profile specifies the key and certificate encryption algorithms and the HMAC algorithm // used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. // @@ -507,10 +550,23 @@ type PKCS12Keystore struct { // `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. // `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. // `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms - // (eg. because of company policy). Please note that the security of the algorithm is not that important + // (e.g., because of company policy). Please note that the security of the algorithm is not that important // in reality, because the unencrypted certificate and private key are also stored in the Secret. // +optional Profile PKCS12Profile `json:"profile,omitempty"` + + // PasswordSecretRef is a reference to a non-empty key in a Secret resource + // containing the password used to encrypt the PKCS#12 keystore. + // Mutually exclusive with password. + // One of password or passwordSecretRef must provide a password with a non-zero length. + // +optional + PasswordSecretRef cmmeta.SecretKeySelector `json:"passwordSecretRef,omitempty"` + + // Password provides a literal password used to encrypt the PKCS#12 keystore. + // Mutually exclusive with passwordSecretRef. + // One of password or passwordSecretRef must provide a password with a non-zero length. + // +optional + Password *string `json:"password,omitempty"` // #nosec G117 -- field is part of API spec and may contain a secret; not hardcoded } // +kubebuilder:validation:Enum=LegacyRC2;LegacyDES;Modern2023 @@ -531,9 +587,9 @@ const ( type CertificateStatus struct { // List of status conditions to indicate the status of certificates. // Known condition types are `Ready` and `Issuing`. + // +optional // +listType=map // +listMapKey=type - // +optional Conditions []CertificateCondition `json:"conditions,omitempty"` // LastFailureTime is set only if the latest issuance for this @@ -692,18 +748,22 @@ type NameConstraintItem struct { // DNSDomains is a list of DNS domains that are permitted or excluded. // // +optional + // +listType=atomic DNSDomains []string `json:"dnsDomains,omitempty"` // IPRanges is a list of IP Ranges that are permitted or excluded. // This should be a valid CIDR notation. // // +optional + // +listType=atomic IPRanges []string `json:"ipRanges,omitempty"` // EmailAddresses is a list of Email Addresses that are permitted or excluded. // // +optional + // +listType=atomic EmailAddresses []string `json:"emailAddresses,omitempty"` // URIDomains is a list of URI domains that are permitted or excluded. // // +optional + // +listType=atomic URIDomains []string `json:"uriDomains,omitempty"` } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go index 8f31d84c0a2..876889d6b84 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_certificaterequest.go @@ -45,6 +45,18 @@ const ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:storageversion +// +kubebuilder:printcolumn:name="Approved",type="string",JSONPath=`.status.conditions[?(@.type == "Approved")].status` +// +kubebuilder:printcolumn:name="Denied",type="string",JSONPath=`.status.conditions[?(@.type == "Denied")].status` +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].status` +// +kubebuilder:printcolumn:name="Issuer",type="string",JSONPath=`.spec.issuerRef.name` +// +kubebuilder:printcolumn:name="Requester",type="string",JSONPath=`.spec.username` +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].message`,priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp`,description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:resource:scope=Namespaced,shortName={cr,crs},categories=cert-manager +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.group +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.kind +// +kubebuilder:selectablefield:JSONPath=.spec.issuerRef.name +// +kubebuilder:subresource:status // A CertificateRequest is used to request a signed certificate from one of the // configured issuers. @@ -55,7 +67,6 @@ const ( // // A CertificateRequest is a one-shot resource, meaning it represents a single // point in time request for a certificate and cannot be re-used. -// +k8s:openapi-gen=true type CertificateRequest struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -110,7 +121,7 @@ type CertificateRequestSpec struct { // from any namespace. // // The `name` field of the reference must always be specified. - IssuerRef cmmeta.ObjectReference `json:"issuerRef"` + IssuerRef cmmeta.IssuerReference `json:"issuerRef"` // The PEM-encoded X.509 certificate signing request to be submitted to the // issuer for signing. @@ -143,6 +154,7 @@ type CertificateRequestSpec struct { // // If unset, defaults to `digital signature` and `key encipherment`. // +optional + // +listType=atomic Usages []KeyUsage `json:"usages,omitempty"` // Username contains the name of the user that created the CertificateRequest. @@ -155,8 +167,8 @@ type CertificateRequestSpec struct { UID string `json:"uid,omitempty"` // Groups contains group membership of the user that created the CertificateRequest. // Populated by the cert-manager webhook on creation and immutable. - // +listType=atomic // +optional + // +listType=atomic Groups []string `json:"groups,omitempty"` // Extra contains extra attributes of the user that created the CertificateRequest. // Populated by the cert-manager webhook on creation and immutable. @@ -169,9 +181,9 @@ type CertificateRequestSpec struct { type CertificateRequestStatus struct { // List of status conditions to indicate the status of a CertificateRequest. // Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + // +optional // +listType=map // +listMapKey=type - // +optional Conditions []CertificateRequestCondition `json:"conditions,omitempty"` // The PEM encoded X.509 certificate resulting from the certificate diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go index efb1f5286da..18cd0bccdd2 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/types_issuer.go @@ -25,9 +25,13 @@ import ( // +genclient // +genclient:nonNamespaced -// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:storageversion +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].status` +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].message`,priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp`,description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:resource:scope=Cluster,shortName=ciss,categories=cert-manager +// +kubebuilder:subresource:status // A ClusterIssuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -57,9 +61,13 @@ type ClusterIssuerList struct { } // +genclient -// +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:storageversion +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].status` +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=`.status.conditions[?(@.type == "Ready")].message`,priority=1 +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=`.metadata.creationTimestamp`,description="CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// +kubebuilder:resource:scope=Namespaced,shortName=iss,categories=cert-manager +// +kubebuilder:subresource:status // An Issuer represents a certificate issuing authority which can be // referenced as part of `issuerRef` fields. @@ -117,52 +125,52 @@ type IssuerConfig struct { // +optional SelfSigned *SelfSignedIssuer `json:"selfSigned,omitempty"` - // Venafi configures this issuer to sign certificates using a Venafi TPP - // or Venafi Cloud policy zone. + // Venafi configures this issuer to sign certificates using a CyberArk Certificate Manager Self-Hosted + // or SaaS policy zone. // +optional Venafi *VenafiIssuer `json:"venafi,omitempty"` } -// Configures an issuer to sign certificates using a Venafi TPP -// or Cloud policy zone. +// Configures an issuer to sign certificates using a CyberArk Certificate Manager Self-Hosted +// or SaaS policy zone. type VenafiIssuer struct { - // Zone is the Venafi Policy Zone to use for this issuer. - // All requests made to the Venafi platform will be restricted by the named + // Zone is the Certificate Manager Policy Zone to use for this issuer. + // All requests made to the Certificate Manager platform will be restricted by the named // zone policy. // This field is required. Zone string `json:"zone"` - // TPP specifies Trust Protection Platform configuration settings. - // Only one of TPP or Cloud may be specified. + // TPP specifies CyberArk Certificate Manager Self-Hosted configuration settings. + // Only one of CyberArk Certificate Manager may be specified. // +optional TPP *VenafiTPP `json:"tpp,omitempty"` - // Cloud specifies the Venafi cloud configuration settings. - // Only one of TPP or Cloud may be specified. + // Cloud specifies the CyberArk Certificate Manager SaaS configuration settings. + // Only one of CyberArk Certificate Manager may be specified. // +optional Cloud *VenafiCloud `json:"cloud,omitempty"` } -// VenafiTPP defines connection configuration details for a Venafi TPP instance +// VenafiTPP defines connection configuration details for a CyberArk Certificate Manager Self-Hosted instance type VenafiTPP struct { - // URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + // URL is the base URL for the vedsdk endpoint of the CyberArk Certificate Manager Self-Hosted instance, // for example: "https://tpp.example.com/vedsdk". URL string `json:"url"` - // CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials. + // CredentialsRef is a reference to a Secret containing the CyberArk Certificate Manager Self-Hosted API credentials. // The secret must contain the key 'access-token' for the Access Token Authentication, // or two keys, 'username' and 'password' for the API Keys Authentication. CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` // Base64-encoded bundle of PEM CAs which will be used to validate the certificate - // chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + // chain presented by the CyberArk Certificate Manager Self-Hosted server. Only used if using HTTPS; ignored for HTTP. // If undefined, the certificate bundle in the cert-manager controller container // is used to validate the chain. // +optional CABundle []byte `json:"caBundle,omitempty"` // Reference to a Secret containing a base64-encoded bundle of PEM CAs - // which will be used to validate the certificate chain presented by the TPP server. + // which will be used to validate the certificate chain presented by the CyberArk Certificate Manager Self-Hosted server. // Only used if using HTTPS; ignored for HTTP. Mutually exclusive with CABundle. // If neither CABundle nor CABundleSecretRef is defined, the certificate bundle in // the cert-manager controller container is used to validate the TLS connection. @@ -170,14 +178,14 @@ type VenafiTPP struct { CABundleSecretRef *cmmeta.SecretKeySelector `json:"caBundleSecretRef,omitempty"` } -// VenafiCloud defines connection configuration details for Venafi Cloud +// VenafiCloud defines connection configuration details for CyberArk Certificate Manager SaaS type VenafiCloud struct { - // URL is the base URL for Venafi Cloud. - // Defaults to "https://api.venafi.cloud/v1". + // URL is the base URL for CyberArk Certificate Manager SaaS. + // Defaults to "https://api.venafi.cloud/". // +optional URL string `json:"url,omitempty"` - // APITokenSecretRef is a secret key selector for the Venafi Cloud API token. + // APITokenSecretRef is a secret key selector for the CyberArk Certificate Manager SaaS API token. APITokenSecretRef cmmeta.SecretKeySelector `json:"apiTokenSecretRef"` } @@ -188,6 +196,7 @@ type SelfSignedIssuer struct { // the location of the CRL from which the revocation of this certificate can be checked. // If not set certificate will be issued without CDP. Values are strings. // +optional + // +listType=atomic CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` } @@ -200,6 +209,11 @@ type VaultIssuer struct { // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". Server string `json:"server"` + // ServerName is used to verify the hostname on the returned certificates + // by the Vault server. + // +optional + ServerName string `json:"serverName,omitempty"` + // Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: // "my_pki_mount/sign/my-role-name". Path string `json:"path"` @@ -280,7 +294,7 @@ type VaultAppRole struct { SecretRef cmmeta.SecretKeySelector `json:"secretRef"` } -// VaultKubernetesAuth is used to authenticate against Vault using a client +// VaultClientCertificateAuth is used to authenticate against Vault using a client // certificate stored in a Secret. type VaultClientCertificateAuth struct { // The Vault mountPath here is the mount path to use when authenticating with @@ -333,16 +347,17 @@ type VaultKubernetesAuth struct { } // ServiceAccountRef is a service account used by cert-manager to request a -// token. Default audience is generated by -// cert-manager and takes the form `vault://namespace-name/issuer-name` for an -// Issuer and `vault://issuer-name` for a ClusterIssuer. The expiration of the +// token. By default two audiences are included: the address of the Vault server as specified +// on the issuer, and a generated audience taking the form of `vault://namespace-name/issuer-name` +// for an Issuer and `vault://issuer-name` for a ClusterIssuer. The expiration of the // token is also set by cert-manager to 10 minutes. type ServiceAccountRef struct { // Name of the ServiceAccount used to request a token. Name string `json:"name"` - // TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. The default token - // consisting of the issuer's namespace and name is always included. + // TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. + // The default audiences are always included in the token. // +optional + // +listType=atomic TokenAudiences []string `json:"audiences,omitempty"` } @@ -355,6 +370,7 @@ type CAIssuer struct { // the location of the CRL from which the revocation of this certificate can be checked. // If not set, certificates will be issued without distribution points set. // +optional + // +listType=atomic CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` // The OCSP server list is an X.509 v3 extension that defines a list of @@ -363,12 +379,14 @@ type CAIssuer struct { // certificate will be issued with no OCSP servers set. For example, an // OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". // +optional + // +listType=atomic OCSPServers []string `json:"ocspServers,omitempty"` // IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates // it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. // As an example, such a URL might be "http://ca.domain.com/ca.crt". // +optional + // +listType=atomic IssuingCertificateURLs []string `json:"issuingCertificateURLs,omitempty"` } @@ -376,9 +394,9 @@ type CAIssuer struct { type IssuerStatus struct { // List of status conditions to indicate the status of a CertificateRequest. // Known condition types are `Ready`. + // +optional // +listType=map // +listMapKey=type - // +optional Conditions []IssuerCondition `json:"conditions,omitempty"` // ACME specific status options. diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go index 9c024c6afe6..e889ecf1a9a 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1/zz_generated.deepcopy.go @@ -134,7 +134,7 @@ func (in *CertificateKeystores) DeepCopyInto(out *CertificateKeystores) { if in.PKCS12 != nil { in, out := &in.PKCS12, &out.PKCS12 *out = new(PKCS12Keystore) - **out = **in + (*in).DeepCopyInto(*out) } return } @@ -785,12 +785,17 @@ func (in *IssuerStatus) DeepCopy() *IssuerStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *JKSKeystore) DeepCopyInto(out *JKSKeystore) { *out = *in - out.PasswordSecretRef = in.PasswordSecretRef if in.Alias != nil { in, out := &in.Alias, &out.Alias *out = new(string) **out = **in } + out.PasswordSecretRef = in.PasswordSecretRef + if in.Password != nil { + in, out := &in.Password, &out.Password + *out = new(string) + **out = **in + } return } @@ -886,6 +891,11 @@ func (in *OtherName) DeepCopy() *OtherName { func (in *PKCS12Keystore) DeepCopyInto(out *PKCS12Keystore) { *out = *in out.PasswordSecretRef = in.PasswordSecretRef + if in.Password != nil { + in, out := &in.Password, &out.Password + *out = new(string) + **out = **in + } return } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go index f391663af4e..378fecfb23c 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/doc.go @@ -14,8 +14,6 @@ See the License for the specific language governing permissions and limitations under the License. */ -// +groupName=meta.cert-manager.io - // Package meta contains meta types for cert-manager APIs package meta diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go index 9a673685d6e..7b5d3d1fb38 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/doc.go @@ -16,6 +16,6 @@ limitations under the License. // Package v1 contains meta types for cert-manager APIs // +k8s:deepcopy-gen=package +// +k8s:openapi-gen=true // +gencrdrefdocs:force -// +groupName=meta.cert-manager.io package v1 diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go index 24e72d15ffd..733c27b0716 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/types.go @@ -24,7 +24,7 @@ type ConditionStatus string // the condition; "ConditionFalse" means a resource is not in the condition; // "ConditionUnknown" means kubernetes can't decide if a resource is in the // condition or not. In the future, we could add other intermediate -// conditions, e.g. ConditionDegraded. +// conditions, e.g., ConditionDegraded. const ( // ConditionTrue represents the fact that a given condition is true ConditionTrue ConditionStatus = "True" @@ -37,7 +37,7 @@ const ( ) // A reference to an object in the same namespace as the referent. -// If the referent is a cluster-scoped resource (e.g. a ClusterIssuer), +// If the referent is a cluster-scoped resource (e.g., a ClusterIssuer), // the reference instead refers to the resource with the given name in the // configured 'cluster resource namespace', which is set as a flag on the // controller component (and defaults to the namespace that cert-manager @@ -48,18 +48,25 @@ type LocalObjectReference struct { Name string `json:"name"` } -// ObjectReference is a reference to an object with a given name, kind and group. -type ObjectReference struct { - // Name of the resource being referred to. +// IssuerReference is a reference to a certificate issuer object with a given name, kind and group. +type IssuerReference struct { + // Name of the issuer being referred to. Name string `json:"name"` - // Kind of the resource being referred to. + // Kind of the issuer being referred to. + // Defaults to 'Issuer'. // +optional Kind string `json:"kind,omitempty"` - // Group of the resource being referred to. + // Group of the issuer being referred to. + // Defaults to 'cert-manager.io'. // +optional Group string `json:"group,omitempty"` } +// ObjectReference is a reference to an object with a given name, kind and group. +// +// Deprecated: Use IssuerReference instead. +type ObjectReference = IssuerReference + // A reference to a specific 'key' within a Secret resource. // In some instances, `key` is a required field. type SecretKeySelector struct { diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go index 9fa10e5e665..0d4af070867 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/apis/meta/v1/zz_generated.deepcopy.go @@ -22,33 +22,33 @@ limitations under the License. package v1 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { +func (in *IssuerReference) DeepCopyInto(out *IssuerReference) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. -func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IssuerReference. +func (in *IssuerReference) DeepCopy() *IssuerReference { if in == nil { return nil } - out := new(LocalObjectReference) + out := new(IssuerReference) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { +func (in *LocalObjectReference) DeepCopyInto(out *LocalObjectReference) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. -func (in *ObjectReference) DeepCopy() *ObjectReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalObjectReference. +func (in *LocalObjectReference) DeepCopy() *LocalObjectReference { if in == nil { return nil } - out := new(ObjectReference) + out := new(LocalObjectReference) in.DeepCopyInto(out) return out } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeauthorization.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeauthorization.go new file mode 100644 index 00000000000..e4a676505ae --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeauthorization.go @@ -0,0 +1,107 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +// ACMEAuthorizationApplyConfiguration represents a declarative configuration of the ACMEAuthorization type for use +// with apply. +// +// ACMEAuthorization contains data returned from the ACME server on an +// authorization that must be completed in order validate a DNS name on an ACME +// Order resource. +type ACMEAuthorizationApplyConfiguration struct { + // URL is the URL of the Authorization that must be completed + URL *string `json:"url,omitempty"` + // Identifier is the DNS name to be validated as part of this authorization + Identifier *string `json:"identifier,omitempty"` + // Wildcard will be true if this authorization is for a wildcard DNS name. + // If this is true, the identifier will be the *non-wildcard* version of + // the DNS name. + // For example, if '*.example.com' is the DNS name being validated, this + // field will be 'true' and the 'identifier' field will be 'example.com'. + Wildcard *bool `json:"wildcard,omitempty"` + // InitialState is the initial state of the ACME authorization when first + // fetched from the ACME server. + // If an Authorization is already 'valid', the Order controller will not + // create a Challenge resource for the authorization. This will occur when + // working with an ACME server that enables 'authz reuse' (such as Let's + // Encrypt's production endpoint). + // If not set and 'identifier' is set, the state is assumed to be pending + // and a Challenge will be created. + InitialState *acmev1.State `json:"initialState,omitempty"` + // Challenges specifies the challenge types offered by the ACME server. + // One of these challenge types will be selected when validating the DNS + // name and an appropriate Challenge resource will be created to perform + // the ACME challenge process. + Challenges []ACMEChallengeApplyConfiguration `json:"challenges,omitempty"` +} + +// ACMEAuthorizationApplyConfiguration constructs a declarative configuration of the ACMEAuthorization type for use with +// apply. +func ACMEAuthorization() *ACMEAuthorizationApplyConfiguration { + return &ACMEAuthorizationApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *ACMEAuthorizationApplyConfiguration) WithURL(value string) *ACMEAuthorizationApplyConfiguration { + b.URL = &value + return b +} + +// WithIdentifier sets the Identifier field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Identifier field is set to the value of the last call. +func (b *ACMEAuthorizationApplyConfiguration) WithIdentifier(value string) *ACMEAuthorizationApplyConfiguration { + b.Identifier = &value + return b +} + +// WithWildcard sets the Wildcard field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Wildcard field is set to the value of the last call. +func (b *ACMEAuthorizationApplyConfiguration) WithWildcard(value bool) *ACMEAuthorizationApplyConfiguration { + b.Wildcard = &value + return b +} + +// WithInitialState sets the InitialState field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the InitialState field is set to the value of the last call. +func (b *ACMEAuthorizationApplyConfiguration) WithInitialState(value acmev1.State) *ACMEAuthorizationApplyConfiguration { + b.InitialState = &value + return b +} + +// WithChallenges adds the given value to the Challenges field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Challenges field. +func (b *ACMEAuthorizationApplyConfiguration) WithChallenges(values ...*ACMEChallengeApplyConfiguration) *ACMEAuthorizationApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithChallenges") + } + b.Challenges = append(b.Challenges, *values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallenge.go new file mode 100644 index 00000000000..03c5bd0d2fd --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallenge.go @@ -0,0 +1,70 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeApplyConfiguration represents a declarative configuration of the ACMEChallenge type for use +// with apply. +// +// Challenge specifies a challenge offered by the ACME server for an Order. +// An appropriate Challenge resource can be created to perform the ACME +// challenge process. +type ACMEChallengeApplyConfiguration struct { + // URL is the URL of this challenge. It can be used to retrieve additional + // metadata about the Challenge from the ACME server. + URL *string `json:"url,omitempty"` + // Token is the token that must be presented for this challenge. + // This is used to compute the 'key' that must also be presented. + Token *string `json:"token,omitempty"` + // Type is the type of challenge being offered, e.g., 'http-01', 'dns-01', + // 'tls-sni-01', etc. + // This is the raw value retrieved from the ACME server. + // Only 'http-01' and 'dns-01' are supported by cert-manager, other values + // will be ignored. + Type *string `json:"type,omitempty"` +} + +// ACMEChallengeApplyConfiguration constructs a declarative configuration of the ACMEChallenge type for use with +// apply. +func ACMEChallenge() *ACMEChallengeApplyConfiguration { + return &ACMEChallengeApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *ACMEChallengeApplyConfiguration) WithURL(value string) *ACMEChallengeApplyConfiguration { + b.URL = &value + return b +} + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *ACMEChallengeApplyConfiguration) WithToken(value string) *ACMEChallengeApplyConfiguration { + b.Token = &value + return b +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *ACMEChallengeApplyConfiguration) WithType(value string) *ACMEChallengeApplyConfiguration { + b.Type = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolver.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolver.go new file mode 100644 index 00000000000..198039bcde1 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolver.go @@ -0,0 +1,72 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeSolverApplyConfiguration represents a declarative configuration of the ACMEChallengeSolver type for use +// with apply. +// +// An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. +// A selector may be provided to use different solving strategies for different DNS names. +// Only one of HTTP01 or DNS01 must be provided. +type ACMEChallengeSolverApplyConfiguration struct { + // Selector selects a set of DNSNames on the Certificate resource that + // should be solved using this challenge solver. + // If not specified, the solver will be treated as the 'default' solver + // with the lowest priority, i.e. if any other solver has a more specific + // match, it will be used instead. + Selector *CertificateDNSNameSelectorApplyConfiguration `json:"selector,omitempty"` + // Configures cert-manager to attempt to complete authorizations by + // performing the HTTP01 challenge flow. + // It is not possible to obtain certificates for wildcard domain names + // (e.g., `*.example.com`) using the HTTP01 challenge mechanism. + HTTP01 *ACMEChallengeSolverHTTP01ApplyConfiguration `json:"http01,omitempty"` + // Configures cert-manager to attempt to complete authorizations by + // performing the DNS01 challenge flow. + DNS01 *ACMEChallengeSolverDNS01ApplyConfiguration `json:"dns01,omitempty"` +} + +// ACMEChallengeSolverApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolver type for use with +// apply. +func ACMEChallengeSolver() *ACMEChallengeSolverApplyConfiguration { + return &ACMEChallengeSolverApplyConfiguration{} +} + +// WithSelector sets the Selector field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Selector field is set to the value of the last call. +func (b *ACMEChallengeSolverApplyConfiguration) WithSelector(value *CertificateDNSNameSelectorApplyConfiguration) *ACMEChallengeSolverApplyConfiguration { + b.Selector = value + return b +} + +// WithHTTP01 sets the HTTP01 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HTTP01 field is set to the value of the last call. +func (b *ACMEChallengeSolverApplyConfiguration) WithHTTP01(value *ACMEChallengeSolverHTTP01ApplyConfiguration) *ACMEChallengeSolverApplyConfiguration { + b.HTTP01 = value + return b +} + +// WithDNS01 sets the DNS01 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNS01 field is set to the value of the last call. +func (b *ACMEChallengeSolverApplyConfiguration) WithDNS01(value *ACMEChallengeSolverDNS01ApplyConfiguration) *ACMEChallengeSolverApplyConfiguration { + b.DNS01 = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverdns01.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverdns01.go new file mode 100644 index 00000000000..9df5647466c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverdns01.go @@ -0,0 +1,142 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +// ACMEChallengeSolverDNS01ApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverDNS01 type for use +// with apply. +// +// Used to configure a DNS01 challenge provider to be used when solving DNS01 +// challenges. +// Only one DNS provider may be configured per solver. +type ACMEChallengeSolverDNS01ApplyConfiguration struct { + // CNAMEStrategy configures how the DNS01 provider should handle CNAME + // records when found in DNS zones. + CNAMEStrategy *acmev1.CNAMEStrategy `json:"cnameStrategy,omitempty"` + // Use the Akamai DNS zone management API to manage DNS01 challenge records. + Akamai *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration `json:"akamai,omitempty"` + // Use the Google Cloud DNS API to manage DNS01 challenge records. + CloudDNS *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration `json:"cloudDNS,omitempty"` + // Use the Cloudflare API to manage DNS01 challenge records. + Cloudflare *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration `json:"cloudflare,omitempty"` + // Use the AWS Route53 API to manage DNS01 challenge records. + Route53 *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration `json:"route53,omitempty"` + // Use the Microsoft Azure DNS API to manage DNS01 challenge records. + AzureDNS *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration `json:"azureDNS,omitempty"` + // Use the DigitalOcean DNS API to manage DNS01 challenge records. + DigitalOcean *ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration `json:"digitalocean,omitempty"` + // Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage + // DNS01 challenge records. + AcmeDNS *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration `json:"acmeDNS,omitempty"` + // Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) + // to manage DNS01 challenge records. + RFC2136 *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration `json:"rfc2136,omitempty"` + // Configure an external webhook based DNS01 challenge solver to manage + // DNS01 challenge records. + Webhook *ACMEIssuerDNS01ProviderWebhookApplyConfiguration `json:"webhook,omitempty"` +} + +// ACMEChallengeSolverDNS01ApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverDNS01 type for use with +// apply. +func ACMEChallengeSolverDNS01() *ACMEChallengeSolverDNS01ApplyConfiguration { + return &ACMEChallengeSolverDNS01ApplyConfiguration{} +} + +// WithCNAMEStrategy sets the CNAMEStrategy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CNAMEStrategy field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithCNAMEStrategy(value acmev1.CNAMEStrategy) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.CNAMEStrategy = &value + return b +} + +// WithAkamai sets the Akamai field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Akamai field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithAkamai(value *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.Akamai = value + return b +} + +// WithCloudDNS sets the CloudDNS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CloudDNS field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithCloudDNS(value *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.CloudDNS = value + return b +} + +// WithCloudflare sets the Cloudflare field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Cloudflare field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithCloudflare(value *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.Cloudflare = value + return b +} + +// WithRoute53 sets the Route53 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Route53 field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithRoute53(value *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.Route53 = value + return b +} + +// WithAzureDNS sets the AzureDNS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AzureDNS field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithAzureDNS(value *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.AzureDNS = value + return b +} + +// WithDigitalOcean sets the DigitalOcean field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DigitalOcean field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithDigitalOcean(value *ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.DigitalOcean = value + return b +} + +// WithAcmeDNS sets the AcmeDNS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AcmeDNS field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithAcmeDNS(value *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.AcmeDNS = value + return b +} + +// WithRFC2136 sets the RFC2136 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RFC2136 field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithRFC2136(value *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.RFC2136 = value + return b +} + +// WithWebhook sets the Webhook field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Webhook field is set to the value of the last call. +func (b *ACMEChallengeSolverDNS01ApplyConfiguration) WithWebhook(value *ACMEIssuerDNS01ProviderWebhookApplyConfiguration) *ACMEChallengeSolverDNS01ApplyConfiguration { + b.Webhook = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01.go new file mode 100644 index 00000000000..12c30805e12 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01.go @@ -0,0 +1,63 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeSolverHTTP01ApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01 type for use +// with apply. +// +// ACMEChallengeSolverHTTP01 contains configuration detailing how to solve +// HTTP01 challenges within a Kubernetes cluster. +// Typically this is accomplished through creating 'routes' of some description +// that configure ingress controllers to direct traffic to 'solver pods', which +// are responsible for responding to the ACME server's HTTP requests. +// Only one of Ingress / Gateway can be specified. +type ACMEChallengeSolverHTTP01ApplyConfiguration struct { + // The ingress based HTTP01 challenge solver will solve challenges by + // creating or modifying Ingress resources in order to route requests for + // '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are + // provisioned by cert-manager for each Challenge to be completed. + Ingress *ACMEChallengeSolverHTTP01IngressApplyConfiguration `json:"ingress,omitempty"` + // The Gateway API is a sig-network community API that models service networking + // in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will + // create HTTPRoutes with the specified labels in the same namespace as the challenge. + // This solver is experimental, and fields / behaviour may change in the future. + GatewayHTTPRoute *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration `json:"gatewayHTTPRoute,omitempty"` +} + +// ACMEChallengeSolverHTTP01ApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01 type for use with +// apply. +func ACMEChallengeSolverHTTP01() *ACMEChallengeSolverHTTP01ApplyConfiguration { + return &ACMEChallengeSolverHTTP01ApplyConfiguration{} +} + +// WithIngress sets the Ingress field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Ingress field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01ApplyConfiguration) WithIngress(value *ACMEChallengeSolverHTTP01IngressApplyConfiguration) *ACMEChallengeSolverHTTP01ApplyConfiguration { + b.Ingress = value + return b +} + +// WithGatewayHTTPRoute sets the GatewayHTTPRoute field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GatewayHTTPRoute field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01ApplyConfiguration) WithGatewayHTTPRoute(value *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration) *ACMEChallengeSolverHTTP01ApplyConfiguration { + b.GatewayHTTPRoute = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01gatewayhttproute.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01gatewayhttproute.go new file mode 100644 index 00000000000..63b5ef72a29 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01gatewayhttproute.go @@ -0,0 +1,92 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + apisv1 "sigs.k8s.io/gateway-api/apis/v1" +) + +// ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01GatewayHTTPRoute type for use +// with apply. +// +// The ACMEChallengeSolverHTTP01GatewayHTTPRoute solver will create HTTPRoute objects for a Gateway class +// routing to an ACME challenge solver pod. +type ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration struct { + // Optional service type for Kubernetes solver service. Supported values + // are NodePort or ClusterIP. If unset, defaults to NodePort. + ServiceType *corev1.ServiceType `json:"serviceType,omitempty"` + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + Labels map[string]string `json:"labels,omitempty"` + // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. + // cert-manager needs to know which parentRefs should be used when creating + // the HTTPRoute. Usually, the parentRef references a Gateway. See: + // https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways + ParentRefs []apisv1.ParentReference `json:"parentRefs,omitempty"` + // Optional pod template used to configure the ACME challenge solver pods + // used for HTTP01 challenges. + PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration `json:"podTemplate,omitempty"` +} + +// ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01GatewayHTTPRoute type for use with +// apply. +func ACMEChallengeSolverHTTP01GatewayHTTPRoute() *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration { + return &ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration{} +} + +// WithServiceType sets the ServiceType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceType field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration) WithServiceType(value corev1.ServiceType) *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration { + b.ServiceType = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration) WithLabels(entries map[string]string) *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithParentRefs adds the given value to the ParentRefs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ParentRefs field. +func (b *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration) WithParentRefs(values ...apisv1.ParentReference) *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration { + for i := range values { + b.ParentRefs = append(b.ParentRefs, values[i]) + } + return b +} + +// WithPodTemplate sets the PodTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PodTemplate field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration) WithPodTemplate(value *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration) *ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration { + b.PodTemplate = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingress.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingress.go new file mode 100644 index 00000000000..d2a097ff3b9 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingress.go @@ -0,0 +1,108 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" +) + +// ACMEChallengeSolverHTTP01IngressApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01Ingress type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressApplyConfiguration struct { + // Optional service type for Kubernetes solver service. Supported values + // are NodePort or ClusterIP. If unset, defaults to NodePort. + ServiceType *corev1.ServiceType `json:"serviceType,omitempty"` + // This field configures the field `ingressClassName` on the created Ingress + // resources used to solve ACME challenges that use this challenge solver. + // This is the recommended way of configuring the ingress class. Only one of + // `class`, `name` or `ingressClassName` may be specified. + IngressClassName *string `json:"ingressClassName,omitempty"` + // This field configures the annotation `kubernetes.io/ingress.class` when + // creating Ingress resources to solve ACME challenges that use this + // challenge solver. Only one of `class`, `name` or `ingressClassName` may + // be specified. + Class *string `json:"class,omitempty"` + // The name of the ingress resource that should have ACME challenge solving + // routes inserted into it in order to solve HTTP01 challenges. + // This is typically used in conjunction with ingress controllers like + // ingress-gce, which maintains a 1:1 mapping between external IPs and + // ingress resources. Only one of `class`, `name` or `ingressClassName` may + // be specified. + Name *string `json:"name,omitempty"` + // Optional pod template used to configure the ACME challenge solver pods + // used for HTTP01 challenges. + PodTemplate *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration `json:"podTemplate,omitempty"` + // Optional ingress template used to configure the ACME challenge solver + // ingress used for HTTP01 challenges. + IngressTemplate *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration `json:"ingressTemplate,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01Ingress type for use with +// apply. +func ACMEChallengeSolverHTTP01Ingress() *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressApplyConfiguration{} +} + +// WithServiceType sets the ServiceType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceType field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressApplyConfiguration) WithServiceType(value corev1.ServiceType) *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + b.ServiceType = &value + return b +} + +// WithIngressClassName sets the IngressClassName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IngressClassName field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressApplyConfiguration) WithIngressClassName(value string) *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + b.IngressClassName = &value + return b +} + +// WithClass sets the Class field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Class field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressApplyConfiguration) WithClass(value string) *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + b.Class = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressApplyConfiguration) WithName(value string) *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + b.Name = &value + return b +} + +// WithPodTemplate sets the PodTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PodTemplate field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressApplyConfiguration) WithPodTemplate(value *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration) *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + b.PodTemplate = value + return b +} + +// WithIngressTemplate sets the IngressTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IngressTemplate field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressApplyConfiguration) WithIngressTemplate(value *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration) *ACMEChallengeSolverHTTP01IngressApplyConfiguration { + b.IngressTemplate = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingressobjectmeta.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingressobjectmeta.go new file mode 100644 index 00000000000..169deb7c8b8 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingressobjectmeta.go @@ -0,0 +1,62 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressObjectMeta type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration struct { + // Annotations that should be added to the created ACME HTTP01 solver ingress. + Annotations map[string]string `json:"annotations,omitempty"` + // Labels that should be added to the created ACME HTTP01 solver ingress. + Labels map[string]string `json:"labels,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressObjectMeta type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressObjectMeta() *ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration{} +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration) WithAnnotations(entries map[string]string) *ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration) WithLabels(entries map[string]string) *ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodobjectmeta.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodobjectmeta.go new file mode 100644 index 00000000000..97f6fc7bde4 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodobjectmeta.go @@ -0,0 +1,62 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodObjectMeta type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration struct { + // Annotations that should be added to the created ACME HTTP01 solver pods. + Annotations map[string]string `json:"annotations,omitempty"` + // Labels that should be added to the created ACME HTTP01 solver pods. + Labels map[string]string `json:"labels,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodObjectMeta type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressPodObjectMeta() *ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration{} +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration) WithAnnotations(entries map[string]string) *ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration) WithLabels(entries map[string]string) *ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodresources.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodresources.go new file mode 100644 index 00000000000..1f031260be3 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodresources.go @@ -0,0 +1,61 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" +) + +// ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodResources type for use +// with apply. +// +// ACMEChallengeSolverHTTP01IngressPodResources defines resource requirements for ACME HTTP01 solver pods. +// To keep API surface essential, this trims down the 'corev1.ResourceRequirements' type to only include the Requests and Limits fields. +type ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration struct { + // Limits describes the maximum amount of compute resources allowed. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + Limits *corev1.ResourceList `json:"limits,omitempty"` + // Requests describes the minimum amount of compute resources required. + // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + // otherwise to the global values configured via controller flags. Requests cannot exceed Limits. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + Requests *corev1.ResourceList `json:"requests,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodResources type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressPodResources() *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration{} +} + +// WithLimits sets the Limits field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Limits field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration) WithLimits(value corev1.ResourceList) *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration { + b.Limits = &value + return b +} + +// WithRequests sets the Requests field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Requests field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration) WithRequests(value corev1.ResourceList) *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration { + b.Requests = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodsecuritycontext.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodsecuritycontext.go new file mode 100644 index 00000000000..ad6a237b750 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodsecuritycontext.go @@ -0,0 +1,172 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" +) + +// ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodSecurityContext type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration struct { + // The SELinux context to be applied to all containers. + // If unspecified, the container runtime will allocate a random SELinux context for each + // container. May also be set in SecurityContext. If set in + // both SecurityContext and PodSecurityContext, the value specified in SecurityContext + // takes precedence for that container. + // Note that this field cannot be set when spec.os.name is windows. + SELinuxOptions *corev1.SELinuxOptions `json:"seLinuxOptions,omitempty"` + // The UID to run the entrypoint of the container process. + // Defaults to user specified in image metadata if unspecified. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence + // for that container. + // Note that this field cannot be set when spec.os.name is windows. + RunAsUser *int64 `json:"runAsUser,omitempty"` + // The GID to run the entrypoint of the container process. + // Uses runtime default if unset. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence + // for that container. + // Note that this field cannot be set when spec.os.name is windows. + RunAsGroup *int64 `json:"runAsGroup,omitempty"` + // Indicates that the container must run as a non-root user. + // If true, the Kubelet will validate the image at runtime to ensure that it + // does not run as UID 0 (root) and fail to start the container if it does. + // If unset or false, no such validation will be performed. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + RunAsNonRoot *bool `json:"runAsNonRoot,omitempty"` + // A list of groups applied to the first process run in each container, in addition + // to the container's primary GID, the fsGroup (if specified), and group memberships + // defined in the container image for the uid of the container process. If unspecified, + // no additional groups are added to any container. Note that group memberships + // defined in the container image for the uid of the container process are still effective, + // even if they are not included in this list. + // Note that this field cannot be set when spec.os.name is windows. + SupplementalGroups []int64 `json:"supplementalGroups,omitempty"` + // A special supplemental group that applies to all containers in a pod. + // Some volume types allow the Kubelet to change the ownership of that volume + // to be owned by the pod: + // + // 1. The owning GID will be the FSGroup + // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + // 3. The permission bits are OR'd with rw-rw---- + // + // If unset, the Kubelet will not modify the ownership and permissions of any volume. + // Note that this field cannot be set when spec.os.name is windows. + FSGroup *int64 `json:"fsGroup,omitempty"` + // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + // sysctls (by the container runtime) might fail to launch. + // Note that this field cannot be set when spec.os.name is windows. + Sysctls []corev1.Sysctl `json:"sysctls,omitempty"` + // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + // before being exposed inside Pod. This field will only apply to + // volume types which support fsGroup based ownership(and permissions). + // It will have no effect on ephemeral volume types such as: secret, configmaps + // and emptydir. + // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + // Note that this field cannot be set when spec.os.name is windows. + FSGroupChangePolicy *corev1.PodFSGroupChangePolicy `json:"fsGroupChangePolicy,omitempty"` + // The seccomp options to use by the containers in this pod. + // Note that this field cannot be set when spec.os.name is windows. + SeccompProfile *corev1.SeccompProfile `json:"seccompProfile,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodSecurityContext type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressPodSecurityContext() *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration{} +} + +// WithSELinuxOptions sets the SELinuxOptions field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SELinuxOptions field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithSELinuxOptions(value corev1.SELinuxOptions) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.SELinuxOptions = &value + return b +} + +// WithRunAsUser sets the RunAsUser field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RunAsUser field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithRunAsUser(value int64) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.RunAsUser = &value + return b +} + +// WithRunAsGroup sets the RunAsGroup field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RunAsGroup field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithRunAsGroup(value int64) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.RunAsGroup = &value + return b +} + +// WithRunAsNonRoot sets the RunAsNonRoot field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RunAsNonRoot field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithRunAsNonRoot(value bool) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.RunAsNonRoot = &value + return b +} + +// WithSupplementalGroups adds the given value to the SupplementalGroups field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the SupplementalGroups field. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithSupplementalGroups(values ...int64) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + for i := range values { + b.SupplementalGroups = append(b.SupplementalGroups, values[i]) + } + return b +} + +// WithFSGroup sets the FSGroup field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FSGroup field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithFSGroup(value int64) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.FSGroup = &value + return b +} + +// WithSysctls adds the given value to the Sysctls field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Sysctls field. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithSysctls(values ...corev1.Sysctl) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + for i := range values { + b.Sysctls = append(b.Sysctls, values[i]) + } + return b +} + +// WithFSGroupChangePolicy sets the FSGroupChangePolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FSGroupChangePolicy field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithFSGroupChangePolicy(value corev1.PodFSGroupChangePolicy) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.FSGroupChangePolicy = &value + return b +} + +// WithSeccompProfile sets the SeccompProfile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SeccompProfile field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) WithSeccompProfile(value corev1.SeccompProfile) *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration { + b.SeccompProfile = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodspec.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodspec.go new file mode 100644 index 00000000000..930c3c184b0 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodspec.go @@ -0,0 +1,131 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" +) + +// ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodSpec type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration struct { + // NodeSelector is a selector which must be true for the pod to fit on a node. + // Selector which must match a node's labels for the pod to be scheduled on that node. + // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // If specified, the pod's scheduling constraints + Affinity *corev1.Affinity `json:"affinity,omitempty"` + // If specified, the pod's tolerations. + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + // If specified, the pod's priorityClassName. + PriorityClassName *string `json:"priorityClassName,omitempty"` + // If specified, the pod's service account + ServiceAccountName *string `json:"serviceAccountName,omitempty"` + // If specified, the pod's imagePullSecrets + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // If specified, the pod's security context + SecurityContext *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration `json:"securityContext,omitempty"` + // If specified, the pod's resource requirements. + // These values override the global resource configuration flags. + // Note that when only specifying resource limits, ensure they are greater than or equal + // to the corresponding global resource requests configured via controller flags + // (--acme-http01-solver-resource-request-cpu, --acme-http01-solver-resource-request-memory). + // Kubernetes will reject pod creation if limits are lower than requests, causing challenge failures. + Resources *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration `json:"resources,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodSpec type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressPodSpec() *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration{} +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithNodeSelector(entries map[string]string) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithAffinity sets the Affinity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Affinity field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithAffinity(value corev1.Affinity) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + b.Affinity = &value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithTolerations(values ...corev1.Toleration) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithPriorityClassName sets the PriorityClassName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PriorityClassName field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithPriorityClassName(value string) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + b.PriorityClassName = &value + return b +} + +// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountName field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithServiceAccountName(value string) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + b.ServiceAccountName = &value + return b +} + +// WithImagePullSecrets adds the given value to the ImagePullSecrets field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ImagePullSecrets field. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithImagePullSecrets(values ...corev1.LocalObjectReference) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + for i := range values { + b.ImagePullSecrets = append(b.ImagePullSecrets, values[i]) + } + return b +} + +// WithSecurityContext sets the SecurityContext field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecurityContext field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithSecurityContext(value *ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + b.SecurityContext = value + return b +} + +// WithResources sets the Resources field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Resources field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) WithResources(value *ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration) *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration { + b.Resources = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodtemplate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodtemplate.go new file mode 100644 index 00000000000..8d07a5383c0 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresspodtemplate.go @@ -0,0 +1,83 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodTemplate type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration struct { + // ObjectMeta overrides for the pod used to solve HTTP01 challenges. + // Only the 'labels' and 'annotations' fields may be set. + // If labels or annotations overlap with in-built values, the values here + // will override the in-built values. + *ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // PodSpec defines overrides for the HTTP01 challenge solver pod. + // Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. + // All other fields will be ignored. + Spec *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration `json:"spec,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressPodTemplate type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressPodTemplate() *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration{} +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration) WithAnnotations(entries map[string]string) *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration { + b.ensureACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfigurationExists() + if b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration) WithLabels(entries map[string]string) *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration { + b.ensureACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfigurationExists() + if b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +func (b *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration) ensureACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfigurationExists() { + if b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration == nil { + b.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration = &ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration) WithSpec(value *ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration) *ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration { + b.Spec = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresstemplate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresstemplate.go new file mode 100644 index 00000000000..024d8e515d3 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmechallengesolverhttp01ingresstemplate.go @@ -0,0 +1,71 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration represents a declarative configuration of the ACMEChallengeSolverHTTP01IngressTemplate type for use +// with apply. +type ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration struct { + // ObjectMeta overrides for the ingress used to solve HTTP01 challenges. + // Only the 'labels' and 'annotations' fields may be set. + // If labels or annotations overlap with in-built values, the values here + // will override the in-built values. + *ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration `json:"metadata,omitempty"` +} + +// ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration constructs a declarative configuration of the ACMEChallengeSolverHTTP01IngressTemplate type for use with +// apply. +func ACMEChallengeSolverHTTP01IngressTemplate() *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration { + return &ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration{} +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration) WithAnnotations(entries map[string]string) *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration { + b.ensureACMEChallengeSolverHTTP01IngressObjectMetaApplyConfigurationExists() + if b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration) WithLabels(entries map[string]string) *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration { + b.ensureACMEChallengeSolverHTTP01IngressObjectMetaApplyConfigurationExists() + if b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +func (b *ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration) ensureACMEChallengeSolverHTTP01IngressObjectMetaApplyConfigurationExists() { + if b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration == nil { + b.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration = &ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration{} + } +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeexternalaccountbinding.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeexternalaccountbinding.go new file mode 100644 index 00000000000..f8704a888f4 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeexternalaccountbinding.go @@ -0,0 +1,76 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEExternalAccountBindingApplyConfiguration represents a declarative configuration of the ACMEExternalAccountBinding type for use +// with apply. +// +// ACMEExternalAccountBinding is a reference to a CA external account of the ACME +// server. +type ACMEExternalAccountBindingApplyConfiguration struct { + // keyID is the ID of the CA key that the External Account is bound to. + KeyID *string `json:"keyID,omitempty"` + // keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes + // Secret which holds the symmetric MAC key of the External Account Binding. + // The `key` is the index string that is paired with the key data in the + // Secret and should not be confused with the key data itself, or indeed with + // the External Account Binding keyID above. + // The secret key stored in the Secret **must** be un-padded, base64 URL + // encoded data. + Key *metav1.SecretKeySelectorApplyConfiguration `json:"keySecretRef,omitempty"` + // Deprecated: keyAlgorithm field exists for historical compatibility + // reasons and should not be used. The algorithm is now hardcoded to HS256 + // in golang/x/crypto/acme. + KeyAlgorithm *acmev1.HMACKeyAlgorithm `json:"keyAlgorithm,omitempty"` +} + +// ACMEExternalAccountBindingApplyConfiguration constructs a declarative configuration of the ACMEExternalAccountBinding type for use with +// apply. +func ACMEExternalAccountBinding() *ACMEExternalAccountBindingApplyConfiguration { + return &ACMEExternalAccountBindingApplyConfiguration{} +} + +// WithKeyID sets the KeyID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeyID field is set to the value of the last call. +func (b *ACMEExternalAccountBindingApplyConfiguration) WithKeyID(value string) *ACMEExternalAccountBindingApplyConfiguration { + b.KeyID = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *ACMEExternalAccountBindingApplyConfiguration) WithKey(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEExternalAccountBindingApplyConfiguration { + b.Key = value + return b +} + +// WithKeyAlgorithm sets the KeyAlgorithm field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeyAlgorithm field is set to the value of the last call. +func (b *ACMEExternalAccountBindingApplyConfiguration) WithKeyAlgorithm(value acmev1.HMACKeyAlgorithm) *ACMEExternalAccountBindingApplyConfiguration { + b.KeyAlgorithm = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuer.go new file mode 100644 index 00000000000..1e2fb13b99c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuer.go @@ -0,0 +1,204 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerApplyConfiguration represents a declarative configuration of the ACMEIssuer type for use +// with apply. +// +// ACMEIssuer contains the specification for an ACME issuer. +// This uses the RFC8555 specification to obtain certificates by completing +// 'challenges' to prove ownership of domain identifiers. +// Earlier draft versions of the ACME specification are not supported. +type ACMEIssuerApplyConfiguration struct { + // Email is the email address to be associated with the ACME account. + // This field is optional, but it is strongly recommended to be set. + // It will be used to contact you in case of issues with your account or + // certificates, including expiry notification emails. + // This field may be updated after the account is initially registered. + Email *string `json:"email,omitempty"` + // Server is the URL used to access the ACME server's 'directory' endpoint. + // For example, for Let's Encrypt's staging endpoint, you would use: + // "https://acme-staging-v02.api.letsencrypt.org/directory". + // Only ACME v2 endpoints (i.e. RFC 8555) are supported. + Server *string `json:"server,omitempty"` + // PreferredChain is the chain to use if the ACME server outputs multiple. + // PreferredChain is no guarantee that this one gets delivered by the ACME + // endpoint. + // For example, for Let's Encrypt's DST cross-sign you would use: + // "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. + // This value picks the first certificate bundle in the combined set of + // ACME default and alternative chains that has a root-most certificate with + // this value as its issuer's commonname. + PreferredChain *string `json:"preferredChain,omitempty"` + // Base64-encoded bundle of PEM CAs which can be used to validate the certificate + // chain presented by the ACME server. + // Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + CABundle []byte `json:"caBundle,omitempty"` + // INSECURE: Enables or disables validation of the ACME server TLS certificate. + // If true, requests to the ACME server will not have the TLS certificate chain + // validated. + // Mutually exclusive with CABundle; prefer using CABundle to prevent various + // kinds of security vulnerabilities. + // Only enable this option in development environments. + // If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + // the container is used to validate the TLS connection. + // Defaults to false. + SkipTLSVerify *bool `json:"skipTLSVerify,omitempty"` + // ExternalAccountBinding is a reference to a CA external account of the ACME + // server. + // If set, upon registration cert-manager will attempt to associate the given + // external account credentials with the registered ACME account. + ExternalAccountBinding *ACMEExternalAccountBindingApplyConfiguration `json:"externalAccountBinding,omitempty"` + // PrivateKey is the name of a Kubernetes Secret resource that will be used to + // store the automatically generated ACME account private key. + // Optionally, a `key` may be specified to select a specific entry within + // the named Secret resource. + // If `key` is not specified, a default of `tls.key` will be used. + PrivateKey *metav1.SecretKeySelectorApplyConfiguration `json:"privateKeySecretRef,omitempty"` + // Solvers is a list of challenge solvers that will be used to solve + // ACME challenges for the matching domains. + // Solver configurations must be provided in order to obtain certificates + // from an ACME server. + // For more information, see: https://cert-manager.io/docs/configuration/acme/ + Solvers []ACMEChallengeSolverApplyConfiguration `json:"solvers,omitempty"` + // Enables or disables generating a new ACME account key. + // If true, the Issuer resource will *not* request a new account but will expect + // the account key to be supplied via an existing secret. + // If false, the cert-manager system will generate a new ACME account key + // for the Issuer. + // Defaults to false. + DisableAccountKeyGeneration *bool `json:"disableAccountKeyGeneration,omitempty"` + // Enables requesting a Not After date on certificates that matches the + // duration of the certificate. This is not supported by all ACME servers + // like Let's Encrypt. If set to true when the ACME server does not support + // it, it will create an error on the Order. + // Defaults to false. + EnableDurationFeature *bool `json:"enableDurationFeature,omitempty"` + // Profile allows requesting a certificate profile from the ACME server. + // Supported profiles are listed by the server's ACME directory URL. + Profile *string `json:"profile,omitempty"` +} + +// ACMEIssuerApplyConfiguration constructs a declarative configuration of the ACMEIssuer type for use with +// apply. +func ACMEIssuer() *ACMEIssuerApplyConfiguration { + return &ACMEIssuerApplyConfiguration{} +} + +// WithEmail sets the Email field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Email field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithEmail(value string) *ACMEIssuerApplyConfiguration { + b.Email = &value + return b +} + +// WithServer sets the Server field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Server field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithServer(value string) *ACMEIssuerApplyConfiguration { + b.Server = &value + return b +} + +// WithPreferredChain sets the PreferredChain field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PreferredChain field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithPreferredChain(value string) *ACMEIssuerApplyConfiguration { + b.PreferredChain = &value + return b +} + +// WithCABundle adds the given value to the CABundle field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CABundle field. +func (b *ACMEIssuerApplyConfiguration) WithCABundle(values ...byte) *ACMEIssuerApplyConfiguration { + for i := range values { + b.CABundle = append(b.CABundle, values[i]) + } + return b +} + +// WithSkipTLSVerify sets the SkipTLSVerify field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SkipTLSVerify field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithSkipTLSVerify(value bool) *ACMEIssuerApplyConfiguration { + b.SkipTLSVerify = &value + return b +} + +// WithExternalAccountBinding sets the ExternalAccountBinding field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExternalAccountBinding field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithExternalAccountBinding(value *ACMEExternalAccountBindingApplyConfiguration) *ACMEIssuerApplyConfiguration { + b.ExternalAccountBinding = value + return b +} + +// WithPrivateKey sets the PrivateKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrivateKey field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithPrivateKey(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerApplyConfiguration { + b.PrivateKey = value + return b +} + +// WithSolvers adds the given value to the Solvers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Solvers field. +func (b *ACMEIssuerApplyConfiguration) WithSolvers(values ...*ACMEChallengeSolverApplyConfiguration) *ACMEIssuerApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithSolvers") + } + b.Solvers = append(b.Solvers, *values[i]) + } + return b +} + +// WithDisableAccountKeyGeneration sets the DisableAccountKeyGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DisableAccountKeyGeneration field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithDisableAccountKeyGeneration(value bool) *ACMEIssuerApplyConfiguration { + b.DisableAccountKeyGeneration = &value + return b +} + +// WithEnableDurationFeature sets the EnableDurationFeature field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnableDurationFeature field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithEnableDurationFeature(value bool) *ACMEIssuerApplyConfiguration { + b.EnableDurationFeature = &value + return b +} + +// WithProfile sets the Profile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Profile field is set to the value of the last call. +func (b *ACMEIssuerApplyConfiguration) WithProfile(value string) *ACMEIssuerApplyConfiguration { + b.Profile = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01provideracmedns.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01provideracmedns.go new file mode 100644 index 00000000000..4203e9410d7 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01provideracmedns.go @@ -0,0 +1,55 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderAcmeDNS type for use +// with apply. +// +// ACMEIssuerDNS01ProviderAcmeDNS is a structure containing the +// configuration for ACME-DNS servers +type ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration struct { + Host *string `json:"host,omitempty"` + AccountSecret *metav1.SecretKeySelectorApplyConfiguration `json:"accountSecretRef,omitempty"` +} + +// ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderAcmeDNS type for use with +// apply. +func ACMEIssuerDNS01ProviderAcmeDNS() *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration { + return &ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration{} +} + +// WithHost sets the Host field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Host field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration) WithHost(value string) *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration { + b.Host = &value + return b +} + +// WithAccountSecret sets the AccountSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AccountSecret field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration) WithAccountSecret(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration { + b.AccountSecret = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerakamai.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerakamai.go new file mode 100644 index 00000000000..ade94aa11ac --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerakamai.go @@ -0,0 +1,73 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderAkamaiApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderAkamai type for use +// with apply. +// +// ACMEIssuerDNS01ProviderAkamai is a structure containing the DNS +// configuration for Akamai DNS—Zone Record Management API +type ACMEIssuerDNS01ProviderAkamaiApplyConfiguration struct { + ServiceConsumerDomain *string `json:"serviceConsumerDomain,omitempty"` + ClientToken *metav1.SecretKeySelectorApplyConfiguration `json:"clientTokenSecretRef,omitempty"` + ClientSecret *metav1.SecretKeySelectorApplyConfiguration `json:"clientSecretSecretRef,omitempty"` + AccessToken *metav1.SecretKeySelectorApplyConfiguration `json:"accessTokenSecretRef,omitempty"` +} + +// ACMEIssuerDNS01ProviderAkamaiApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderAkamai type for use with +// apply. +func ACMEIssuerDNS01ProviderAkamai() *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration { + return &ACMEIssuerDNS01ProviderAkamaiApplyConfiguration{} +} + +// WithServiceConsumerDomain sets the ServiceConsumerDomain field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceConsumerDomain field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration) WithServiceConsumerDomain(value string) *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration { + b.ServiceConsumerDomain = &value + return b +} + +// WithClientToken sets the ClientToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientToken field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration) WithClientToken(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration { + b.ClientToken = value + return b +} + +// WithClientSecret sets the ClientSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientSecret field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration) WithClientSecret(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration { + b.ClientSecret = value + return b +} + +// WithAccessToken sets the AccessToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AccessToken field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration) WithAccessToken(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderAkamaiApplyConfiguration { + b.AccessToken = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerazuredns.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerazuredns.go new file mode 100644 index 00000000000..0e03132729f --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerazuredns.go @@ -0,0 +1,145 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderAzureDNS type for use +// with apply. +// +// ACMEIssuerDNS01ProviderAzureDNS is a structure containing the +// configuration for Azure DNS +type ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration struct { + // Auth: Azure Service Principal: + // The ClientID of the Azure Service Principal used to authenticate with Azure DNS. + // If set, ClientSecret and TenantID must also be set. + ClientID *string `json:"clientID,omitempty"` + // Auth: Azure Service Principal: + // A reference to a Secret containing the password associated with the Service Principal. + // If set, ClientID and TenantID must also be set. + ClientSecret *metav1.SecretKeySelectorApplyConfiguration `json:"clientSecretSecretRef,omitempty"` + // ID of the Azure subscription + SubscriptionID *string `json:"subscriptionID,omitempty"` + // Auth: Azure Service Principal: + // The TenantID of the Azure Service Principal used to authenticate with Azure DNS. + // If set, ClientID and ClientSecret must also be set. + TenantID *string `json:"tenantID,omitempty"` + // resource group the DNS zone is located in + ResourceGroupName *string `json:"resourceGroupName,omitempty"` + // name of the DNS zone that should be used + HostedZoneName *string `json:"hostedZoneName,omitempty"` + // name of the Azure environment (default AzurePublicCloud) + Environment *acmev1.AzureDNSEnvironment `json:"environment,omitempty"` + // Auth: Azure Workload Identity or Azure Managed Service Identity: + // Settings to enable Azure Workload Identity or Azure Managed Service Identity + // If set, ClientID, ClientSecret and TenantID must not be set. + ManagedIdentity *AzureManagedIdentityApplyConfiguration `json:"managedIdentity,omitempty"` + // ZoneType determines which type of Azure DNS zone to use. + // + // Valid values are: + // - AzurePublicZone (default): Use a public Azure DNS zone. + // - AzurePrivateZone: Use an Azure Private DNS zone. + // + // If not specified, AzurePublicZone is used. + // + // Support for Azure Private DNS zones is currently + // experimental and may change in future releases. + ZoneType *acmev1.AzureZoneType `json:"zoneType,omitempty"` +} + +// ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderAzureDNS type for use with +// apply. +func ACMEIssuerDNS01ProviderAzureDNS() *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + return &ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration{} +} + +// WithClientID sets the ClientID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientID field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithClientID(value string) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.ClientID = &value + return b +} + +// WithClientSecret sets the ClientSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientSecret field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithClientSecret(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.ClientSecret = value + return b +} + +// WithSubscriptionID sets the SubscriptionID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SubscriptionID field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithSubscriptionID(value string) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.SubscriptionID = &value + return b +} + +// WithTenantID sets the TenantID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TenantID field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithTenantID(value string) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.TenantID = &value + return b +} + +// WithResourceGroupName sets the ResourceGroupName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceGroupName field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithResourceGroupName(value string) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.ResourceGroupName = &value + return b +} + +// WithHostedZoneName sets the HostedZoneName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HostedZoneName field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithHostedZoneName(value string) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.HostedZoneName = &value + return b +} + +// WithEnvironment sets the Environment field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Environment field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithEnvironment(value acmev1.AzureDNSEnvironment) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.Environment = &value + return b +} + +// WithManagedIdentity sets the ManagedIdentity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ManagedIdentity field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithManagedIdentity(value *AzureManagedIdentityApplyConfiguration) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.ManagedIdentity = value + return b +} + +// WithZoneType sets the ZoneType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ZoneType field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration) WithZoneType(value acmev1.AzureZoneType) *ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration { + b.ZoneType = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerclouddns.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerclouddns.go new file mode 100644 index 00000000000..55327b7d46b --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerclouddns.go @@ -0,0 +1,67 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderCloudDNS type for use +// with apply. +// +// ACMEIssuerDNS01ProviderCloudDNS is a structure containing the DNS +// configuration for Google Cloud DNS +type ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration struct { + ServiceAccount *metav1.SecretKeySelectorApplyConfiguration `json:"serviceAccountSecretRef,omitempty"` + Project *string `json:"project,omitempty"` + // HostedZoneName is an optional field that tells cert-manager in which + // Cloud DNS zone the challenge record has to be created. + // If left empty cert-manager will automatically choose a zone. + HostedZoneName *string `json:"hostedZoneName,omitempty"` +} + +// ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderCloudDNS type for use with +// apply. +func ACMEIssuerDNS01ProviderCloudDNS() *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration { + return &ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration{} +} + +// WithServiceAccount sets the ServiceAccount field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccount field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration) WithServiceAccount(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration { + b.ServiceAccount = value + return b +} + +// WithProject sets the Project field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Project field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration) WithProject(value string) *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration { + b.Project = &value + return b +} + +// WithHostedZoneName sets the HostedZoneName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HostedZoneName field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration) WithHostedZoneName(value string) *ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration { + b.HostedZoneName = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providercloudflare.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providercloudflare.go new file mode 100644 index 00000000000..f48978c1e67 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providercloudflare.go @@ -0,0 +1,70 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderCloudflareApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderCloudflare type for use +// with apply. +// +// ACMEIssuerDNS01ProviderCloudflare is a structure containing the DNS +// configuration for Cloudflare. +// One of `apiKeySecretRef` or `apiTokenSecretRef` must be provided. +type ACMEIssuerDNS01ProviderCloudflareApplyConfiguration struct { + // Email of the account, only required when using API key based authentication. + Email *string `json:"email,omitempty"` + // API key to use to authenticate with Cloudflare. + // Note: using an API token to authenticate is now the recommended method + // as it allows greater control of permissions. + APIKey *metav1.SecretKeySelectorApplyConfiguration `json:"apiKeySecretRef,omitempty"` + // API token used to authenticate with Cloudflare. + APIToken *metav1.SecretKeySelectorApplyConfiguration `json:"apiTokenSecretRef,omitempty"` +} + +// ACMEIssuerDNS01ProviderCloudflareApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderCloudflare type for use with +// apply. +func ACMEIssuerDNS01ProviderCloudflare() *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration { + return &ACMEIssuerDNS01ProviderCloudflareApplyConfiguration{} +} + +// WithEmail sets the Email field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Email field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration) WithEmail(value string) *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration { + b.Email = &value + return b +} + +// WithAPIKey sets the APIKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIKey field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration) WithAPIKey(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration { + b.APIKey = value + return b +} + +// WithAPIToken sets the APIToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIToken field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration) WithAPIToken(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderCloudflareApplyConfiguration { + b.APIToken = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerdigitalocean.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerdigitalocean.go new file mode 100644 index 00000000000..01e0bac1208 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerdigitalocean.go @@ -0,0 +1,46 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderDigitalOcean type for use +// with apply. +// +// ACMEIssuerDNS01ProviderDigitalOcean is a structure containing the DNS +// configuration for DigitalOcean Domains +type ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration struct { + Token *metav1.SecretKeySelectorApplyConfiguration `json:"tokenSecretRef,omitempty"` +} + +// ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderDigitalOcean type for use with +// apply. +func ACMEIssuerDNS01ProviderDigitalOcean() *ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration { + return &ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration{} +} + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration) WithToken(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration { + b.Token = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerrfc2136.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerrfc2136.go new file mode 100644 index 00000000000..1bd2d2a7f31 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerrfc2136.go @@ -0,0 +1,96 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderRFC2136 type for use +// with apply. +// +// ACMEIssuerDNS01ProviderRFC2136 is a structure containing the +// configuration for RFC2136 DNS +type ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration struct { + // The IP address or hostname of an authoritative DNS server supporting + // RFC2136 in the form host:port. If the host is an IPv6 address it must be + // enclosed in square brackets (e.g [2001:db8::1]); port is optional. + // This field is required. + Nameserver *string `json:"nameserver,omitempty"` + // The name of the secret containing the TSIG value. + // If “tsigKeyName“ is defined, this field is required. + TSIGSecret *metav1.SecretKeySelectorApplyConfiguration `json:"tsigSecretSecretRef,omitempty"` + // The TSIG Key name configured in the DNS. + // If “tsigSecretSecretRef“ is defined, this field is required. + TSIGKeyName *string `json:"tsigKeyName,omitempty"` + // The TSIG Algorithm configured in the DNS supporting RFC2136. Used only + // when “tsigSecretSecretRef“ and “tsigKeyName“ are defined. + // Supported values are (case-insensitive): “HMACMD5“ (default), + // “HMACSHA1“, “HMACSHA256“ or “HMACSHA512“. + TSIGAlgorithm *string `json:"tsigAlgorithm,omitempty"` + // Protocol to use for dynamic DNS update queries. Valid values are (case-sensitive) “TCP“ and “UDP“; “UDP“ (default). + Protocol *acmev1.RFC2136UpdateProtocol `json:"protocol,omitempty"` +} + +// ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderRFC2136 type for use with +// apply. +func ACMEIssuerDNS01ProviderRFC2136() *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration { + return &ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration{} +} + +// WithNameserver sets the Nameserver field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Nameserver field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration) WithNameserver(value string) *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration { + b.Nameserver = &value + return b +} + +// WithTSIGSecret sets the TSIGSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TSIGSecret field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration) WithTSIGSecret(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration { + b.TSIGSecret = value + return b +} + +// WithTSIGKeyName sets the TSIGKeyName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TSIGKeyName field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration) WithTSIGKeyName(value string) *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration { + b.TSIGKeyName = &value + return b +} + +// WithTSIGAlgorithm sets the TSIGAlgorithm field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TSIGAlgorithm field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration) WithTSIGAlgorithm(value string) *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration { + b.TSIGAlgorithm = &value + return b +} + +// WithProtocol sets the Protocol field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Protocol field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration) WithProtocol(value acmev1.RFC2136UpdateProtocol) *ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration { + b.Protocol = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerroute53.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerroute53.go new file mode 100644 index 00000000000..ab58f761373 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerroute53.go @@ -0,0 +1,141 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ACMEIssuerDNS01ProviderRoute53ApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderRoute53 type for use +// with apply. +// +// ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 +// configuration for AWS +type ACMEIssuerDNS01ProviderRoute53ApplyConfiguration struct { + // Auth configures how cert-manager authenticates. + Auth *Route53AuthApplyConfiguration `json:"auth,omitempty"` + // The AccessKeyID is used for authentication. + // Cannot be set when SecretAccessKeyID is set. + // If neither the Access Key nor Key ID are set, we fall back to using env + // vars, shared credentials file, or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + AccessKeyID *string `json:"accessKeyID,omitempty"` + // The SecretAccessKey is used for authentication. If set, pull the AWS + // access key ID from a key within a Kubernetes Secret. + // Cannot be set when AccessKeyID is set. + // If neither the Access Key nor Key ID are set, we fall back to using env + // vars, shared credentials file, or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + SecretAccessKeyID *metav1.SecretKeySelectorApplyConfiguration `json:"accessKeyIDSecretRef,omitempty"` + // The SecretAccessKey is used for authentication. + // If neither the Access Key nor Key ID are set, we fall back to using env + // vars, shared credentials file, or AWS Instance metadata, + // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + SecretAccessKey *metav1.SecretKeySelectorApplyConfiguration `json:"secretAccessKeySecretRef,omitempty"` + // Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey + // or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + Role *string `json:"role,omitempty"` + // If set, the provider will manage only this zone in Route53 and will not do a lookup using the route53:ListHostedZonesByName api call. + HostedZoneID *string `json:"hostedZoneID,omitempty"` + // Override the AWS region. + // + // Route53 is a global service and does not have regional endpoints but the + // region specified here (or via environment variables) is used as a hint to + // help compute the correct AWS credential scope and partition when it + // connects to Route53. See: + // - [Amazon Route 53 endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/r53.html) + // - [Global services](https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html) + // + // If you omit this region field, cert-manager will use the region from + // AWS_REGION and AWS_DEFAULT_REGION environment variables, if they are set + // in the cert-manager controller Pod. + // + // The `region` field is not needed if you use [IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). + // Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: + // [Amazon EKS Pod Identity Webhook](https://github.com/aws/amazon-eks-pod-identity-webhook). + // In this case this `region` field value is ignored. + // + // The `region` field is not needed if you use [EKS Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html). + // Instead an AWS_REGION environment variable is added to the cert-manager controller Pod by: + // [Amazon EKS Pod Identity Agent](https://github.com/aws/eks-pod-identity-agent), + // In this case this `region` field value is ignored. + Region *string `json:"region,omitempty"` +} + +// ACMEIssuerDNS01ProviderRoute53ApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderRoute53 type for use with +// apply. +func ACMEIssuerDNS01ProviderRoute53() *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + return &ACMEIssuerDNS01ProviderRoute53ApplyConfiguration{} +} + +// WithAuth sets the Auth field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Auth field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithAuth(value *Route53AuthApplyConfiguration) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.Auth = value + return b +} + +// WithAccessKeyID sets the AccessKeyID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AccessKeyID field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithAccessKeyID(value string) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.AccessKeyID = &value + return b +} + +// WithSecretAccessKeyID sets the SecretAccessKeyID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretAccessKeyID field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithSecretAccessKeyID(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.SecretAccessKeyID = value + return b +} + +// WithSecretAccessKey sets the SecretAccessKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretAccessKey field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithSecretAccessKey(value *metav1.SecretKeySelectorApplyConfiguration) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.SecretAccessKey = value + return b +} + +// WithRole sets the Role field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Role field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithRole(value string) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.Role = &value + return b +} + +// WithHostedZoneID sets the HostedZoneID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HostedZoneID field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithHostedZoneID(value string) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.HostedZoneID = &value + return b +} + +// WithRegion sets the Region field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Region field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration) WithRegion(value string) *ACMEIssuerDNS01ProviderRoute53ApplyConfiguration { + b.Region = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerwebhook.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerwebhook.go new file mode 100644 index 00000000000..eafadf7d4c0 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerdns01providerwebhook.go @@ -0,0 +1,79 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" +) + +// ACMEIssuerDNS01ProviderWebhookApplyConfiguration represents a declarative configuration of the ACMEIssuerDNS01ProviderWebhook type for use +// with apply. +// +// ACMEIssuerDNS01ProviderWebhook specifies configuration for a webhook DNS01 +// provider, including where to POST ChallengePayload resources. +type ACMEIssuerDNS01ProviderWebhookApplyConfiguration struct { + // The API group name that should be used when POSTing ChallengePayload + // resources to the webhook apiserver. + // This should be the same as the GroupName specified in the webhook + // provider implementation. + GroupName *string `json:"groupName,omitempty"` + // The name of the solver to use, as defined in the webhook provider + // implementation. + // This will typically be the name of the provider, e.g., 'cloudflare'. + SolverName *string `json:"solverName,omitempty"` + // Additional configuration that should be passed to the webhook apiserver + // when challenges are processed. + // This can contain arbitrary JSON data. + // Secret values should not be specified in this stanza. + // If secret values are needed (e.g., credentials for a DNS service), you + // should use a SecretKeySelector to reference a Secret resource. + // For details on the schema of this field, consult the webhook provider + // implementation's documentation. + Config *apiextensionsv1.JSON `json:"config,omitempty"` +} + +// ACMEIssuerDNS01ProviderWebhookApplyConfiguration constructs a declarative configuration of the ACMEIssuerDNS01ProviderWebhook type for use with +// apply. +func ACMEIssuerDNS01ProviderWebhook() *ACMEIssuerDNS01ProviderWebhookApplyConfiguration { + return &ACMEIssuerDNS01ProviderWebhookApplyConfiguration{} +} + +// WithGroupName sets the GroupName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GroupName field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderWebhookApplyConfiguration) WithGroupName(value string) *ACMEIssuerDNS01ProviderWebhookApplyConfiguration { + b.GroupName = &value + return b +} + +// WithSolverName sets the SolverName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SolverName field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderWebhookApplyConfiguration) WithSolverName(value string) *ACMEIssuerDNS01ProviderWebhookApplyConfiguration { + b.SolverName = &value + return b +} + +// WithConfig sets the Config field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Config field is set to the value of the last call. +func (b *ACMEIssuerDNS01ProviderWebhookApplyConfiguration) WithConfig(value apiextensionsv1.JSON) *ACMEIssuerDNS01ProviderWebhookApplyConfiguration { + b.Config = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerstatus.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerstatus.go new file mode 100644 index 00000000000..d0c53efa3a5 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/acmeissuerstatus.go @@ -0,0 +1,65 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ACMEIssuerStatusApplyConfiguration represents a declarative configuration of the ACMEIssuerStatus type for use +// with apply. +type ACMEIssuerStatusApplyConfiguration struct { + // URI is the unique account identifier, which can also be used to retrieve + // account details from the CA + URI *string `json:"uri,omitempty"` + // LastRegisteredEmail is the email associated with the latest registered + // ACME account, in order to track changes made to registered account + // associated with the Issuer + LastRegisteredEmail *string `json:"lastRegisteredEmail,omitempty"` + // LastPrivateKeyHash is a hash of the private key associated with the latest + // registered ACME account, in order to track changes made to registered account + // associated with the Issuer + LastPrivateKeyHash *string `json:"lastPrivateKeyHash,omitempty"` +} + +// ACMEIssuerStatusApplyConfiguration constructs a declarative configuration of the ACMEIssuerStatus type for use with +// apply. +func ACMEIssuerStatus() *ACMEIssuerStatusApplyConfiguration { + return &ACMEIssuerStatusApplyConfiguration{} +} + +// WithURI sets the URI field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URI field is set to the value of the last call. +func (b *ACMEIssuerStatusApplyConfiguration) WithURI(value string) *ACMEIssuerStatusApplyConfiguration { + b.URI = &value + return b +} + +// WithLastRegisteredEmail sets the LastRegisteredEmail field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastRegisteredEmail field is set to the value of the last call. +func (b *ACMEIssuerStatusApplyConfiguration) WithLastRegisteredEmail(value string) *ACMEIssuerStatusApplyConfiguration { + b.LastRegisteredEmail = &value + return b +} + +// WithLastPrivateKeyHash sets the LastPrivateKeyHash field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastPrivateKeyHash field is set to the value of the last call. +func (b *ACMEIssuerStatusApplyConfiguration) WithLastPrivateKeyHash(value string) *ACMEIssuerStatusApplyConfiguration { + b.LastPrivateKeyHash = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/azuremanagedidentity.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/azuremanagedidentity.go new file mode 100644 index 00000000000..646e245d06e --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/azuremanagedidentity.go @@ -0,0 +1,65 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// AzureManagedIdentityApplyConfiguration represents a declarative configuration of the AzureManagedIdentity type for use +// with apply. +// +// AzureManagedIdentity contains the configuration for Azure Workload Identity or Azure Managed Service Identity +// If the AZURE_FEDERATED_TOKEN_FILE environment variable is set, the Azure Workload Identity will be used. +// Otherwise, we fall back to using Azure Managed Service Identity. +type AzureManagedIdentityApplyConfiguration struct { + // client ID of the managed identity, cannot be used at the same time as resourceID + ClientID *string `json:"clientID,omitempty"` + // resource ID of the managed identity, cannot be used at the same time as clientID + // Cannot be used for Azure Managed Service Identity + ResourceID *string `json:"resourceID,omitempty"` + // tenant ID of the managed identity, cannot be used at the same time as resourceID + TenantID *string `json:"tenantID,omitempty"` +} + +// AzureManagedIdentityApplyConfiguration constructs a declarative configuration of the AzureManagedIdentity type for use with +// apply. +func AzureManagedIdentity() *AzureManagedIdentityApplyConfiguration { + return &AzureManagedIdentityApplyConfiguration{} +} + +// WithClientID sets the ClientID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientID field is set to the value of the last call. +func (b *AzureManagedIdentityApplyConfiguration) WithClientID(value string) *AzureManagedIdentityApplyConfiguration { + b.ClientID = &value + return b +} + +// WithResourceID sets the ResourceID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceID field is set to the value of the last call. +func (b *AzureManagedIdentityApplyConfiguration) WithResourceID(value string) *AzureManagedIdentityApplyConfiguration { + b.ResourceID = &value + return b +} + +// WithTenantID sets the TenantID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TenantID field is set to the value of the last call. +func (b *AzureManagedIdentityApplyConfiguration) WithTenantID(value string) *AzureManagedIdentityApplyConfiguration { + b.TenantID = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/certificatednsnameselector.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/certificatednsnameselector.go new file mode 100644 index 00000000000..6d5dadcf167 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/certificatednsnameselector.go @@ -0,0 +1,90 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// CertificateDNSNameSelectorApplyConfiguration represents a declarative configuration of the CertificateDNSNameSelector type for use +// with apply. +// +// CertificateDNSNameSelector selects certificates using a label selector, and +// can optionally select individual DNS names within those certificates. +// If both MatchLabels and DNSNames are empty, this selector will match all +// certificates and DNS names within them. +type CertificateDNSNameSelectorApplyConfiguration struct { + // A label selector that is used to refine the set of certificate's that + // this challenge solver will apply to. + MatchLabels map[string]string `json:"matchLabels,omitempty"` + // List of DNSNames that this solver will be used to solve. + // If specified and a match is found, a dnsNames selector will take + // precedence over a dnsZones selector. + // If multiple solvers match with the same dnsNames value, the solver + // with the most matching labels in matchLabels will be selected. + // If neither has more matches, the solver defined earlier in the list + // will be selected. + DNSNames []string `json:"dnsNames,omitempty"` + // List of DNSZones that this solver will be used to solve. + // The most specific DNS zone match specified here will take precedence + // over other DNS zone matches, so a solver specifying sys.example.com + // will be selected over one specifying example.com for the domain + // www.sys.example.com. + // If multiple solvers match with the same dnsZones value, the solver + // with the most matching labels in matchLabels will be selected. + // If neither has more matches, the solver defined earlier in the list + // will be selected. + DNSZones []string `json:"dnsZones,omitempty"` +} + +// CertificateDNSNameSelectorApplyConfiguration constructs a declarative configuration of the CertificateDNSNameSelector type for use with +// apply. +func CertificateDNSNameSelector() *CertificateDNSNameSelectorApplyConfiguration { + return &CertificateDNSNameSelectorApplyConfiguration{} +} + +// WithMatchLabels puts the entries into the MatchLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the MatchLabels field, +// overwriting an existing map entries in MatchLabels field with the same key. +func (b *CertificateDNSNameSelectorApplyConfiguration) WithMatchLabels(entries map[string]string) *CertificateDNSNameSelectorApplyConfiguration { + if b.MatchLabels == nil && len(entries) > 0 { + b.MatchLabels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.MatchLabels[k] = v + } + return b +} + +// WithDNSNames adds the given value to the DNSNames field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DNSNames field. +func (b *CertificateDNSNameSelectorApplyConfiguration) WithDNSNames(values ...string) *CertificateDNSNameSelectorApplyConfiguration { + for i := range values { + b.DNSNames = append(b.DNSNames, values[i]) + } + return b +} + +// WithDNSZones adds the given value to the DNSZones field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DNSZones field. +func (b *CertificateDNSNameSelectorApplyConfiguration) WithDNSZones(values ...string) *CertificateDNSNameSelectorApplyConfiguration { + for i := range values { + b.DNSZones = append(b.DNSZones, values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challenge.go new file mode 100644 index 00000000000..c3e0ee2c9a1 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challenge.go @@ -0,0 +1,289 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// ChallengeApplyConfiguration represents a declarative configuration of the Challenge type for use +// with apply. +// +// Challenge is a type to represent a Challenge request with an ACME server +type ChallengeApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *ChallengeSpecApplyConfiguration `json:"spec,omitempty"` + Status *ChallengeStatusApplyConfiguration `json:"status,omitempty"` +} + +// Challenge constructs a declarative configuration of the Challenge type for use with +// apply. +func Challenge(name, namespace string) *ChallengeApplyConfiguration { + b := &ChallengeApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("Challenge") + b.WithAPIVersion("acme.cert-manager.io/v1") + return b +} + +// ExtractChallengeFrom extracts the applied configuration owned by fieldManager from +// challenge for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// challenge must be a unmodified Challenge API object that was retrieved from the Kubernetes API. +// ExtractChallengeFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractChallengeFrom(challenge *acmev1.Challenge, fieldManager string, subresource string) (*ChallengeApplyConfiguration, error) { + b := &ChallengeApplyConfiguration{} + err := managedfields.ExtractInto(challenge, internal.Parser().Type("com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Challenge"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(challenge.Name) + b.WithNamespace(challenge.Namespace) + + b.WithKind("Challenge") + b.WithAPIVersion("acme.cert-manager.io/v1") + return b, nil +} + +// ExtractChallenge extracts the applied configuration owned by fieldManager from +// challenge. If no managedFields are found in challenge for fieldManager, a +// ChallengeApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// challenge must be a unmodified Challenge API object that was retrieved from the Kubernetes API. +// ExtractChallenge provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractChallenge(challenge *acmev1.Challenge, fieldManager string) (*ChallengeApplyConfiguration, error) { + return ExtractChallengeFrom(challenge, fieldManager, "") +} + +// ExtractChallengeStatus extracts the applied configuration owned by fieldManager from +// challenge for the status subresource. +func ExtractChallengeStatus(challenge *acmev1.Challenge, fieldManager string) (*ChallengeApplyConfiguration, error) { + return ExtractChallengeFrom(challenge, fieldManager, "status") +} + +func (b ChallengeApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithKind(value string) *ChallengeApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithAPIVersion(value string) *ChallengeApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithName(value string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithGenerateName(value string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithNamespace(value string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithUID(value types.UID) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithResourceVersion(value string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithGeneration(value int64) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ChallengeApplyConfiguration) WithLabels(entries map[string]string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ChallengeApplyConfiguration) WithAnnotations(entries map[string]string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *ChallengeApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *ChallengeApplyConfiguration) WithFinalizers(values ...string) *ChallengeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *ChallengeApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithSpec(value *ChallengeSpecApplyConfiguration) *ChallengeApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *ChallengeApplyConfiguration) WithStatus(value *ChallengeStatusApplyConfiguration) *ChallengeApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *ChallengeApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *ChallengeApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ChallengeApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *ChallengeApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengespec.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengespec.go new file mode 100644 index 00000000000..7b5e0675ad3 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengespec.go @@ -0,0 +1,143 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// ChallengeSpecApplyConfiguration represents a declarative configuration of the ChallengeSpec type for use +// with apply. +type ChallengeSpecApplyConfiguration struct { + // The URL of the ACME Challenge resource for this challenge. + // This can be used to lookup details about the status of this challenge. + URL *string `json:"url,omitempty"` + // The URL to the ACME Authorization resource that this + // challenge is a part of. + AuthorizationURL *string `json:"authorizationURL,omitempty"` + // dnsName is the identifier that this challenge is for, e.g., example.com. + // If the requested DNSName is a 'wildcard', this field MUST be set to the + // non-wildcard domain, e.g., for `*.example.com`, it must be `example.com`. + DNSName *string `json:"dnsName,omitempty"` + // wildcard will be true if this challenge is for a wildcard identifier, + // for example '*.example.com'. + Wildcard *bool `json:"wildcard,omitempty"` + // The type of ACME challenge this resource represents. + // One of "HTTP-01" or "DNS-01". + Type *acmev1.ACMEChallengeType `json:"type,omitempty"` + // The ACME challenge token for this challenge. + // This is the raw value returned from the ACME server. + Token *string `json:"token,omitempty"` + // The ACME challenge key for this challenge + // For HTTP01 challenges, this is the value that must be responded with to + // complete the HTTP01 challenge in the format: + // `.`. + // For DNS01 challenges, this is the base64 encoded SHA256 sum of the + // `.` + // text that must be set as the TXT record content. + Key *string `json:"key,omitempty"` + // Contains the domain solving configuration that should be used to + // solve this challenge resource. + Solver *ACMEChallengeSolverApplyConfiguration `json:"solver,omitempty"` + // References a properly configured ACME-type Issuer which should + // be used to create this Challenge. + // If the Issuer does not exist, processing will be retried. + // If the Issuer is not an 'ACME' Issuer, an error will be returned and the + // Challenge will be marked as failed. + IssuerRef *metav1.IssuerReferenceApplyConfiguration `json:"issuerRef,omitempty"` +} + +// ChallengeSpecApplyConfiguration constructs a declarative configuration of the ChallengeSpec type for use with +// apply. +func ChallengeSpec() *ChallengeSpecApplyConfiguration { + return &ChallengeSpecApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithURL(value string) *ChallengeSpecApplyConfiguration { + b.URL = &value + return b +} + +// WithAuthorizationURL sets the AuthorizationURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AuthorizationURL field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithAuthorizationURL(value string) *ChallengeSpecApplyConfiguration { + b.AuthorizationURL = &value + return b +} + +// WithDNSName sets the DNSName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSName field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithDNSName(value string) *ChallengeSpecApplyConfiguration { + b.DNSName = &value + return b +} + +// WithWildcard sets the Wildcard field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Wildcard field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithWildcard(value bool) *ChallengeSpecApplyConfiguration { + b.Wildcard = &value + return b +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithType(value acmev1.ACMEChallengeType) *ChallengeSpecApplyConfiguration { + b.Type = &value + return b +} + +// WithToken sets the Token field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Token field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithToken(value string) *ChallengeSpecApplyConfiguration { + b.Token = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithKey(value string) *ChallengeSpecApplyConfiguration { + b.Key = &value + return b +} + +// WithSolver sets the Solver field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Solver field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithSolver(value *ACMEChallengeSolverApplyConfiguration) *ChallengeSpecApplyConfiguration { + b.Solver = value + return b +} + +// WithIssuerRef sets the IssuerRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IssuerRef field is set to the value of the last call. +func (b *ChallengeSpecApplyConfiguration) WithIssuerRef(value *metav1.IssuerReferenceApplyConfiguration) *ChallengeSpecApplyConfiguration { + b.IssuerRef = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengestatus.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengestatus.go new file mode 100644 index 00000000000..89ebe74e93a --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/challengestatus.go @@ -0,0 +1,86 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +// ChallengeStatusApplyConfiguration represents a declarative configuration of the ChallengeStatus type for use +// with apply. +type ChallengeStatusApplyConfiguration struct { + // Used to denote whether this challenge should be processed or not. + // This field will only be set to true by the 'scheduling' component. + // It will only be set to false by the 'challenges' controller, after the + // challenge has reached a final state or timed out. + // If this field is set to false, the challenge controller will not take + // any more action. + Processing *bool `json:"processing,omitempty"` + // presented will be set to true if the challenge values for this challenge + // are currently 'presented'. + // This *does not* imply the self check is passing. Only that the values + // have been 'submitted' for the appropriate challenge mechanism (i.e. the + // DNS01 TXT record has been presented, or the HTTP01 configuration has been + // configured). + Presented *bool `json:"presented,omitempty"` + // Contains human readable information on why the Challenge is in the + // current state. + Reason *string `json:"reason,omitempty"` + // Contains the current 'state' of the challenge. + // If not set, the state of the challenge is unknown. + State *acmev1.State `json:"state,omitempty"` +} + +// ChallengeStatusApplyConfiguration constructs a declarative configuration of the ChallengeStatus type for use with +// apply. +func ChallengeStatus() *ChallengeStatusApplyConfiguration { + return &ChallengeStatusApplyConfiguration{} +} + +// WithProcessing sets the Processing field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Processing field is set to the value of the last call. +func (b *ChallengeStatusApplyConfiguration) WithProcessing(value bool) *ChallengeStatusApplyConfiguration { + b.Processing = &value + return b +} + +// WithPresented sets the Presented field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Presented field is set to the value of the last call. +func (b *ChallengeStatusApplyConfiguration) WithPresented(value bool) *ChallengeStatusApplyConfiguration { + b.Presented = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *ChallengeStatusApplyConfiguration) WithReason(value string) *ChallengeStatusApplyConfiguration { + b.Reason = &value + return b +} + +// WithState sets the State field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the State field is set to the value of the last call. +func (b *ChallengeStatusApplyConfiguration) WithState(value acmev1.State) *ChallengeStatusApplyConfiguration { + b.State = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/order.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/order.go new file mode 100644 index 00000000000..ddc9fb84da8 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/order.go @@ -0,0 +1,289 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// OrderApplyConfiguration represents a declarative configuration of the Order type for use +// with apply. +// +// Order is a type to represent an Order with an ACME server +type OrderApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *OrderSpecApplyConfiguration `json:"spec,omitempty"` + Status *OrderStatusApplyConfiguration `json:"status,omitempty"` +} + +// Order constructs a declarative configuration of the Order type for use with +// apply. +func Order(name, namespace string) *OrderApplyConfiguration { + b := &OrderApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("Order") + b.WithAPIVersion("acme.cert-manager.io/v1") + return b +} + +// ExtractOrderFrom extracts the applied configuration owned by fieldManager from +// order for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// order must be a unmodified Order API object that was retrieved from the Kubernetes API. +// ExtractOrderFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractOrderFrom(order *acmev1.Order, fieldManager string, subresource string) (*OrderApplyConfiguration, error) { + b := &OrderApplyConfiguration{} + err := managedfields.ExtractInto(order, internal.Parser().Type("com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Order"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(order.Name) + b.WithNamespace(order.Namespace) + + b.WithKind("Order") + b.WithAPIVersion("acme.cert-manager.io/v1") + return b, nil +} + +// ExtractOrder extracts the applied configuration owned by fieldManager from +// order. If no managedFields are found in order for fieldManager, a +// OrderApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// order must be a unmodified Order API object that was retrieved from the Kubernetes API. +// ExtractOrder provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractOrder(order *acmev1.Order, fieldManager string) (*OrderApplyConfiguration, error) { + return ExtractOrderFrom(order, fieldManager, "") +} + +// ExtractOrderStatus extracts the applied configuration owned by fieldManager from +// order for the status subresource. +func ExtractOrderStatus(order *acmev1.Order, fieldManager string) (*OrderApplyConfiguration, error) { + return ExtractOrderFrom(order, fieldManager, "status") +} + +func (b OrderApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithKind(value string) *OrderApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithAPIVersion(value string) *OrderApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithName(value string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithGenerateName(value string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithNamespace(value string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithUID(value types.UID) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithResourceVersion(value string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithGeneration(value int64) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *OrderApplyConfiguration) WithLabels(entries map[string]string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *OrderApplyConfiguration) WithAnnotations(entries map[string]string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *OrderApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *OrderApplyConfiguration) WithFinalizers(values ...string) *OrderApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *OrderApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithSpec(value *OrderSpecApplyConfiguration) *OrderApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *OrderApplyConfiguration) WithStatus(value *OrderStatusApplyConfiguration) *OrderApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *OrderApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *OrderApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *OrderApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *OrderApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderspec.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderspec.go new file mode 100644 index 00000000000..862f7810e4b --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderspec.go @@ -0,0 +1,125 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// OrderSpecApplyConfiguration represents a declarative configuration of the OrderSpec type for use +// with apply. +type OrderSpecApplyConfiguration struct { + // Certificate signing request bytes in DER encoding. + // This will be used when finalizing the order. + // This field must be set on the order. + Request []byte `json:"request,omitempty"` + // IssuerRef references a properly configured ACME-type Issuer which should + // be used to create this Order. + // If the Issuer does not exist, processing will be retried. + // If the Issuer is not an 'ACME' Issuer, an error will be returned and the + // Order will be marked as failed. + IssuerRef *metav1.IssuerReferenceApplyConfiguration `json:"issuerRef,omitempty"` + // CommonName is the common name as specified on the DER encoded CSR. + // If specified, this value must also be present in `dnsNames` or `ipAddresses`. + // This field must match the corresponding field on the DER encoded CSR. + CommonName *string `json:"commonName,omitempty"` + // DNSNames is a list of DNS names that should be included as part of the Order + // validation process. + // This field must match the corresponding field on the DER encoded CSR. + DNSNames []string `json:"dnsNames,omitempty"` + // IPAddresses is a list of IP addresses that should be included as part of the Order + // validation process. + // This field must match the corresponding field on the DER encoded CSR. + IPAddresses []string `json:"ipAddresses,omitempty"` + // Duration is the duration for the not after date for the requested certificate. + // this is set on order creation as pe the ACME spec. + Duration *apismetav1.Duration `json:"duration,omitempty"` + // Profile allows requesting a certificate profile from the ACME server. + // Supported profiles are listed by the server's ACME directory URL. + Profile *string `json:"profile,omitempty"` +} + +// OrderSpecApplyConfiguration constructs a declarative configuration of the OrderSpec type for use with +// apply. +func OrderSpec() *OrderSpecApplyConfiguration { + return &OrderSpecApplyConfiguration{} +} + +// WithRequest adds the given value to the Request field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Request field. +func (b *OrderSpecApplyConfiguration) WithRequest(values ...byte) *OrderSpecApplyConfiguration { + for i := range values { + b.Request = append(b.Request, values[i]) + } + return b +} + +// WithIssuerRef sets the IssuerRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IssuerRef field is set to the value of the last call. +func (b *OrderSpecApplyConfiguration) WithIssuerRef(value *metav1.IssuerReferenceApplyConfiguration) *OrderSpecApplyConfiguration { + b.IssuerRef = value + return b +} + +// WithCommonName sets the CommonName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CommonName field is set to the value of the last call. +func (b *OrderSpecApplyConfiguration) WithCommonName(value string) *OrderSpecApplyConfiguration { + b.CommonName = &value + return b +} + +// WithDNSNames adds the given value to the DNSNames field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DNSNames field. +func (b *OrderSpecApplyConfiguration) WithDNSNames(values ...string) *OrderSpecApplyConfiguration { + for i := range values { + b.DNSNames = append(b.DNSNames, values[i]) + } + return b +} + +// WithIPAddresses adds the given value to the IPAddresses field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IPAddresses field. +func (b *OrderSpecApplyConfiguration) WithIPAddresses(values ...string) *OrderSpecApplyConfiguration { + for i := range values { + b.IPAddresses = append(b.IPAddresses, values[i]) + } + return b +} + +// WithDuration sets the Duration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Duration field is set to the value of the last call. +func (b *OrderSpecApplyConfiguration) WithDuration(value apismetav1.Duration) *OrderSpecApplyConfiguration { + b.Duration = &value + return b +} + +// WithProfile sets the Profile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Profile field is set to the value of the last call. +func (b *OrderSpecApplyConfiguration) WithProfile(value string) *OrderSpecApplyConfiguration { + b.Profile = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderstatus.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderstatus.go new file mode 100644 index 00000000000..c61f8c843c4 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/orderstatus.go @@ -0,0 +1,124 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// OrderStatusApplyConfiguration represents a declarative configuration of the OrderStatus type for use +// with apply. +type OrderStatusApplyConfiguration struct { + // URL of the Order. + // This will initially be empty when the resource is first created. + // The Order controller will populate this field when the Order is first processed. + // This field will be immutable after it is initially set. + URL *string `json:"url,omitempty"` + // FinalizeURL of the Order. + // This is used to obtain certificates for this order once it has been completed. + FinalizeURL *string `json:"finalizeURL,omitempty"` + // Authorizations contains data returned from the ACME server on what + // authorizations must be completed in order to validate the DNS names + // specified on the Order. + Authorizations []ACMEAuthorizationApplyConfiguration `json:"authorizations,omitempty"` + // Certificate is a copy of the PEM encoded certificate for this Order. + // This field will be populated after the order has been successfully + // finalized with the ACME server, and the order has transitioned to the + // 'valid' state. + Certificate []byte `json:"certificate,omitempty"` + // State contains the current state of this Order resource. + // States 'success' and 'expired' are 'final' + State *acmev1.State `json:"state,omitempty"` + // Reason optionally provides more information about a why the order is in + // the current state. + Reason *string `json:"reason,omitempty"` + // FailureTime stores the time that this order failed. + // This is used to influence garbage collection and back-off. + FailureTime *metav1.Time `json:"failureTime,omitempty"` +} + +// OrderStatusApplyConfiguration constructs a declarative configuration of the OrderStatus type for use with +// apply. +func OrderStatus() *OrderStatusApplyConfiguration { + return &OrderStatusApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *OrderStatusApplyConfiguration) WithURL(value string) *OrderStatusApplyConfiguration { + b.URL = &value + return b +} + +// WithFinalizeURL sets the FinalizeURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FinalizeURL field is set to the value of the last call. +func (b *OrderStatusApplyConfiguration) WithFinalizeURL(value string) *OrderStatusApplyConfiguration { + b.FinalizeURL = &value + return b +} + +// WithAuthorizations adds the given value to the Authorizations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Authorizations field. +func (b *OrderStatusApplyConfiguration) WithAuthorizations(values ...*ACMEAuthorizationApplyConfiguration) *OrderStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAuthorizations") + } + b.Authorizations = append(b.Authorizations, *values[i]) + } + return b +} + +// WithCertificate adds the given value to the Certificate field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Certificate field. +func (b *OrderStatusApplyConfiguration) WithCertificate(values ...byte) *OrderStatusApplyConfiguration { + for i := range values { + b.Certificate = append(b.Certificate, values[i]) + } + return b +} + +// WithState sets the State field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the State field is set to the value of the last call. +func (b *OrderStatusApplyConfiguration) WithState(value acmev1.State) *OrderStatusApplyConfiguration { + b.State = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *OrderStatusApplyConfiguration) WithReason(value string) *OrderStatusApplyConfiguration { + b.Reason = &value + return b +} + +// WithFailureTime sets the FailureTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FailureTime field is set to the value of the last call. +func (b *OrderStatusApplyConfiguration) WithFailureTime(value metav1.Time) *OrderStatusApplyConfiguration { + b.FailureTime = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53auth.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53auth.go new file mode 100644 index 00000000000..8b209454eee --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53auth.go @@ -0,0 +1,43 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// Route53AuthApplyConfiguration represents a declarative configuration of the Route53Auth type for use +// with apply. +// +// Route53Auth is configuration used to authenticate with a Route53. +type Route53AuthApplyConfiguration struct { + // Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + // by passing a bound ServiceAccount token. + Kubernetes *Route53KubernetesAuthApplyConfiguration `json:"kubernetes,omitempty"` +} + +// Route53AuthApplyConfiguration constructs a declarative configuration of the Route53Auth type for use with +// apply. +func Route53Auth() *Route53AuthApplyConfiguration { + return &Route53AuthApplyConfiguration{} +} + +// WithKubernetes sets the Kubernetes field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kubernetes field is set to the value of the last call. +func (b *Route53AuthApplyConfiguration) WithKubernetes(value *Route53KubernetesAuthApplyConfiguration) *Route53AuthApplyConfiguration { + b.Kubernetes = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53kubernetesauth.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53kubernetesauth.go new file mode 100644 index 00000000000..50704ec01d3 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/route53kubernetesauth.go @@ -0,0 +1,45 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// Route53KubernetesAuthApplyConfiguration represents a declarative configuration of the Route53KubernetesAuth type for use +// with apply. +// +// Route53KubernetesAuth is a configuration to authenticate against Route53 +// using a bound Kubernetes ServiceAccount token. +type Route53KubernetesAuthApplyConfiguration struct { + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). To use this field, you must + // configure an RBAC rule to let cert-manager request a token. + ServiceAccountRef *ServiceAccountRefApplyConfiguration `json:"serviceAccountRef,omitempty"` +} + +// Route53KubernetesAuthApplyConfiguration constructs a declarative configuration of the Route53KubernetesAuth type for use with +// apply. +func Route53KubernetesAuth() *Route53KubernetesAuthApplyConfiguration { + return &Route53KubernetesAuthApplyConfiguration{} +} + +// WithServiceAccountRef sets the ServiceAccountRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountRef field is set to the value of the last call. +func (b *Route53KubernetesAuthApplyConfiguration) WithServiceAccountRef(value *ServiceAccountRefApplyConfiguration) *Route53KubernetesAuthApplyConfiguration { + b.ServiceAccountRef = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/serviceaccountref.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/serviceaccountref.go new file mode 100644 index 00000000000..0866c700226 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1/serviceaccountref.go @@ -0,0 +1,58 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ServiceAccountRefApplyConfiguration represents a declarative configuration of the ServiceAccountRef type for use +// with apply. +// +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The expiration of the token is also set by cert-manager to 10 minutes. +type ServiceAccountRefApplyConfiguration struct { + // Name of the ServiceAccount used to request a token. + Name *string `json:"name,omitempty"` + // TokenAudiences is an optional list of audiences to include in the + // token passed to AWS. The default token consisting of the issuer's namespace + // and name is always included. + // If unset the audience defaults to `sts.amazonaws.com`. + TokenAudiences []string `json:"audiences,omitempty"` +} + +// ServiceAccountRefApplyConfiguration constructs a declarative configuration of the ServiceAccountRef type for use with +// apply. +func ServiceAccountRef() *ServiceAccountRefApplyConfiguration { + return &ServiceAccountRefApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ServiceAccountRefApplyConfiguration) WithName(value string) *ServiceAccountRefApplyConfiguration { + b.Name = &value + return b +} + +// WithTokenAudiences adds the given value to the TokenAudiences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TokenAudiences field. +func (b *ServiceAccountRefApplyConfiguration) WithTokenAudiences(values ...string) *ServiceAccountRefApplyConfiguration { + for i := range values { + b.TokenAudiences = append(b.TokenAudiences, values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/caissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/caissuer.go new file mode 100644 index 00000000000..8a9a7e4c0b8 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/caissuer.go @@ -0,0 +1,85 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// CAIssuerApplyConfiguration represents a declarative configuration of the CAIssuer type for use +// with apply. +type CAIssuerApplyConfiguration struct { + // SecretName is the name of the secret used to sign Certificates issued + // by this Issuer. + SecretName *string `json:"secretName,omitempty"` + // The CRL distribution points is an X.509 v3 certificate extension which identifies + // the location of the CRL from which the revocation of this certificate can be checked. + // If not set, certificates will be issued without distribution points set. + CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` + // The OCSP server list is an X.509 v3 extension that defines a list of + // URLs of OCSP responders. The OCSP responders can be queried for the + // revocation status of an issued certificate. If not set, the + // certificate will be issued with no OCSP servers set. For example, an + // OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + OCSPServers []string `json:"ocspServers,omitempty"` + // IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates + // it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. + // As an example, such a URL might be "http://ca.domain.com/ca.crt". + IssuingCertificateURLs []string `json:"issuingCertificateURLs,omitempty"` +} + +// CAIssuerApplyConfiguration constructs a declarative configuration of the CAIssuer type for use with +// apply. +func CAIssuer() *CAIssuerApplyConfiguration { + return &CAIssuerApplyConfiguration{} +} + +// WithSecretName sets the SecretName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretName field is set to the value of the last call. +func (b *CAIssuerApplyConfiguration) WithSecretName(value string) *CAIssuerApplyConfiguration { + b.SecretName = &value + return b +} + +// WithCRLDistributionPoints adds the given value to the CRLDistributionPoints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CRLDistributionPoints field. +func (b *CAIssuerApplyConfiguration) WithCRLDistributionPoints(values ...string) *CAIssuerApplyConfiguration { + for i := range values { + b.CRLDistributionPoints = append(b.CRLDistributionPoints, values[i]) + } + return b +} + +// WithOCSPServers adds the given value to the OCSPServers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OCSPServers field. +func (b *CAIssuerApplyConfiguration) WithOCSPServers(values ...string) *CAIssuerApplyConfiguration { + for i := range values { + b.OCSPServers = append(b.OCSPServers, values[i]) + } + return b +} + +// WithIssuingCertificateURLs adds the given value to the IssuingCertificateURLs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IssuingCertificateURLs field. +func (b *CAIssuerApplyConfiguration) WithIssuingCertificateURLs(values ...string) *CAIssuerApplyConfiguration { + for i := range values { + b.IssuingCertificateURLs = append(b.IssuingCertificateURLs, values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificate.go new file mode 100644 index 00000000000..4e0b4ff7b97 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificate.go @@ -0,0 +1,300 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// CertificateApplyConfiguration represents a declarative configuration of the Certificate type for use +// with apply. +// +// A Certificate resource should be created to ensure an up to date and signed +// X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. +// +// The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). +type CertificateApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // Specification of the desired state of the Certificate resource. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Spec *CertificateSpecApplyConfiguration `json:"spec,omitempty"` + // Status of the Certificate. + // This is set and managed automatically. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Status *CertificateStatusApplyConfiguration `json:"status,omitempty"` +} + +// Certificate constructs a declarative configuration of the Certificate type for use with +// apply. +func Certificate(name, namespace string) *CertificateApplyConfiguration { + b := &CertificateApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("Certificate") + b.WithAPIVersion("cert-manager.io/v1") + return b +} + +// ExtractCertificateFrom extracts the applied configuration owned by fieldManager from +// certificate for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// certificate must be a unmodified Certificate API object that was retrieved from the Kubernetes API. +// ExtractCertificateFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractCertificateFrom(certificate *certmanagerv1.Certificate, fieldManager string, subresource string) (*CertificateApplyConfiguration, error) { + b := &CertificateApplyConfiguration{} + err := managedfields.ExtractInto(certificate, internal.Parser().Type("com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.Certificate"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(certificate.Name) + b.WithNamespace(certificate.Namespace) + + b.WithKind("Certificate") + b.WithAPIVersion("cert-manager.io/v1") + return b, nil +} + +// ExtractCertificate extracts the applied configuration owned by fieldManager from +// certificate. If no managedFields are found in certificate for fieldManager, a +// CertificateApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// certificate must be a unmodified Certificate API object that was retrieved from the Kubernetes API. +// ExtractCertificate provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractCertificate(certificate *certmanagerv1.Certificate, fieldManager string) (*CertificateApplyConfiguration, error) { + return ExtractCertificateFrom(certificate, fieldManager, "") +} + +// ExtractCertificateStatus extracts the applied configuration owned by fieldManager from +// certificate for the status subresource. +func ExtractCertificateStatus(certificate *certmanagerv1.Certificate, fieldManager string) (*CertificateApplyConfiguration, error) { + return ExtractCertificateFrom(certificate, fieldManager, "status") +} + +func (b CertificateApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithKind(value string) *CertificateApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithAPIVersion(value string) *CertificateApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithName(value string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithGenerateName(value string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithNamespace(value string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithUID(value types.UID) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithResourceVersion(value string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithGeneration(value int64) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *CertificateApplyConfiguration) WithLabels(entries map[string]string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *CertificateApplyConfiguration) WithAnnotations(entries map[string]string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *CertificateApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *CertificateApplyConfiguration) WithFinalizers(values ...string) *CertificateApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *CertificateApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithSpec(value *CertificateSpecApplyConfiguration) *CertificateApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *CertificateApplyConfiguration) WithStatus(value *CertificateStatusApplyConfiguration) *CertificateApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *CertificateApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *CertificateApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *CertificateApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *CertificateApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateadditionaloutputformat.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateadditionaloutputformat.go new file mode 100644 index 00000000000..111fa5c8a08 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateadditionaloutputformat.go @@ -0,0 +1,49 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" +) + +// CertificateAdditionalOutputFormatApplyConfiguration represents a declarative configuration of the CertificateAdditionalOutputFormat type for use +// with apply. +// +// CertificateAdditionalOutputFormat defines an additional output format of a +// Certificate resource. These contain supplementary data formats of the signed +// certificate chain and paired private key. +type CertificateAdditionalOutputFormatApplyConfiguration struct { + // Type is the name of the format type that should be written to the + // Certificate's target Secret. + Type *certmanagerv1.CertificateOutputFormatType `json:"type,omitempty"` +} + +// CertificateAdditionalOutputFormatApplyConfiguration constructs a declarative configuration of the CertificateAdditionalOutputFormat type for use with +// apply. +func CertificateAdditionalOutputFormat() *CertificateAdditionalOutputFormatApplyConfiguration { + return &CertificateAdditionalOutputFormatApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *CertificateAdditionalOutputFormatApplyConfiguration) WithType(value certmanagerv1.CertificateOutputFormatType) *CertificateAdditionalOutputFormatApplyConfiguration { + b.Type = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatecondition.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatecondition.go new file mode 100644 index 00000000000..bc565432508 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatecondition.go @@ -0,0 +1,105 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CertificateConditionApplyConfiguration represents a declarative configuration of the CertificateCondition type for use +// with apply. +// +// CertificateCondition contains condition information for a Certificate. +type CertificateConditionApplyConfiguration struct { + // Type of the condition, known values are (`Ready`, `Issuing`). + Type *certmanagerv1.CertificateConditionType `json:"type,omitempty"` + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status *metav1.ConditionStatus `json:"status,omitempty"` + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + LastTransitionTime *apismetav1.Time `json:"lastTransitionTime,omitempty"` + // Reason is a brief machine readable explanation for the condition's last + // transition. + Reason *string `json:"reason,omitempty"` + // Message is a human readable description of the details of the last + // transition, complementing reason. + Message *string `json:"message,omitempty"` + // If set, this represents the .metadata.generation that the condition was + // set based upon. + // For instance, if .metadata.generation is currently 12, but the + // .status.condition[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the Certificate. + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` +} + +// CertificateConditionApplyConfiguration constructs a declarative configuration of the CertificateCondition type for use with +// apply. +func CertificateCondition() *CertificateConditionApplyConfiguration { + return &CertificateConditionApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *CertificateConditionApplyConfiguration) WithType(value certmanagerv1.CertificateConditionType) *CertificateConditionApplyConfiguration { + b.Type = &value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *CertificateConditionApplyConfiguration) WithStatus(value metav1.ConditionStatus) *CertificateConditionApplyConfiguration { + b.Status = &value + return b +} + +// WithLastTransitionTime sets the LastTransitionTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastTransitionTime field is set to the value of the last call. +func (b *CertificateConditionApplyConfiguration) WithLastTransitionTime(value apismetav1.Time) *CertificateConditionApplyConfiguration { + b.LastTransitionTime = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *CertificateConditionApplyConfiguration) WithReason(value string) *CertificateConditionApplyConfiguration { + b.Reason = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *CertificateConditionApplyConfiguration) WithMessage(value string) *CertificateConditionApplyConfiguration { + b.Message = &value + return b +} + +// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObservedGeneration field is set to the value of the last call. +func (b *CertificateConditionApplyConfiguration) WithObservedGeneration(value int64) *CertificateConditionApplyConfiguration { + b.ObservedGeneration = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatekeystores.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatekeystores.go new file mode 100644 index 00000000000..6c810e7e11f --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatekeystores.go @@ -0,0 +1,55 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// CertificateKeystoresApplyConfiguration represents a declarative configuration of the CertificateKeystores type for use +// with apply. +// +// CertificateKeystores configures additional keystore output formats to be +// created in the Certificate's output Secret. +type CertificateKeystoresApplyConfiguration struct { + // JKS configures options for storing a JKS keystore in the + // `spec.secretName` Secret resource. + JKS *JKSKeystoreApplyConfiguration `json:"jks,omitempty"` + // PKCS12 configures options for storing a PKCS12 keystore in the + // `spec.secretName` Secret resource. + PKCS12 *PKCS12KeystoreApplyConfiguration `json:"pkcs12,omitempty"` +} + +// CertificateKeystoresApplyConfiguration constructs a declarative configuration of the CertificateKeystores type for use with +// apply. +func CertificateKeystores() *CertificateKeystoresApplyConfiguration { + return &CertificateKeystoresApplyConfiguration{} +} + +// WithJKS sets the JKS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the JKS field is set to the value of the last call. +func (b *CertificateKeystoresApplyConfiguration) WithJKS(value *JKSKeystoreApplyConfiguration) *CertificateKeystoresApplyConfiguration { + b.JKS = value + return b +} + +// WithPKCS12 sets the PKCS12 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PKCS12 field is set to the value of the last call. +func (b *CertificateKeystoresApplyConfiguration) WithPKCS12(value *PKCS12KeystoreApplyConfiguration) *CertificateKeystoresApplyConfiguration { + b.PKCS12 = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateprivatekey.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateprivatekey.go new file mode 100644 index 00000000000..c5e85c4f493 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificateprivatekey.go @@ -0,0 +1,108 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" +) + +// CertificatePrivateKeyApplyConfiguration represents a declarative configuration of the CertificatePrivateKey type for use +// with apply. +// +// CertificatePrivateKey contains configuration options for private keys +// used by the Certificate controller. +// These include the key algorithm and size, the used encoding and the +// rotation policy. +type CertificatePrivateKeyApplyConfiguration struct { + // RotationPolicy controls how private keys should be regenerated when a + // re-issuance is being processed. + // + // If set to `Never`, a private key will only be generated if one does not + // already exist in the target `spec.secretName`. If one does exist but it + // does not have the correct algorithm or size, a warning will be raised + // to await user intervention. + // If set to `Always`, a private key matching the specified requirements + // will be generated whenever a re-issuance occurs. + // Default is `Always`. + // The default was changed from `Never` to `Always` in cert-manager >=v1.18.0. + RotationPolicy *certmanagerv1.PrivateKeyRotationPolicy `json:"rotationPolicy,omitempty"` + // The private key cryptography standards (PKCS) encoding for this + // certificate's private key to be encoded in. + // + // If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 + // and PKCS#8, respectively. + // Defaults to `PKCS1` if not specified. + Encoding *certmanagerv1.PrivateKeyEncoding `json:"encoding,omitempty"` + // Algorithm is the private key algorithm of the corresponding private key + // for this certificate. + // + // If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. + // If `algorithm` is specified and `size` is not provided, + // key size of 2048 will be used for `RSA` key algorithm and + // key size of 256 will be used for `ECDSA` key algorithm. + // key size is ignored when using the `Ed25519` key algorithm. + Algorithm *certmanagerv1.PrivateKeyAlgorithm `json:"algorithm,omitempty"` + // Size is the key bit size of the corresponding private key for this certificate. + // + // If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, + // and will default to `2048` if not specified. + // If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, + // and will default to `256` if not specified. + // If `algorithm` is set to `Ed25519`, Size is ignored. + // No other values are allowed. + Size *int `json:"size,omitempty"` +} + +// CertificatePrivateKeyApplyConfiguration constructs a declarative configuration of the CertificatePrivateKey type for use with +// apply. +func CertificatePrivateKey() *CertificatePrivateKeyApplyConfiguration { + return &CertificatePrivateKeyApplyConfiguration{} +} + +// WithRotationPolicy sets the RotationPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RotationPolicy field is set to the value of the last call. +func (b *CertificatePrivateKeyApplyConfiguration) WithRotationPolicy(value certmanagerv1.PrivateKeyRotationPolicy) *CertificatePrivateKeyApplyConfiguration { + b.RotationPolicy = &value + return b +} + +// WithEncoding sets the Encoding field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Encoding field is set to the value of the last call. +func (b *CertificatePrivateKeyApplyConfiguration) WithEncoding(value certmanagerv1.PrivateKeyEncoding) *CertificatePrivateKeyApplyConfiguration { + b.Encoding = &value + return b +} + +// WithAlgorithm sets the Algorithm field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Algorithm field is set to the value of the last call. +func (b *CertificatePrivateKeyApplyConfiguration) WithAlgorithm(value certmanagerv1.PrivateKeyAlgorithm) *CertificatePrivateKeyApplyConfiguration { + b.Algorithm = &value + return b +} + +// WithSize sets the Size field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Size field is set to the value of the last call. +func (b *CertificatePrivateKeyApplyConfiguration) WithSize(value int) *CertificatePrivateKeyApplyConfiguration { + b.Size = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequest.go new file mode 100644 index 00000000000..6a5502bcd6e --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequest.go @@ -0,0 +1,305 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// CertificateRequestApplyConfiguration represents a declarative configuration of the CertificateRequest type for use +// with apply. +// +// A CertificateRequest is used to request a signed certificate from one of the +// configured issuers. +// +// All fields within the CertificateRequest's `spec` are immutable after creation. +// A CertificateRequest will either succeed or fail, as denoted by its `Ready` status +// condition and its `status.failureTime` field. +// +// A CertificateRequest is a one-shot resource, meaning it represents a single +// point in time request for a certificate and cannot be re-used. +type CertificateRequestApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // Specification of the desired state of the CertificateRequest resource. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Spec *CertificateRequestSpecApplyConfiguration `json:"spec,omitempty"` + // Status of the CertificateRequest. + // This is set and managed automatically. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + Status *CertificateRequestStatusApplyConfiguration `json:"status,omitempty"` +} + +// CertificateRequest constructs a declarative configuration of the CertificateRequest type for use with +// apply. +func CertificateRequest(name, namespace string) *CertificateRequestApplyConfiguration { + b := &CertificateRequestApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("CertificateRequest") + b.WithAPIVersion("cert-manager.io/v1") + return b +} + +// ExtractCertificateRequestFrom extracts the applied configuration owned by fieldManager from +// certificateRequest for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// certificateRequest must be a unmodified CertificateRequest API object that was retrieved from the Kubernetes API. +// ExtractCertificateRequestFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractCertificateRequestFrom(certificateRequest *certmanagerv1.CertificateRequest, fieldManager string, subresource string) (*CertificateRequestApplyConfiguration, error) { + b := &CertificateRequestApplyConfiguration{} + err := managedfields.ExtractInto(certificateRequest, internal.Parser().Type("com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequest"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(certificateRequest.Name) + b.WithNamespace(certificateRequest.Namespace) + + b.WithKind("CertificateRequest") + b.WithAPIVersion("cert-manager.io/v1") + return b, nil +} + +// ExtractCertificateRequest extracts the applied configuration owned by fieldManager from +// certificateRequest. If no managedFields are found in certificateRequest for fieldManager, a +// CertificateRequestApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// certificateRequest must be a unmodified CertificateRequest API object that was retrieved from the Kubernetes API. +// ExtractCertificateRequest provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractCertificateRequest(certificateRequest *certmanagerv1.CertificateRequest, fieldManager string) (*CertificateRequestApplyConfiguration, error) { + return ExtractCertificateRequestFrom(certificateRequest, fieldManager, "") +} + +// ExtractCertificateRequestStatus extracts the applied configuration owned by fieldManager from +// certificateRequest for the status subresource. +func ExtractCertificateRequestStatus(certificateRequest *certmanagerv1.CertificateRequest, fieldManager string) (*CertificateRequestApplyConfiguration, error) { + return ExtractCertificateRequestFrom(certificateRequest, fieldManager, "status") +} + +func (b CertificateRequestApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithKind(value string) *CertificateRequestApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithAPIVersion(value string) *CertificateRequestApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithName(value string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithGenerateName(value string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithNamespace(value string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithUID(value types.UID) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithResourceVersion(value string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithGeneration(value int64) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *CertificateRequestApplyConfiguration) WithLabels(entries map[string]string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *CertificateRequestApplyConfiguration) WithAnnotations(entries map[string]string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *CertificateRequestApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *CertificateRequestApplyConfiguration) WithFinalizers(values ...string) *CertificateRequestApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *CertificateRequestApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithSpec(value *CertificateRequestSpecApplyConfiguration) *CertificateRequestApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *CertificateRequestApplyConfiguration) WithStatus(value *CertificateRequestStatusApplyConfiguration) *CertificateRequestApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *CertificateRequestApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *CertificateRequestApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *CertificateRequestApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *CertificateRequestApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestcondition.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestcondition.go new file mode 100644 index 00000000000..f994ce8508c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestcondition.go @@ -0,0 +1,92 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CertificateRequestConditionApplyConfiguration represents a declarative configuration of the CertificateRequestCondition type for use +// with apply. +// +// CertificateRequestCondition contains condition information for a CertificateRequest. +type CertificateRequestConditionApplyConfiguration struct { + // Type of the condition, known values are (`Ready`, `InvalidRequest`, + // `Approved`, `Denied`). + Type *certmanagerv1.CertificateRequestConditionType `json:"type,omitempty"` + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status *metav1.ConditionStatus `json:"status,omitempty"` + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + LastTransitionTime *apismetav1.Time `json:"lastTransitionTime,omitempty"` + // Reason is a brief machine readable explanation for the condition's last + // transition. + Reason *string `json:"reason,omitempty"` + // Message is a human readable description of the details of the last + // transition, complementing reason. + Message *string `json:"message,omitempty"` +} + +// CertificateRequestConditionApplyConfiguration constructs a declarative configuration of the CertificateRequestCondition type for use with +// apply. +func CertificateRequestCondition() *CertificateRequestConditionApplyConfiguration { + return &CertificateRequestConditionApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *CertificateRequestConditionApplyConfiguration) WithType(value certmanagerv1.CertificateRequestConditionType) *CertificateRequestConditionApplyConfiguration { + b.Type = &value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *CertificateRequestConditionApplyConfiguration) WithStatus(value metav1.ConditionStatus) *CertificateRequestConditionApplyConfiguration { + b.Status = &value + return b +} + +// WithLastTransitionTime sets the LastTransitionTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastTransitionTime field is set to the value of the last call. +func (b *CertificateRequestConditionApplyConfiguration) WithLastTransitionTime(value apismetav1.Time) *CertificateRequestConditionApplyConfiguration { + b.LastTransitionTime = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *CertificateRequestConditionApplyConfiguration) WithReason(value string) *CertificateRequestConditionApplyConfiguration { + b.Reason = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *CertificateRequestConditionApplyConfiguration) WithMessage(value string) *CertificateRequestConditionApplyConfiguration { + b.Message = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestspec.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestspec.go new file mode 100644 index 00000000000..de3063d1a98 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequestspec.go @@ -0,0 +1,179 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + applyconfigurationsmetav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CertificateRequestSpecApplyConfiguration represents a declarative configuration of the CertificateRequestSpec type for use +// with apply. +// +// # CertificateRequestSpec defines the desired state of CertificateRequest +// +// NOTE: It is important to note that the issuer can choose to ignore or change +// any of the requested attributes. How the issuer maps a certificate request +// to a signed certificate is the full responsibility of the issuer itself. +// For example, as an edge case, an issuer that inverts the isCA value is +// free to do so. +type CertificateRequestSpecApplyConfiguration struct { + // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + // issuer may choose to ignore the requested duration, just like any other + // requested attribute. + Duration *metav1.Duration `json:"duration,omitempty"` + // Reference to the issuer responsible for issuing the certificate. + // If the issuer is namespace-scoped, it must be in the same namespace + // as the Certificate. If the issuer is cluster-scoped, it can be used + // from any namespace. + // + // The `name` field of the reference must always be specified. + IssuerRef *applyconfigurationsmetav1.IssuerReferenceApplyConfiguration `json:"issuerRef,omitempty"` + // The PEM-encoded X.509 certificate signing request to be submitted to the + // issuer for signing. + // + // If the CSR has a BasicConstraints extension, its isCA attribute must + // match the `isCA` value of this CertificateRequest. + // If the CSR has a KeyUsage extension, its key usages must match the + // key usages in the `usages` field of this CertificateRequest. + // If the CSR has a ExtKeyUsage extension, its extended key usages + // must match the extended key usages in the `usages` field of this + // CertificateRequest. + Request []byte `json:"request,omitempty"` + // Requested basic constraints isCA value. Note that the issuer may choose + // to ignore the requested isCA value, just like any other requested attribute. + // + // NOTE: If the CSR in the `Request` field has a BasicConstraints extension, + // it must have the same isCA value as specified here. + // + // If true, this will automatically add the `cert sign` usage to the list + // of requested `usages`. + IsCA *bool `json:"isCA,omitempty"` + // Requested key usages and extended key usages. + // + // NOTE: If the CSR in the `Request` field has uses the KeyUsage or + // ExtKeyUsage extension, these extensions must have the same values + // as specified here without any additional values. + // + // If unset, defaults to `digital signature` and `key encipherment`. + Usages []certmanagerv1.KeyUsage `json:"usages,omitempty"` + // Username contains the name of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + Username *string `json:"username,omitempty"` + // UID contains the uid of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + UID *string `json:"uid,omitempty"` + // Groups contains group membership of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + Groups []string `json:"groups,omitempty"` + // Extra contains extra attributes of the user that created the CertificateRequest. + // Populated by the cert-manager webhook on creation and immutable. + Extra map[string][]string `json:"extra,omitempty"` +} + +// CertificateRequestSpecApplyConfiguration constructs a declarative configuration of the CertificateRequestSpec type for use with +// apply. +func CertificateRequestSpec() *CertificateRequestSpecApplyConfiguration { + return &CertificateRequestSpecApplyConfiguration{} +} + +// WithDuration sets the Duration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Duration field is set to the value of the last call. +func (b *CertificateRequestSpecApplyConfiguration) WithDuration(value metav1.Duration) *CertificateRequestSpecApplyConfiguration { + b.Duration = &value + return b +} + +// WithIssuerRef sets the IssuerRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IssuerRef field is set to the value of the last call. +func (b *CertificateRequestSpecApplyConfiguration) WithIssuerRef(value *applyconfigurationsmetav1.IssuerReferenceApplyConfiguration) *CertificateRequestSpecApplyConfiguration { + b.IssuerRef = value + return b +} + +// WithRequest adds the given value to the Request field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Request field. +func (b *CertificateRequestSpecApplyConfiguration) WithRequest(values ...byte) *CertificateRequestSpecApplyConfiguration { + for i := range values { + b.Request = append(b.Request, values[i]) + } + return b +} + +// WithIsCA sets the IsCA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IsCA field is set to the value of the last call. +func (b *CertificateRequestSpecApplyConfiguration) WithIsCA(value bool) *CertificateRequestSpecApplyConfiguration { + b.IsCA = &value + return b +} + +// WithUsages adds the given value to the Usages field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Usages field. +func (b *CertificateRequestSpecApplyConfiguration) WithUsages(values ...certmanagerv1.KeyUsage) *CertificateRequestSpecApplyConfiguration { + for i := range values { + b.Usages = append(b.Usages, values[i]) + } + return b +} + +// WithUsername sets the Username field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Username field is set to the value of the last call. +func (b *CertificateRequestSpecApplyConfiguration) WithUsername(value string) *CertificateRequestSpecApplyConfiguration { + b.Username = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *CertificateRequestSpecApplyConfiguration) WithUID(value string) *CertificateRequestSpecApplyConfiguration { + b.UID = &value + return b +} + +// WithGroups adds the given value to the Groups field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Groups field. +func (b *CertificateRequestSpecApplyConfiguration) WithGroups(values ...string) *CertificateRequestSpecApplyConfiguration { + for i := range values { + b.Groups = append(b.Groups, values[i]) + } + return b +} + +// WithExtra puts the entries into the Extra field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Extra field, +// overwriting an existing map entries in Extra field with the same key. +func (b *CertificateRequestSpecApplyConfiguration) WithExtra(entries map[string][]string) *CertificateRequestSpecApplyConfiguration { + if b.Extra == nil && len(entries) > 0 { + b.Extra = make(map[string][]string, len(entries)) + } + for k, v := range entries { + b.Extra[k] = v + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequeststatus.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequeststatus.go new file mode 100644 index 00000000000..94753a7f1fb --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificaterequeststatus.go @@ -0,0 +1,95 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CertificateRequestStatusApplyConfiguration represents a declarative configuration of the CertificateRequestStatus type for use +// with apply. +// +// CertificateRequestStatus defines the observed state of CertificateRequest and +// resulting signed certificate. +type CertificateRequestStatusApplyConfiguration struct { + // List of status conditions to indicate the status of a CertificateRequest. + // Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. + Conditions []CertificateRequestConditionApplyConfiguration `json:"conditions,omitempty"` + // The PEM encoded X.509 certificate resulting from the certificate + // signing request. + // If not set, the CertificateRequest has either not been completed or has + // failed. More information on failure can be found by checking the + // `conditions` field. + Certificate []byte `json:"certificate,omitempty"` + // The PEM encoded X.509 certificate of the signer, also known as the CA + // (Certificate Authority). + // This is set on a best-effort basis by different issuers. + // If not set, the CA is assumed to be unknown/not available. + CA []byte `json:"ca,omitempty"` + // FailureTime stores the time that this CertificateRequest failed. This is + // used to influence garbage collection and back-off. + FailureTime *metav1.Time `json:"failureTime,omitempty"` +} + +// CertificateRequestStatusApplyConfiguration constructs a declarative configuration of the CertificateRequestStatus type for use with +// apply. +func CertificateRequestStatus() *CertificateRequestStatusApplyConfiguration { + return &CertificateRequestStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *CertificateRequestStatusApplyConfiguration) WithConditions(values ...*CertificateRequestConditionApplyConfiguration) *CertificateRequestStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithCertificate adds the given value to the Certificate field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Certificate field. +func (b *CertificateRequestStatusApplyConfiguration) WithCertificate(values ...byte) *CertificateRequestStatusApplyConfiguration { + for i := range values { + b.Certificate = append(b.Certificate, values[i]) + } + return b +} + +// WithCA adds the given value to the CA field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CA field. +func (b *CertificateRequestStatusApplyConfiguration) WithCA(values ...byte) *CertificateRequestStatusApplyConfiguration { + for i := range values { + b.CA = append(b.CA, values[i]) + } + return b +} + +// WithFailureTime sets the FailureTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FailureTime field is set to the value of the last call. +func (b *CertificateRequestStatusApplyConfiguration) WithFailureTime(value metav1.Time) *CertificateRequestStatusApplyConfiguration { + b.FailureTime = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatesecrettemplate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatesecrettemplate.go new file mode 100644 index 00000000000..b7a21c282be --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatesecrettemplate.go @@ -0,0 +1,65 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// CertificateSecretTemplateApplyConfiguration represents a declarative configuration of the CertificateSecretTemplate type for use +// with apply. +// +// CertificateSecretTemplate defines the default labels and annotations +// to be copied to the Kubernetes Secret resource named in `CertificateSpec.secretName`. +type CertificateSecretTemplateApplyConfiguration struct { + // Annotations is a key value map to be copied to the target Kubernetes Secret. + Annotations map[string]string `json:"annotations,omitempty"` + // Labels is a key value map to be copied to the target Kubernetes Secret. + Labels map[string]string `json:"labels,omitempty"` +} + +// CertificateSecretTemplateApplyConfiguration constructs a declarative configuration of the CertificateSecretTemplate type for use with +// apply. +func CertificateSecretTemplate() *CertificateSecretTemplateApplyConfiguration { + return &CertificateSecretTemplateApplyConfiguration{} +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *CertificateSecretTemplateApplyConfiguration) WithAnnotations(entries map[string]string) *CertificateSecretTemplateApplyConfiguration { + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *CertificateSecretTemplateApplyConfiguration) WithLabels(entries map[string]string) *CertificateSecretTemplateApplyConfiguration { + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatespec.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatespec.go new file mode 100644 index 00000000000..47adfb4e9b3 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatespec.go @@ -0,0 +1,394 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + applyconfigurationsmetav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CertificateSpecApplyConfiguration represents a declarative configuration of the CertificateSpec type for use +// with apply. +// +// CertificateSpec defines the desired state of Certificate. +// +// NOTE: The specification contains a lot of "requested" certificate attributes, it is +// important to note that the issuer can choose to ignore or change any of +// these requested attributes. How the issuer maps a certificate request to a +// signed certificate is the full responsibility of the issuer itself. For example, +// as an edge case, an issuer that inverts the isCA value is free to do so. +// +// A valid Certificate requires at least one of a CommonName, LiteralSubject, DNSName, or +// URI to be valid. +type CertificateSpecApplyConfiguration struct { + // Requested set of X509 certificate subject attributes. + // More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + // + // The common name attribute is specified separately in the `commonName` field. + // Cannot be set if the `literalSubject` field is set. + Subject *X509SubjectApplyConfiguration `json:"subject,omitempty"` + // Requested X.509 certificate subject, represented using the LDAP "String + // Representation of a Distinguished Name" [1]. + // Important: the LDAP string format also specifies the order of the attributes + // in the subject, this is important when issuing certs for LDAP authentication. + // Example: `CN=foo,DC=corp,DC=example,DC=com` + // More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + // More info: https://github.com/cert-manager/cert-manager/issues/3203 + // More info: https://github.com/cert-manager/cert-manager/issues/4424 + // + // Cannot be set if the `subject` or `commonName` field is set. + LiteralSubject *string `json:"literalSubject,omitempty"` + // Requested common name X509 certificate subject attribute. + // More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + // NOTE: TLS clients will ignore this value when any subject alternative name is + // set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + // + // Should have a length of 64 characters or fewer to avoid generating invalid CSRs. + // Cannot be set if the `literalSubject` field is set. + CommonName *string `json:"commonName,omitempty"` + // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + // issuer may choose to ignore the requested duration, just like any other + // requested attribute. + // + // If unset, this defaults to 90 days. + // Minimum accepted duration is 1 hour. + // Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + Duration *metav1.Duration `json:"duration,omitempty"` + // How long before the currently issued certificate's expiry cert-manager should + // renew the certificate. For example, if a certificate is valid for 60 minutes, + // and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate + // 50 minutes after it was issued (i.e. when there are 10 minutes remaining until + // the certificate is no longer valid). + // + // NOTE: The actual lifetime of the issued certificate is used to determine the + // renewal time. If an issuer returns a certificate with a different lifetime than + // the one requested, cert-manager will use the lifetime of the issued certificate. + // + // If unset, this defaults to 1/3 of the issued certificate's lifetime. + // Minimum accepted value is 5 minutes. + // Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. + // Cannot be set if the `renewBeforePercentage` field is set. + RenewBefore *metav1.Duration `json:"renewBefore,omitempty"` + // `renewBeforePercentage` is like `renewBefore`, except it is a relative percentage + // rather than an absolute duration. For example, if a certificate is valid for 60 + // minutes, and `renewBeforePercentage=25`, cert-manager will begin to attempt to + // renew the certificate 45 minutes after it was issued (i.e. when there are 15 + // minutes (25%) remaining until the certificate is no longer valid). + // + // NOTE: The actual lifetime of the issued certificate is used to determine the + // renewal time. If an issuer returns a certificate with a different lifetime than + // the one requested, cert-manager will use the lifetime of the issued certificate. + // + // Value must be an integer in the range (0,100). The minimum effective + // `renewBefore` derived from the `renewBeforePercentage` and `duration` fields is 5 + // minutes. + // Cannot be set if the `renewBefore` field is set. + RenewBeforePercentage *int32 `json:"renewBeforePercentage,omitempty"` + // Requested DNS subject alternative names. + DNSNames []string `json:"dnsNames,omitempty"` + // Requested IP address subject alternative names. + IPAddresses []string `json:"ipAddresses,omitempty"` + // Requested URI subject alternative names. + URIs []string `json:"uris,omitempty"` + // `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 + // Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. + // Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 + // You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. + OtherNames []OtherNameApplyConfiguration `json:"otherNames,omitempty"` + // Requested email subject alternative names. + EmailAddresses []string `json:"emailAddresses,omitempty"` + // Name of the Secret resource that will be automatically created and + // managed by this Certificate resource. It will be populated with a + // private key and certificate, signed by the denoted issuer. The Secret + // resource lives in the same namespace as the Certificate resource. + SecretName *string `json:"secretName,omitempty"` + // Defines annotations and labels to be copied to the Certificate's Secret. + // Labels and annotations on the Secret will be changed as they appear on the + // SecretTemplate when added or removed. SecretTemplate annotations are added + // in conjunction with, and cannot overwrite, the base set of annotations + // cert-manager sets on the Certificate's Secret. + SecretTemplate *CertificateSecretTemplateApplyConfiguration `json:"secretTemplate,omitempty"` + // Additional keystore output formats to be stored in the Certificate's Secret. + Keystores *CertificateKeystoresApplyConfiguration `json:"keystores,omitempty"` + // Reference to the issuer responsible for issuing the certificate. + // If the issuer is namespace-scoped, it must be in the same namespace + // as the Certificate. If the issuer is cluster-scoped, it can be used + // from any namespace. + // + // The `name` field of the reference must always be specified. + IssuerRef *applyconfigurationsmetav1.IssuerReferenceApplyConfiguration `json:"issuerRef,omitempty"` + // Requested basic constraints isCA value. + // The isCA value is used to set the `isCA` field on the created CertificateRequest + // resources. Note that the issuer may choose to ignore the requested isCA value, just + // like any other requested attribute. + // + // If true, this will automatically add the `cert sign` usage to the list + // of requested `usages`. + IsCA *bool `json:"isCA,omitempty"` + // Requested key usages and extended key usages. + // These usages are used to set the `usages` field on the created CertificateRequest + // resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages + // will additionally be encoded in the `request` field which contains the CSR blob. + // + // If unset, defaults to `digital signature` and `key encipherment`. + Usages []certmanagerv1.KeyUsage `json:"usages,omitempty"` + // Private key options. These include the key algorithm and size, the used + // encoding and the rotation policy. + PrivateKey *CertificatePrivateKeyApplyConfiguration `json:"privateKey,omitempty"` + // Signature algorithm to use. + // Allowed values for RSA keys: SHA256WithRSA, SHA384WithRSA, SHA512WithRSA. + // Allowed values for ECDSA keys: ECDSAWithSHA256, ECDSAWithSHA384, ECDSAWithSHA512. + // Allowed values for Ed25519 keys: PureEd25519. + SignatureAlgorithm *certmanagerv1.SignatureAlgorithm `json:"signatureAlgorithm,omitempty"` + // Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + // + // This option defaults to true, and should only be disabled if the target + // issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. + EncodeUsagesInRequest *bool `json:"encodeUsagesInRequest,omitempty"` + // The maximum number of CertificateRequest revisions that are maintained in + // the Certificate's history. Each revision represents a single `CertificateRequest` + // created by this Certificate, either when it was created, renewed, or Spec + // was changed. Revisions will be removed by oldest first if the number of + // revisions exceeds this number. + // + // If set, revisionHistoryLimit must be a value of `1` or greater. + // Default value is `1`. + RevisionHistoryLimit *int32 `json:"revisionHistoryLimit,omitempty"` + // Defines extra output formats of the private key and signed certificate chain + // to be written to this Certificate's target Secret. + AdditionalOutputFormats []CertificateAdditionalOutputFormatApplyConfiguration `json:"additionalOutputFormats,omitempty"` + // x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. + // More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + // + // This is an Alpha Feature and is only enabled with the + // `--feature-gates=NameConstraints=true` option set on both + // the controller and webhook components. + NameConstraints *NameConstraintsApplyConfiguration `json:"nameConstraints,omitempty"` +} + +// CertificateSpecApplyConfiguration constructs a declarative configuration of the CertificateSpec type for use with +// apply. +func CertificateSpec() *CertificateSpecApplyConfiguration { + return &CertificateSpecApplyConfiguration{} +} + +// WithSubject sets the Subject field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Subject field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithSubject(value *X509SubjectApplyConfiguration) *CertificateSpecApplyConfiguration { + b.Subject = value + return b +} + +// WithLiteralSubject sets the LiteralSubject field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LiteralSubject field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithLiteralSubject(value string) *CertificateSpecApplyConfiguration { + b.LiteralSubject = &value + return b +} + +// WithCommonName sets the CommonName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CommonName field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithCommonName(value string) *CertificateSpecApplyConfiguration { + b.CommonName = &value + return b +} + +// WithDuration sets the Duration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Duration field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithDuration(value metav1.Duration) *CertificateSpecApplyConfiguration { + b.Duration = &value + return b +} + +// WithRenewBefore sets the RenewBefore field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RenewBefore field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithRenewBefore(value metav1.Duration) *CertificateSpecApplyConfiguration { + b.RenewBefore = &value + return b +} + +// WithRenewBeforePercentage sets the RenewBeforePercentage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RenewBeforePercentage field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithRenewBeforePercentage(value int32) *CertificateSpecApplyConfiguration { + b.RenewBeforePercentage = &value + return b +} + +// WithDNSNames adds the given value to the DNSNames field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DNSNames field. +func (b *CertificateSpecApplyConfiguration) WithDNSNames(values ...string) *CertificateSpecApplyConfiguration { + for i := range values { + b.DNSNames = append(b.DNSNames, values[i]) + } + return b +} + +// WithIPAddresses adds the given value to the IPAddresses field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IPAddresses field. +func (b *CertificateSpecApplyConfiguration) WithIPAddresses(values ...string) *CertificateSpecApplyConfiguration { + for i := range values { + b.IPAddresses = append(b.IPAddresses, values[i]) + } + return b +} + +// WithURIs adds the given value to the URIs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the URIs field. +func (b *CertificateSpecApplyConfiguration) WithURIs(values ...string) *CertificateSpecApplyConfiguration { + for i := range values { + b.URIs = append(b.URIs, values[i]) + } + return b +} + +// WithOtherNames adds the given value to the OtherNames field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OtherNames field. +func (b *CertificateSpecApplyConfiguration) WithOtherNames(values ...*OtherNameApplyConfiguration) *CertificateSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOtherNames") + } + b.OtherNames = append(b.OtherNames, *values[i]) + } + return b +} + +// WithEmailAddresses adds the given value to the EmailAddresses field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EmailAddresses field. +func (b *CertificateSpecApplyConfiguration) WithEmailAddresses(values ...string) *CertificateSpecApplyConfiguration { + for i := range values { + b.EmailAddresses = append(b.EmailAddresses, values[i]) + } + return b +} + +// WithSecretName sets the SecretName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretName field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithSecretName(value string) *CertificateSpecApplyConfiguration { + b.SecretName = &value + return b +} + +// WithSecretTemplate sets the SecretTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretTemplate field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithSecretTemplate(value *CertificateSecretTemplateApplyConfiguration) *CertificateSpecApplyConfiguration { + b.SecretTemplate = value + return b +} + +// WithKeystores sets the Keystores field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Keystores field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithKeystores(value *CertificateKeystoresApplyConfiguration) *CertificateSpecApplyConfiguration { + b.Keystores = value + return b +} + +// WithIssuerRef sets the IssuerRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IssuerRef field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithIssuerRef(value *applyconfigurationsmetav1.IssuerReferenceApplyConfiguration) *CertificateSpecApplyConfiguration { + b.IssuerRef = value + return b +} + +// WithIsCA sets the IsCA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IsCA field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithIsCA(value bool) *CertificateSpecApplyConfiguration { + b.IsCA = &value + return b +} + +// WithUsages adds the given value to the Usages field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Usages field. +func (b *CertificateSpecApplyConfiguration) WithUsages(values ...certmanagerv1.KeyUsage) *CertificateSpecApplyConfiguration { + for i := range values { + b.Usages = append(b.Usages, values[i]) + } + return b +} + +// WithPrivateKey sets the PrivateKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrivateKey field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithPrivateKey(value *CertificatePrivateKeyApplyConfiguration) *CertificateSpecApplyConfiguration { + b.PrivateKey = value + return b +} + +// WithSignatureAlgorithm sets the SignatureAlgorithm field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SignatureAlgorithm field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithSignatureAlgorithm(value certmanagerv1.SignatureAlgorithm) *CertificateSpecApplyConfiguration { + b.SignatureAlgorithm = &value + return b +} + +// WithEncodeUsagesInRequest sets the EncodeUsagesInRequest field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EncodeUsagesInRequest field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithEncodeUsagesInRequest(value bool) *CertificateSpecApplyConfiguration { + b.EncodeUsagesInRequest = &value + return b +} + +// WithRevisionHistoryLimit sets the RevisionHistoryLimit field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RevisionHistoryLimit field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithRevisionHistoryLimit(value int32) *CertificateSpecApplyConfiguration { + b.RevisionHistoryLimit = &value + return b +} + +// WithAdditionalOutputFormats adds the given value to the AdditionalOutputFormats field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the AdditionalOutputFormats field. +func (b *CertificateSpecApplyConfiguration) WithAdditionalOutputFormats(values ...*CertificateAdditionalOutputFormatApplyConfiguration) *CertificateSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAdditionalOutputFormats") + } + b.AdditionalOutputFormats = append(b.AdditionalOutputFormats, *values[i]) + } + return b +} + +// WithNameConstraints sets the NameConstraints field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NameConstraints field is set to the value of the last call. +func (b *CertificateSpecApplyConfiguration) WithNameConstraints(value *NameConstraintsApplyConfiguration) *CertificateSpecApplyConfiguration { + b.NameConstraints = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatestatus.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatestatus.go new file mode 100644 index 00000000000..64791a147bb --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/certificatestatus.go @@ -0,0 +1,152 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// CertificateStatusApplyConfiguration represents a declarative configuration of the CertificateStatus type for use +// with apply. +// +// CertificateStatus defines the observed state of Certificate +type CertificateStatusApplyConfiguration struct { + // List of status conditions to indicate the status of certificates. + // Known condition types are `Ready` and `Issuing`. + Conditions []CertificateConditionApplyConfiguration `json:"conditions,omitempty"` + // LastFailureTime is set only if the latest issuance for this + // Certificate failed and contains the time of the failure. If an + // issuance has failed, the delay till the next issuance will be + // calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - + // 1). If the latest issuance has succeeded this field will be unset. + LastFailureTime *metav1.Time `json:"lastFailureTime,omitempty"` + // The time after which the certificate stored in the secret named + // by this resource in `spec.secretName` is valid. + NotBefore *metav1.Time `json:"notBefore,omitempty"` + // The expiration time of the certificate stored in the secret named + // by this resource in `spec.secretName`. + NotAfter *metav1.Time `json:"notAfter,omitempty"` + // RenewalTime is the time at which the certificate will be next + // renewed. + // If not set, no upcoming renewal is scheduled. + RenewalTime *metav1.Time `json:"renewalTime,omitempty"` + // The current 'revision' of the certificate as issued. + // + // When a CertificateRequest resource is created, it will have the + // `cert-manager.io/certificate-revision` set to one greater than the + // current value of this field. + // + // Upon issuance, this field will be set to the value of the annotation + // on the CertificateRequest resource used to issue the certificate. + // + // Persisting the value on the CertificateRequest resource allows the + // certificates controller to know whether a request is part of an old + // issuance or if it is part of the ongoing revision's issuance by + // checking if the revision value in the annotation is greater than this + // field. + Revision *int `json:"revision,omitempty"` + // The name of the Secret resource containing the private key to be used + // for the next certificate iteration. + // The keymanager controller will automatically set this field if the + // `Issuing` condition is set to `True`. + // It will automatically unset this field when the Issuing condition is + // not set or False. + NextPrivateKeySecretName *string `json:"nextPrivateKeySecretName,omitempty"` + // The number of continuous failed issuance attempts up till now. This + // field gets removed (if set) on a successful issuance and gets set to + // 1 if unset and an issuance has failed. If an issuance has failed, the + // delay till the next issuance will be calculated using formula + // time.Hour * 2 ^ (failedIssuanceAttempts - 1). + FailedIssuanceAttempts *int `json:"failedIssuanceAttempts,omitempty"` +} + +// CertificateStatusApplyConfiguration constructs a declarative configuration of the CertificateStatus type for use with +// apply. +func CertificateStatus() *CertificateStatusApplyConfiguration { + return &CertificateStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *CertificateStatusApplyConfiguration) WithConditions(values ...*CertificateConditionApplyConfiguration) *CertificateStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithLastFailureTime sets the LastFailureTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastFailureTime field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithLastFailureTime(value metav1.Time) *CertificateStatusApplyConfiguration { + b.LastFailureTime = &value + return b +} + +// WithNotBefore sets the NotBefore field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NotBefore field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithNotBefore(value metav1.Time) *CertificateStatusApplyConfiguration { + b.NotBefore = &value + return b +} + +// WithNotAfter sets the NotAfter field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NotAfter field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithNotAfter(value metav1.Time) *CertificateStatusApplyConfiguration { + b.NotAfter = &value + return b +} + +// WithRenewalTime sets the RenewalTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RenewalTime field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithRenewalTime(value metav1.Time) *CertificateStatusApplyConfiguration { + b.RenewalTime = &value + return b +} + +// WithRevision sets the Revision field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Revision field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithRevision(value int) *CertificateStatusApplyConfiguration { + b.Revision = &value + return b +} + +// WithNextPrivateKeySecretName sets the NextPrivateKeySecretName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NextPrivateKeySecretName field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithNextPrivateKeySecretName(value string) *CertificateStatusApplyConfiguration { + b.NextPrivateKeySecretName = &value + return b +} + +// WithFailedIssuanceAttempts sets the FailedIssuanceAttempts field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the FailedIssuanceAttempts field is set to the value of the last call. +func (b *CertificateStatusApplyConfiguration) WithFailedIssuanceAttempts(value int) *CertificateStatusApplyConfiguration { + b.FailedIssuanceAttempts = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/clusterissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/clusterissuer.go new file mode 100644 index 00000000000..28338121b71 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/clusterissuer.go @@ -0,0 +1,293 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// ClusterIssuerApplyConfiguration represents a declarative configuration of the ClusterIssuer type for use +// with apply. +// +// A ClusterIssuer represents a certificate issuing authority which can be +// referenced as part of `issuerRef` fields. +// It is similar to an Issuer, however it is cluster-scoped and therefore can +// be referenced by resources that exist in *any* namespace, not just the same +// namespace as the referent. +type ClusterIssuerApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // Desired state of the ClusterIssuer resource. + Spec *IssuerSpecApplyConfiguration `json:"spec,omitempty"` + // Status of the ClusterIssuer. This is set and managed automatically. + Status *IssuerStatusApplyConfiguration `json:"status,omitempty"` +} + +// ClusterIssuer constructs a declarative configuration of the ClusterIssuer type for use with +// apply. +func ClusterIssuer(name string) *ClusterIssuerApplyConfiguration { + b := &ClusterIssuerApplyConfiguration{} + b.WithName(name) + b.WithKind("ClusterIssuer") + b.WithAPIVersion("cert-manager.io/v1") + return b +} + +// ExtractClusterIssuerFrom extracts the applied configuration owned by fieldManager from +// clusterIssuer for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// clusterIssuer must be a unmodified ClusterIssuer API object that was retrieved from the Kubernetes API. +// ExtractClusterIssuerFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractClusterIssuerFrom(clusterIssuer *certmanagerv1.ClusterIssuer, fieldManager string, subresource string) (*ClusterIssuerApplyConfiguration, error) { + b := &ClusterIssuerApplyConfiguration{} + err := managedfields.ExtractInto(clusterIssuer, internal.Parser().Type("com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.ClusterIssuer"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(clusterIssuer.Name) + + b.WithKind("ClusterIssuer") + b.WithAPIVersion("cert-manager.io/v1") + return b, nil +} + +// ExtractClusterIssuer extracts the applied configuration owned by fieldManager from +// clusterIssuer. If no managedFields are found in clusterIssuer for fieldManager, a +// ClusterIssuerApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// clusterIssuer must be a unmodified ClusterIssuer API object that was retrieved from the Kubernetes API. +// ExtractClusterIssuer provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractClusterIssuer(clusterIssuer *certmanagerv1.ClusterIssuer, fieldManager string) (*ClusterIssuerApplyConfiguration, error) { + return ExtractClusterIssuerFrom(clusterIssuer, fieldManager, "") +} + +// ExtractClusterIssuerStatus extracts the applied configuration owned by fieldManager from +// clusterIssuer for the status subresource. +func ExtractClusterIssuerStatus(clusterIssuer *certmanagerv1.ClusterIssuer, fieldManager string) (*ClusterIssuerApplyConfiguration, error) { + return ExtractClusterIssuerFrom(clusterIssuer, fieldManager, "status") +} + +func (b ClusterIssuerApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithKind(value string) *ClusterIssuerApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithAPIVersion(value string) *ClusterIssuerApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithName(value string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithGenerateName(value string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithNamespace(value string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithUID(value types.UID) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithResourceVersion(value string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithGeneration(value int64) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *ClusterIssuerApplyConfiguration) WithLabels(entries map[string]string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *ClusterIssuerApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *ClusterIssuerApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *ClusterIssuerApplyConfiguration) WithFinalizers(values ...string) *ClusterIssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *ClusterIssuerApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithSpec(value *IssuerSpecApplyConfiguration) *ClusterIssuerApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *ClusterIssuerApplyConfiguration) WithStatus(value *IssuerStatusApplyConfiguration) *ClusterIssuerApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *ClusterIssuerApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *ClusterIssuerApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *ClusterIssuerApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *ClusterIssuerApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuer.go new file mode 100644 index 00000000000..a6ef04899e5 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuer.go @@ -0,0 +1,294 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// IssuerApplyConfiguration represents a declarative configuration of the Issuer type for use +// with apply. +// +// An Issuer represents a certificate issuing authority which can be +// referenced as part of `issuerRef` fields. +// It is scoped to a single namespace and can therefore only be referenced by +// resources within the same namespace. +type IssuerApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // Desired state of the Issuer resource. + Spec *IssuerSpecApplyConfiguration `json:"spec,omitempty"` + // Status of the Issuer. This is set and managed automatically. + Status *IssuerStatusApplyConfiguration `json:"status,omitempty"` +} + +// Issuer constructs a declarative configuration of the Issuer type for use with +// apply. +func Issuer(name, namespace string) *IssuerApplyConfiguration { + b := &IssuerApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("Issuer") + b.WithAPIVersion("cert-manager.io/v1") + return b +} + +// ExtractIssuerFrom extracts the applied configuration owned by fieldManager from +// issuer for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// issuer must be a unmodified Issuer API object that was retrieved from the Kubernetes API. +// ExtractIssuerFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractIssuerFrom(issuer *certmanagerv1.Issuer, fieldManager string, subresource string) (*IssuerApplyConfiguration, error) { + b := &IssuerApplyConfiguration{} + err := managedfields.ExtractInto(issuer, internal.Parser().Type("com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.Issuer"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(issuer.Name) + b.WithNamespace(issuer.Namespace) + + b.WithKind("Issuer") + b.WithAPIVersion("cert-manager.io/v1") + return b, nil +} + +// ExtractIssuer extracts the applied configuration owned by fieldManager from +// issuer. If no managedFields are found in issuer for fieldManager, a +// IssuerApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// issuer must be a unmodified Issuer API object that was retrieved from the Kubernetes API. +// ExtractIssuer provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractIssuer(issuer *certmanagerv1.Issuer, fieldManager string) (*IssuerApplyConfiguration, error) { + return ExtractIssuerFrom(issuer, fieldManager, "") +} + +// ExtractIssuerStatus extracts the applied configuration owned by fieldManager from +// issuer for the status subresource. +func ExtractIssuerStatus(issuer *certmanagerv1.Issuer, fieldManager string) (*IssuerApplyConfiguration, error) { + return ExtractIssuerFrom(issuer, fieldManager, "status") +} + +func (b IssuerApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithKind(value string) *IssuerApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithAPIVersion(value string) *IssuerApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithName(value string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithGenerateName(value string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithNamespace(value string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithUID(value types.UID) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithResourceVersion(value string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithGeneration(value int64) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *IssuerApplyConfiguration) WithLabels(entries map[string]string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *IssuerApplyConfiguration) WithAnnotations(entries map[string]string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *IssuerApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *IssuerApplyConfiguration) WithFinalizers(values ...string) *IssuerApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *IssuerApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithSpec(value *IssuerSpecApplyConfiguration) *IssuerApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *IssuerApplyConfiguration) WithStatus(value *IssuerStatusApplyConfiguration) *IssuerApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *IssuerApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *IssuerApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *IssuerApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *IssuerApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuercondition.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuercondition.go new file mode 100644 index 00000000000..151c8c26fc7 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuercondition.go @@ -0,0 +1,105 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// IssuerConditionApplyConfiguration represents a declarative configuration of the IssuerCondition type for use +// with apply. +// +// IssuerCondition contains condition information for an Issuer. +type IssuerConditionApplyConfiguration struct { + // Type of the condition, known values are (`Ready`). + Type *certmanagerv1.IssuerConditionType `json:"type,omitempty"` + // Status of the condition, one of (`True`, `False`, `Unknown`). + Status *metav1.ConditionStatus `json:"status,omitempty"` + // LastTransitionTime is the timestamp corresponding to the last status + // change of this condition. + LastTransitionTime *apismetav1.Time `json:"lastTransitionTime,omitempty"` + // Reason is a brief machine readable explanation for the condition's last + // transition. + Reason *string `json:"reason,omitempty"` + // Message is a human readable description of the details of the last + // transition, complementing reason. + Message *string `json:"message,omitempty"` + // If set, this represents the .metadata.generation that the condition was + // set based upon. + // For instance, if .metadata.generation is currently 12, but the + // .status.condition[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the Issuer. + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` +} + +// IssuerConditionApplyConfiguration constructs a declarative configuration of the IssuerCondition type for use with +// apply. +func IssuerCondition() *IssuerConditionApplyConfiguration { + return &IssuerConditionApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *IssuerConditionApplyConfiguration) WithType(value certmanagerv1.IssuerConditionType) *IssuerConditionApplyConfiguration { + b.Type = &value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *IssuerConditionApplyConfiguration) WithStatus(value metav1.ConditionStatus) *IssuerConditionApplyConfiguration { + b.Status = &value + return b +} + +// WithLastTransitionTime sets the LastTransitionTime field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LastTransitionTime field is set to the value of the last call. +func (b *IssuerConditionApplyConfiguration) WithLastTransitionTime(value apismetav1.Time) *IssuerConditionApplyConfiguration { + b.LastTransitionTime = &value + return b +} + +// WithReason sets the Reason field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Reason field is set to the value of the last call. +func (b *IssuerConditionApplyConfiguration) WithReason(value string) *IssuerConditionApplyConfiguration { + b.Reason = &value + return b +} + +// WithMessage sets the Message field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Message field is set to the value of the last call. +func (b *IssuerConditionApplyConfiguration) WithMessage(value string) *IssuerConditionApplyConfiguration { + b.Message = &value + return b +} + +// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObservedGeneration field is set to the value of the last call. +func (b *IssuerConditionApplyConfiguration) WithObservedGeneration(value int64) *IssuerConditionApplyConfiguration { + b.ObservedGeneration = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerconfig.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerconfig.go new file mode 100644 index 00000000000..cc45546ba91 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerconfig.go @@ -0,0 +1,93 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" +) + +// IssuerConfigApplyConfiguration represents a declarative configuration of the IssuerConfig type for use +// with apply. +// +// The configuration for the issuer. +// Only one of these can be set. +type IssuerConfigApplyConfiguration struct { + // ACME configures this issuer to communicate with a RFC8555 (ACME) server + // to obtain signed x509 certificates. + ACME *acmev1.ACMEIssuerApplyConfiguration `json:"acme,omitempty"` + // CA configures this issuer to sign certificates using a signing CA keypair + // stored in a Secret resource. + // This is used to build internal PKIs that are managed by cert-manager. + CA *CAIssuerApplyConfiguration `json:"ca,omitempty"` + // Vault configures this issuer to sign certificates using a HashiCorp Vault + // PKI backend. + Vault *VaultIssuerApplyConfiguration `json:"vault,omitempty"` + // SelfSigned configures this issuer to 'self sign' certificates using the + // private key used to create the CertificateRequest object. + SelfSigned *SelfSignedIssuerApplyConfiguration `json:"selfSigned,omitempty"` + // Venafi configures this issuer to sign certificates using a CyberArk Certificate Manager Self-Hosted + // or SaaS policy zone. + Venafi *VenafiIssuerApplyConfiguration `json:"venafi,omitempty"` +} + +// IssuerConfigApplyConfiguration constructs a declarative configuration of the IssuerConfig type for use with +// apply. +func IssuerConfig() *IssuerConfigApplyConfiguration { + return &IssuerConfigApplyConfiguration{} +} + +// WithACME sets the ACME field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ACME field is set to the value of the last call. +func (b *IssuerConfigApplyConfiguration) WithACME(value *acmev1.ACMEIssuerApplyConfiguration) *IssuerConfigApplyConfiguration { + b.ACME = value + return b +} + +// WithCA sets the CA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CA field is set to the value of the last call. +func (b *IssuerConfigApplyConfiguration) WithCA(value *CAIssuerApplyConfiguration) *IssuerConfigApplyConfiguration { + b.CA = value + return b +} + +// WithVault sets the Vault field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Vault field is set to the value of the last call. +func (b *IssuerConfigApplyConfiguration) WithVault(value *VaultIssuerApplyConfiguration) *IssuerConfigApplyConfiguration { + b.Vault = value + return b +} + +// WithSelfSigned sets the SelfSigned field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SelfSigned field is set to the value of the last call. +func (b *IssuerConfigApplyConfiguration) WithSelfSigned(value *SelfSignedIssuerApplyConfiguration) *IssuerConfigApplyConfiguration { + b.SelfSigned = value + return b +} + +// WithVenafi sets the Venafi field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Venafi field is set to the value of the last call. +func (b *IssuerConfigApplyConfiguration) WithVenafi(value *VenafiIssuerApplyConfiguration) *IssuerConfigApplyConfiguration { + b.Venafi = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerspec.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerspec.go new file mode 100644 index 00000000000..912195a45d5 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerspec.go @@ -0,0 +1,78 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" +) + +// IssuerSpecApplyConfiguration represents a declarative configuration of the IssuerSpec type for use +// with apply. +// +// IssuerSpec is the specification of an Issuer. This includes any +// configuration required for the issuer. +type IssuerSpecApplyConfiguration struct { + IssuerConfigApplyConfiguration `json:",inline"` +} + +// IssuerSpecApplyConfiguration constructs a declarative configuration of the IssuerSpec type for use with +// apply. +func IssuerSpec() *IssuerSpecApplyConfiguration { + return &IssuerSpecApplyConfiguration{} +} + +// WithACME sets the ACME field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ACME field is set to the value of the last call. +func (b *IssuerSpecApplyConfiguration) WithACME(value *acmev1.ACMEIssuerApplyConfiguration) *IssuerSpecApplyConfiguration { + b.IssuerConfigApplyConfiguration.ACME = value + return b +} + +// WithCA sets the CA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CA field is set to the value of the last call. +func (b *IssuerSpecApplyConfiguration) WithCA(value *CAIssuerApplyConfiguration) *IssuerSpecApplyConfiguration { + b.IssuerConfigApplyConfiguration.CA = value + return b +} + +// WithVault sets the Vault field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Vault field is set to the value of the last call. +func (b *IssuerSpecApplyConfiguration) WithVault(value *VaultIssuerApplyConfiguration) *IssuerSpecApplyConfiguration { + b.IssuerConfigApplyConfiguration.Vault = value + return b +} + +// WithSelfSigned sets the SelfSigned field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SelfSigned field is set to the value of the last call. +func (b *IssuerSpecApplyConfiguration) WithSelfSigned(value *SelfSignedIssuerApplyConfiguration) *IssuerSpecApplyConfiguration { + b.IssuerConfigApplyConfiguration.SelfSigned = value + return b +} + +// WithVenafi sets the Venafi field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Venafi field is set to the value of the last call. +func (b *IssuerSpecApplyConfiguration) WithVenafi(value *VenafiIssuerApplyConfiguration) *IssuerSpecApplyConfiguration { + b.IssuerConfigApplyConfiguration.Venafi = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerstatus.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerstatus.go new file mode 100644 index 00000000000..2f78eaafe2a --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/issuerstatus.go @@ -0,0 +1,64 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + acmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" +) + +// IssuerStatusApplyConfiguration represents a declarative configuration of the IssuerStatus type for use +// with apply. +// +// IssuerStatus contains status information about an Issuer +type IssuerStatusApplyConfiguration struct { + // List of status conditions to indicate the status of a CertificateRequest. + // Known condition types are `Ready`. + Conditions []IssuerConditionApplyConfiguration `json:"conditions,omitempty"` + // ACME specific status options. + // This field should only be set if the Issuer is configured to use an ACME + // server to issue certificates. + ACME *acmev1.ACMEIssuerStatusApplyConfiguration `json:"acme,omitempty"` +} + +// IssuerStatusApplyConfiguration constructs a declarative configuration of the IssuerStatus type for use with +// apply. +func IssuerStatus() *IssuerStatusApplyConfiguration { + return &IssuerStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *IssuerStatusApplyConfiguration) WithConditions(values ...*IssuerConditionApplyConfiguration) *IssuerStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithACME sets the ACME field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ACME field is set to the value of the last call. +func (b *IssuerStatusApplyConfiguration) WithACME(value *acmev1.ACMEIssuerStatusApplyConfiguration) *IssuerStatusApplyConfiguration { + b.ACME = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/jkskeystore.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/jkskeystore.go new file mode 100644 index 00000000000..99abecdbee1 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/jkskeystore.go @@ -0,0 +1,91 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// JKSKeystoreApplyConfiguration represents a declarative configuration of the JKSKeystore type for use +// with apply. +// +// JKS configures options for storing a JKS keystore in the target secret. +// Either PasswordSecretRef or Password must be provided. +type JKSKeystoreApplyConfiguration struct { + // Create enables JKS keystore creation for the Certificate. + // If true, a file named `keystore.jks` will be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef` or `password`. + // The keystore file will be updated immediately. + // If the issuer provided a CA certificate, a file named `truststore.jks` + // will also be created in the target Secret resource, encrypted using the + // password stored in `passwordSecretRef` + // containing the issuing Certificate Authority + Create *bool `json:"create,omitempty"` + // Alias specifies the alias of the key in the keystore, required by the JKS format. + // If not provided, the default alias `certificate` will be used. + Alias *string `json:"alias,omitempty"` + // PasswordSecretRef is a reference to a non-empty key in a Secret resource + // containing the password used to encrypt the JKS keystore. + // Mutually exclusive with password. + // One of password or passwordSecretRef must provide a password with a non-zero length. + PasswordSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"passwordSecretRef,omitempty"` + // Password provides a literal password used to encrypt the JKS keystore. + // Mutually exclusive with passwordSecretRef. + // One of password or passwordSecretRef must provide a password with a non-zero length. + Password *string `json:"password,omitempty"` +} + +// JKSKeystoreApplyConfiguration constructs a declarative configuration of the JKSKeystore type for use with +// apply. +func JKSKeystore() *JKSKeystoreApplyConfiguration { + return &JKSKeystoreApplyConfiguration{} +} + +// WithCreate sets the Create field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Create field is set to the value of the last call. +func (b *JKSKeystoreApplyConfiguration) WithCreate(value bool) *JKSKeystoreApplyConfiguration { + b.Create = &value + return b +} + +// WithAlias sets the Alias field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Alias field is set to the value of the last call. +func (b *JKSKeystoreApplyConfiguration) WithAlias(value string) *JKSKeystoreApplyConfiguration { + b.Alias = &value + return b +} + +// WithPasswordSecretRef sets the PasswordSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PasswordSecretRef field is set to the value of the last call. +func (b *JKSKeystoreApplyConfiguration) WithPasswordSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *JKSKeystoreApplyConfiguration { + b.PasswordSecretRef = value + return b +} + +// WithPassword sets the Password field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Password field is set to the value of the last call. +func (b *JKSKeystoreApplyConfiguration) WithPassword(value string) *JKSKeystoreApplyConfiguration { + b.Password = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraintitem.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraintitem.go new file mode 100644 index 00000000000..5f26ec64b8c --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraintitem.go @@ -0,0 +1,79 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// NameConstraintItemApplyConfiguration represents a declarative configuration of the NameConstraintItem type for use +// with apply. +type NameConstraintItemApplyConfiguration struct { + // DNSDomains is a list of DNS domains that are permitted or excluded. + DNSDomains []string `json:"dnsDomains,omitempty"` + // IPRanges is a list of IP Ranges that are permitted or excluded. + // This should be a valid CIDR notation. + IPRanges []string `json:"ipRanges,omitempty"` + // EmailAddresses is a list of Email Addresses that are permitted or excluded. + EmailAddresses []string `json:"emailAddresses,omitempty"` + // URIDomains is a list of URI domains that are permitted or excluded. + URIDomains []string `json:"uriDomains,omitempty"` +} + +// NameConstraintItemApplyConfiguration constructs a declarative configuration of the NameConstraintItem type for use with +// apply. +func NameConstraintItem() *NameConstraintItemApplyConfiguration { + return &NameConstraintItemApplyConfiguration{} +} + +// WithDNSDomains adds the given value to the DNSDomains field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the DNSDomains field. +func (b *NameConstraintItemApplyConfiguration) WithDNSDomains(values ...string) *NameConstraintItemApplyConfiguration { + for i := range values { + b.DNSDomains = append(b.DNSDomains, values[i]) + } + return b +} + +// WithIPRanges adds the given value to the IPRanges field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IPRanges field. +func (b *NameConstraintItemApplyConfiguration) WithIPRanges(values ...string) *NameConstraintItemApplyConfiguration { + for i := range values { + b.IPRanges = append(b.IPRanges, values[i]) + } + return b +} + +// WithEmailAddresses adds the given value to the EmailAddresses field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EmailAddresses field. +func (b *NameConstraintItemApplyConfiguration) WithEmailAddresses(values ...string) *NameConstraintItemApplyConfiguration { + for i := range values { + b.EmailAddresses = append(b.EmailAddresses, values[i]) + } + return b +} + +// WithURIDomains adds the given value to the URIDomains field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the URIDomains field. +func (b *NameConstraintItemApplyConfiguration) WithURIDomains(values ...string) *NameConstraintItemApplyConfiguration { + for i := range values { + b.URIDomains = append(b.URIDomains, values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraints.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraints.go new file mode 100644 index 00000000000..0ab8432cfcb --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/nameconstraints.go @@ -0,0 +1,64 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// NameConstraintsApplyConfiguration represents a declarative configuration of the NameConstraints type for use +// with apply. +// +// NameConstraints is a type to represent x509 NameConstraints +type NameConstraintsApplyConfiguration struct { + // if true then the name constraints are marked critical. + Critical *bool `json:"critical,omitempty"` + // Permitted contains the constraints in which the names must be located. + Permitted *NameConstraintItemApplyConfiguration `json:"permitted,omitempty"` + // Excluded contains the constraints which must be disallowed. Any name matching a + // restriction in the excluded field is invalid regardless + // of information appearing in the permitted + Excluded *NameConstraintItemApplyConfiguration `json:"excluded,omitempty"` +} + +// NameConstraintsApplyConfiguration constructs a declarative configuration of the NameConstraints type for use with +// apply. +func NameConstraints() *NameConstraintsApplyConfiguration { + return &NameConstraintsApplyConfiguration{} +} + +// WithCritical sets the Critical field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Critical field is set to the value of the last call. +func (b *NameConstraintsApplyConfiguration) WithCritical(value bool) *NameConstraintsApplyConfiguration { + b.Critical = &value + return b +} + +// WithPermitted sets the Permitted field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Permitted field is set to the value of the last call. +func (b *NameConstraintsApplyConfiguration) WithPermitted(value *NameConstraintItemApplyConfiguration) *NameConstraintsApplyConfiguration { + b.Permitted = value + return b +} + +// WithExcluded sets the Excluded field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Excluded field is set to the value of the last call. +func (b *NameConstraintsApplyConfiguration) WithExcluded(value *NameConstraintItemApplyConfiguration) *NameConstraintsApplyConfiguration { + b.Excluded = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/othername.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/othername.go new file mode 100644 index 00000000000..8d6bb81290f --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/othername.go @@ -0,0 +1,53 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// OtherNameApplyConfiguration represents a declarative configuration of the OtherName type for use +// with apply. +type OtherNameApplyConfiguration struct { + // OID is the object identifier for the otherName SAN. + // The object identifier must be expressed as a dotted string, for + // example, "1.2.840.113556.1.4.221". + OID *string `json:"oid,omitempty"` + // utf8Value is the string value of the otherName SAN. + // The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + UTF8Value *string `json:"utf8Value,omitempty"` +} + +// OtherNameApplyConfiguration constructs a declarative configuration of the OtherName type for use with +// apply. +func OtherName() *OtherNameApplyConfiguration { + return &OtherNameApplyConfiguration{} +} + +// WithOID sets the OID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OID field is set to the value of the last call. +func (b *OtherNameApplyConfiguration) WithOID(value string) *OtherNameApplyConfiguration { + b.OID = &value + return b +} + +// WithUTF8Value sets the UTF8Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UTF8Value field is set to the value of the last call. +func (b *OtherNameApplyConfiguration) WithUTF8Value(value string) *OtherNameApplyConfiguration { + b.UTF8Value = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/pkcs12keystore.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/pkcs12keystore.go new file mode 100644 index 00000000000..63f7a2949ae --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/pkcs12keystore.go @@ -0,0 +1,99 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// PKCS12KeystoreApplyConfiguration represents a declarative configuration of the PKCS12Keystore type for use +// with apply. +// +// PKCS12 configures options for storing a PKCS12 keystore in the +// `spec.secretName` Secret resource. +type PKCS12KeystoreApplyConfiguration struct { + // Create enables PKCS12 keystore creation for the Certificate. + // If true, a file named `keystore.p12` will be created in the target + // Secret resource, encrypted using the password stored in + // `passwordSecretRef` or in `password`. + // The keystore file will be updated immediately. + // If the issuer provided a CA certificate, a file named `truststore.p12` will + // also be created in the target Secret resource, encrypted using the + // password stored in `passwordSecretRef` containing the issuing Certificate + // Authority + Create *bool `json:"create,omitempty"` + // Profile specifies the key and certificate encryption algorithms and the HMAC algorithm + // used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. + // + // If provided, allowed values are: + // `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. + // `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. + // `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms + // (e.g., because of company policy). Please note that the security of the algorithm is not that important + // in reality, because the unencrypted certificate and private key are also stored in the Secret. + Profile *certmanagerv1.PKCS12Profile `json:"profile,omitempty"` + // PasswordSecretRef is a reference to a non-empty key in a Secret resource + // containing the password used to encrypt the PKCS#12 keystore. + // Mutually exclusive with password. + // One of password or passwordSecretRef must provide a password with a non-zero length. + PasswordSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"passwordSecretRef,omitempty"` + // Password provides a literal password used to encrypt the PKCS#12 keystore. + // Mutually exclusive with passwordSecretRef. + // One of password or passwordSecretRef must provide a password with a non-zero length. + Password *string `json:"password,omitempty"` +} + +// PKCS12KeystoreApplyConfiguration constructs a declarative configuration of the PKCS12Keystore type for use with +// apply. +func PKCS12Keystore() *PKCS12KeystoreApplyConfiguration { + return &PKCS12KeystoreApplyConfiguration{} +} + +// WithCreate sets the Create field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Create field is set to the value of the last call. +func (b *PKCS12KeystoreApplyConfiguration) WithCreate(value bool) *PKCS12KeystoreApplyConfiguration { + b.Create = &value + return b +} + +// WithProfile sets the Profile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Profile field is set to the value of the last call. +func (b *PKCS12KeystoreApplyConfiguration) WithProfile(value certmanagerv1.PKCS12Profile) *PKCS12KeystoreApplyConfiguration { + b.Profile = &value + return b +} + +// WithPasswordSecretRef sets the PasswordSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PasswordSecretRef field is set to the value of the last call. +func (b *PKCS12KeystoreApplyConfiguration) WithPasswordSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *PKCS12KeystoreApplyConfiguration { + b.PasswordSecretRef = value + return b +} + +// WithPassword sets the Password field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Password field is set to the value of the last call. +func (b *PKCS12KeystoreApplyConfiguration) WithPassword(value string) *PKCS12KeystoreApplyConfiguration { + b.Password = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/selfsignedissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/selfsignedissuer.go new file mode 100644 index 00000000000..02897612a73 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/selfsignedissuer.go @@ -0,0 +1,47 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// SelfSignedIssuerApplyConfiguration represents a declarative configuration of the SelfSignedIssuer type for use +// with apply. +// +// Configures an issuer to 'self sign' certificates using the +// private key used to create the CertificateRequest object. +type SelfSignedIssuerApplyConfiguration struct { + // The CRL distribution points is an X.509 v3 certificate extension which identifies + // the location of the CRL from which the revocation of this certificate can be checked. + // If not set certificate will be issued without CDP. Values are strings. + CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"` +} + +// SelfSignedIssuerApplyConfiguration constructs a declarative configuration of the SelfSignedIssuer type for use with +// apply. +func SelfSignedIssuer() *SelfSignedIssuerApplyConfiguration { + return &SelfSignedIssuerApplyConfiguration{} +} + +// WithCRLDistributionPoints adds the given value to the CRLDistributionPoints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CRLDistributionPoints field. +func (b *SelfSignedIssuerApplyConfiguration) WithCRLDistributionPoints(values ...string) *SelfSignedIssuerApplyConfiguration { + for i := range values { + b.CRLDistributionPoints = append(b.CRLDistributionPoints, values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/serviceaccountref.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/serviceaccountref.go new file mode 100644 index 00000000000..b27ea7a2447 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/serviceaccountref.go @@ -0,0 +1,59 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ServiceAccountRefApplyConfiguration represents a declarative configuration of the ServiceAccountRef type for use +// with apply. +// +// ServiceAccountRef is a service account used by cert-manager to request a +// token. By default two audiences are included: the address of the Vault server as specified +// on the issuer, and a generated audience taking the form of `vault://namespace-name/issuer-name` +// for an Issuer and `vault://issuer-name` for a ClusterIssuer. The expiration of the +// token is also set by cert-manager to 10 minutes. +type ServiceAccountRefApplyConfiguration struct { + // Name of the ServiceAccount used to request a token. + Name *string `json:"name,omitempty"` + // TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. + // The default audiences are always included in the token. + TokenAudiences []string `json:"audiences,omitempty"` +} + +// ServiceAccountRefApplyConfiguration constructs a declarative configuration of the ServiceAccountRef type for use with +// apply. +func ServiceAccountRef() *ServiceAccountRefApplyConfiguration { + return &ServiceAccountRefApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ServiceAccountRefApplyConfiguration) WithName(value string) *ServiceAccountRefApplyConfiguration { + b.Name = &value + return b +} + +// WithTokenAudiences adds the given value to the TokenAudiences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TokenAudiences field. +func (b *ServiceAccountRefApplyConfiguration) WithTokenAudiences(values ...string) *ServiceAccountRefApplyConfiguration { + for i := range values { + b.TokenAudiences = append(b.TokenAudiences, values[i]) + } + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultapprole.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultapprole.go new file mode 100644 index 00000000000..a079a7b4b01 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultapprole.go @@ -0,0 +1,72 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// VaultAppRoleApplyConfiguration represents a declarative configuration of the VaultAppRole type for use +// with apply. +// +// VaultAppRole authenticates with Vault using the App Role auth mechanism, +// with the role and secret stored in a Kubernetes Secret resource. +type VaultAppRoleApplyConfiguration struct { + // Path where the App Role authentication backend is mounted in Vault, e.g: + // "approle" + Path *string `json:"path,omitempty"` + // RoleID configured in the App Role authentication backend when setting + // up the authentication backend in Vault. + RoleId *string `json:"roleId,omitempty"` + // Reference to a key in a Secret that contains the App Role secret used + // to authenticate with Vault. + // The `key` field must be specified and denotes which entry within the Secret + // resource is used as the app role secret. + SecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"secretRef,omitempty"` +} + +// VaultAppRoleApplyConfiguration constructs a declarative configuration of the VaultAppRole type for use with +// apply. +func VaultAppRole() *VaultAppRoleApplyConfiguration { + return &VaultAppRoleApplyConfiguration{} +} + +// WithPath sets the Path field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Path field is set to the value of the last call. +func (b *VaultAppRoleApplyConfiguration) WithPath(value string) *VaultAppRoleApplyConfiguration { + b.Path = &value + return b +} + +// WithRoleId sets the RoleId field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RoleId field is set to the value of the last call. +func (b *VaultAppRoleApplyConfiguration) WithRoleId(value string) *VaultAppRoleApplyConfiguration { + b.RoleId = &value + return b +} + +// WithSecretRef sets the SecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretRef field is set to the value of the last call. +func (b *VaultAppRoleApplyConfiguration) WithSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VaultAppRoleApplyConfiguration { + b.SecretRef = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultauth.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultauth.go new file mode 100644 index 00000000000..f498833eb72 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultauth.go @@ -0,0 +1,81 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// VaultAuthApplyConfiguration represents a declarative configuration of the VaultAuth type for use +// with apply. +// +// VaultAuth is configuration used to authenticate with a Vault server. The +// order of precedence is [`tokenSecretRef`, `appRole`, `clientCertificate` or `kubernetes`]. +type VaultAuthApplyConfiguration struct { + // TokenSecretRef authenticates with Vault by presenting a token. + TokenSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"tokenSecretRef,omitempty"` + // AppRole authenticates with Vault using the App Role auth mechanism, + // with the role and secret stored in a Kubernetes Secret resource. + AppRole *VaultAppRoleApplyConfiguration `json:"appRole,omitempty"` + // ClientCertificate authenticates with Vault by presenting a client + // certificate during the request's TLS handshake. + // Works only when using HTTPS protocol. + ClientCertificate *VaultClientCertificateAuthApplyConfiguration `json:"clientCertificate,omitempty"` + // Kubernetes authenticates with Vault by passing the ServiceAccount + // token stored in the named Secret resource to the Vault server. + Kubernetes *VaultKubernetesAuthApplyConfiguration `json:"kubernetes,omitempty"` +} + +// VaultAuthApplyConfiguration constructs a declarative configuration of the VaultAuth type for use with +// apply. +func VaultAuth() *VaultAuthApplyConfiguration { + return &VaultAuthApplyConfiguration{} +} + +// WithTokenSecretRef sets the TokenSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenSecretRef field is set to the value of the last call. +func (b *VaultAuthApplyConfiguration) WithTokenSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VaultAuthApplyConfiguration { + b.TokenSecretRef = value + return b +} + +// WithAppRole sets the AppRole field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AppRole field is set to the value of the last call. +func (b *VaultAuthApplyConfiguration) WithAppRole(value *VaultAppRoleApplyConfiguration) *VaultAuthApplyConfiguration { + b.AppRole = value + return b +} + +// WithClientCertificate sets the ClientCertificate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertificate field is set to the value of the last call. +func (b *VaultAuthApplyConfiguration) WithClientCertificate(value *VaultClientCertificateAuthApplyConfiguration) *VaultAuthApplyConfiguration { + b.ClientCertificate = value + return b +} + +// WithKubernetes sets the Kubernetes field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kubernetes field is set to the value of the last call. +func (b *VaultAuthApplyConfiguration) WithKubernetes(value *VaultKubernetesAuthApplyConfiguration) *VaultAuthApplyConfiguration { + b.Kubernetes = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultclientcertificateauth.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultclientcertificateauth.go new file mode 100644 index 00000000000..d7b4b2acef2 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultclientcertificateauth.go @@ -0,0 +1,69 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// VaultClientCertificateAuthApplyConfiguration represents a declarative configuration of the VaultClientCertificateAuth type for use +// with apply. +// +// VaultClientCertificateAuth is used to authenticate against Vault using a client +// certificate stored in a Secret. +type VaultClientCertificateAuthApplyConfiguration struct { + // The Vault mountPath here is the mount path to use when authenticating with + // Vault. For example, setting a value to `/v1/auth/foo`, will use the path + // `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + // default value "/v1/auth/cert" will be used. + Path *string `json:"mountPath,omitempty"` + // Reference to Kubernetes Secret of type "kubernetes.io/tls" (hence containing + // tls.crt and tls.key) used to authenticate to Vault using TLS client + // authentication. + SecretName *string `json:"secretName,omitempty"` + // Name of the certificate role to authenticate against. + // If not set, matching any certificate role, if available. + Name *string `json:"name,omitempty"` +} + +// VaultClientCertificateAuthApplyConfiguration constructs a declarative configuration of the VaultClientCertificateAuth type for use with +// apply. +func VaultClientCertificateAuth() *VaultClientCertificateAuthApplyConfiguration { + return &VaultClientCertificateAuthApplyConfiguration{} +} + +// WithPath sets the Path field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Path field is set to the value of the last call. +func (b *VaultClientCertificateAuthApplyConfiguration) WithPath(value string) *VaultClientCertificateAuthApplyConfiguration { + b.Path = &value + return b +} + +// WithSecretName sets the SecretName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretName field is set to the value of the last call. +func (b *VaultClientCertificateAuthApplyConfiguration) WithSecretName(value string) *VaultClientCertificateAuthApplyConfiguration { + b.SecretName = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *VaultClientCertificateAuthApplyConfiguration) WithName(value string) *VaultClientCertificateAuthApplyConfiguration { + b.Name = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultissuer.go new file mode 100644 index 00000000000..6f127caa059 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultissuer.go @@ -0,0 +1,144 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// VaultIssuerApplyConfiguration represents a declarative configuration of the VaultIssuer type for use +// with apply. +// +// Configures an issuer to sign certificates using a HashiCorp Vault +// PKI backend. +type VaultIssuerApplyConfiguration struct { + // Auth configures how cert-manager authenticates with the Vault server. + Auth *VaultAuthApplyConfiguration `json:"auth,omitempty"` + // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". + Server *string `json:"server,omitempty"` + // ServerName is used to verify the hostname on the returned certificates + // by the Vault server. + ServerName *string `json:"serverName,omitempty"` + // Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: + // "my_pki_mount/sign/my-role-name". + Path *string `json:"path,omitempty"` + // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" + // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + Namespace *string `json:"namespace,omitempty"` + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by Vault. Only used if using HTTPS to connect to Vault and + // ignored for HTTP connections. + // Mutually exclusive with CABundleSecretRef. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + CABundle []byte `json:"caBundle,omitempty"` + // Reference to a Secret containing a bundle of PEM-encoded CAs to use when + // verifying the certificate chain presented by Vault when using HTTPS. + // Mutually exclusive with CABundle. + // If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + // If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + CABundleSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"caBundleSecretRef,omitempty"` + // Reference to a Secret containing a PEM-encoded Client Certificate to use when the + // Vault server requires mTLS. + ClientCertSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"clientCertSecretRef,omitempty"` + // Reference to a Secret containing a PEM-encoded Client Private Key to use when the + // Vault server requires mTLS. + ClientKeySecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"clientKeySecretRef,omitempty"` +} + +// VaultIssuerApplyConfiguration constructs a declarative configuration of the VaultIssuer type for use with +// apply. +func VaultIssuer() *VaultIssuerApplyConfiguration { + return &VaultIssuerApplyConfiguration{} +} + +// WithAuth sets the Auth field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Auth field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithAuth(value *VaultAuthApplyConfiguration) *VaultIssuerApplyConfiguration { + b.Auth = value + return b +} + +// WithServer sets the Server field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Server field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithServer(value string) *VaultIssuerApplyConfiguration { + b.Server = &value + return b +} + +// WithServerName sets the ServerName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServerName field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithServerName(value string) *VaultIssuerApplyConfiguration { + b.ServerName = &value + return b +} + +// WithPath sets the Path field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Path field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithPath(value string) *VaultIssuerApplyConfiguration { + b.Path = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithNamespace(value string) *VaultIssuerApplyConfiguration { + b.Namespace = &value + return b +} + +// WithCABundle adds the given value to the CABundle field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CABundle field. +func (b *VaultIssuerApplyConfiguration) WithCABundle(values ...byte) *VaultIssuerApplyConfiguration { + for i := range values { + b.CABundle = append(b.CABundle, values[i]) + } + return b +} + +// WithCABundleSecretRef sets the CABundleSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CABundleSecretRef field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithCABundleSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VaultIssuerApplyConfiguration { + b.CABundleSecretRef = value + return b +} + +// WithClientCertSecretRef sets the ClientCertSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertSecretRef field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithClientCertSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VaultIssuerApplyConfiguration { + b.ClientCertSecretRef = value + return b +} + +// WithClientKeySecretRef sets the ClientKeySecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientKeySecretRef field is set to the value of the last call. +func (b *VaultIssuerApplyConfiguration) WithClientKeySecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VaultIssuerApplyConfiguration { + b.ClientKeySecretRef = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultkubernetesauth.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultkubernetesauth.go new file mode 100644 index 00000000000..b1f941cff1e --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/vaultkubernetesauth.go @@ -0,0 +1,87 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// VaultKubernetesAuthApplyConfiguration represents a declarative configuration of the VaultKubernetesAuth type for use +// with apply. +// +// Authenticate against Vault using a Kubernetes ServiceAccount token stored in +// a Secret. +type VaultKubernetesAuthApplyConfiguration struct { + // The Vault mountPath here is the mount path to use when authenticating with + // Vault. For example, setting a value to `/v1/auth/foo`, will use the path + // `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + // default value "/v1/auth/kubernetes" will be used. + Path *string `json:"mountPath,omitempty"` + // The required Secret field containing a Kubernetes ServiceAccount JWT used + // for authenticating with Vault. Use of 'ambient credentials' is not + // supported. + SecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"secretRef,omitempty"` + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). Compared to using "secretRef", + // using this field means that you don't rely on statically bound tokens. To + // use this field, you must configure an RBAC rule to let cert-manager + // request a token. + ServiceAccountRef *ServiceAccountRefApplyConfiguration `json:"serviceAccountRef,omitempty"` + // A required field containing the Vault Role to assume. A Role binds a + // Kubernetes ServiceAccount with a set of Vault policies. + Role *string `json:"role,omitempty"` +} + +// VaultKubernetesAuthApplyConfiguration constructs a declarative configuration of the VaultKubernetesAuth type for use with +// apply. +func VaultKubernetesAuth() *VaultKubernetesAuthApplyConfiguration { + return &VaultKubernetesAuthApplyConfiguration{} +} + +// WithPath sets the Path field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Path field is set to the value of the last call. +func (b *VaultKubernetesAuthApplyConfiguration) WithPath(value string) *VaultKubernetesAuthApplyConfiguration { + b.Path = &value + return b +} + +// WithSecretRef sets the SecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretRef field is set to the value of the last call. +func (b *VaultKubernetesAuthApplyConfiguration) WithSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VaultKubernetesAuthApplyConfiguration { + b.SecretRef = value + return b +} + +// WithServiceAccountRef sets the ServiceAccountRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServiceAccountRef field is set to the value of the last call. +func (b *VaultKubernetesAuthApplyConfiguration) WithServiceAccountRef(value *ServiceAccountRefApplyConfiguration) *VaultKubernetesAuthApplyConfiguration { + b.ServiceAccountRef = value + return b +} + +// WithRole sets the Role field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Role field is set to the value of the last call. +func (b *VaultKubernetesAuthApplyConfiguration) WithRole(value string) *VaultKubernetesAuthApplyConfiguration { + b.Role = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venaficloud.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venaficloud.go new file mode 100644 index 00000000000..a06ebbbc3a9 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venaficloud.go @@ -0,0 +1,57 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// VenafiCloudApplyConfiguration represents a declarative configuration of the VenafiCloud type for use +// with apply. +// +// VenafiCloud defines connection configuration details for CyberArk Certificate Manager SaaS +type VenafiCloudApplyConfiguration struct { + // URL is the base URL for CyberArk Certificate Manager SaaS. + // Defaults to "https://api.venafi.cloud/". + URL *string `json:"url,omitempty"` + // APITokenSecretRef is a secret key selector for the CyberArk Certificate Manager SaaS API token. + APITokenSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"apiTokenSecretRef,omitempty"` +} + +// VenafiCloudApplyConfiguration constructs a declarative configuration of the VenafiCloud type for use with +// apply. +func VenafiCloud() *VenafiCloudApplyConfiguration { + return &VenafiCloudApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *VenafiCloudApplyConfiguration) WithURL(value string) *VenafiCloudApplyConfiguration { + b.URL = &value + return b +} + +// WithAPITokenSecretRef sets the APITokenSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APITokenSecretRef field is set to the value of the last call. +func (b *VenafiCloudApplyConfiguration) WithAPITokenSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VenafiCloudApplyConfiguration { + b.APITokenSecretRef = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafiissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafiissuer.go new file mode 100644 index 00000000000..aa44d627a43 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafiissuer.go @@ -0,0 +1,68 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// VenafiIssuerApplyConfiguration represents a declarative configuration of the VenafiIssuer type for use +// with apply. +// +// Configures an issuer to sign certificates using a CyberArk Certificate Manager Self-Hosted +// or SaaS policy zone. +type VenafiIssuerApplyConfiguration struct { + // Zone is the Certificate Manager Policy Zone to use for this issuer. + // All requests made to the Certificate Manager platform will be restricted by the named + // zone policy. + // This field is required. + Zone *string `json:"zone,omitempty"` + // TPP specifies CyberArk Certificate Manager Self-Hosted configuration settings. + // Only one of CyberArk Certificate Manager may be specified. + TPP *VenafiTPPApplyConfiguration `json:"tpp,omitempty"` + // Cloud specifies the CyberArk Certificate Manager SaaS configuration settings. + // Only one of CyberArk Certificate Manager may be specified. + Cloud *VenafiCloudApplyConfiguration `json:"cloud,omitempty"` +} + +// VenafiIssuerApplyConfiguration constructs a declarative configuration of the VenafiIssuer type for use with +// apply. +func VenafiIssuer() *VenafiIssuerApplyConfiguration { + return &VenafiIssuerApplyConfiguration{} +} + +// WithZone sets the Zone field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Zone field is set to the value of the last call. +func (b *VenafiIssuerApplyConfiguration) WithZone(value string) *VenafiIssuerApplyConfiguration { + b.Zone = &value + return b +} + +// WithTPP sets the TPP field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TPP field is set to the value of the last call. +func (b *VenafiIssuerApplyConfiguration) WithTPP(value *VenafiTPPApplyConfiguration) *VenafiIssuerApplyConfiguration { + b.TPP = value + return b +} + +// WithCloud sets the Cloud field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Cloud field is set to the value of the last call. +func (b *VenafiIssuerApplyConfiguration) WithCloud(value *VenafiCloudApplyConfiguration) *VenafiIssuerApplyConfiguration { + b.Cloud = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafitpp.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafitpp.go new file mode 100644 index 00000000000..98e80ce117b --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/venafitpp.go @@ -0,0 +1,88 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" +) + +// VenafiTPPApplyConfiguration represents a declarative configuration of the VenafiTPP type for use +// with apply. +// +// VenafiTPP defines connection configuration details for a CyberArk Certificate Manager Self-Hosted instance +type VenafiTPPApplyConfiguration struct { + // URL is the base URL for the vedsdk endpoint of the CyberArk Certificate Manager Self-Hosted instance, + // for example: "https://tpp.example.com/vedsdk". + URL *string `json:"url,omitempty"` + // CredentialsRef is a reference to a Secret containing the CyberArk Certificate Manager Self-Hosted API credentials. + // The secret must contain the key 'access-token' for the Access Token Authentication, + // or two keys, 'username' and 'password' for the API Keys Authentication. + CredentialsRef *metav1.LocalObjectReferenceApplyConfiguration `json:"credentialsRef,omitempty"` + // Base64-encoded bundle of PEM CAs which will be used to validate the certificate + // chain presented by the CyberArk Certificate Manager Self-Hosted server. Only used if using HTTPS; ignored for HTTP. + // If undefined, the certificate bundle in the cert-manager controller container + // is used to validate the chain. + CABundle []byte `json:"caBundle,omitempty"` + // Reference to a Secret containing a base64-encoded bundle of PEM CAs + // which will be used to validate the certificate chain presented by the CyberArk Certificate Manager Self-Hosted server. + // Only used if using HTTPS; ignored for HTTP. Mutually exclusive with CABundle. + // If neither CABundle nor CABundleSecretRef is defined, the certificate bundle in + // the cert-manager controller container is used to validate the TLS connection. + CABundleSecretRef *metav1.SecretKeySelectorApplyConfiguration `json:"caBundleSecretRef,omitempty"` +} + +// VenafiTPPApplyConfiguration constructs a declarative configuration of the VenafiTPP type for use with +// apply. +func VenafiTPP() *VenafiTPPApplyConfiguration { + return &VenafiTPPApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *VenafiTPPApplyConfiguration) WithURL(value string) *VenafiTPPApplyConfiguration { + b.URL = &value + return b +} + +// WithCredentialsRef sets the CredentialsRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CredentialsRef field is set to the value of the last call. +func (b *VenafiTPPApplyConfiguration) WithCredentialsRef(value *metav1.LocalObjectReferenceApplyConfiguration) *VenafiTPPApplyConfiguration { + b.CredentialsRef = value + return b +} + +// WithCABundle adds the given value to the CABundle field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the CABundle field. +func (b *VenafiTPPApplyConfiguration) WithCABundle(values ...byte) *VenafiTPPApplyConfiguration { + for i := range values { + b.CABundle = append(b.CABundle, values[i]) + } + return b +} + +// WithCABundleSecretRef sets the CABundleSecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CABundleSecretRef field is set to the value of the last call. +func (b *VenafiTPPApplyConfiguration) WithCABundleSecretRef(value *metav1.SecretKeySelectorApplyConfiguration) *VenafiTPPApplyConfiguration { + b.CABundleSecretRef = value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/x509subject.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/x509subject.go new file mode 100644 index 00000000000..cb9c1fefca7 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1/x509subject.go @@ -0,0 +1,126 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// X509SubjectApplyConfiguration represents a declarative configuration of the X509Subject type for use +// with apply. +// +// X509Subject Full X509 name specification +type X509SubjectApplyConfiguration struct { + // Organizations to be used on the Certificate. + Organizations []string `json:"organizations,omitempty"` + // Countries to be used on the Certificate. + Countries []string `json:"countries,omitempty"` + // Organizational Units to be used on the Certificate. + OrganizationalUnits []string `json:"organizationalUnits,omitempty"` + // Cities to be used on the Certificate. + Localities []string `json:"localities,omitempty"` + // State/Provinces to be used on the Certificate. + Provinces []string `json:"provinces,omitempty"` + // Street addresses to be used on the Certificate. + StreetAddresses []string `json:"streetAddresses,omitempty"` + // Postal codes to be used on the Certificate. + PostalCodes []string `json:"postalCodes,omitempty"` + // Serial number to be used on the Certificate. + SerialNumber *string `json:"serialNumber,omitempty"` +} + +// X509SubjectApplyConfiguration constructs a declarative configuration of the X509Subject type for use with +// apply. +func X509Subject() *X509SubjectApplyConfiguration { + return &X509SubjectApplyConfiguration{} +} + +// WithOrganizations adds the given value to the Organizations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Organizations field. +func (b *X509SubjectApplyConfiguration) WithOrganizations(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.Organizations = append(b.Organizations, values[i]) + } + return b +} + +// WithCountries adds the given value to the Countries field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Countries field. +func (b *X509SubjectApplyConfiguration) WithCountries(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.Countries = append(b.Countries, values[i]) + } + return b +} + +// WithOrganizationalUnits adds the given value to the OrganizationalUnits field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OrganizationalUnits field. +func (b *X509SubjectApplyConfiguration) WithOrganizationalUnits(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.OrganizationalUnits = append(b.OrganizationalUnits, values[i]) + } + return b +} + +// WithLocalities adds the given value to the Localities field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Localities field. +func (b *X509SubjectApplyConfiguration) WithLocalities(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.Localities = append(b.Localities, values[i]) + } + return b +} + +// WithProvinces adds the given value to the Provinces field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Provinces field. +func (b *X509SubjectApplyConfiguration) WithProvinces(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.Provinces = append(b.Provinces, values[i]) + } + return b +} + +// WithStreetAddresses adds the given value to the StreetAddresses field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the StreetAddresses field. +func (b *X509SubjectApplyConfiguration) WithStreetAddresses(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.StreetAddresses = append(b.StreetAddresses, values[i]) + } + return b +} + +// WithPostalCodes adds the given value to the PostalCodes field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the PostalCodes field. +func (b *X509SubjectApplyConfiguration) WithPostalCodes(values ...string) *X509SubjectApplyConfiguration { + for i := range values { + b.PostalCodes = append(b.PostalCodes, values[i]) + } + return b +} + +// WithSerialNumber sets the SerialNumber field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SerialNumber field is set to the value of the last call. +func (b *X509SubjectApplyConfiguration) WithSerialNumber(value string) *X509SubjectApplyConfiguration { + b.SerialNumber = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal/internal.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal/internal.go new file mode 100644 index 00000000000..cac0cadc5c3 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal/internal.go @@ -0,0 +1,1923 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package internal + +import ( + fmt "fmt" + sync "sync" + + typed "sigs.k8s.io/structured-merge-diff/v6/typed" +) + +func Parser() *typed.Parser { + parserOnce.Do(func() { + var err error + parser, err = typed.NewParser(schemaYAML) + if err != nil { + panic(fmt.Sprintf("Failed to parse schema: %v", err)) + } + }) + return parser +} + +var parserOnce sync.Once +var parser *typed.Parser +var schemaYAML = typed.YAMLObject(`types: +- name: Affinity.v1.core.api.k8s.io + map: + fields: + - name: nodeAffinity + type: + namedType: NodeAffinity.v1.core.api.k8s.io + - name: podAffinity + type: + namedType: PodAffinity.v1.core.api.k8s.io + - name: podAntiAffinity + type: + namedType: PodAntiAffinity.v1.core.api.k8s.io +- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: string +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: JSON.v1.apiextensions.apis.pkg.apiextensions-apiserver.k8s.io + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: matchExpressions + type: + list: + elementType: + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: matchLabels + type: + map: + elementType: + scalar: string + elementRelationship: atomic +- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: operator + type: + scalar: string + default: "" + - name: values + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: LocalObjectReference.v1.core.api.k8s.io + map: + fields: + - name: name + type: + scalar: string + default: "" + elementRelationship: atomic +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldsType + type: + scalar: string + - name: fieldsV1 + type: + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager + type: + scalar: string + - name: operation + type: + scalar: string + - name: subresource + type: + scalar: string + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: NodeAffinity.v1.core.api.k8s.io + map: + fields: + - name: preferredDuringSchedulingIgnoredDuringExecution + type: + list: + elementType: + namedType: PreferredSchedulingTerm.v1.core.api.k8s.io + elementRelationship: atomic + - name: requiredDuringSchedulingIgnoredDuringExecution + type: + namedType: NodeSelector.v1.core.api.k8s.io +- name: NodeSelector.v1.core.api.k8s.io + map: + fields: + - name: nodeSelectorTerms + type: + list: + elementType: + namedType: NodeSelectorTerm.v1.core.api.k8s.io + elementRelationship: atomic + elementRelationship: atomic +- name: NodeSelectorRequirement.v1.core.api.k8s.io + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: operator + type: + scalar: string + default: "" + - name: values + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: NodeSelectorTerm.v1.core.api.k8s.io + map: + fields: + - name: matchExpressions + type: + list: + elementType: + namedType: NodeSelectorRequirement.v1.core.api.k8s.io + elementRelationship: atomic + - name: matchFields + type: + list: + elementType: + namedType: NodeSelectorRequirement.v1.core.api.k8s.io + elementRelationship: atomic + elementRelationship: atomic +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: generateName + type: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: ownerReferences + type: + list: + elementType: + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: PodAffinity.v1.core.api.k8s.io + map: + fields: + - name: preferredDuringSchedulingIgnoredDuringExecution + type: + list: + elementType: + namedType: WeightedPodAffinityTerm.v1.core.api.k8s.io + elementRelationship: atomic + - name: requiredDuringSchedulingIgnoredDuringExecution + type: + list: + elementType: + namedType: PodAffinityTerm.v1.core.api.k8s.io + elementRelationship: atomic +- name: PodAffinityTerm.v1.core.api.k8s.io + map: + fields: + - name: labelSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: matchLabelKeys + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: mismatchLabelKeys + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: namespaceSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: namespaces + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: topologyKey + type: + scalar: string + default: "" +- name: PodAntiAffinity.v1.core.api.k8s.io + map: + fields: + - name: preferredDuringSchedulingIgnoredDuringExecution + type: + list: + elementType: + namedType: WeightedPodAffinityTerm.v1.core.api.k8s.io + elementRelationship: atomic + - name: requiredDuringSchedulingIgnoredDuringExecution + type: + list: + elementType: + namedType: PodAffinityTerm.v1.core.api.k8s.io + elementRelationship: atomic +- name: PreferredSchedulingTerm.v1.core.api.k8s.io + map: + fields: + - name: preference + type: + namedType: NodeSelectorTerm.v1.core.api.k8s.io + default: {} + - name: weight + type: + scalar: numeric + default: 0 +- name: Quantity.resource.api.pkg.apimachinery.k8s.io + scalar: string +- name: SELinuxOptions.v1.core.api.k8s.io + map: + fields: + - name: level + type: + scalar: string + - name: role + type: + scalar: string + - name: type + type: + scalar: string + - name: user + type: + scalar: string +- name: SeccompProfile.v1.core.api.k8s.io + map: + fields: + - name: localhostProfile + type: + scalar: string + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: localhostProfile + discriminatorValue: LocalhostProfile +- name: Sysctl.v1.core.api.k8s.io + map: + fields: + - name: name + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped +- name: Toleration.v1.core.api.k8s.io + map: + fields: + - name: effect + type: + scalar: string + - name: key + type: + scalar: string + - name: operator + type: + scalar: string + - name: tolerationSeconds + type: + scalar: numeric + - name: value + type: + scalar: string +- name: WeightedPodAffinityTerm.v1.core.api.k8s.io + map: + fields: + - name: podAffinityTerm + type: + namedType: PodAffinityTerm.v1.core.api.k8s.io + default: {} + - name: weight + type: + scalar: numeric + default: 0 +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEAuthorization + map: + fields: + - name: challenges + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallenge + elementRelationship: atomic + - name: identifier + type: + scalar: string + - name: initialState + type: + scalar: string + - name: url + type: + scalar: string + default: "" + - name: wildcard + type: + scalar: boolean +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallenge + map: + fields: + - name: token + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" + - name: url + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolver + map: + fields: + - name: dns01 + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverDNS01 + - name: http01 + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01 + - name: selector + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.CertificateDNSNameSelector +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverDNS01 + map: + fields: + - name: acmeDNS + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderAcmeDNS + - name: akamai + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderAkamai + - name: azureDNS + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderAzureDNS + - name: cloudDNS + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderCloudDNS + - name: cloudflare + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderCloudflare + - name: cnameStrategy + type: + scalar: string + - name: digitalocean + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderDigitalOcean + - name: rfc2136 + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderRFC2136 + - name: route53 + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderRoute53 + - name: webhook + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderWebhook +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01 + map: + fields: + - name: gatewayHTTPRoute + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01GatewayHTTPRoute + - name: ingress + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01Ingress +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01GatewayHTTPRoute + map: + fields: + - name: labels + type: + map: + elementType: + scalar: string + - name: parentRefs + type: + list: + elementType: + namedType: io.k8s.sigs.gateway-api.apis.v1.ParentReference + elementRelationship: atomic + - name: podTemplate + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodTemplate + - name: serviceType + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01Ingress + map: + fields: + - name: class + type: + scalar: string + - name: ingressClassName + type: + scalar: string + - name: ingressTemplate + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressTemplate + - name: name + type: + scalar: string + - name: podTemplate + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodTemplate + - name: serviceType + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressObjectMeta + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: labels + type: + map: + elementType: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodObjectMeta + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: labels + type: + map: + elementType: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodResources + map: + fields: + - name: limits + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: requests + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodSecurityContext + map: + fields: + - name: fsGroup + type: + scalar: numeric + - name: fsGroupChangePolicy + type: + scalar: string + - name: runAsGroup + type: + scalar: numeric + - name: runAsNonRoot + type: + scalar: boolean + - name: runAsUser + type: + scalar: numeric + - name: seLinuxOptions + type: + namedType: SELinuxOptions.v1.core.api.k8s.io + - name: seccompProfile + type: + namedType: SeccompProfile.v1.core.api.k8s.io + - name: supplementalGroups + type: + list: + elementType: + scalar: numeric + elementRelationship: atomic + - name: sysctls + type: + list: + elementType: + namedType: Sysctl.v1.core.api.k8s.io + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodSpec + map: + fields: + - name: affinity + type: + namedType: Affinity.v1.core.api.k8s.io + - name: imagePullSecrets + type: + list: + elementType: + namedType: LocalObjectReference.v1.core.api.k8s.io + elementRelationship: associative + keys: + - name + - name: nodeSelector + type: + map: + elementType: + scalar: string + - name: priorityClassName + type: + scalar: string + - name: resources + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodResources + - name: securityContext + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodSecurityContext + - name: serviceAccountName + type: + scalar: string + - name: tolerations + type: + list: + elementType: + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodTemplate + map: + fields: + - name: metadata + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodObjectMeta + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressPodSpec + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressTemplate + map: + fields: + - name: metadata + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolverHTTP01IngressObjectMeta + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEExternalAccountBinding + map: + fields: + - name: keyAlgorithm + type: + scalar: string + - name: keyID + type: + scalar: string + default: "" + - name: keySecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuer + map: + fields: + - name: caBundle + type: + scalar: string + - name: disableAccountKeyGeneration + type: + scalar: boolean + - name: email + type: + scalar: string + - name: enableDurationFeature + type: + scalar: boolean + - name: externalAccountBinding + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEExternalAccountBinding + - name: preferredChain + type: + scalar: string + - name: privateKeySecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: profile + type: + scalar: string + - name: server + type: + scalar: string + default: "" + - name: skipTLSVerify + type: + scalar: boolean + - name: solvers + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolver + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderAcmeDNS + map: + fields: + - name: accountSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: host + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderAkamai + map: + fields: + - name: accessTokenSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: clientSecretSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: clientTokenSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: serviceConsumerDomain + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderAzureDNS + map: + fields: + - name: clientID + type: + scalar: string + - name: clientSecretSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: environment + type: + scalar: string + - name: hostedZoneName + type: + scalar: string + - name: managedIdentity + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.AzureManagedIdentity + - name: resourceGroupName + type: + scalar: string + default: "" + - name: subscriptionID + type: + scalar: string + default: "" + - name: tenantID + type: + scalar: string + - name: zoneType + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderCloudDNS + map: + fields: + - name: hostedZoneName + type: + scalar: string + - name: project + type: + scalar: string + default: "" + - name: serviceAccountSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderCloudflare + map: + fields: + - name: apiKeySecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: apiTokenSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: email + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderDigitalOcean + map: + fields: + - name: tokenSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderRFC2136 + map: + fields: + - name: nameserver + type: + scalar: string + default: "" + - name: protocol + type: + scalar: string + - name: tsigAlgorithm + type: + scalar: string + - name: tsigKeyName + type: + scalar: string + - name: tsigSecretSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderRoute53 + map: + fields: + - name: accessKeyID + type: + scalar: string + - name: accessKeyIDSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: auth + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Route53Auth + - name: hostedZoneID + type: + scalar: string + - name: region + type: + scalar: string + - name: role + type: + scalar: string + - name: secretAccessKeySecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerDNS01ProviderWebhook + map: + fields: + - name: config + type: + namedType: JSON.v1.apiextensions.apis.pkg.apiextensions-apiserver.k8s.io + - name: groupName + type: + scalar: string + default: "" + - name: solverName + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerStatus + map: + fields: + - name: lastPrivateKeyHash + type: + scalar: string + - name: lastRegisteredEmail + type: + scalar: string + - name: uri + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.AzureManagedIdentity + map: + fields: + - name: clientID + type: + scalar: string + - name: resourceID + type: + scalar: string + - name: tenantID + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.CertificateDNSNameSelector + map: + fields: + - name: dnsNames + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: dnsZones + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: matchLabels + type: + map: + elementType: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Challenge + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ChallengeSpec + default: {} + - name: status + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ChallengeStatus + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ChallengeSpec + map: + fields: + - name: authorizationURL + type: + scalar: string + default: "" + - name: dnsName + type: + scalar: string + default: "" + - name: issuerRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.IssuerReference + default: {} + - name: key + type: + scalar: string + default: "" + - name: solver + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEChallengeSolver + default: {} + - name: token + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" + - name: url + type: + scalar: string + default: "" + - name: wildcard + type: + scalar: boolean + default: false +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ChallengeStatus + map: + fields: + - name: presented + type: + scalar: boolean + default: false + - name: processing + type: + scalar: boolean + default: false + - name: reason + type: + scalar: string + - name: state + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Order + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.OrderSpec + default: {} + - name: status + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.OrderStatus + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.OrderSpec + map: + fields: + - name: commonName + type: + scalar: string + - name: dnsNames + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: duration + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: ipAddresses + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: issuerRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.IssuerReference + default: {} + - name: profile + type: + scalar: string + - name: request + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.OrderStatus + map: + fields: + - name: authorizations + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEAuthorization + elementRelationship: atomic + - name: certificate + type: + scalar: string + - name: failureTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizeURL + type: + scalar: string + - name: reason + type: + scalar: string + - name: state + type: + scalar: string + - name: url + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Route53Auth + map: + fields: + - name: kubernetes + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Route53KubernetesAuth +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.Route53KubernetesAuth + map: + fields: + - name: serviceAccountRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ServiceAccountRef +- name: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ServiceAccountRef + map: + fields: + - name: audiences + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: name + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CAIssuer + map: + fields: + - name: crlDistributionPoints + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: issuingCertificateURLs + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: ocspServers + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: secretName + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.Certificate + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateSpec + default: {} + - name: status + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateStatus + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateAdditionalOutputFormat + map: + fields: + - name: type + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateCondition + map: + fields: + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: observedGeneration + type: + scalar: numeric + - name: reason + type: + scalar: string + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateKeystores + map: + fields: + - name: jks + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.JKSKeystore + - name: pkcs12 + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.PKCS12Keystore +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificatePrivateKey + map: + fields: + - name: algorithm + type: + scalar: string + - name: encoding + type: + scalar: string + - name: rotationPolicy + type: + scalar: string + - name: size + type: + scalar: numeric +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequest + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequestSpec + default: {} + - name: status + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequestStatus + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequestCondition + map: + fields: + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: reason + type: + scalar: string + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequestSpec + map: + fields: + - name: duration + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: extra + type: + map: + elementType: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: groups + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: isCA + type: + scalar: boolean + - name: issuerRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.IssuerReference + default: {} + - name: request + type: + scalar: string + - name: uid + type: + scalar: string + - name: usages + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: username + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequestStatus + map: + fields: + - name: ca + type: + scalar: string + - name: certificate + type: + scalar: string + - name: conditions + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateRequestCondition + elementRelationship: associative + keys: + - type + - name: failureTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateSecretTemplate + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: labels + type: + map: + elementType: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateSpec + map: + fields: + - name: additionalOutputFormats + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateAdditionalOutputFormat + elementRelationship: atomic + - name: commonName + type: + scalar: string + - name: dnsNames + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: duration + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: emailAddresses + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: encodeUsagesInRequest + type: + scalar: boolean + - name: ipAddresses + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: isCA + type: + scalar: boolean + - name: issuerRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.IssuerReference + default: {} + - name: keystores + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateKeystores + - name: literalSubject + type: + scalar: string + - name: nameConstraints + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.NameConstraints + - name: otherNames + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.OtherName + elementRelationship: atomic + - name: privateKey + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificatePrivateKey + - name: renewBefore + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: renewBeforePercentage + type: + scalar: numeric + - name: revisionHistoryLimit + type: + scalar: numeric + - name: secretName + type: + scalar: string + default: "" + - name: secretTemplate + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateSecretTemplate + - name: signatureAlgorithm + type: + scalar: string + - name: subject + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.X509Subject + - name: uris + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: usages + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateStatus + map: + fields: + - name: conditions + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CertificateCondition + elementRelationship: associative + keys: + - type + - name: failedIssuanceAttempts + type: + scalar: numeric + - name: lastFailureTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: nextPrivateKeySecretName + type: + scalar: string + - name: notAfter + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: notBefore + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: renewalTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: revision + type: + scalar: numeric +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.ClusterIssuer + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerSpec + default: {} + - name: status + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerStatus + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.Issuer + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerSpec + default: {} + - name: status + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerStatus + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerCondition + map: + fields: + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: observedGeneration + type: + scalar: numeric + - name: reason + type: + scalar: string + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerSpec + map: + fields: + - name: acme + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuer + - name: ca + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.CAIssuer + - name: selfSigned + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.SelfSignedIssuer + - name: vault + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultIssuer + - name: venafi + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VenafiIssuer +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerStatus + map: + fields: + - name: acme + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.acme.v1.ACMEIssuerStatus + - name: conditions + type: + list: + elementType: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.IssuerCondition + elementRelationship: associative + keys: + - type +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.JKSKeystore + map: + fields: + - name: alias + type: + scalar: string + - name: create + type: + scalar: boolean + default: false + - name: password + type: + scalar: string + - name: passwordSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.NameConstraintItem + map: + fields: + - name: dnsDomains + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: emailAddresses + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: ipRanges + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: uriDomains + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.NameConstraints + map: + fields: + - name: critical + type: + scalar: boolean + - name: excluded + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.NameConstraintItem + - name: permitted + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.NameConstraintItem +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.OtherName + map: + fields: + - name: oid + type: + scalar: string + - name: utf8Value + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.PKCS12Keystore + map: + fields: + - name: create + type: + scalar: boolean + default: false + - name: password + type: + scalar: string + - name: passwordSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: profile + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.SelfSignedIssuer + map: + fields: + - name: crlDistributionPoints + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.ServiceAccountRef + map: + fields: + - name: audiences + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: name + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultAppRole + map: + fields: + - name: path + type: + scalar: string + default: "" + - name: roleId + type: + scalar: string + default: "" + - name: secretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultAuth + map: + fields: + - name: appRole + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultAppRole + - name: clientCertificate + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultClientCertificateAuth + - name: kubernetes + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultKubernetesAuth + - name: tokenSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultClientCertificateAuth + map: + fields: + - name: mountPath + type: + scalar: string + - name: name + type: + scalar: string + - name: secretName + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultIssuer + map: + fields: + - name: auth + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultAuth + default: {} + - name: caBundle + type: + scalar: string + - name: caBundleSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: clientCertSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: clientKeySecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: namespace + type: + scalar: string + - name: path + type: + scalar: string + default: "" + - name: server + type: + scalar: string + default: "" + - name: serverName + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VaultKubernetesAuth + map: + fields: + - name: mountPath + type: + scalar: string + - name: role + type: + scalar: string + default: "" + - name: secretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: serviceAccountRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.ServiceAccountRef +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VenafiCloud + map: + fields: + - name: apiTokenSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + default: {} + - name: url + type: + scalar: string +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VenafiIssuer + map: + fields: + - name: cloud + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VenafiCloud + - name: tpp + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VenafiTPP + - name: zone + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.VenafiTPP + map: + fields: + - name: caBundle + type: + scalar: string + - name: caBundleSecretRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + - name: credentialsRef + type: + namedType: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.LocalObjectReference + default: {} + - name: url + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.certmanager.v1.X509Subject + map: + fields: + - name: countries + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: localities + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: organizationalUnits + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: organizations + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: postalCodes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: provinces + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: serialNumber + type: + scalar: string + - name: streetAddresses + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.IssuerReference + map: + fields: + - name: group + type: + scalar: string + - name: kind + type: + scalar: string + - name: name + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.LocalObjectReference + map: + fields: + - name: name + type: + scalar: string + default: "" +- name: com.github.cert-manager.cert-manager.pkg.apis.meta.v1.SecretKeySelector + map: + fields: + - name: key + type: + scalar: string + - name: name + type: + scalar: string + default: "" +- name: io.k8s.sigs.gateway-api.apis.v1.ParentReference + map: + fields: + - name: group + type: + scalar: string + - name: kind + type: + scalar: string + - name: name + type: + scalar: string + default: "" + - name: namespace + type: + scalar: string + - name: port + type: + scalar: numeric + - name: sectionName + type: + scalar: string +- name: __untyped_atomic_ + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic +- name: __untyped_deduced_ + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +`) diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/issuerreference.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/issuerreference.go new file mode 100644 index 00000000000..f45c2ce8231 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/issuerreference.go @@ -0,0 +1,64 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// IssuerReferenceApplyConfiguration represents a declarative configuration of the IssuerReference type for use +// with apply. +// +// IssuerReference is a reference to a certificate issuer object with a given name, kind and group. +type IssuerReferenceApplyConfiguration struct { + // Name of the issuer being referred to. + Name *string `json:"name,omitempty"` + // Kind of the issuer being referred to. + // Defaults to 'Issuer'. + Kind *string `json:"kind,omitempty"` + // Group of the issuer being referred to. + // Defaults to 'cert-manager.io'. + Group *string `json:"group,omitempty"` +} + +// IssuerReferenceApplyConfiguration constructs a declarative configuration of the IssuerReference type for use with +// apply. +func IssuerReference() *IssuerReferenceApplyConfiguration { + return &IssuerReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *IssuerReferenceApplyConfiguration) WithName(value string) *IssuerReferenceApplyConfiguration { + b.Name = &value + return b +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *IssuerReferenceApplyConfiguration) WithKind(value string) *IssuerReferenceApplyConfiguration { + b.Kind = &value + return b +} + +// WithGroup sets the Group field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Group field is set to the value of the last call. +func (b *IssuerReferenceApplyConfiguration) WithGroup(value string) *IssuerReferenceApplyConfiguration { + b.Group = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/localobjectreference.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/localobjectreference.go new file mode 100644 index 00000000000..c25794621c5 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/localobjectreference.go @@ -0,0 +1,48 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// LocalObjectReferenceApplyConfiguration represents a declarative configuration of the LocalObjectReference type for use +// with apply. +// +// A reference to an object in the same namespace as the referent. +// If the referent is a cluster-scoped resource (e.g., a ClusterIssuer), +// the reference instead refers to the resource with the given name in the +// configured 'cluster resource namespace', which is set as a flag on the +// controller component (and defaults to the namespace that cert-manager +// runs in). +type LocalObjectReferenceApplyConfiguration struct { + // Name of the resource being referred to. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Name *string `json:"name,omitempty"` +} + +// LocalObjectReferenceApplyConfiguration constructs a declarative configuration of the LocalObjectReference type for use with +// apply. +func LocalObjectReference() *LocalObjectReferenceApplyConfiguration { + return &LocalObjectReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *LocalObjectReferenceApplyConfiguration) WithName(value string) *LocalObjectReferenceApplyConfiguration { + b.Name = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/secretkeyselector.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/secretkeyselector.go new file mode 100644 index 00000000000..3c923a6b726 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1/secretkeyselector.go @@ -0,0 +1,55 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// SecretKeySelectorApplyConfiguration represents a declarative configuration of the SecretKeySelector type for use +// with apply. +// +// A reference to a specific 'key' within a Secret resource. +// In some instances, `key` is a required field. +type SecretKeySelectorApplyConfiguration struct { + // The name of the Secret resource being referred to. + LocalObjectReferenceApplyConfiguration `json:",inline"` + // The key of the entry in the Secret resource's `data` field to be used. + // Some instances of this field may be defaulted, in others it may be + // required. + Key *string `json:"key,omitempty"` +} + +// SecretKeySelectorApplyConfiguration constructs a declarative configuration of the SecretKeySelector type for use with +// apply. +func SecretKeySelector() *SecretKeySelectorApplyConfiguration { + return &SecretKeySelectorApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *SecretKeySelectorApplyConfiguration) WithName(value string) *SecretKeySelectorApplyConfiguration { + b.LocalObjectReferenceApplyConfiguration.Name = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *SecretKeySelectorApplyConfiguration) WithKey(value string) *SecretKeySelectorApplyConfiguration { + b.Key = &value + return b +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/utils.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/utils.go new file mode 100644 index 00000000000..0729e915ae9 --- /dev/null +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/utils.go @@ -0,0 +1,200 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package applyconfigurations + +import ( + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + metav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + acmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" + applyconfigurationscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" + internal "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/internal" + applyconfigurationsmetav1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" +) + +// ForKind returns an apply configuration type for the given GroupVersionKind, or nil if no +// apply configuration type exists for the given GroupVersionKind. +func ForKind(kind schema.GroupVersionKind) interface{} { + switch kind { + // Group=acme.cert-manager.io, Version=v1 + case v1.SchemeGroupVersion.WithKind("ACMEAuthorization"): + return &acmev1.ACMEAuthorizationApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallenge"): + return &acmev1.ACMEChallengeApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolver"): + return &acmev1.ACMEChallengeSolverApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverDNS01"): + return &acmev1.ACMEChallengeSolverDNS01ApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01"): + return &acmev1.ACMEChallengeSolverHTTP01ApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01GatewayHTTPRoute"): + return &acmev1.ACMEChallengeSolverHTTP01GatewayHTTPRouteApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01Ingress"): + return &acmev1.ACMEChallengeSolverHTTP01IngressApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressObjectMeta"): + return &acmev1.ACMEChallengeSolverHTTP01IngressObjectMetaApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressPodObjectMeta"): + return &acmev1.ACMEChallengeSolverHTTP01IngressPodObjectMetaApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressPodResources"): + return &acmev1.ACMEChallengeSolverHTTP01IngressPodResourcesApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressPodSecurityContext"): + return &acmev1.ACMEChallengeSolverHTTP01IngressPodSecurityContextApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressPodSpec"): + return &acmev1.ACMEChallengeSolverHTTP01IngressPodSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressPodTemplate"): + return &acmev1.ACMEChallengeSolverHTTP01IngressPodTemplateApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEChallengeSolverHTTP01IngressTemplate"): + return &acmev1.ACMEChallengeSolverHTTP01IngressTemplateApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEExternalAccountBinding"): + return &acmev1.ACMEExternalAccountBindingApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuer"): + return &acmev1.ACMEIssuerApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderAcmeDNS"): + return &acmev1.ACMEIssuerDNS01ProviderAcmeDNSApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderAkamai"): + return &acmev1.ACMEIssuerDNS01ProviderAkamaiApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderAzureDNS"): + return &acmev1.ACMEIssuerDNS01ProviderAzureDNSApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderCloudDNS"): + return &acmev1.ACMEIssuerDNS01ProviderCloudDNSApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderCloudflare"): + return &acmev1.ACMEIssuerDNS01ProviderCloudflareApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderDigitalOcean"): + return &acmev1.ACMEIssuerDNS01ProviderDigitalOceanApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderRFC2136"): + return &acmev1.ACMEIssuerDNS01ProviderRFC2136ApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderRoute53"): + return &acmev1.ACMEIssuerDNS01ProviderRoute53ApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerDNS01ProviderWebhook"): + return &acmev1.ACMEIssuerDNS01ProviderWebhookApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ACMEIssuerStatus"): + return &acmev1.ACMEIssuerStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("AzureManagedIdentity"): + return &acmev1.AzureManagedIdentityApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("CertificateDNSNameSelector"): + return &acmev1.CertificateDNSNameSelectorApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("Challenge"): + return &acmev1.ChallengeApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ChallengeSpec"): + return &acmev1.ChallengeSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ChallengeStatus"): + return &acmev1.ChallengeStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("Order"): + return &acmev1.OrderApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("OrderSpec"): + return &acmev1.OrderSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("OrderStatus"): + return &acmev1.OrderStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("Route53Auth"): + return &acmev1.Route53AuthApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("Route53KubernetesAuth"): + return &acmev1.Route53KubernetesAuthApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ServiceAccountRef"): + return &acmev1.ServiceAccountRefApplyConfiguration{} + + // Group=cert-manager.io, Version=v1 + case certmanagerv1.SchemeGroupVersion.WithKind("CAIssuer"): + return &applyconfigurationscertmanagerv1.CAIssuerApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("Certificate"): + return &applyconfigurationscertmanagerv1.CertificateApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateAdditionalOutputFormat"): + return &applyconfigurationscertmanagerv1.CertificateAdditionalOutputFormatApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateCondition"): + return &applyconfigurationscertmanagerv1.CertificateConditionApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateKeystores"): + return &applyconfigurationscertmanagerv1.CertificateKeystoresApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificatePrivateKey"): + return &applyconfigurationscertmanagerv1.CertificatePrivateKeyApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateRequest"): + return &applyconfigurationscertmanagerv1.CertificateRequestApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateRequestCondition"): + return &applyconfigurationscertmanagerv1.CertificateRequestConditionApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateRequestSpec"): + return &applyconfigurationscertmanagerv1.CertificateRequestSpecApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateRequestStatus"): + return &applyconfigurationscertmanagerv1.CertificateRequestStatusApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateSecretTemplate"): + return &applyconfigurationscertmanagerv1.CertificateSecretTemplateApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateSpec"): + return &applyconfigurationscertmanagerv1.CertificateSpecApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("CertificateStatus"): + return &applyconfigurationscertmanagerv1.CertificateStatusApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("ClusterIssuer"): + return &applyconfigurationscertmanagerv1.ClusterIssuerApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("Issuer"): + return &applyconfigurationscertmanagerv1.IssuerApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("IssuerCondition"): + return &applyconfigurationscertmanagerv1.IssuerConditionApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("IssuerConfig"): + return &applyconfigurationscertmanagerv1.IssuerConfigApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("IssuerSpec"): + return &applyconfigurationscertmanagerv1.IssuerSpecApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("IssuerStatus"): + return &applyconfigurationscertmanagerv1.IssuerStatusApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("JKSKeystore"): + return &applyconfigurationscertmanagerv1.JKSKeystoreApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("NameConstraintItem"): + return &applyconfigurationscertmanagerv1.NameConstraintItemApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("NameConstraints"): + return &applyconfigurationscertmanagerv1.NameConstraintsApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("OtherName"): + return &applyconfigurationscertmanagerv1.OtherNameApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("PKCS12Keystore"): + return &applyconfigurationscertmanagerv1.PKCS12KeystoreApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("SelfSignedIssuer"): + return &applyconfigurationscertmanagerv1.SelfSignedIssuerApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("ServiceAccountRef"): + return &applyconfigurationscertmanagerv1.ServiceAccountRefApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VaultAppRole"): + return &applyconfigurationscertmanagerv1.VaultAppRoleApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VaultAuth"): + return &applyconfigurationscertmanagerv1.VaultAuthApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VaultClientCertificateAuth"): + return &applyconfigurationscertmanagerv1.VaultClientCertificateAuthApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VaultIssuer"): + return &applyconfigurationscertmanagerv1.VaultIssuerApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VaultKubernetesAuth"): + return &applyconfigurationscertmanagerv1.VaultKubernetesAuthApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VenafiCloud"): + return &applyconfigurationscertmanagerv1.VenafiCloudApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VenafiIssuer"): + return &applyconfigurationscertmanagerv1.VenafiIssuerApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("VenafiTPP"): + return &applyconfigurationscertmanagerv1.VenafiTPPApplyConfiguration{} + case certmanagerv1.SchemeGroupVersion.WithKind("X509Subject"): + return &applyconfigurationscertmanagerv1.X509SubjectApplyConfiguration{} + + // Group=meta, Version=v1 + case metav1.SchemeGroupVersion.WithKind("IssuerReference"): + return &applyconfigurationsmetav1.IssuerReferenceApplyConfiguration{} + case metav1.SchemeGroupVersion.WithKind("LocalObjectReference"): + return &applyconfigurationsmetav1.LocalObjectReferenceApplyConfiguration{} + case metav1.SchemeGroupVersion.WithKind("SecretKeySelector"): + return &applyconfigurationsmetav1.SecretKeySelectorApplyConfiguration{} + + } + return nil +} + +func NewTypeConverter(scheme *runtime.Scheme) managedfields.TypeConverter { + return managedfields.NewSchemeTypeConverter(scheme, internal.Parser()) +} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/clientset.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/clientset.go index bbe90f7273c..1ad7245c7f5 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/clientset.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/clientset.go @@ -19,8 +19,8 @@ limitations under the License. package versioned import ( - "fmt" - "net/http" + fmt "fmt" + http "net/http" acmev1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1" certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake/clientset_generated.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake/clientset_generated.go index 53991e1cff5..d15c031f845 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -19,11 +19,13 @@ limitations under the License. package fake import ( + applyconfigurations "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations" clientset "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" acmev1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1" fakeacmev1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake" certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" fakecertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -36,7 +38,7 @@ import ( // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement // for a real clientset and is mostly useful in simple unit tests. // -// DEPRECATED: NewClientset replaces this with support for field management, which significantly improves +// Deprecated: NewClientset replaces this with support for field management, which significantly improves // server side apply testing. NewClientset is only available when apply configurations are generated (e.g. // via --with-applyconfig). func NewSimpleClientset(objects ...runtime.Object) *Clientset { @@ -51,9 +53,13 @@ func NewSimpleClientset(objects ...runtime.Object) *Clientset { cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} cs.AddReactor("*", "*", testing.ObjectReaction(o)) cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { + var opts metav1.ListOptions + if watchAction, ok := action.(testing.WatchActionImpl); ok { + opts = watchAction.ListOptions + } gvr := action.GetResource() ns := action.GetNamespace() - watch, err := o.Watch(gvr, ns) + watch, err := o.Watch(gvr, ns, opts) if err != nil { return false, nil, err } @@ -80,6 +86,53 @@ func (c *Clientset) Tracker() testing.ObjectTracker { return c.tracker } +// IsWatchListSemanticsSupported informs the reflector that this client +// doesn't support WatchList semantics. +// +// This is a synthetic method whose sole purpose is to satisfy the optional +// interface check performed by the reflector. +// Returning true signals that WatchList can NOT be used. +// No additional logic is implemented here. +func (c *Clientset) IsWatchListSemanticsUnSupported() bool { + return true +} + +// NewClientset returns a clientset that will respond with the provided objects. +// It's backed by a very simple object tracker that processes creates, updates and deletions as-is, +// without applying any validations and/or defaults. It shouldn't be considered a replacement +// for a real clientset and is mostly useful in simple unit tests. +func NewClientset(objects ...runtime.Object) *Clientset { + o := testing.NewFieldManagedObjectTracker( + scheme, + codecs.UniversalDecoder(), + applyconfigurations.NewTypeConverter(scheme), + ) + for _, obj := range objects { + if err := o.Add(obj); err != nil { + panic(err) + } + } + + cs := &Clientset{tracker: o} + cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} + cs.AddReactor("*", "*", testing.ObjectReaction(o)) + cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { + var opts metav1.ListOptions + if watchAction, ok := action.(testing.WatchActionImpl); ok { + opts = watchAction.ListOptions + } + gvr := action.GetResource() + ns := action.GetNamespace() + watch, err := o.Watch(gvr, ns, opts) + if err != nil { + return false, nil, err + } + return true, watch, nil + }) + + return cs +} + var ( _ clientset.Interface = &Clientset{} _ testing.FakeClient = &Clientset{} diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/acme_client.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/acme_client.go index ff077b66046..bec0af70c79 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/acme_client.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/acme_client.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - "net/http" + http "net/http" - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" rest "k8s.io/client-go/rest" ) @@ -50,9 +50,7 @@ func (c *AcmeV1Client) Orders(namespace string) OrderInterface { // where httpClient was generated with rest.HTTPClientFor(c). func NewForConfig(c *rest.Config) (*AcmeV1Client, error) { config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } + setConfigDefaults(&config) httpClient, err := rest.HTTPClientFor(&config) if err != nil { return nil, err @@ -64,9 +62,7 @@ func NewForConfig(c *rest.Config) (*AcmeV1Client, error) { // Note the http client provided takes precedence over the configured transport values. func NewForConfigAndClient(c *rest.Config, h *http.Client) (*AcmeV1Client, error) { config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } + setConfigDefaults(&config) client, err := rest.RESTClientForConfigAndClient(&config, h) if err != nil { return nil, err @@ -89,17 +85,15 @@ func New(c rest.Interface) *AcmeV1Client { return &AcmeV1Client{c} } -func setConfigDefaults(config *rest.Config) error { - gv := v1.SchemeGroupVersion +func setConfigDefaults(config *rest.Config) { + gv := acmev1.SchemeGroupVersion config.GroupVersion = &gv config.APIPath = "/apis" - config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + config.NegotiatedSerializer = rest.CodecFactoryForGeneratedClient(scheme.Scheme, scheme.Codecs).WithoutConversion() if config.UserAgent == "" { config.UserAgent = rest.DefaultKubernetesUserAgent() } - - return nil } // RESTClient returns a RESTClient that is used to communicate diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/challenge.go index 76fc50c1483..82d89913920 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/challenge.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/challenge.go @@ -19,9 +19,10 @@ limitations under the License. package v1 import ( - "context" + context "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + applyconfigurationsacmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -37,33 +38,37 @@ type ChallengesGetter interface { // ChallengeInterface has methods to work with Challenge resources. type ChallengeInterface interface { - Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (*v1.Challenge, error) - Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) + Create(ctx context.Context, challenge *acmev1.Challenge, opts metav1.CreateOptions) (*acmev1.Challenge, error) + Update(ctx context.Context, challenge *acmev1.Challenge, opts metav1.UpdateOptions) (*acmev1.Challenge, error) // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (*v1.Challenge, error) + UpdateStatus(ctx context.Context, challenge *acmev1.Challenge, opts metav1.UpdateOptions) (*acmev1.Challenge, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Challenge, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.ChallengeList, error) + Get(ctx context.Context, name string, opts metav1.GetOptions) (*acmev1.Challenge, error) + List(ctx context.Context, opts metav1.ListOptions) (*acmev1.ChallengeList, error) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *acmev1.Challenge, err error) + Apply(ctx context.Context, challenge *applyconfigurationsacmev1.ChallengeApplyConfiguration, opts metav1.ApplyOptions) (result *acmev1.Challenge, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, challenge *applyconfigurationsacmev1.ChallengeApplyConfiguration, opts metav1.ApplyOptions) (result *acmev1.Challenge, err error) ChallengeExpansion } // challenges implements ChallengeInterface type challenges struct { - *gentype.ClientWithList[*v1.Challenge, *v1.ChallengeList] + *gentype.ClientWithListAndApply[*acmev1.Challenge, *acmev1.ChallengeList, *applyconfigurationsacmev1.ChallengeApplyConfiguration] } // newChallenges returns a Challenges func newChallenges(c *AcmeV1Client, namespace string) *challenges { return &challenges{ - gentype.NewClientWithList[*v1.Challenge, *v1.ChallengeList]( + gentype.NewClientWithListAndApply[*acmev1.Challenge, *acmev1.ChallengeList, *applyconfigurationsacmev1.ChallengeApplyConfiguration]( "challenges", c.RESTClient(), scheme.ParameterCodec, namespace, - func() *v1.Challenge { return &v1.Challenge{} }, - func() *v1.ChallengeList { return &v1.ChallengeList{} }), + func() *acmev1.Challenge { return &acmev1.Challenge{} }, + func() *acmev1.ChallengeList { return &acmev1.ChallengeList{} }, + ), } } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go index 938de918f83..be8d81f6d66 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_acme_client.go @@ -29,11 +29,11 @@ type FakeAcmeV1 struct { } func (c *FakeAcmeV1) Challenges(namespace string) v1.ChallengeInterface { - return &FakeChallenges{c, namespace} + return newFakeChallenges(c, namespace) } func (c *FakeAcmeV1) Orders(namespace string) v1.OrderInterface { - return &FakeOrders{c, namespace} + return newFakeOrders(c, namespace) } // RESTClient returns a RESTClient that is used to communicate diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_challenge.go index b3439d6e942..2313e566ba5 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_challenge.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_challenge.go @@ -19,129 +19,31 @@ limitations under the License. package fake import ( - "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" + acmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" + typedacmev1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1" + gentype "k8s.io/client-go/gentype" ) -// FakeChallenges implements ChallengeInterface -type FakeChallenges struct { +// fakeChallenges implements ChallengeInterface +type fakeChallenges struct { + *gentype.FakeClientWithListAndApply[*v1.Challenge, *v1.ChallengeList, *acmev1.ChallengeApplyConfiguration] Fake *FakeAcmeV1 - ns string -} - -var challengesResource = v1.SchemeGroupVersion.WithResource("challenges") - -var challengesKind = v1.SchemeGroupVersion.WithKind("Challenge") - -// Get takes name of the challenge, and returns the corresponding challenge object, and an error if there is any. -func (c *FakeChallenges) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Challenge, err error) { - emptyResult := &v1.Challenge{} - obj, err := c.Fake. - Invokes(testing.NewGetActionWithOptions(challengesResource, c.ns, name, options), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Challenge), err -} - -// List takes label and field selectors, and returns the list of Challenges that match those selectors. -func (c *FakeChallenges) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ChallengeList, err error) { - emptyResult := &v1.ChallengeList{} - obj, err := c.Fake. - Invokes(testing.NewListActionWithOptions(challengesResource, challengesKind, c.ns, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1.ChallengeList{ListMeta: obj.(*v1.ChallengeList).ListMeta} - for _, item := range obj.(*v1.ChallengeList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested challenges. -func (c *FakeChallenges) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchActionWithOptions(challengesResource, c.ns, opts)) - -} - -// Create takes the representation of a challenge and creates it. Returns the server's representation of the challenge, and an error, if there is any. -func (c *FakeChallenges) Create(ctx context.Context, challenge *v1.Challenge, opts metav1.CreateOptions) (result *v1.Challenge, err error) { - emptyResult := &v1.Challenge{} - obj, err := c.Fake. - Invokes(testing.NewCreateActionWithOptions(challengesResource, c.ns, challenge, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Challenge), err -} - -// Update takes the representation of a challenge and updates it. Returns the server's representation of the challenge, and an error, if there is any. -func (c *FakeChallenges) Update(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { - emptyResult := &v1.Challenge{} - obj, err := c.Fake. - Invokes(testing.NewUpdateActionWithOptions(challengesResource, c.ns, challenge, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Challenge), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeChallenges) UpdateStatus(ctx context.Context, challenge *v1.Challenge, opts metav1.UpdateOptions) (result *v1.Challenge, err error) { - emptyResult := &v1.Challenge{} - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceActionWithOptions(challengesResource, "status", c.ns, challenge, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Challenge), err -} - -// Delete takes name of the challenge and deletes it. Returns an error if one occurs. -func (c *FakeChallenges) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(challengesResource, c.ns, name, opts), &v1.Challenge{}) - - return err } -// DeleteCollection deletes a collection of objects. -func (c *FakeChallenges) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionActionWithOptions(challengesResource, c.ns, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1.ChallengeList{}) - return err -} - -// Patch applies the patch and returns the patched challenge. -func (c *FakeChallenges) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Challenge, err error) { - emptyResult := &v1.Challenge{} - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceActionWithOptions(challengesResource, c.ns, name, pt, data, opts, subresources...), emptyResult) - - if obj == nil { - return emptyResult, err +func newFakeChallenges(fake *FakeAcmeV1, namespace string) typedacmev1.ChallengeInterface { + return &fakeChallenges{ + gentype.NewFakeClientWithListAndApply[*v1.Challenge, *v1.ChallengeList, *acmev1.ChallengeApplyConfiguration]( + fake.Fake, + namespace, + v1.SchemeGroupVersion.WithResource("challenges"), + v1.SchemeGroupVersion.WithKind("Challenge"), + func() *v1.Challenge { return &v1.Challenge{} }, + func() *v1.ChallengeList { return &v1.ChallengeList{} }, + func(dst, src *v1.ChallengeList) { dst.ListMeta = src.ListMeta }, + func(list *v1.ChallengeList) []*v1.Challenge { return gentype.ToPointerSlice(list.Items) }, + func(list *v1.ChallengeList, items []*v1.Challenge) { list.Items = gentype.FromPointerSlice(items) }, + ), + fake, } - return obj.(*v1.Challenge), err } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_order.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_order.go index b56c9e32bfe..2cfe1be0993 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_order.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/fake/fake_order.go @@ -19,129 +19,31 @@ limitations under the License. package fake import ( - "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" + acmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" + typedacmev1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1" + gentype "k8s.io/client-go/gentype" ) -// FakeOrders implements OrderInterface -type FakeOrders struct { +// fakeOrders implements OrderInterface +type fakeOrders struct { + *gentype.FakeClientWithListAndApply[*v1.Order, *v1.OrderList, *acmev1.OrderApplyConfiguration] Fake *FakeAcmeV1 - ns string -} - -var ordersResource = v1.SchemeGroupVersion.WithResource("orders") - -var ordersKind = v1.SchemeGroupVersion.WithKind("Order") - -// Get takes name of the order, and returns the corresponding order object, and an error if there is any. -func (c *FakeOrders) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Order, err error) { - emptyResult := &v1.Order{} - obj, err := c.Fake. - Invokes(testing.NewGetActionWithOptions(ordersResource, c.ns, name, options), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Order), err -} - -// List takes label and field selectors, and returns the list of Orders that match those selectors. -func (c *FakeOrders) List(ctx context.Context, opts metav1.ListOptions) (result *v1.OrderList, err error) { - emptyResult := &v1.OrderList{} - obj, err := c.Fake. - Invokes(testing.NewListActionWithOptions(ordersResource, ordersKind, c.ns, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1.OrderList{ListMeta: obj.(*v1.OrderList).ListMeta} - for _, item := range obj.(*v1.OrderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested orders. -func (c *FakeOrders) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchActionWithOptions(ordersResource, c.ns, opts)) - -} - -// Create takes the representation of a order and creates it. Returns the server's representation of the order, and an error, if there is any. -func (c *FakeOrders) Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (result *v1.Order, err error) { - emptyResult := &v1.Order{} - obj, err := c.Fake. - Invokes(testing.NewCreateActionWithOptions(ordersResource, c.ns, order, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Order), err -} - -// Update takes the representation of a order and updates it. Returns the server's representation of the order, and an error, if there is any. -func (c *FakeOrders) Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { - emptyResult := &v1.Order{} - obj, err := c.Fake. - Invokes(testing.NewUpdateActionWithOptions(ordersResource, c.ns, order, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Order), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOrders) UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (result *v1.Order, err error) { - emptyResult := &v1.Order{} - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceActionWithOptions(ordersResource, "status", c.ns, order, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Order), err -} - -// Delete takes name of the order and deletes it. Returns an error if one occurs. -func (c *FakeOrders) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(ordersResource, c.ns, name, opts), &v1.Order{}) - - return err } -// DeleteCollection deletes a collection of objects. -func (c *FakeOrders) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionActionWithOptions(ordersResource, c.ns, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1.OrderList{}) - return err -} - -// Patch applies the patch and returns the patched order. -func (c *FakeOrders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) { - emptyResult := &v1.Order{} - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceActionWithOptions(ordersResource, c.ns, name, pt, data, opts, subresources...), emptyResult) - - if obj == nil { - return emptyResult, err +func newFakeOrders(fake *FakeAcmeV1, namespace string) typedacmev1.OrderInterface { + return &fakeOrders{ + gentype.NewFakeClientWithListAndApply[*v1.Order, *v1.OrderList, *acmev1.OrderApplyConfiguration]( + fake.Fake, + namespace, + v1.SchemeGroupVersion.WithResource("orders"), + v1.SchemeGroupVersion.WithKind("Order"), + func() *v1.Order { return &v1.Order{} }, + func() *v1.OrderList { return &v1.OrderList{} }, + func(dst, src *v1.OrderList) { dst.ListMeta = src.ListMeta }, + func(list *v1.OrderList) []*v1.Order { return gentype.ToPointerSlice(list.Items) }, + func(list *v1.OrderList, items []*v1.Order) { list.Items = gentype.FromPointerSlice(items) }, + ), + fake, } - return obj.(*v1.Order), err } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/order.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/order.go index 7ad95fb7a56..cd5c1fcbe8b 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/order.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/acme/v1/order.go @@ -19,9 +19,10 @@ limitations under the License. package v1 import ( - "context" + context "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + applyconfigurationsacmev1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/acme/v1" scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -37,33 +38,37 @@ type OrdersGetter interface { // OrderInterface has methods to work with Order resources. type OrderInterface interface { - Create(ctx context.Context, order *v1.Order, opts metav1.CreateOptions) (*v1.Order, error) - Update(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) + Create(ctx context.Context, order *acmev1.Order, opts metav1.CreateOptions) (*acmev1.Order, error) + Update(ctx context.Context, order *acmev1.Order, opts metav1.UpdateOptions) (*acmev1.Order, error) // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, order *v1.Order, opts metav1.UpdateOptions) (*v1.Order, error) + UpdateStatus(ctx context.Context, order *acmev1.Order, opts metav1.UpdateOptions) (*acmev1.Order, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Order, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.OrderList, error) + Get(ctx context.Context, name string, opts metav1.GetOptions) (*acmev1.Order, error) + List(ctx context.Context, opts metav1.ListOptions) (*acmev1.OrderList, error) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Order, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *acmev1.Order, err error) + Apply(ctx context.Context, order *applyconfigurationsacmev1.OrderApplyConfiguration, opts metav1.ApplyOptions) (result *acmev1.Order, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, order *applyconfigurationsacmev1.OrderApplyConfiguration, opts metav1.ApplyOptions) (result *acmev1.Order, err error) OrderExpansion } // orders implements OrderInterface type orders struct { - *gentype.ClientWithList[*v1.Order, *v1.OrderList] + *gentype.ClientWithListAndApply[*acmev1.Order, *acmev1.OrderList, *applyconfigurationsacmev1.OrderApplyConfiguration] } // newOrders returns a Orders func newOrders(c *AcmeV1Client, namespace string) *orders { return &orders{ - gentype.NewClientWithList[*v1.Order, *v1.OrderList]( + gentype.NewClientWithListAndApply[*acmev1.Order, *acmev1.OrderList, *applyconfigurationsacmev1.OrderApplyConfiguration]( "orders", c.RESTClient(), scheme.ParameterCodec, namespace, - func() *v1.Order { return &v1.Order{} }, - func() *v1.OrderList { return &v1.OrderList{} }), + func() *acmev1.Order { return &acmev1.Order{} }, + func() *acmev1.OrderList { return &acmev1.OrderList{} }, + ), } } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificate.go index 64a1b300491..7760408e4e1 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificate.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificate.go @@ -19,9 +19,10 @@ limitations under the License. package v1 import ( - "context" + context "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + applyconfigurationscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -37,33 +38,37 @@ type CertificatesGetter interface { // CertificateInterface has methods to work with Certificate resources. type CertificateInterface interface { - Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (*v1.Certificate, error) - Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) + Create(ctx context.Context, certificate *certmanagerv1.Certificate, opts metav1.CreateOptions) (*certmanagerv1.Certificate, error) + Update(ctx context.Context, certificate *certmanagerv1.Certificate, opts metav1.UpdateOptions) (*certmanagerv1.Certificate, error) // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (*v1.Certificate, error) + UpdateStatus(ctx context.Context, certificate *certmanagerv1.Certificate, opts metav1.UpdateOptions) (*certmanagerv1.Certificate, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Certificate, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.CertificateList, error) + Get(ctx context.Context, name string, opts metav1.GetOptions) (*certmanagerv1.Certificate, error) + List(ctx context.Context, opts metav1.ListOptions) (*certmanagerv1.CertificateList, error) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *certmanagerv1.Certificate, err error) + Apply(ctx context.Context, certificate *applyconfigurationscertmanagerv1.CertificateApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.Certificate, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, certificate *applyconfigurationscertmanagerv1.CertificateApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.Certificate, err error) CertificateExpansion } // certificates implements CertificateInterface type certificates struct { - *gentype.ClientWithList[*v1.Certificate, *v1.CertificateList] + *gentype.ClientWithListAndApply[*certmanagerv1.Certificate, *certmanagerv1.CertificateList, *applyconfigurationscertmanagerv1.CertificateApplyConfiguration] } // newCertificates returns a Certificates func newCertificates(c *CertmanagerV1Client, namespace string) *certificates { return &certificates{ - gentype.NewClientWithList[*v1.Certificate, *v1.CertificateList]( + gentype.NewClientWithListAndApply[*certmanagerv1.Certificate, *certmanagerv1.CertificateList, *applyconfigurationscertmanagerv1.CertificateApplyConfiguration]( "certificates", c.RESTClient(), scheme.ParameterCodec, namespace, - func() *v1.Certificate { return &v1.Certificate{} }, - func() *v1.CertificateList { return &v1.CertificateList{} }), + func() *certmanagerv1.Certificate { return &certmanagerv1.Certificate{} }, + func() *certmanagerv1.CertificateList { return &certmanagerv1.CertificateList{} }, + ), } } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificaterequest.go index 18e71245a83..f8a1877640f 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificaterequest.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certificaterequest.go @@ -19,9 +19,10 @@ limitations under the License. package v1 import ( - "context" + context "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + applyconfigurationscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -37,33 +38,37 @@ type CertificateRequestsGetter interface { // CertificateRequestInterface has methods to work with CertificateRequest resources. type CertificateRequestInterface interface { - Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (*v1.CertificateRequest, error) - Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) + Create(ctx context.Context, certificateRequest *certmanagerv1.CertificateRequest, opts metav1.CreateOptions) (*certmanagerv1.CertificateRequest, error) + Update(ctx context.Context, certificateRequest *certmanagerv1.CertificateRequest, opts metav1.UpdateOptions) (*certmanagerv1.CertificateRequest, error) // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (*v1.CertificateRequest, error) + UpdateStatus(ctx context.Context, certificateRequest *certmanagerv1.CertificateRequest, opts metav1.UpdateOptions) (*certmanagerv1.CertificateRequest, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.CertificateRequest, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.CertificateRequestList, error) + Get(ctx context.Context, name string, opts metav1.GetOptions) (*certmanagerv1.CertificateRequest, error) + List(ctx context.Context, opts metav1.ListOptions) (*certmanagerv1.CertificateRequestList, error) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *certmanagerv1.CertificateRequest, err error) + Apply(ctx context.Context, certificateRequest *applyconfigurationscertmanagerv1.CertificateRequestApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.CertificateRequest, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, certificateRequest *applyconfigurationscertmanagerv1.CertificateRequestApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.CertificateRequest, err error) CertificateRequestExpansion } // certificateRequests implements CertificateRequestInterface type certificateRequests struct { - *gentype.ClientWithList[*v1.CertificateRequest, *v1.CertificateRequestList] + *gentype.ClientWithListAndApply[*certmanagerv1.CertificateRequest, *certmanagerv1.CertificateRequestList, *applyconfigurationscertmanagerv1.CertificateRequestApplyConfiguration] } // newCertificateRequests returns a CertificateRequests func newCertificateRequests(c *CertmanagerV1Client, namespace string) *certificateRequests { return &certificateRequests{ - gentype.NewClientWithList[*v1.CertificateRequest, *v1.CertificateRequestList]( + gentype.NewClientWithListAndApply[*certmanagerv1.CertificateRequest, *certmanagerv1.CertificateRequestList, *applyconfigurationscertmanagerv1.CertificateRequestApplyConfiguration]( "certificaterequests", c.RESTClient(), scheme.ParameterCodec, namespace, - func() *v1.CertificateRequest { return &v1.CertificateRequest{} }, - func() *v1.CertificateRequestList { return &v1.CertificateRequestList{} }), + func() *certmanagerv1.CertificateRequest { return &certmanagerv1.CertificateRequest{} }, + func() *certmanagerv1.CertificateRequestList { return &certmanagerv1.CertificateRequestList{} }, + ), } } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certmanager_client.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certmanager_client.go index d4c9c38007e..f47ceaac6dd 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certmanager_client.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/certmanager_client.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - "net/http" + http "net/http" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" rest "k8s.io/client-go/rest" ) @@ -60,9 +60,7 @@ func (c *CertmanagerV1Client) Issuers(namespace string) IssuerInterface { // where httpClient was generated with rest.HTTPClientFor(c). func NewForConfig(c *rest.Config) (*CertmanagerV1Client, error) { config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } + setConfigDefaults(&config) httpClient, err := rest.HTTPClientFor(&config) if err != nil { return nil, err @@ -74,9 +72,7 @@ func NewForConfig(c *rest.Config) (*CertmanagerV1Client, error) { // Note the http client provided takes precedence over the configured transport values. func NewForConfigAndClient(c *rest.Config, h *http.Client) (*CertmanagerV1Client, error) { config := *c - if err := setConfigDefaults(&config); err != nil { - return nil, err - } + setConfigDefaults(&config) client, err := rest.RESTClientForConfigAndClient(&config, h) if err != nil { return nil, err @@ -99,17 +95,15 @@ func New(c rest.Interface) *CertmanagerV1Client { return &CertmanagerV1Client{c} } -func setConfigDefaults(config *rest.Config) error { - gv := v1.SchemeGroupVersion +func setConfigDefaults(config *rest.Config) { + gv := certmanagerv1.SchemeGroupVersion config.GroupVersion = &gv config.APIPath = "/apis" - config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + config.NegotiatedSerializer = rest.CodecFactoryForGeneratedClient(scheme.Scheme, scheme.Codecs).WithoutConversion() if config.UserAgent == "" { config.UserAgent = rest.DefaultKubernetesUserAgent() } - - return nil } // RESTClient returns a RESTClient that is used to communicate diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/clusterissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/clusterissuer.go index 9531b95a0e4..de1ac6f330b 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/clusterissuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/clusterissuer.go @@ -19,9 +19,10 @@ limitations under the License. package v1 import ( - "context" + context "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + applyconfigurationscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -37,33 +38,37 @@ type ClusterIssuersGetter interface { // ClusterIssuerInterface has methods to work with ClusterIssuer resources. type ClusterIssuerInterface interface { - Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (*v1.ClusterIssuer, error) - Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + Create(ctx context.Context, clusterIssuer *certmanagerv1.ClusterIssuer, opts metav1.CreateOptions) (*certmanagerv1.ClusterIssuer, error) + Update(ctx context.Context, clusterIssuer *certmanagerv1.ClusterIssuer, opts metav1.UpdateOptions) (*certmanagerv1.ClusterIssuer, error) // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (*v1.ClusterIssuer, error) + UpdateStatus(ctx context.Context, clusterIssuer *certmanagerv1.ClusterIssuer, opts metav1.UpdateOptions) (*certmanagerv1.ClusterIssuer, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterIssuer, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterIssuerList, error) + Get(ctx context.Context, name string, opts metav1.GetOptions) (*certmanagerv1.ClusterIssuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*certmanagerv1.ClusterIssuerList, error) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *certmanagerv1.ClusterIssuer, err error) + Apply(ctx context.Context, clusterIssuer *applyconfigurationscertmanagerv1.ClusterIssuerApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.ClusterIssuer, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, clusterIssuer *applyconfigurationscertmanagerv1.ClusterIssuerApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.ClusterIssuer, err error) ClusterIssuerExpansion } // clusterIssuers implements ClusterIssuerInterface type clusterIssuers struct { - *gentype.ClientWithList[*v1.ClusterIssuer, *v1.ClusterIssuerList] + *gentype.ClientWithListAndApply[*certmanagerv1.ClusterIssuer, *certmanagerv1.ClusterIssuerList, *applyconfigurationscertmanagerv1.ClusterIssuerApplyConfiguration] } // newClusterIssuers returns a ClusterIssuers func newClusterIssuers(c *CertmanagerV1Client) *clusterIssuers { return &clusterIssuers{ - gentype.NewClientWithList[*v1.ClusterIssuer, *v1.ClusterIssuerList]( + gentype.NewClientWithListAndApply[*certmanagerv1.ClusterIssuer, *certmanagerv1.ClusterIssuerList, *applyconfigurationscertmanagerv1.ClusterIssuerApplyConfiguration]( "clusterissuers", c.RESTClient(), scheme.ParameterCodec, "", - func() *v1.ClusterIssuer { return &v1.ClusterIssuer{} }, - func() *v1.ClusterIssuerList { return &v1.ClusterIssuerList{} }), + func() *certmanagerv1.ClusterIssuer { return &certmanagerv1.ClusterIssuer{} }, + func() *certmanagerv1.ClusterIssuerList { return &certmanagerv1.ClusterIssuerList{} }, + ), } } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go index dbeb4e63f98..a9618252b44 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificate.go @@ -19,129 +19,31 @@ limitations under the License. package fake import ( - "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" + typedcertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" + gentype "k8s.io/client-go/gentype" ) -// FakeCertificates implements CertificateInterface -type FakeCertificates struct { +// fakeCertificates implements CertificateInterface +type fakeCertificates struct { + *gentype.FakeClientWithListAndApply[*v1.Certificate, *v1.CertificateList, *certmanagerv1.CertificateApplyConfiguration] Fake *FakeCertmanagerV1 - ns string -} - -var certificatesResource = v1.SchemeGroupVersion.WithResource("certificates") - -var certificatesKind = v1.SchemeGroupVersion.WithKind("Certificate") - -// Get takes name of the certificate, and returns the corresponding certificate object, and an error if there is any. -func (c *FakeCertificates) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Certificate, err error) { - emptyResult := &v1.Certificate{} - obj, err := c.Fake. - Invokes(testing.NewGetActionWithOptions(certificatesResource, c.ns, name, options), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Certificate), err -} - -// List takes label and field selectors, and returns the list of Certificates that match those selectors. -func (c *FakeCertificates) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateList, err error) { - emptyResult := &v1.CertificateList{} - obj, err := c.Fake. - Invokes(testing.NewListActionWithOptions(certificatesResource, certificatesKind, c.ns, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1.CertificateList{ListMeta: obj.(*v1.CertificateList).ListMeta} - for _, item := range obj.(*v1.CertificateList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested certificates. -func (c *FakeCertificates) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchActionWithOptions(certificatesResource, c.ns, opts)) - -} - -// Create takes the representation of a certificate and creates it. Returns the server's representation of the certificate, and an error, if there is any. -func (c *FakeCertificates) Create(ctx context.Context, certificate *v1.Certificate, opts metav1.CreateOptions) (result *v1.Certificate, err error) { - emptyResult := &v1.Certificate{} - obj, err := c.Fake. - Invokes(testing.NewCreateActionWithOptions(certificatesResource, c.ns, certificate, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Certificate), err -} - -// Update takes the representation of a certificate and updates it. Returns the server's representation of the certificate, and an error, if there is any. -func (c *FakeCertificates) Update(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { - emptyResult := &v1.Certificate{} - obj, err := c.Fake. - Invokes(testing.NewUpdateActionWithOptions(certificatesResource, c.ns, certificate, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Certificate), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeCertificates) UpdateStatus(ctx context.Context, certificate *v1.Certificate, opts metav1.UpdateOptions) (result *v1.Certificate, err error) { - emptyResult := &v1.Certificate{} - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceActionWithOptions(certificatesResource, "status", c.ns, certificate, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Certificate), err -} - -// Delete takes name of the certificate and deletes it. Returns an error if one occurs. -func (c *FakeCertificates) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(certificatesResource, c.ns, name, opts), &v1.Certificate{}) - - return err } -// DeleteCollection deletes a collection of objects. -func (c *FakeCertificates) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionActionWithOptions(certificatesResource, c.ns, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1.CertificateList{}) - return err -} - -// Patch applies the patch and returns the patched certificate. -func (c *FakeCertificates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Certificate, err error) { - emptyResult := &v1.Certificate{} - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceActionWithOptions(certificatesResource, c.ns, name, pt, data, opts, subresources...), emptyResult) - - if obj == nil { - return emptyResult, err +func newFakeCertificates(fake *FakeCertmanagerV1, namespace string) typedcertmanagerv1.CertificateInterface { + return &fakeCertificates{ + gentype.NewFakeClientWithListAndApply[*v1.Certificate, *v1.CertificateList, *certmanagerv1.CertificateApplyConfiguration]( + fake.Fake, + namespace, + v1.SchemeGroupVersion.WithResource("certificates"), + v1.SchemeGroupVersion.WithKind("Certificate"), + func() *v1.Certificate { return &v1.Certificate{} }, + func() *v1.CertificateList { return &v1.CertificateList{} }, + func(dst, src *v1.CertificateList) { dst.ListMeta = src.ListMeta }, + func(list *v1.CertificateList) []*v1.Certificate { return gentype.ToPointerSlice(list.Items) }, + func(list *v1.CertificateList, items []*v1.Certificate) { list.Items = gentype.FromPointerSlice(items) }, + ), + fake, } - return obj.(*v1.Certificate), err } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go index fb62541231e..0cc93b342a2 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certificaterequest.go @@ -19,129 +19,35 @@ limitations under the License. package fake import ( - "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" + typedcertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" + gentype "k8s.io/client-go/gentype" ) -// FakeCertificateRequests implements CertificateRequestInterface -type FakeCertificateRequests struct { +// fakeCertificateRequests implements CertificateRequestInterface +type fakeCertificateRequests struct { + *gentype.FakeClientWithListAndApply[*v1.CertificateRequest, *v1.CertificateRequestList, *certmanagerv1.CertificateRequestApplyConfiguration] Fake *FakeCertmanagerV1 - ns string -} - -var certificaterequestsResource = v1.SchemeGroupVersion.WithResource("certificaterequests") - -var certificaterequestsKind = v1.SchemeGroupVersion.WithKind("CertificateRequest") - -// Get takes name of the certificateRequest, and returns the corresponding certificateRequest object, and an error if there is any. -func (c *FakeCertificateRequests) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.CertificateRequest, err error) { - emptyResult := &v1.CertificateRequest{} - obj, err := c.Fake. - Invokes(testing.NewGetActionWithOptions(certificaterequestsResource, c.ns, name, options), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.CertificateRequest), err -} - -// List takes label and field selectors, and returns the list of CertificateRequests that match those selectors. -func (c *FakeCertificateRequests) List(ctx context.Context, opts metav1.ListOptions) (result *v1.CertificateRequestList, err error) { - emptyResult := &v1.CertificateRequestList{} - obj, err := c.Fake. - Invokes(testing.NewListActionWithOptions(certificaterequestsResource, certificaterequestsKind, c.ns, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1.CertificateRequestList{ListMeta: obj.(*v1.CertificateRequestList).ListMeta} - for _, item := range obj.(*v1.CertificateRequestList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested certificateRequests. -func (c *FakeCertificateRequests) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchActionWithOptions(certificaterequestsResource, c.ns, opts)) - -} - -// Create takes the representation of a certificateRequest and creates it. Returns the server's representation of the certificateRequest, and an error, if there is any. -func (c *FakeCertificateRequests) Create(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.CreateOptions) (result *v1.CertificateRequest, err error) { - emptyResult := &v1.CertificateRequest{} - obj, err := c.Fake. - Invokes(testing.NewCreateActionWithOptions(certificaterequestsResource, c.ns, certificateRequest, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.CertificateRequest), err -} - -// Update takes the representation of a certificateRequest and updates it. Returns the server's representation of the certificateRequest, and an error, if there is any. -func (c *FakeCertificateRequests) Update(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { - emptyResult := &v1.CertificateRequest{} - obj, err := c.Fake. - Invokes(testing.NewUpdateActionWithOptions(certificaterequestsResource, c.ns, certificateRequest, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.CertificateRequest), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeCertificateRequests) UpdateStatus(ctx context.Context, certificateRequest *v1.CertificateRequest, opts metav1.UpdateOptions) (result *v1.CertificateRequest, err error) { - emptyResult := &v1.CertificateRequest{} - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceActionWithOptions(certificaterequestsResource, "status", c.ns, certificateRequest, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.CertificateRequest), err -} - -// Delete takes name of the certificateRequest and deletes it. Returns an error if one occurs. -func (c *FakeCertificateRequests) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(certificaterequestsResource, c.ns, name, opts), &v1.CertificateRequest{}) - - return err } -// DeleteCollection deletes a collection of objects. -func (c *FakeCertificateRequests) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionActionWithOptions(certificaterequestsResource, c.ns, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1.CertificateRequestList{}) - return err -} - -// Patch applies the patch and returns the patched certificateRequest. -func (c *FakeCertificateRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.CertificateRequest, err error) { - emptyResult := &v1.CertificateRequest{} - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceActionWithOptions(certificaterequestsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) - - if obj == nil { - return emptyResult, err +func newFakeCertificateRequests(fake *FakeCertmanagerV1, namespace string) typedcertmanagerv1.CertificateRequestInterface { + return &fakeCertificateRequests{ + gentype.NewFakeClientWithListAndApply[*v1.CertificateRequest, *v1.CertificateRequestList, *certmanagerv1.CertificateRequestApplyConfiguration]( + fake.Fake, + namespace, + v1.SchemeGroupVersion.WithResource("certificaterequests"), + v1.SchemeGroupVersion.WithKind("CertificateRequest"), + func() *v1.CertificateRequest { return &v1.CertificateRequest{} }, + func() *v1.CertificateRequestList { return &v1.CertificateRequestList{} }, + func(dst, src *v1.CertificateRequestList) { dst.ListMeta = src.ListMeta }, + func(list *v1.CertificateRequestList) []*v1.CertificateRequest { + return gentype.ToPointerSlice(list.Items) + }, + func(list *v1.CertificateRequestList, items []*v1.CertificateRequest) { + list.Items = gentype.FromPointerSlice(items) + }, + ), + fake, } - return obj.(*v1.CertificateRequest), err } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go index b56ece834a5..24961b1e857 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_certmanager_client.go @@ -29,19 +29,19 @@ type FakeCertmanagerV1 struct { } func (c *FakeCertmanagerV1) Certificates(namespace string) v1.CertificateInterface { - return &FakeCertificates{c, namespace} + return newFakeCertificates(c, namespace) } func (c *FakeCertmanagerV1) CertificateRequests(namespace string) v1.CertificateRequestInterface { - return &FakeCertificateRequests{c, namespace} + return newFakeCertificateRequests(c, namespace) } func (c *FakeCertmanagerV1) ClusterIssuers() v1.ClusterIssuerInterface { - return &FakeClusterIssuers{c} + return newFakeClusterIssuers(c) } func (c *FakeCertmanagerV1) Issuers(namespace string) v1.IssuerInterface { - return &FakeIssuers{c, namespace} + return newFakeIssuers(c, namespace) } // RESTClient returns a RESTClient that is used to communicate diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go index 49c8e049a2c..097f9f4c220 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_clusterissuer.go @@ -19,120 +19,33 @@ limitations under the License. package fake import ( - "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" + typedcertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" + gentype "k8s.io/client-go/gentype" ) -// FakeClusterIssuers implements ClusterIssuerInterface -type FakeClusterIssuers struct { +// fakeClusterIssuers implements ClusterIssuerInterface +type fakeClusterIssuers struct { + *gentype.FakeClientWithListAndApply[*v1.ClusterIssuer, *v1.ClusterIssuerList, *certmanagerv1.ClusterIssuerApplyConfiguration] Fake *FakeCertmanagerV1 } -var clusterissuersResource = v1.SchemeGroupVersion.WithResource("clusterissuers") - -var clusterissuersKind = v1.SchemeGroupVersion.WithKind("ClusterIssuer") - -// Get takes name of the clusterIssuer, and returns the corresponding clusterIssuer object, and an error if there is any. -func (c *FakeClusterIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterIssuer, err error) { - emptyResult := &v1.ClusterIssuer{} - obj, err := c.Fake. - Invokes(testing.NewRootGetActionWithOptions(clusterissuersResource, name, options), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1.ClusterIssuer), err -} - -// List takes label and field selectors, and returns the list of ClusterIssuers that match those selectors. -func (c *FakeClusterIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterIssuerList, err error) { - emptyResult := &v1.ClusterIssuerList{} - obj, err := c.Fake. - Invokes(testing.NewRootListActionWithOptions(clusterissuersResource, clusterissuersKind, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1.ClusterIssuerList{ListMeta: obj.(*v1.ClusterIssuerList).ListMeta} - for _, item := range obj.(*v1.ClusterIssuerList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested clusterIssuers. -func (c *FakeClusterIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchActionWithOptions(clusterissuersResource, opts)) -} - -// Create takes the representation of a clusterIssuer and creates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. -func (c *FakeClusterIssuers) Create(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.CreateOptions) (result *v1.ClusterIssuer, err error) { - emptyResult := &v1.ClusterIssuer{} - obj, err := c.Fake. - Invokes(testing.NewRootCreateActionWithOptions(clusterissuersResource, clusterIssuer, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1.ClusterIssuer), err -} - -// Update takes the representation of a clusterIssuer and updates it. Returns the server's representation of the clusterIssuer, and an error, if there is any. -func (c *FakeClusterIssuers) Update(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { - emptyResult := &v1.ClusterIssuer{} - obj, err := c.Fake. - Invokes(testing.NewRootUpdateActionWithOptions(clusterissuersResource, clusterIssuer, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1.ClusterIssuer), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeClusterIssuers) UpdateStatus(ctx context.Context, clusterIssuer *v1.ClusterIssuer, opts metav1.UpdateOptions) (result *v1.ClusterIssuer, err error) { - emptyResult := &v1.ClusterIssuer{} - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceActionWithOptions(clusterissuersResource, "status", clusterIssuer, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1.ClusterIssuer), err -} - -// Delete takes name of the clusterIssuer and deletes it. Returns an error if one occurs. -func (c *FakeClusterIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteActionWithOptions(clusterissuersResource, name, opts), &v1.ClusterIssuer{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeClusterIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewRootDeleteCollectionActionWithOptions(clusterissuersResource, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1.ClusterIssuerList{}) - return err -} - -// Patch applies the patch and returns the patched clusterIssuer. -func (c *FakeClusterIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterIssuer, err error) { - emptyResult := &v1.ClusterIssuer{} - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceActionWithOptions(clusterissuersResource, name, pt, data, opts, subresources...), emptyResult) - if obj == nil { - return emptyResult, err +func newFakeClusterIssuers(fake *FakeCertmanagerV1) typedcertmanagerv1.ClusterIssuerInterface { + return &fakeClusterIssuers{ + gentype.NewFakeClientWithListAndApply[*v1.ClusterIssuer, *v1.ClusterIssuerList, *certmanagerv1.ClusterIssuerApplyConfiguration]( + fake.Fake, + "", + v1.SchemeGroupVersion.WithResource("clusterissuers"), + v1.SchemeGroupVersion.WithKind("ClusterIssuer"), + func() *v1.ClusterIssuer { return &v1.ClusterIssuer{} }, + func() *v1.ClusterIssuerList { return &v1.ClusterIssuerList{} }, + func(dst, src *v1.ClusterIssuerList) { dst.ListMeta = src.ListMeta }, + func(list *v1.ClusterIssuerList) []*v1.ClusterIssuer { return gentype.ToPointerSlice(list.Items) }, + func(list *v1.ClusterIssuerList, items []*v1.ClusterIssuer) { + list.Items = gentype.FromPointerSlice(items) + }, + ), + fake, } - return obj.(*v1.ClusterIssuer), err } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go index bce3b2950ad..1c3bec77577 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/fake/fake_issuer.go @@ -19,129 +19,31 @@ limitations under the License. package fake import ( - "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" + typedcertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" + gentype "k8s.io/client-go/gentype" ) -// FakeIssuers implements IssuerInterface -type FakeIssuers struct { +// fakeIssuers implements IssuerInterface +type fakeIssuers struct { + *gentype.FakeClientWithListAndApply[*v1.Issuer, *v1.IssuerList, *certmanagerv1.IssuerApplyConfiguration] Fake *FakeCertmanagerV1 - ns string -} - -var issuersResource = v1.SchemeGroupVersion.WithResource("issuers") - -var issuersKind = v1.SchemeGroupVersion.WithKind("Issuer") - -// Get takes name of the issuer, and returns the corresponding issuer object, and an error if there is any. -func (c *FakeIssuers) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.Issuer, err error) { - emptyResult := &v1.Issuer{} - obj, err := c.Fake. - Invokes(testing.NewGetActionWithOptions(issuersResource, c.ns, name, options), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Issuer), err -} - -// List takes label and field selectors, and returns the list of Issuers that match those selectors. -func (c *FakeIssuers) List(ctx context.Context, opts metav1.ListOptions) (result *v1.IssuerList, err error) { - emptyResult := &v1.IssuerList{} - obj, err := c.Fake. - Invokes(testing.NewListActionWithOptions(issuersResource, issuersKind, c.ns, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1.IssuerList{ListMeta: obj.(*v1.IssuerList).ListMeta} - for _, item := range obj.(*v1.IssuerList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested issuers. -func (c *FakeIssuers) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchActionWithOptions(issuersResource, c.ns, opts)) - -} - -// Create takes the representation of a issuer and creates it. Returns the server's representation of the issuer, and an error, if there is any. -func (c *FakeIssuers) Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (result *v1.Issuer, err error) { - emptyResult := &v1.Issuer{} - obj, err := c.Fake. - Invokes(testing.NewCreateActionWithOptions(issuersResource, c.ns, issuer, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Issuer), err -} - -// Update takes the representation of a issuer and updates it. Returns the server's representation of the issuer, and an error, if there is any. -func (c *FakeIssuers) Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { - emptyResult := &v1.Issuer{} - obj, err := c.Fake. - Invokes(testing.NewUpdateActionWithOptions(issuersResource, c.ns, issuer, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Issuer), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeIssuers) UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (result *v1.Issuer, err error) { - emptyResult := &v1.Issuer{} - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceActionWithOptions(issuersResource, "status", c.ns, issuer, opts), emptyResult) - - if obj == nil { - return emptyResult, err - } - return obj.(*v1.Issuer), err -} - -// Delete takes name of the issuer and deletes it. Returns an error if one occurs. -func (c *FakeIssuers) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteActionWithOptions(issuersResource, c.ns, name, opts), &v1.Issuer{}) - - return err } -// DeleteCollection deletes a collection of objects. -func (c *FakeIssuers) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error { - action := testing.NewDeleteCollectionActionWithOptions(issuersResource, c.ns, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1.IssuerList{}) - return err -} - -// Patch applies the patch and returns the patched issuer. -func (c *FakeIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) { - emptyResult := &v1.Issuer{} - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceActionWithOptions(issuersResource, c.ns, name, pt, data, opts, subresources...), emptyResult) - - if obj == nil { - return emptyResult, err +func newFakeIssuers(fake *FakeCertmanagerV1, namespace string) typedcertmanagerv1.IssuerInterface { + return &fakeIssuers{ + gentype.NewFakeClientWithListAndApply[*v1.Issuer, *v1.IssuerList, *certmanagerv1.IssuerApplyConfiguration]( + fake.Fake, + namespace, + v1.SchemeGroupVersion.WithResource("issuers"), + v1.SchemeGroupVersion.WithKind("Issuer"), + func() *v1.Issuer { return &v1.Issuer{} }, + func() *v1.IssuerList { return &v1.IssuerList{} }, + func(dst, src *v1.IssuerList) { dst.ListMeta = src.ListMeta }, + func(list *v1.IssuerList) []*v1.Issuer { return gentype.ToPointerSlice(list.Items) }, + func(list *v1.IssuerList, items []*v1.Issuer) { list.Items = gentype.FromPointerSlice(items) }, + ), + fake, } - return obj.(*v1.Issuer), err } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/issuer.go index 6329352a07e..b915a9d65eb 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1/issuer.go @@ -19,9 +19,10 @@ limitations under the License. package v1 import ( - "context" + context "context" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + applyconfigurationscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/applyconfigurations/certmanager/v1" scheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -37,33 +38,37 @@ type IssuersGetter interface { // IssuerInterface has methods to work with Issuer resources. type IssuerInterface interface { - Create(ctx context.Context, issuer *v1.Issuer, opts metav1.CreateOptions) (*v1.Issuer, error) - Update(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) + Create(ctx context.Context, issuer *certmanagerv1.Issuer, opts metav1.CreateOptions) (*certmanagerv1.Issuer, error) + Update(ctx context.Context, issuer *certmanagerv1.Issuer, opts metav1.UpdateOptions) (*certmanagerv1.Issuer, error) // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, issuer *v1.Issuer, opts metav1.UpdateOptions) (*v1.Issuer, error) + UpdateStatus(ctx context.Context, issuer *certmanagerv1.Issuer, opts metav1.UpdateOptions) (*certmanagerv1.Issuer, error) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Issuer, error) - List(ctx context.Context, opts metav1.ListOptions) (*v1.IssuerList, error) + Get(ctx context.Context, name string, opts metav1.GetOptions) (*certmanagerv1.Issuer, error) + List(ctx context.Context, opts metav1.ListOptions) (*certmanagerv1.IssuerList, error) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Issuer, err error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *certmanagerv1.Issuer, err error) + Apply(ctx context.Context, issuer *applyconfigurationscertmanagerv1.IssuerApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.Issuer, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, issuer *applyconfigurationscertmanagerv1.IssuerApplyConfiguration, opts metav1.ApplyOptions) (result *certmanagerv1.Issuer, err error) IssuerExpansion } // issuers implements IssuerInterface type issuers struct { - *gentype.ClientWithList[*v1.Issuer, *v1.IssuerList] + *gentype.ClientWithListAndApply[*certmanagerv1.Issuer, *certmanagerv1.IssuerList, *applyconfigurationscertmanagerv1.IssuerApplyConfiguration] } // newIssuers returns a Issuers func newIssuers(c *CertmanagerV1Client, namespace string) *issuers { return &issuers{ - gentype.NewClientWithList[*v1.Issuer, *v1.IssuerList]( + gentype.NewClientWithListAndApply[*certmanagerv1.Issuer, *certmanagerv1.IssuerList, *applyconfigurationscertmanagerv1.IssuerApplyConfiguration]( "issuers", c.RESTClient(), scheme.ParameterCodec, namespace, - func() *v1.Issuer { return &v1.Issuer{} }, - func() *v1.IssuerList { return &v1.IssuerList{} }), + func() *certmanagerv1.Issuer { return &certmanagerv1.Issuer{} }, + func() *certmanagerv1.IssuerList { return &certmanagerv1.IssuerList{} }, + ), } } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/challenge.go index 18e0d07ace0..2a40e571708 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/challenge.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/challenge.go @@ -19,13 +19,13 @@ limitations under the License. package v1 import ( - "context" + context "context" time "time" - acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + apisacmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" internalinterfaces "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1" + acmev1 "github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // Challenges. type ChallengeInformer interface { Informer() cache.SharedIndexInformer - Lister() v1.ChallengeLister + Lister() acmev1.ChallengeLister } type challengeInformer struct { @@ -57,21 +57,33 @@ func NewChallengeInformer(client versioned.Interface, namespace string, resyncPe // one. This reduces memory footprint and number of connections to the server. func NewFilteredChallengeInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( - &cache.ListWatch{ + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.AcmeV1().Challenges(namespace).List(context.TODO(), options) + return client.AcmeV1().Challenges(namespace).List(context.Background(), options) }, WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.AcmeV1().Challenges(namespace).Watch(context.TODO(), options) + return client.AcmeV1().Challenges(namespace).Watch(context.Background(), options) }, - }, - &acmev1.Challenge{}, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Challenges(namespace).List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Challenges(namespace).Watch(ctx, options) + }, + }, client), + &apisacmev1.Challenge{}, resyncPeriod, indexers, ) @@ -82,9 +94,9 @@ func (f *challengeInformer) defaultInformer(client versioned.Interface, resyncPe } func (f *challengeInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&acmev1.Challenge{}, f.defaultInformer) + return f.factory.InformerFor(&apisacmev1.Challenge{}, f.defaultInformer) } -func (f *challengeInformer) Lister() v1.ChallengeLister { - return v1.NewChallengeLister(f.Informer().GetIndexer()) +func (f *challengeInformer) Lister() acmev1.ChallengeLister { + return acmev1.NewChallengeLister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/order.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/order.go index 83fc4b61770..1fe1e402551 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/order.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/acme/v1/order.go @@ -19,13 +19,13 @@ limitations under the License. package v1 import ( - "context" + context "context" time "time" - acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + apisacmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" internalinterfaces "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1" + acmev1 "github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // Orders. type OrderInformer interface { Informer() cache.SharedIndexInformer - Lister() v1.OrderLister + Lister() acmev1.OrderLister } type orderInformer struct { @@ -57,21 +57,33 @@ func NewOrderInformer(client versioned.Interface, namespace string, resyncPeriod // one. This reduces memory footprint and number of connections to the server. func NewFilteredOrderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( - &cache.ListWatch{ + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.AcmeV1().Orders(namespace).List(context.TODO(), options) + return client.AcmeV1().Orders(namespace).List(context.Background(), options) }, WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.AcmeV1().Orders(namespace).Watch(context.TODO(), options) + return client.AcmeV1().Orders(namespace).Watch(context.Background(), options) }, - }, - &acmev1.Order{}, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Orders(namespace).List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AcmeV1().Orders(namespace).Watch(ctx, options) + }, + }, client), + &apisacmev1.Order{}, resyncPeriod, indexers, ) @@ -82,9 +94,9 @@ func (f *orderInformer) defaultInformer(client versioned.Interface, resyncPeriod } func (f *orderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&acmev1.Order{}, f.defaultInformer) + return f.factory.InformerFor(&apisacmev1.Order{}, f.defaultInformer) } -func (f *orderInformer) Lister() v1.OrderLister { - return v1.NewOrderLister(f.Informer().GetIndexer()) +func (f *orderInformer) Lister() acmev1.OrderLister { + return acmev1.NewOrderLister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificate.go index eb89488b4b9..58eea2bec6b 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificate.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificate.go @@ -19,13 +19,13 @@ limitations under the License. package v1 import ( - "context" + context "context" time "time" - certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + apiscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" internalinterfaces "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // Certificates. type CertificateInformer interface { Informer() cache.SharedIndexInformer - Lister() v1.CertificateLister + Lister() certmanagerv1.CertificateLister } type certificateInformer struct { @@ -57,21 +57,33 @@ func NewCertificateInformer(client versioned.Interface, namespace string, resync // one. This reduces memory footprint and number of connections to the server. func NewFilteredCertificateInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( - &cache.ListWatch{ + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().Certificates(namespace).List(context.TODO(), options) + return client.CertmanagerV1().Certificates(namespace).List(context.Background(), options) }, WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().Certificates(namespace).Watch(context.TODO(), options) + return client.CertmanagerV1().Certificates(namespace).Watch(context.Background(), options) }, - }, - &certmanagerv1.Certificate{}, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Certificates(namespace).List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Certificates(namespace).Watch(ctx, options) + }, + }, client), + &apiscertmanagerv1.Certificate{}, resyncPeriod, indexers, ) @@ -82,9 +94,9 @@ func (f *certificateInformer) defaultInformer(client versioned.Interface, resync } func (f *certificateInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&certmanagerv1.Certificate{}, f.defaultInformer) + return f.factory.InformerFor(&apiscertmanagerv1.Certificate{}, f.defaultInformer) } -func (f *certificateInformer) Lister() v1.CertificateLister { - return v1.NewCertificateLister(f.Informer().GetIndexer()) +func (f *certificateInformer) Lister() certmanagerv1.CertificateLister { + return certmanagerv1.NewCertificateLister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificaterequest.go index d07cb2a2c81..c53ef1f6f80 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificaterequest.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/certificaterequest.go @@ -19,13 +19,13 @@ limitations under the License. package v1 import ( - "context" + context "context" time "time" - certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + apiscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" internalinterfaces "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // CertificateRequests. type CertificateRequestInformer interface { Informer() cache.SharedIndexInformer - Lister() v1.CertificateRequestLister + Lister() certmanagerv1.CertificateRequestLister } type certificateRequestInformer struct { @@ -57,21 +57,33 @@ func NewCertificateRequestInformer(client versioned.Interface, namespace string, // one. This reduces memory footprint and number of connections to the server. func NewFilteredCertificateRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( - &cache.ListWatch{ + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().CertificateRequests(namespace).List(context.TODO(), options) + return client.CertmanagerV1().CertificateRequests(namespace).List(context.Background(), options) }, WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().CertificateRequests(namespace).Watch(context.TODO(), options) + return client.CertmanagerV1().CertificateRequests(namespace).Watch(context.Background(), options) }, - }, - &certmanagerv1.CertificateRequest{}, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().CertificateRequests(namespace).List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().CertificateRequests(namespace).Watch(ctx, options) + }, + }, client), + &apiscertmanagerv1.CertificateRequest{}, resyncPeriod, indexers, ) @@ -82,9 +94,9 @@ func (f *certificateRequestInformer) defaultInformer(client versioned.Interface, } func (f *certificateRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&certmanagerv1.CertificateRequest{}, f.defaultInformer) + return f.factory.InformerFor(&apiscertmanagerv1.CertificateRequest{}, f.defaultInformer) } -func (f *certificateRequestInformer) Lister() v1.CertificateRequestLister { - return v1.NewCertificateRequestLister(f.Informer().GetIndexer()) +func (f *certificateRequestInformer) Lister() certmanagerv1.CertificateRequestLister { + return certmanagerv1.NewCertificateRequestLister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/clusterissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/clusterissuer.go index 6f5e6d62111..af6a691eadb 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/clusterissuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/clusterissuer.go @@ -19,13 +19,13 @@ limitations under the License. package v1 import ( - "context" + context "context" time "time" - certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + apiscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" internalinterfaces "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // ClusterIssuers. type ClusterIssuerInformer interface { Informer() cache.SharedIndexInformer - Lister() v1.ClusterIssuerLister + Lister() certmanagerv1.ClusterIssuerLister } type clusterIssuerInformer struct { @@ -56,21 +56,33 @@ func NewClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Dura // one. This reduces memory footprint and number of connections to the server. func NewFilteredClusterIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( - &cache.ListWatch{ + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().ClusterIssuers().List(context.TODO(), options) + return client.CertmanagerV1().ClusterIssuers().List(context.Background(), options) }, WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().ClusterIssuers().Watch(context.TODO(), options) + return client.CertmanagerV1().ClusterIssuers().Watch(context.Background(), options) }, - }, - &certmanagerv1.ClusterIssuer{}, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().ClusterIssuers().List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().ClusterIssuers().Watch(ctx, options) + }, + }, client), + &apiscertmanagerv1.ClusterIssuer{}, resyncPeriod, indexers, ) @@ -81,9 +93,9 @@ func (f *clusterIssuerInformer) defaultInformer(client versioned.Interface, resy } func (f *clusterIssuerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&certmanagerv1.ClusterIssuer{}, f.defaultInformer) + return f.factory.InformerFor(&apiscertmanagerv1.ClusterIssuer{}, f.defaultInformer) } -func (f *clusterIssuerInformer) Lister() v1.ClusterIssuerLister { - return v1.NewClusterIssuerLister(f.Informer().GetIndexer()) +func (f *clusterIssuerInformer) Lister() certmanagerv1.ClusterIssuerLister { + return certmanagerv1.NewClusterIssuerLister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/issuer.go index 14fbf0ae1ef..041937b76f2 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/certmanager/v1/issuer.go @@ -19,13 +19,13 @@ limitations under the License. package v1 import ( - "context" + context "context" time "time" - certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + apiscertmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" versioned "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" internalinterfaces "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/internalinterfaces" - v1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -36,7 +36,7 @@ import ( // Issuers. type IssuerInformer interface { Informer() cache.SharedIndexInformer - Lister() v1.IssuerLister + Lister() certmanagerv1.IssuerLister } type issuerInformer struct { @@ -57,21 +57,33 @@ func NewIssuerInformer(client versioned.Interface, namespace string, resyncPerio // one. This reduces memory footprint and number of connections to the server. func NewFilteredIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( - &cache.ListWatch{ + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().Issuers(namespace).List(context.TODO(), options) + return client.CertmanagerV1().Issuers(namespace).List(context.Background(), options) }, WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.CertmanagerV1().Issuers(namespace).Watch(context.TODO(), options) + return client.CertmanagerV1().Issuers(namespace).Watch(context.Background(), options) }, - }, - &certmanagerv1.Issuer{}, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Issuers(namespace).List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CertmanagerV1().Issuers(namespace).Watch(ctx, options) + }, + }, client), + &apiscertmanagerv1.Issuer{}, resyncPeriod, indexers, ) @@ -82,9 +94,9 @@ func (f *issuerInformer) defaultInformer(client versioned.Interface, resyncPerio } func (f *issuerInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&certmanagerv1.Issuer{}, f.defaultInformer) + return f.factory.InformerFor(&apiscertmanagerv1.Issuer{}, f.defaultInformer) } -func (f *issuerInformer) Lister() v1.IssuerLister { - return v1.NewIssuerLister(f.Informer().GetIndexer()) +func (f *issuerInformer) Lister() certmanagerv1.IssuerLister { + return certmanagerv1.NewIssuerLister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/factory.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/factory.go index c59bddf337f..45a58a359e9 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/factory.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/factory.go @@ -98,6 +98,7 @@ func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Dur // NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory. // Listers obtained via this SharedInformerFactory will be subject to the same filters // as specified here. +// // Deprecated: Please use NewSharedInformerFactoryWithOptions instead func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory { return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions)) @@ -205,7 +206,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal // // It is typically used like this: // -// ctx, cancel := context.Background() +// ctx, cancel := context.WithCancel(context.Background()) // defer cancel() // factory := NewSharedInformerFactory(client, resyncPeriod) // defer factory.WaitForStop() // Returns immediately if nothing was started. diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/generic.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/generic.go index 837635bb205..e8475fc2464 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/generic.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/informers/externalversions/generic.go @@ -19,7 +19,7 @@ limitations under the License. package externalversions import ( - "fmt" + fmt "fmt" v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/challenge.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/challenge.go index b53f8f59e65..7a83cb813a0 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/challenge.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/challenge.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" ) // ChallengeLister helps list Challenges. @@ -30,7 +30,7 @@ import ( type ChallengeLister interface { // List lists all Challenges in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Challenge, err error) + List(selector labels.Selector) (ret []*acmev1.Challenge, err error) // Challenges returns an object that can list and get Challenges. Challenges(namespace string) ChallengeNamespaceLister ChallengeListerExpansion @@ -38,17 +38,17 @@ type ChallengeLister interface { // challengeLister implements the ChallengeLister interface. type challengeLister struct { - listers.ResourceIndexer[*v1.Challenge] + listers.ResourceIndexer[*acmev1.Challenge] } // NewChallengeLister returns a new ChallengeLister. func NewChallengeLister(indexer cache.Indexer) ChallengeLister { - return &challengeLister{listers.New[*v1.Challenge](indexer, v1.Resource("challenge"))} + return &challengeLister{listers.New[*acmev1.Challenge](indexer, acmev1.Resource("challenge"))} } // Challenges returns an object that can list and get Challenges. func (s *challengeLister) Challenges(namespace string) ChallengeNamespaceLister { - return challengeNamespaceLister{listers.NewNamespaced[*v1.Challenge](s.ResourceIndexer, namespace)} + return challengeNamespaceLister{listers.NewNamespaced[*acmev1.Challenge](s.ResourceIndexer, namespace)} } // ChallengeNamespaceLister helps list and get Challenges. @@ -56,15 +56,15 @@ func (s *challengeLister) Challenges(namespace string) ChallengeNamespaceLister type ChallengeNamespaceLister interface { // List lists all Challenges in the indexer for a given namespace. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Challenge, err error) + List(selector labels.Selector) (ret []*acmev1.Challenge, err error) // Get retrieves the Challenge from the indexer for a given namespace and name. // Objects returned here must be treated as read-only. - Get(name string) (*v1.Challenge, error) + Get(name string) (*acmev1.Challenge, error) ChallengeNamespaceListerExpansion } // challengeNamespaceLister implements the ChallengeNamespaceLister // interface. type challengeNamespaceLister struct { - listers.ResourceIndexer[*v1.Challenge] + listers.ResourceIndexer[*acmev1.Challenge] } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/order.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/order.go index 4f9a516f7d9..7536b0b23c4 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/order.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/acme/v1/order.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" + acmev1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" ) // OrderLister helps list Orders. @@ -30,7 +30,7 @@ import ( type OrderLister interface { // List lists all Orders in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Order, err error) + List(selector labels.Selector) (ret []*acmev1.Order, err error) // Orders returns an object that can list and get Orders. Orders(namespace string) OrderNamespaceLister OrderListerExpansion @@ -38,17 +38,17 @@ type OrderLister interface { // orderLister implements the OrderLister interface. type orderLister struct { - listers.ResourceIndexer[*v1.Order] + listers.ResourceIndexer[*acmev1.Order] } // NewOrderLister returns a new OrderLister. func NewOrderLister(indexer cache.Indexer) OrderLister { - return &orderLister{listers.New[*v1.Order](indexer, v1.Resource("order"))} + return &orderLister{listers.New[*acmev1.Order](indexer, acmev1.Resource("order"))} } // Orders returns an object that can list and get Orders. func (s *orderLister) Orders(namespace string) OrderNamespaceLister { - return orderNamespaceLister{listers.NewNamespaced[*v1.Order](s.ResourceIndexer, namespace)} + return orderNamespaceLister{listers.NewNamespaced[*acmev1.Order](s.ResourceIndexer, namespace)} } // OrderNamespaceLister helps list and get Orders. @@ -56,15 +56,15 @@ func (s *orderLister) Orders(namespace string) OrderNamespaceLister { type OrderNamespaceLister interface { // List lists all Orders in the indexer for a given namespace. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Order, err error) + List(selector labels.Selector) (ret []*acmev1.Order, err error) // Get retrieves the Order from the indexer for a given namespace and name. // Objects returned here must be treated as read-only. - Get(name string) (*v1.Order, error) + Get(name string) (*acmev1.Order, error) OrderNamespaceListerExpansion } // orderNamespaceLister implements the OrderNamespaceLister // interface. type orderNamespaceLister struct { - listers.ResourceIndexer[*v1.Order] + listers.ResourceIndexer[*acmev1.Order] } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificate.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificate.go index 023902433d4..8c0c011ba75 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificate.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificate.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" ) // CertificateLister helps list Certificates. @@ -30,7 +30,7 @@ import ( type CertificateLister interface { // List lists all Certificates in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Certificate, err error) + List(selector labels.Selector) (ret []*certmanagerv1.Certificate, err error) // Certificates returns an object that can list and get Certificates. Certificates(namespace string) CertificateNamespaceLister CertificateListerExpansion @@ -38,17 +38,17 @@ type CertificateLister interface { // certificateLister implements the CertificateLister interface. type certificateLister struct { - listers.ResourceIndexer[*v1.Certificate] + listers.ResourceIndexer[*certmanagerv1.Certificate] } // NewCertificateLister returns a new CertificateLister. func NewCertificateLister(indexer cache.Indexer) CertificateLister { - return &certificateLister{listers.New[*v1.Certificate](indexer, v1.Resource("certificate"))} + return &certificateLister{listers.New[*certmanagerv1.Certificate](indexer, certmanagerv1.Resource("certificate"))} } // Certificates returns an object that can list and get Certificates. func (s *certificateLister) Certificates(namespace string) CertificateNamespaceLister { - return certificateNamespaceLister{listers.NewNamespaced[*v1.Certificate](s.ResourceIndexer, namespace)} + return certificateNamespaceLister{listers.NewNamespaced[*certmanagerv1.Certificate](s.ResourceIndexer, namespace)} } // CertificateNamespaceLister helps list and get Certificates. @@ -56,15 +56,15 @@ func (s *certificateLister) Certificates(namespace string) CertificateNamespaceL type CertificateNamespaceLister interface { // List lists all Certificates in the indexer for a given namespace. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Certificate, err error) + List(selector labels.Selector) (ret []*certmanagerv1.Certificate, err error) // Get retrieves the Certificate from the indexer for a given namespace and name. // Objects returned here must be treated as read-only. - Get(name string) (*v1.Certificate, error) + Get(name string) (*certmanagerv1.Certificate, error) CertificateNamespaceListerExpansion } // certificateNamespaceLister implements the CertificateNamespaceLister // interface. type certificateNamespaceLister struct { - listers.ResourceIndexer[*v1.Certificate] + listers.ResourceIndexer[*certmanagerv1.Certificate] } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificaterequest.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificaterequest.go index 41203c0a78d..1733f7adebf 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificaterequest.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/certificaterequest.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" ) // CertificateRequestLister helps list CertificateRequests. @@ -30,7 +30,7 @@ import ( type CertificateRequestLister interface { // List lists all CertificateRequests in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) + List(selector labels.Selector) (ret []*certmanagerv1.CertificateRequest, err error) // CertificateRequests returns an object that can list and get CertificateRequests. CertificateRequests(namespace string) CertificateRequestNamespaceLister CertificateRequestListerExpansion @@ -38,17 +38,17 @@ type CertificateRequestLister interface { // certificateRequestLister implements the CertificateRequestLister interface. type certificateRequestLister struct { - listers.ResourceIndexer[*v1.CertificateRequest] + listers.ResourceIndexer[*certmanagerv1.CertificateRequest] } // NewCertificateRequestLister returns a new CertificateRequestLister. func NewCertificateRequestLister(indexer cache.Indexer) CertificateRequestLister { - return &certificateRequestLister{listers.New[*v1.CertificateRequest](indexer, v1.Resource("certificaterequest"))} + return &certificateRequestLister{listers.New[*certmanagerv1.CertificateRequest](indexer, certmanagerv1.Resource("certificaterequest"))} } // CertificateRequests returns an object that can list and get CertificateRequests. func (s *certificateRequestLister) CertificateRequests(namespace string) CertificateRequestNamespaceLister { - return certificateRequestNamespaceLister{listers.NewNamespaced[*v1.CertificateRequest](s.ResourceIndexer, namespace)} + return certificateRequestNamespaceLister{listers.NewNamespaced[*certmanagerv1.CertificateRequest](s.ResourceIndexer, namespace)} } // CertificateRequestNamespaceLister helps list and get CertificateRequests. @@ -56,15 +56,15 @@ func (s *certificateRequestLister) CertificateRequests(namespace string) Certifi type CertificateRequestNamespaceLister interface { // List lists all CertificateRequests in the indexer for a given namespace. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.CertificateRequest, err error) + List(selector labels.Selector) (ret []*certmanagerv1.CertificateRequest, err error) // Get retrieves the CertificateRequest from the indexer for a given namespace and name. // Objects returned here must be treated as read-only. - Get(name string) (*v1.CertificateRequest, error) + Get(name string) (*certmanagerv1.CertificateRequest, error) CertificateRequestNamespaceListerExpansion } // certificateRequestNamespaceLister implements the CertificateRequestNamespaceLister // interface. type certificateRequestNamespaceLister struct { - listers.ResourceIndexer[*v1.CertificateRequest] + listers.ResourceIndexer[*certmanagerv1.CertificateRequest] } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/clusterissuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/clusterissuer.go index 66f8ec183b4..d284de60cbd 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/clusterissuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/clusterissuer.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" ) // ClusterIssuerLister helps list ClusterIssuers. @@ -30,19 +30,19 @@ import ( type ClusterIssuerLister interface { // List lists all ClusterIssuers in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.ClusterIssuer, err error) + List(selector labels.Selector) (ret []*certmanagerv1.ClusterIssuer, err error) // Get retrieves the ClusterIssuer from the index for a given name. // Objects returned here must be treated as read-only. - Get(name string) (*v1.ClusterIssuer, error) + Get(name string) (*certmanagerv1.ClusterIssuer, error) ClusterIssuerListerExpansion } // clusterIssuerLister implements the ClusterIssuerLister interface. type clusterIssuerLister struct { - listers.ResourceIndexer[*v1.ClusterIssuer] + listers.ResourceIndexer[*certmanagerv1.ClusterIssuer] } // NewClusterIssuerLister returns a new ClusterIssuerLister. func NewClusterIssuerLister(indexer cache.Indexer) ClusterIssuerLister { - return &clusterIssuerLister{listers.New[*v1.ClusterIssuer](indexer, v1.Resource("clusterissuer"))} + return &clusterIssuerLister{listers.New[*certmanagerv1.ClusterIssuer](indexer, certmanagerv1.Resource("clusterissuer"))} } diff --git a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/issuer.go b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/issuer.go index a664f075ffe..53fe5a882be 100644 --- a/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/issuer.go +++ b/vendor/github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1/issuer.go @@ -19,10 +19,10 @@ limitations under the License. package v1 import ( - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" ) // IssuerLister helps list Issuers. @@ -30,7 +30,7 @@ import ( type IssuerLister interface { // List lists all Issuers in the indexer. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Issuer, err error) + List(selector labels.Selector) (ret []*certmanagerv1.Issuer, err error) // Issuers returns an object that can list and get Issuers. Issuers(namespace string) IssuerNamespaceLister IssuerListerExpansion @@ -38,17 +38,17 @@ type IssuerLister interface { // issuerLister implements the IssuerLister interface. type issuerLister struct { - listers.ResourceIndexer[*v1.Issuer] + listers.ResourceIndexer[*certmanagerv1.Issuer] } // NewIssuerLister returns a new IssuerLister. func NewIssuerLister(indexer cache.Indexer) IssuerLister { - return &issuerLister{listers.New[*v1.Issuer](indexer, v1.Resource("issuer"))} + return &issuerLister{listers.New[*certmanagerv1.Issuer](indexer, certmanagerv1.Resource("issuer"))} } // Issuers returns an object that can list and get Issuers. func (s *issuerLister) Issuers(namespace string) IssuerNamespaceLister { - return issuerNamespaceLister{listers.NewNamespaced[*v1.Issuer](s.ResourceIndexer, namespace)} + return issuerNamespaceLister{listers.NewNamespaced[*certmanagerv1.Issuer](s.ResourceIndexer, namespace)} } // IssuerNamespaceLister helps list and get Issuers. @@ -56,15 +56,15 @@ func (s *issuerLister) Issuers(namespace string) IssuerNamespaceLister { type IssuerNamespaceLister interface { // List lists all Issuers in the indexer for a given namespace. // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1.Issuer, err error) + List(selector labels.Selector) (ret []*certmanagerv1.Issuer, err error) // Get retrieves the Issuer from the indexer for a given namespace and name. // Objects returned here must be treated as read-only. - Get(name string) (*v1.Issuer, error) + Get(name string) (*certmanagerv1.Issuer, error) IssuerNamespaceListerExpansion } // issuerNamespaceLister implements the IssuerNamespaceLister // interface. type issuerNamespaceLister struct { - listers.ResourceIndexer[*v1.Issuer] + listers.ResourceIndexer[*certmanagerv1.Issuer] } diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go b/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go index b7bd09275df..f42d37d4812 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go @@ -1,5 +1,7 @@ package oidc +import jose "github.com/go-jose/go-jose/v4" + // JOSE asymmetric signing algorithm values as defined by RFC 7518 // // see: https://tools.ietf.org/html/rfc7518#section-3.1 @@ -15,3 +17,16 @@ const ( PS512 = "PS512" // RSASSA-PSS using SHA512 and MGF1-SHA512 EdDSA = "EdDSA" // Ed25519 using SHA-512 ) + +var allAlgs = []jose.SignatureAlgorithm{ + jose.RS256, + jose.RS384, + jose.RS512, + jose.ES256, + jose.ES384, + jose.ES512, + jose.PS256, + jose.PS384, + jose.PS512, + jose.EdDSA, +} diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go index b1e3f7e3ff5..c5e4d787c8f 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go @@ -11,9 +11,8 @@ import ( "io" "net/http" "sync" - "time" - jose "github.com/go-jose/go-jose/v3" + jose "github.com/go-jose/go-jose/v4" ) // StaticKeySet is a verifier that validates JWT against a static set of public keys. @@ -25,7 +24,9 @@ type StaticKeySet struct { // VerifySignature compares the signature against a static set of public keys. func (s *StaticKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte, error) { - jws, err := jose.ParseSigned(jwt) + // Algorithms are already checked by Verifier, so this parse method accepts + // any algorithm. + jws, err := jose.ParseSigned(jwt, allAlgs) if err != nil { return nil, fmt.Errorf("parsing jwt: %v", err) } @@ -55,22 +56,29 @@ func (s *StaticKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte, // The returned KeySet is a long lived verifier that caches keys based on any // keys change. Reuse a common remote key set instead of creating new ones as needed. func NewRemoteKeySet(ctx context.Context, jwksURL string) *RemoteKeySet { - return newRemoteKeySet(ctx, jwksURL, time.Now) + return newRemoteKeySet(ctx, jwksURL) } -func newRemoteKeySet(ctx context.Context, jwksURL string, now func() time.Time) *RemoteKeySet { - if now == nil { - now = time.Now +func newRemoteKeySet(ctx context.Context, jwksURL string) *RemoteKeySet { + return &RemoteKeySet{ + jwksURL: jwksURL, + // For historical reasons, this package uses contexts for configuration, not just + // cancellation. In hindsight, this was a bad idea. + // + // Attemps to reason about how cancels should work with background requests have + // largely lead to confusion. Use the context here as a config bag-of-values and + // ignore the cancel function. + ctx: context.WithoutCancel(ctx), } - return &RemoteKeySet{jwksURL: jwksURL, ctx: ctx, now: now} } // RemoteKeySet is a KeySet implementation that validates JSON web tokens against // a jwks_uri endpoint. type RemoteKeySet struct { jwksURL string - ctx context.Context - now func() time.Time + + // Used for configuration. Cancelation is ignored. + ctx context.Context // guard all other fields mu sync.RWMutex @@ -127,8 +135,13 @@ var parsedJWTKey contextKey func (r *RemoteKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte, error) { jws, ok := ctx.Value(parsedJWTKey).(*jose.JSONWebSignature) if !ok { + // The algorithm values are already enforced by the Validator, which also sets + // the context value above to pre-parsed signature. + // + // Practically, this codepath isn't called in normal use of this package, but + // if it is, the algorithms have already been checked. var err error - jws, err = jose.ParseSigned(jwt) + jws, err = jose.ParseSigned(jwt, allAlgs) if err != nil { return nil, fmt.Errorf("oidc: malformed jwt: %v", err) } diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go index b7db3c73429..2659518cc48 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go @@ -79,7 +79,7 @@ func getClient(ctx context.Context) *http.Client { // provider, err := oidc.NewProvider(ctx, discoveryBaseURL) // // This is insecure because validating the correct issuer is critical for multi-tenant -// proivders. Any overrides here MUST be carefully reviewed. +// providers. Any overrides here MUST be carefully reviewed. func InsecureIssuerURLContext(ctx context.Context, issuerURL string) context.Context { return context.WithValue(ctx, issuerURLKey, issuerURL) } @@ -154,40 +154,65 @@ var supportedAlgorithms = map[string]bool{ EdDSA: true, } -// ProviderConfig allows creating providers when discovery isn't supported. It's -// generally easier to use NewProvider directly. +// ProviderConfig allows direct creation of a [Provider] from metadata +// configuration. This is intended for interop with providers that don't support +// discovery, or host the JSON discovery document at an off-spec path. +// +// The ProviderConfig struct specifies JSON struct tags to support document +// parsing. +// +// // Directly fetch the metadata document. +// resp, err := http.Get("https://login.example.com/custom-metadata-path") +// if err != nil { +// // ... +// } +// defer resp.Body.Close() +// +// // Parse config from JSON metadata. +// config := &oidc.ProviderConfig{} +// if err := json.NewDecoder(resp.Body).Decode(config); err != nil { +// // ... +// } +// p := config.NewProvider(context.Background()) +// +// For providers that implement discovery, use [NewProvider] instead. +// +// See: https://openid.net/specs/openid-connect-discovery-1_0.html type ProviderConfig struct { // IssuerURL is the identity of the provider, and the string it uses to sign // ID tokens with. For example "https://accounts.google.com". This value MUST // match ID tokens exactly. - IssuerURL string + IssuerURL string `json:"issuer"` // AuthURL is the endpoint used by the provider to support the OAuth 2.0 // authorization endpoint. - AuthURL string + AuthURL string `json:"authorization_endpoint"` // TokenURL is the endpoint used by the provider to support the OAuth 2.0 // token endpoint. - TokenURL string + TokenURL string `json:"token_endpoint"` // DeviceAuthURL is the endpoint used by the provider to support the OAuth 2.0 // device authorization endpoint. - DeviceAuthURL string + DeviceAuthURL string `json:"device_authorization_endpoint"` // UserInfoURL is the endpoint used by the provider to support the OpenID // Connect UserInfo flow. // // https://openid.net/specs/openid-connect-core-1_0.html#UserInfo - UserInfoURL string + UserInfoURL string `json:"userinfo_endpoint"` // JWKSURL is the endpoint used by the provider to advertise public keys to // verify issued ID tokens. This endpoint is polled as new keys are made // available. - JWKSURL string + JWKSURL string `json:"jwks_uri"` // Algorithms, if provided, indicate a list of JWT algorithms allowed to sign // ID tokens. If not provided, this defaults to the algorithms advertised by // the JWK endpoint, then the set of algorithms supported by this package. - Algorithms []string + Algorithms []string `json:"id_token_signing_alg_values_supported"` } // NewProvider initializes a provider from a set of endpoints, rather than // through discovery. +// +// The provided context is only used for [http.Client] configuration through +// [ClientContext], not cancelation. func (p *ProviderConfig) NewProvider(ctx context.Context) *Provider { return &Provider{ issuer: p.IssuerURL, @@ -202,9 +227,14 @@ func (p *ProviderConfig) NewProvider(ctx context.Context) *Provider { } // NewProvider uses the OpenID Connect discovery mechanism to construct a Provider. -// // The issuer is the URL identifier for the service. For example: "https://accounts.google.com" // or "https://login.salesforce.com". +// +// OpenID Connect providers that don't implement discovery or host the discovery +// document at a non-spec complaint path (such as requiring a URL parameter), +// should use [ProviderConfig] instead. +// +// See: https://openid.net/specs/openid-connect-discovery-1_0.html func NewProvider(ctx context.Context, issuer string) (*Provider, error) { wellKnown := strings.TrimSuffix(issuer, "/") + "/.well-known/openid-configuration" req, err := http.NewRequest("GET", wellKnown, nil) @@ -237,7 +267,7 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) { issuerURL = issuer } if p.Issuer != issuerURL && !skipIssuerValidation { - return nil, fmt.Errorf("oidc: issuer did not match the issuer returned by provider, expected %q got %q", issuer, p.Issuer) + return nil, fmt.Errorf("oidc: issuer URL provided to client (%q) did not match the issuer URL returned by provider (%q)", issuer, p.Issuer) } var algs []string for _, a := range p.Algorithms { diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go index 0bca49a8992..a8bf107d4a6 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go @@ -1,18 +1,14 @@ package oidc import ( - "bytes" "context" - "encoding/base64" "encoding/json" - "errors" "fmt" "io" "net/http" - "strings" "time" - jose "github.com/go-jose/go-jose/v3" + jose "github.com/go-jose/go-jose/v4" "golang.org/x/oauth2" ) @@ -120,8 +116,8 @@ type Config struct { } // VerifierContext returns an IDTokenVerifier that uses the provider's key set to -// verify JWTs. As opposed to Verifier, the context is used for all requests to -// the upstream JWKs endpoint. +// verify JWTs. As opposed to Verifier, the context is used to configure requests +// to the upstream JWKs endpoint. The provided context's cancellation is ignored. func (p *Provider) VerifierContext(ctx context.Context, config *Config) *IDTokenVerifier { return p.newVerifier(NewRemoteKeySet(ctx, p.jwksURL), config) } @@ -145,18 +141,6 @@ func (p *Provider) newVerifier(keySet KeySet, config *Config) *IDTokenVerifier { return NewVerifier(p.issuer, keySet, config) } -func parseJWT(p string) ([]byte, error) { - parts := strings.Split(p, ".") - if len(parts) < 2 { - return nil, fmt.Errorf("oidc: malformed jwt, expected 3 parts got %d", len(parts)) - } - payload, err := base64.RawURLEncoding.DecodeString(parts[1]) - if err != nil { - return nil, fmt.Errorf("oidc: malformed jwt payload: %v", err) - } - return payload, nil -} - func contains(sli []string, ele string) bool { for _, s := range sli { if s == ele { @@ -219,12 +203,49 @@ func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src // // token, err := verifier.Verify(ctx, rawIDToken) func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDToken, error) { - // Throw out tokens with invalid claims before trying to verify the token. This lets - // us do cheap checks before possibly re-syncing keys. - payload, err := parseJWT(rawIDToken) + var supportedSigAlgs []jose.SignatureAlgorithm + for _, alg := range v.config.SupportedSigningAlgs { + supportedSigAlgs = append(supportedSigAlgs, jose.SignatureAlgorithm(alg)) + } + if len(supportedSigAlgs) == 0 { + // If no algorithms were specified by both the config and discovery, default + // to the one mandatory algorithm "RS256". + supportedSigAlgs = []jose.SignatureAlgorithm{jose.RS256} + } + if v.config.InsecureSkipSignatureCheck { + // "none" is a required value to even parse a JWT with the "none" algorithm + // using go-jose. + supportedSigAlgs = append(supportedSigAlgs, "none") + } + + // Parse and verify the signature first. This at least forces the user to have + // a valid, signed ID token before we do any other processing. + jws, err := jose.ParseSigned(rawIDToken, supportedSigAlgs) if err != nil { return nil, fmt.Errorf("oidc: malformed jwt: %v", err) } + switch len(jws.Signatures) { + case 0: + return nil, fmt.Errorf("oidc: id token not signed") + case 1: + default: + return nil, fmt.Errorf("oidc: multiple signatures on id token not supported") + } + sig := jws.Signatures[0] + + var payload []byte + if v.config.InsecureSkipSignatureCheck { + // Yolo mode. + payload = jws.UnsafePayloadWithoutVerification() + } else { + // The JWT is attached here for the happy path to avoid the verifier from + // having to parse the JWT twice. + ctx = context.WithValue(ctx, parsedJWTKey, jws) + payload, err = v.keySet.VerifySignature(ctx, rawIDToken) + if err != nil { + return nil, fmt.Errorf("failed to verify signature: %v", err) + } + } var token idToken if err := json.Unmarshal(payload, &token); err != nil { return nil, fmt.Errorf("oidc: failed to unmarshal claims: %v", err) @@ -254,6 +275,7 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok AccessTokenHash: token.AtHash, claims: payload, distributedClaims: distributedClaims, + sigAlgorithm: sig.Header.Algorithm, } // Check issuer. @@ -306,46 +328,6 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok } } - if v.config.InsecureSkipSignatureCheck { - return t, nil - } - - jws, err := jose.ParseSigned(rawIDToken) - if err != nil { - return nil, fmt.Errorf("oidc: malformed jwt: %v", err) - } - - switch len(jws.Signatures) { - case 0: - return nil, fmt.Errorf("oidc: id token not signed") - case 1: - default: - return nil, fmt.Errorf("oidc: multiple signatures on id token not supported") - } - - sig := jws.Signatures[0] - supportedSigAlgs := v.config.SupportedSigningAlgs - if len(supportedSigAlgs) == 0 { - supportedSigAlgs = []string{RS256} - } - - if !contains(supportedSigAlgs, sig.Header.Algorithm) { - return nil, fmt.Errorf("oidc: id token signed with unsupported algorithm, expected %q got %q", supportedSigAlgs, sig.Header.Algorithm) - } - - t.sigAlgorithm = sig.Header.Algorithm - - ctx = context.WithValue(ctx, parsedJWTKey, jws) - gotPayload, err := v.keySet.VerifySignature(ctx, rawIDToken) - if err != nil { - return nil, fmt.Errorf("failed to verify signature: %v", err) - } - - // Ensure that the payload returned by the square actually matches the payload parsed earlier. - if !bytes.Equal(gotPayload, payload) { - return nil, errors.New("oidc: internal error, payload parsed did not match previous payload") - } - return t, nil } diff --git a/vendor/github.com/eclipse/paho.golang/LICENSE b/vendor/github.com/eclipse/paho.golang/LICENSE index d3087e4c540..f55c3953911 100644 --- a/vendor/github.com/eclipse/paho.golang/LICENSE +++ b/vendor/github.com/eclipse/paho.golang/LICENSE @@ -1,3 +1,20 @@ +Eclipse Public License - v 2.0 (EPL-2.0) + +This program and the accompanying materials +are made available under the terms of the Eclipse Public License v2.0 +and Eclipse Distribution License v1.0 which accompany this distribution. + +The Eclipse Public License is available at + https://www.eclipse.org/legal/epl-2.0/ +and the Eclipse Distribution License is available at + http://www.eclipse.org/org/documents/edl-v10.php. + +For an explanation of what dual-licensing means to you, see: +https://www.eclipse.org/legal/eplfaq.php#DUALLIC + +**** +The epl-2.0 is copied below in order to pass the pkg.go.dev license check (https://pkg.go.dev/license-policy). +**** Eclipse Public License - v 2.0 THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE @@ -261,8 +278,8 @@ No third-party beneficiary rights are created under this Agreement. Exhibit A - Form of Secondary Licenses Notice -"This Source Code may also be made available under the following -Secondary Licenses when the conditions for such availability set forth +"This Source Code may also be made available under the following +Secondary Licenses when the conditions for such availability set forth in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), version(s), and exceptions or additional permissions here}." diff --git a/vendor/github.com/eclipse/paho.golang/packets/auth.go b/vendor/github.com/eclipse/paho.golang/packets/auth.go index 56237e00c43..c97446f6ad7 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/auth.go +++ b/vendor/github.com/eclipse/paho.golang/packets/auth.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/packets/connack.go b/vendor/github.com/eclipse/paho.golang/packets/connack.go index aa171eaba83..493aa29e021 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/connack.go +++ b/vendor/github.com/eclipse/paho.golang/packets/connack.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -43,7 +58,7 @@ func (c *Connack) String() string { return fmt.Sprintf("CONNACK: ReasonCode:%d SessionPresent:%t\nProperties:\n%s", c.ReasonCode, c.SessionPresent, c.Properties) } -//Unpack is the implementation of the interface required function for a packet +// Unpack is the implementation of the interface required function for a packet func (c *Connack) Unpack(r *bytes.Buffer) error { connackFlags, err := r.ReadByte() if err != nil { diff --git a/vendor/github.com/eclipse/paho.golang/packets/connect.go b/vendor/github.com/eclipse/paho.golang/packets/connect.go index 31340f6bdb9..2394e7d0118 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/connect.go +++ b/vendor/github.com/eclipse/paho.golang/packets/connect.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -85,7 +100,7 @@ func (c *Connect) UnpackFlags(b byte) { c.UsernameFlag = 1&(b>>7) > 0 } -//Unpack is the implementation of the interface required function for a packet +// Unpack is the implementation of the interface required function for a packet func (c *Connect) Unpack(r *bytes.Buffer) error { var err error diff --git a/vendor/github.com/eclipse/paho.golang/packets/disconnect.go b/vendor/github.com/eclipse/paho.golang/packets/disconnect.go index 9180207a610..3b9447bbdc8 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/disconnect.go +++ b/vendor/github.com/eclipse/paho.golang/packets/disconnect.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -53,11 +68,16 @@ const ( // Unpack is the implementation of the interface required function for a packet func (d *Disconnect) Unpack(r *bytes.Buffer) error { var err error + noProps := r.Len() == 1 d.ReasonCode, err = r.ReadByte() if err != nil { return err } + if noProps { + return nil + } + err = d.Properties.Unpack(r, DISCONNECT) if err != nil { return err diff --git a/vendor/github.com/eclipse/paho.golang/packets/packets.go b/vendor/github.com/eclipse/paho.golang/packets/packets.go index 4f023e015e7..9767ea2044d 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/packets.go +++ b/vendor/github.com/eclipse/paho.golang/packets/packets.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -433,11 +448,19 @@ func writeUint32(u uint32, b *bytes.Buffer) error { } func writeString(s string, b *bytes.Buffer) { + // Due to the 16 bit header strings are limited to 65535 bytes + if len(s) > 65535 { + s = s[:65535] + } writeUint16(uint16(len(s)), b) b.WriteString(s) } func writeBinary(d []byte, b *bytes.Buffer) { + // Due to the 16 bit header strings are limited to 65535 bytes + if len(d) > 65535 { + d = d[:65535] + } writeUint16(uint16(len(d)), b) b.Write(d) } diff --git a/vendor/github.com/eclipse/paho.golang/packets/pingreq.go b/vendor/github.com/eclipse/paho.golang/packets/pingreq.go index 27d39ee324e..b6a4c7fa06f 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/pingreq.go +++ b/vendor/github.com/eclipse/paho.golang/packets/pingreq.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/packets/pingresp.go b/vendor/github.com/eclipse/paho.golang/packets/pingresp.go index fcf421a763f..f5210f187ad 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/pingresp.go +++ b/vendor/github.com/eclipse/paho.golang/packets/pingresp.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/packets/properties.go b/vendor/github.com/eclipse/paho.golang/packets/properties.go index 5a74e0561a1..9ddc9bdc73b 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/properties.go +++ b/vendor/github.com/eclipse/paho.golang/packets/properties.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -285,11 +300,6 @@ func (i *Properties) Pack(p byte) []byte { writeUint16(*i.TopicAliasMaximum, &b) } - if i.MaximumQOS != nil { - b.WriteByte(PropMaximumQOS) - b.WriteByte(*i.MaximumQOS) - } - if i.MaximumPacketSize != nil { b.WriteByte(PropMaximumPacketSize) writeUint32(*i.MaximumPacketSize, &b) @@ -297,6 +307,11 @@ func (i *Properties) Pack(p byte) []byte { } if p == CONNACK { + if i.MaximumQOS != nil { + b.WriteByte(PropMaximumQOS) + b.WriteByte(*i.MaximumQOS) + } + if i.AssignedClientID != "" { b.WriteByte(PropAssignedClientID) writeString(i.AssignedClientID, &b) @@ -453,11 +468,6 @@ func (i *Properties) PackBuf(p byte) *bytes.Buffer { writeUint16(*i.TopicAliasMaximum, &b) } - if i.MaximumQOS != nil { - b.WriteByte(PropMaximumQOS) - b.WriteByte(*i.MaximumQOS) - } - if i.MaximumPacketSize != nil { b.WriteByte(PropMaximumPacketSize) writeUint32(*i.MaximumPacketSize, &b) @@ -465,6 +475,11 @@ func (i *Properties) PackBuf(p byte) *bytes.Buffer { } if p == CONNACK { + if i.MaximumQOS != nil { + b.WriteByte(PropMaximumQOS) + b.WriteByte(*i.MaximumQOS) + } + if i.AssignedClientID != "" { b.WriteByte(PropAssignedClientID) writeString(i.AssignedClientID, &b) @@ -792,7 +807,7 @@ var ValidProperties = map[byte]map[byte]struct{}{ PropReasonString: {CONNACK: {}, PUBACK: {}, PUBREC: {}, PUBREL: {}, PUBCOMP: {}, SUBACK: {}, UNSUBACK: {}, DISCONNECT: {}, AUTH: {}}, PropReceiveMaximum: {CONNECT: {}, CONNACK: {}}, PropTopicAliasMaximum: {CONNECT: {}, CONNACK: {}}, - PropMaximumQOS: {CONNECT: {}, CONNACK: {}}, + PropMaximumQOS: {CONNACK: {}}, PropMaximumPacketSize: {CONNECT: {}, CONNACK: {}}, PropUser: {CONNECT: {}, CONNACK: {}, PUBLISH: {}, PUBACK: {}, PUBREC: {}, PUBREL: {}, PUBCOMP: {}, SUBSCRIBE: {}, UNSUBSCRIBE: {}, SUBACK: {}, UNSUBACK: {}, DISCONNECT: {}, AUTH: {}}, } diff --git a/vendor/github.com/eclipse/paho.golang/packets/puback.go b/vendor/github.com/eclipse/paho.golang/packets/puback.go index 67f404ce6a6..57e6f34f7da 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/puback.go +++ b/vendor/github.com/eclipse/paho.golang/packets/puback.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -41,7 +56,7 @@ func (p *Puback) String() string { return b.String() } -//Unpack is the implementation of the interface required function for a packet +// Unpack is the implementation of the interface required function for a packet func (p *Puback) Unpack(r *bytes.Buffer) error { var err error success := r.Len() == 2 diff --git a/vendor/github.com/eclipse/paho.golang/packets/pubcomp.go b/vendor/github.com/eclipse/paho.golang/packets/pubcomp.go index 1cdfe61e98b..b193be03752 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/pubcomp.go +++ b/vendor/github.com/eclipse/paho.golang/packets/pubcomp.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -34,7 +49,7 @@ func (p *Pubcomp) String() string { return b.String() } -//Unpack is the implementation of the interface required function for a packet +// Unpack is the implementation of the interface required function for a packet func (p *Pubcomp) Unpack(r *bytes.Buffer) error { var err error success := r.Len() == 2 diff --git a/vendor/github.com/eclipse/paho.golang/packets/publish.go b/vendor/github.com/eclipse/paho.golang/packets/publish.go index 24edb588b23..150ea3417b0 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/publish.go +++ b/vendor/github.com/eclipse/paho.golang/packets/publish.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/packets/pubrec.go b/vendor/github.com/eclipse/paho.golang/packets/pubrec.go index 7bd30451099..f1627968b5d 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/pubrec.go +++ b/vendor/github.com/eclipse/paho.golang/packets/pubrec.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/packets/pubrel.go b/vendor/github.com/eclipse/paho.golang/packets/pubrel.go index 27c48c24042..1f8ea9447de 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/pubrel.go +++ b/vendor/github.com/eclipse/paho.golang/packets/pubrel.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -28,7 +43,7 @@ func (p *Pubrel) String() string { return b.String() } -//Unpack is the implementation of the interface required function for a packet +// Unpack is the implementation of the interface required function for a packet func (p *Pubrel) Unpack(r *bytes.Buffer) error { var err error success := r.Len() == 2 diff --git a/vendor/github.com/eclipse/paho.golang/packets/suback.go b/vendor/github.com/eclipse/paho.golang/packets/suback.go index 2503aaf1aec..be5eaaa2b06 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/suback.go +++ b/vendor/github.com/eclipse/paho.golang/packets/suback.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -34,7 +49,7 @@ const ( SubackWildcardsubscriptionsnotsupported = 0xA2 ) -//Unpack is the implementation of the interface required function for a packet +// Unpack is the implementation of the interface required function for a packet func (s *Suback) Unpack(r *bytes.Buffer) error { var err error s.PacketID, err = readUint16(r) diff --git a/vendor/github.com/eclipse/paho.golang/packets/subscribe.go b/vendor/github.com/eclipse/paho.golang/packets/subscribe.go index 2abccbbd674..c0881f2f3fe 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/subscribe.go +++ b/vendor/github.com/eclipse/paho.golang/packets/subscribe.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( @@ -37,6 +52,12 @@ func (s *Subscribe) Type() byte { return SUBSCRIBE } +const ( + RetainSendOnSubscribe = iota // on any successful subscribe request + RetainSendOnSubscribeIfNew // only if the subscribe request is new + RetainDoNotSend // never send retained messages +) + // SubOptions is the struct representing the options for a subscription type SubOptions struct { Topic string diff --git a/vendor/github.com/eclipse/paho.golang/packets/unsuback.go b/vendor/github.com/eclipse/paho.golang/packets/unsuback.go index ba5164b9f19..264ebce1d38 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/unsuback.go +++ b/vendor/github.com/eclipse/paho.golang/packets/unsuback.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/packets/unsubscribe.go b/vendor/github.com/eclipse/paho.golang/packets/unsubscribe.go index 090d7ca7209..4af1bc5fd71 100644 --- a/vendor/github.com/eclipse/paho.golang/packets/unsubscribe.go +++ b/vendor/github.com/eclipse/paho.golang/packets/unsubscribe.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package packets import ( diff --git a/vendor/github.com/eclipse/paho.golang/paho/acks_tracker.go b/vendor/github.com/eclipse/paho.golang/paho/acks_tracker.go index 47f11cb67f4..d4077b0eef4 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/acks_tracker.go +++ b/vendor/github.com/eclipse/paho.golang/paho/acks_tracker.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( diff --git a/vendor/github.com/eclipse/paho.golang/paho/auth.go b/vendor/github.com/eclipse/paho.golang/paho/auth.go index 7d3a3c97233..3ab6496566c 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/auth.go +++ b/vendor/github.com/eclipse/paho.golang/paho/auth.go @@ -1,8 +1,23 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho // Auther is the interface for something that implements the extended authentication // flows in MQTT v5 type Auther interface { - Authenticate(*Auth) *Auth - Authenticated() + Authenticate(*Auth) *Auth // Authenticate will be called when an AUTH packet is received. + Authenticated() // Authenticated will be called when CONNACK is received } diff --git a/vendor/github.com/eclipse/paho.golang/paho/client.go b/vendor/github.com/eclipse/paho.golang/paho/client.go index 76a98722933..cb038477e3d 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/client.go +++ b/vendor/github.com/eclipse/paho.golang/paho/client.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( @@ -11,24 +26,31 @@ import ( "time" "github.com/eclipse/paho.golang/packets" - "golang.org/x/sync/semaphore" -) - -type MQTTVersion byte - -const ( - MQTTv311 MQTTVersion = 4 - MQTTv5 MQTTVersion = 5 + "github.com/eclipse/paho.golang/paho/log" + "github.com/eclipse/paho.golang/paho/session" + "github.com/eclipse/paho.golang/paho/session/state" ) const defaultSendAckInterval = 50 * time.Millisecond var ( ErrManualAcknowledgmentDisabled = errors.New("manual acknowledgments disabled") + ErrNetworkErrorAfterStored = errors.New("error after packet added to state") // Could not send packet but its stored (and response will be sent on chan at some point in the future) + ErrConnectionLost = errors.New("connection lost after request transmitted") // We don't know whether the server received the request or not + + ErrInvalidArguments = errors.New("invalid argument") // If included (errors.Join) in an error, there is a problem with the arguments passed. Retrying on the same connection with the same arguments will not succeed. ) type ( - // ClientConfig are the user configurable options for the client, an + PublishReceived struct { + Packet *Publish + Client *Client // The Client that received the message (note that the connection may have been lost post-receipt) + + AlreadyHandled bool // Set to true if a previous callback has returned true (indicating some action has already been taken re the message) + Errs []error // Errors returned by previous handlers (if any). + } + + // ClientConfig are the user-configurable options for the client, an // instance of this struct is passed into NewClient(), not all options // are required to be set, defaults are provided for Persistence, MIDs, // PingHandler, PacketTimeout and Router. @@ -38,16 +60,32 @@ type ( // BEWARE that most wrapped net.Conn implementations like tls.Conn are // not thread safe for writing. To fix, use packets.NewThreadSafeConn // wrapper or extend the custom net.Conn struct with sync.Locker. - Conn net.Conn - MIDs MIDService + Conn net.Conn + + Session session.SessionManager + autoCloseSession bool + AuthHandler Auther PingHandler Pinger - Router Router - Persistence Persistence + defaultPinger bool + + // Router - new inbound messages will be passed to the `Route(*packets.Publish)` function. + // + // Depreciated: If a router is provided, it will now be added to the end of the OnPublishReceived + // slice (which provides a more flexible approach to handling incoming messages). + Router Router + + // OnPublishReceived provides a slice of callbacks; additional handlers may be added after the client has been + // created via the AddOnPublishReceived function (Client holds a copy of the slice; OnPublishReceived will not change). + // When a `PUBLISH` is received, the callbacks will be called in order. If a callback processes the message, + // then it should return true. This boolean, and any errors, will be passed to subsequent handlers. + OnPublishReceived []func(PublishReceived) (bool, error) + PacketTimeout time.Duration // OnServerDisconnect is called only when a packets.DISCONNECT is received from server OnServerDisconnect func(*Disconnect) - // OnClientError is for example called on net.Error + // OnClientError is for example called on net.Error. Note that this may be called multiple times and may be + // called following a successful `Disconnect`. See autopaho.errorHandler for an example. OnClientError func(error) // PublishHook allows a user provided function to be called before // a Publish packet is sent allowing it to inspect or modify the @@ -68,20 +106,30 @@ type ( } // Client is the struct representing an MQTT client Client struct { - mu sync.Mutex - ClientConfig - // raCtx is used for handling the MQTTv5 authentication exchange. - raCtx *CPContext - stop chan struct{} + config ClientConfig + + // OnPublishReceived copy of OnPublishReceived from ClientConfig (perhaps with added callback form Router) + onPublishReceived []func(PublishReceived) (bool, error) + onPublishReceivedTracker []int // Used to track positions in above + onPublishReceivedMu sync.Mutex + + // authResponse is used for handling the MQTTv5 authentication exchange (MUST be buffered) + authResponse chan<- packets.ControlPacket + authResponseMu sync.Mutex // protects the above + + cancelFunc func() + + connectCalled bool // if true `Connect` has been called and a connection is being managed + connectCalledMu sync.Mutex // protects the above + + done <-chan struct{} // closed when shutdown complete (only valid after Connect returns nil error) publishPackets chan *packets.Publish acksTracker acksTracker workers sync.WaitGroup serverProps CommsProperties clientProps CommsProperties - serverInflight *semaphore.Weighted - clientInflight *semaphore.Weighted - debug Logger - errors Logger + debug log.Logger + errors log.Logger } // CommsProperties is a struct of the communication properties that may @@ -97,11 +145,6 @@ type ( SubIDAvailable bool SharedSubAvailable bool } - - caContext struct { - Context context.Context - Return chan *packets.Connack - } ) // NewClient is used to create a new default instance of an MQTT client. @@ -129,30 +172,40 @@ func NewClient(conf ClientConfig) *Client { MaximumPacketSize: 0, TopicAliasMaximum: 0, }, - ClientConfig: conf, - errors: NOOPLogger{}, - debug: NOOPLogger{}, + config: conf, + onPublishReceived: conf.OnPublishReceived, + done: make(chan struct{}), + errors: log.NOOPLogger{}, + debug: log.NOOPLogger{}, } - if c.Persistence == nil { - c.Persistence = &noopPersistence{} + if c.config.Session == nil { + c.config.Session = state.NewInMemory() + c.config.autoCloseSession = true // We created `Session`, so need to close it when done (so handlers all return) } - if c.MIDs == nil { - c.MIDs = &MIDs{index: make([]*CPContext, int(midMax))} + if c.config.PacketTimeout == 0 { + c.config.PacketTimeout = 10 * time.Second } - if c.PacketTimeout == 0 { - c.PacketTimeout = 10 * time.Second + + if c.config.Router == nil && len(c.onPublishReceived) == 0 { + c.config.Router = NewStandardRouter() // Maintain backwards compatibility (for now!) } - if c.Router == nil { - c.Router = NewStandardRouter() + if c.config.Router != nil { + r := c.config.Router + c.onPublishReceived = append(c.onPublishReceived, + func(p PublishReceived) (bool, error) { + r.Route(p.Packet.Packet()) + return false, nil + }) } - if c.PingHandler == nil { - c.PingHandler = DefaultPingerWithCustomFailHandler(func(e error) { - go c.error(e) - }) + c.onPublishReceivedTracker = make([]int, len(c.onPublishReceived)) // Must have the same number of elements as onPublishReceived + + if c.config.PingHandler == nil { + c.config.PingHandler = NewDefaultPinger() + c.config.defaultPinger = true } - if c.OnClientError == nil { - c.OnClientError = func(e error) {} + if c.config.OnClientError == nil { + c.config.OnClientError = func(e error) {} } return c @@ -162,23 +215,38 @@ func NewClient(conf ClientConfig) *Client { // the Client instance already has a working network connection. // The function takes a pre-prepared Connect packet, and uses that to // establish an MQTT connection. Assuming the connection completes -// successfully the rest of the client is initiated and the Connack -// returned. Otherwise the failure Connack (if there is one) is returned +// successfully, the rest of the client is initiated and the Connack +// returned. Otherwise, the failure Connack (if there is one) is returned // along with an error indicating the reason for the failure to connect. func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { - if c.Conn == nil { + if c.config.Conn == nil { return nil, fmt.Errorf("client connection is nil") } + // The connection is in c.config.Conn which is inaccessible to the user. + // The end result of `Connect` (possibly some time after it returns) will be to close the connection so calling + // Connect twice is invalid. + c.connectCalledMu.Lock() + if c.connectCalled { + c.connectCalledMu.Unlock() + return nil, fmt.Errorf("connect must only be called once") + } + c.connectCalled = true + c.connectCalledMu.Unlock() + + // The passed in ctx applies to the connection process only. clientCtx applies to Client (signals that the + // client should shut down). + clientCtx, cancelFunc := context.WithCancel(context.Background()) + done := make(chan struct{}) cleanup := func() { - close(c.stop) + cancelFunc() close(c.publishPackets) - _ = c.Conn.Close() - c.mu.Unlock() + _ = c.config.Conn.Close() + close(done) } - c.mu.Lock() - c.stop = make(chan struct{}) + c.cancelFunc = cancelFunc + c.done = done var publishPacketsSize uint16 = math.MaxUint16 if cp.Properties != nil && cp.Properties.ReceiveMaximum != nil { @@ -187,14 +255,11 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { c.publishPackets = make(chan *packets.Publish, publishPacketsSize) keepalive := cp.KeepAlive - c.ClientID = cp.ClientID + c.config.ClientID = cp.ClientID if cp.Properties != nil { if cp.Properties.MaximumPacketSize != nil { c.clientProps.MaximumPacketSize = *cp.Properties.MaximumPacketSize } - if cp.Properties.MaximumQOS != nil { - c.clientProps.MaximumQoS = *cp.Properties.MaximumQOS - } if cp.Properties.ReceiveMaximum != nil { c.clientProps.ReceiveMaximum = *cp.Properties.ReceiveMaximum } @@ -204,7 +269,7 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { } c.debug.Println("connecting") - connCtx, cf := context.WithTimeout(ctx, c.PacketTimeout) + connCtx, cf := context.WithTimeout(ctx, c.config.PacketTimeout) defer cf() ccp := cp.Packet() @@ -212,14 +277,14 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { ccp.ProtocolVersion = 5 c.debug.Println("sending CONNECT") - if _, err := ccp.WriteTo(c.Conn); err != nil { + if _, err := ccp.WriteTo(c.config.Conn); err != nil { cleanup() return nil, err } c.debug.Println("waiting for CONNACK/AUTH") var ( - caPacket *packets.Connack + caPacket *packets.Connack // We use buffered channels to prevent goroutine leak. The Details are below. // - c.expectConnack waits to send data to caPacketCh or caPacketErr. // - If connCtx is cancelled (done) before c.expectConnack finishes to send data to either "unbuffered" channel, @@ -230,11 +295,10 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { go c.expectConnack(caPacketCh, caPacketErr) select { case <-connCtx.Done(): - if ctxErr := connCtx.Err(); ctxErr != nil { - c.debug.Println(fmt.Sprintf("terminated due to context: %v", ctxErr)) - } + ctxErr := connCtx.Err() + c.debug.Println(fmt.Sprintf("terminated due to context waiting for CONNACK: %v", ctxErr)) cleanup() - return nil, connCtx.Err() + return nil, ctxErr case err := <-caPacketErr: c.debug.Println(err) cleanup() @@ -254,15 +318,21 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { return ca, fmt.Errorf("failed to connect to server: %s", reason) } - // no more possible calls to cleanup(), defer an unlock - defer c.mu.Unlock() + if err := c.config.Session.ConAckReceived(c.config.Conn, ccp, caPacket); err != nil { + cleanup() + return ca, fmt.Errorf("session error: %w", err) + } + + // the connection is now fully up and a nil error will be returned. + // cleanup() must not be called past this point and will be handled by `shutdown` + context.AfterFunc(clientCtx, func() { c.shutdown(done) }) if ca.Properties != nil { if ca.Properties.ServerKeepAlive != nil { keepalive = *ca.Properties.ServerKeepAlive } if ca.Properties.AssignedClientID != "" { - c.ClientID = ca.Properties.AssignedClientID + c.config.ClientID = ca.Properties.AssignedClientID } if ca.Properties.ReceiveMaximum != nil { c.serverProps.ReceiveMaximum = *ca.Properties.ReceiveMaximum @@ -282,15 +352,14 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { c.serverProps.SharedSubAvailable = ca.Properties.SharedSubAvailable } - c.serverInflight = semaphore.NewWeighted(int64(c.serverProps.ReceiveMaximum)) - c.clientInflight = semaphore.NewWeighted(int64(c.clientProps.ReceiveMaximum)) - c.debug.Println("received CONNACK, starting PingHandler") c.workers.Add(1) go func() { defer c.workers.Done() defer c.debug.Println("returning from ping handler worker") - c.PingHandler.Start(c.Conn, time.Duration(keepalive)*time.Second) + if err := c.config.PingHandler.Run(clientCtx, c.config.Conn, keepalive); err != nil { + go c.error(fmt.Errorf("ping handler error: %w", err)) + } }() c.debug.Println("starting publish packets loop") @@ -298,6 +367,8 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { go func() { defer c.workers.Done() defer c.debug.Println("returning from publish packets loop worker") + // exits when `c.publishPackets` is closed (`c.incoming()` closes this). This is important because + // messages may be passed for processing after `c.stop` has been closed. c.routePublishPackets() }() @@ -306,16 +377,16 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { go func() { defer c.workers.Done() defer c.debug.Println("returning from incoming worker") - c.incoming() + c.incoming(clientCtx) }() - if c.EnableManualAcknowledgment { + if c.config.EnableManualAcknowledgment { c.debug.Println("starting acking routine") c.acksTracker.reset() sendAcksInterval := defaultSendAckInterval - if c.SendAcksInterval > 0 { - sendAcksInterval = c.SendAcksInterval + if c.config.SendAcksInterval > 0 { + sendAcksInterval = c.config.SendAcksInterval } c.workers.Add(1) @@ -325,7 +396,7 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { t := time.NewTicker(sendAcksInterval) for { select { - case <-c.stop: + case <-clientCtx.Done(): return case <-t.C: c.acksTracker.flush(func(pbs []*packets.Publish) { @@ -341,8 +412,17 @@ func (c *Client) Connect(ctx context.Context, cp *Connect) (*Connack, error) { return ca, nil } +// Done returns a channel that will be closed when Client has shutdown. Only valid after Connect has returned a +// nil error. +func (c *Client) Done() <-chan struct{} { + return c.done +} + +// Ack transmits an acknowledgement of the `Publish` packet. +// WARNING: Calling Ack after the connection is closed may have unpredictable results (particularly if the sessionState +// is being accessed by a new connection). See issue #160. func (c *Client) Ack(pb *Publish) error { - if !c.EnableManualAcknowledgment { + if !c.config.EnableManualAcknowledgment { return ErrManualAcknowledgmentDisabled } if pb.QoS == 0 { @@ -351,52 +431,45 @@ func (c *Client) Ack(pb *Publish) error { return c.acksTracker.markAsAcked(pb.Packet()) } +// ack acknowledges a message (note: called by acksTracker to ensure these are sent in order) func (c *Client) ack(pb *packets.Publish) { - switch pb.QoS { - case 1: - pa := packets.Puback{ - Properties: &packets.Properties{}, - PacketID: pb.PacketID, - } - c.debug.Println("sending PUBACK") - _, err := pa.WriteTo(c.Conn) - if err != nil { - c.errors.Printf("failed to send PUBACK for %d: %s", pb.PacketID, err) - } - case 2: - pr := packets.Pubrec{ - Properties: &packets.Properties{}, - PacketID: pb.PacketID, - } - c.debug.Printf("sending PUBREC") - _, err := pr.WriteTo(c.Conn) - if err != nil { - c.errors.Printf("failed to send PUBREC for %d: %s", pb.PacketID, err) - } - } + c.config.Session.Ack(pb) } +// routePublishPackets listens on c.publishPackets and passes received messages to the handlers +// terminates when publishPackets closed func (c *Client) routePublishPackets() { - for { - select { - case <-c.stop: - return - case pb, open := <-c.publishPackets: - if !open { - return - } + for pb := range c.publishPackets { + // Copy onPublishReceived so lock is only held briefly + c.onPublishReceivedMu.Lock() + handlers := make([]func(PublishReceived) (bool, error), len(c.onPublishReceived)) + for i := range c.onPublishReceived { + handlers[i] = c.onPublishReceived[i] + } + c.onPublishReceivedMu.Unlock() - if !c.ClientConfig.EnableManualAcknowledgment { - c.Router.Route(pb) - c.ack(pb) - continue - } + if c.config.EnableManualAcknowledgment && pb.QoS != 0 { + c.acksTracker.add(pb) + } - if pb.QoS != 0 { - c.acksTracker.add(pb) + var handled bool + var errs []error + pkt := PublishFromPacketPublish(pb) + for _, h := range handlers { + ha, err := h(PublishReceived{ + Packet: pkt, + Client: c, + AlreadyHandled: handled, + Errs: errs, + }) + if ha { + handled = true } + errs = append(errs, err) + } - c.Router.Route(pb) + if !c.config.EnableManualAcknowledgment { + c.ack(pb) } } } @@ -406,21 +479,25 @@ func (c *Client) routePublishPackets() { // from Connect(), it exits when it receives a server initiated // Disconnect, the Stop channel is closed or there is an error reading // a packet from the network connection -func (c *Client) incoming() { +// Closes `c.publishPackets` when done (should be the only thing sending on this channel) +func (c *Client) incoming(ctx context.Context) { defer c.debug.Println("client stopping, incoming stopping") + defer close(c.publishPackets) + for { select { - case <-c.stop: + case <-ctx.Done(): return default: - recv, err := packets.ReadPacket(c.Conn) + recv, err := packets.ReadPacket(c.config.Conn) if err != nil { go c.error(err) return } + c.config.PingHandler.PacketReceived() switch recv.Type { case packets.CONNACK: - c.debug.Println("received CONNACK") + c.debug.Println("received CONNACK (unexpected)") go c.error(fmt.Errorf("received unexpected CONNACK")) return case packets.AUTH: @@ -428,93 +505,55 @@ func (c *Client) incoming() { ap := recv.Content.(*packets.Auth) switch ap.ReasonCode { case packets.AuthSuccess: - if c.AuthHandler != nil { - go c.AuthHandler.Authenticated() + if c.config.AuthHandler != nil { + go c.config.AuthHandler.Authenticated() } - if c.raCtx != nil { - c.raCtx.Return <- *recv + c.authResponseMu.Lock() + if c.authResponse != nil { + select { // authResponse must be buffered, and we should only receive 1 AUTH packet a time + case c.authResponse <- *recv: + default: + } } + c.authResponseMu.Unlock() case packets.AuthContinueAuthentication: - if c.AuthHandler != nil { - if _, err := c.AuthHandler.Authenticate(AuthFromPacketAuth(ap)).Packet().WriteTo(c.Conn); err != nil { + if c.config.AuthHandler != nil { + if _, err := c.config.AuthHandler.Authenticate(AuthFromPacketAuth(ap)).Packet().WriteTo(c.config.Conn); err != nil { go c.error(err) return } + c.config.PingHandler.PacketSent() } } case packets.PUBLISH: pb := recv.Content.(*packets.Publish) - c.debug.Printf("received QoS%d PUBLISH", pb.QoS) - c.mu.Lock() - select { - case <-c.stop: - c.mu.Unlock() - return - default: - c.publishPackets <- pb - c.mu.Unlock() - } - case packets.PUBACK, packets.PUBCOMP, packets.SUBACK, packets.UNSUBACK: - c.debug.Printf("received %s packet with id %d", recv.PacketType(), recv.PacketID()) - if cpCtx := c.MIDs.Get(recv.PacketID()); cpCtx != nil { - cpCtx.Return <- *recv + if pb.QoS > 0 { // QOS1 or 2 need to be recorded in session state + c.config.Session.PacketReceived(recv, c.publishPackets) } else { - c.debug.Println("received a response for a message ID we don't know:", recv.PacketID()) - } - case packets.PUBREC: - c.debug.Println("received PUBREC for", recv.PacketID()) - if cpCtx := c.MIDs.Get(recv.PacketID()); cpCtx == nil { - c.debug.Println("received a PUBREC for a message ID we don't know:", recv.PacketID()) - pl := packets.Pubrel{ - PacketID: recv.Content.(*packets.Pubrec).PacketID, - ReasonCode: 0x92, - } - c.debug.Println("sending PUBREL for", pl.PacketID) - _, err := pl.WriteTo(c.Conn) - if err != nil { - c.errors.Printf("failed to send PUBREL for %d: %s", pl.PacketID, err) - } - } else { - pr := recv.Content.(*packets.Pubrec) - if pr.ReasonCode >= 0x80 { - //Received a failure code, shortcut and return - cpCtx.Return <- *recv - } else { - pl := packets.Pubrel{ - PacketID: pr.PacketID, - } - c.debug.Println("sending PUBREL for", pl.PacketID) - _, err := pl.WriteTo(c.Conn) - if err != nil { - c.errors.Printf("failed to send PUBREL for %d: %s", pl.PacketID, err) - } - } - } - case packets.PUBREL: - c.debug.Println("received PUBREL for", recv.PacketID()) - //Auto respond to pubrels unless failure code - pr := recv.Content.(*packets.Pubrel) - if pr.ReasonCode >= 0x80 { - //Received a failure code, continue - continue - } else { - pc := packets.Pubcomp{ - PacketID: pr.PacketID, - } - c.debug.Println("sending PUBCOMP for", pr.PacketID) - _, err := pc.WriteTo(c.Conn) - if err != nil { - c.errors.Printf("failed to send PUBCOMP for %d: %s", pc.PacketID, err) + c.debug.Printf("received QoS%d PUBLISH", pb.QoS) + select { + case <-ctx.Done(): + return + case c.publishPackets <- pb: } } + case packets.PUBACK, packets.PUBCOMP, packets.SUBACK, packets.UNSUBACK, packets.PUBREC, packets.PUBREL: + c.config.Session.PacketReceived(recv, c.publishPackets) case packets.DISCONNECT: + pd := recv.Content.(*packets.Disconnect) c.debug.Println("received DISCONNECT") - if c.raCtx != nil { - c.raCtx.Return <- *recv + c.authResponseMu.Lock() + if c.authResponse != nil { + select { // authResponse must be buffered, and we should only receive 1 AUTH packet a time + case c.authResponse <- *recv: + default: + } } + c.authResponseMu.Unlock() + c.config.Session.ConnectionLost(pd) // this may impact the session state go func() { - if c.OnServerDisconnect != nil { - go c.serverDisconnect(DisconnectFromPacketDisconnect(recv.Content.(*packets.Disconnect))) + if c.config.OnServerDisconnect != nil { + go c.serverDisconnect(DisconnectFromPacketDisconnect(pd)) } else { go c.error(fmt.Errorf("server initiated disconnect")) } @@ -522,33 +561,37 @@ func (c *Client) incoming() { return case packets.PINGRESP: c.debug.Println("received PINGRESP") - c.PingHandler.PingResp() + c.config.PingHandler.PingResp() } } } } +// close terminates the connection and waits for a clean shutdown +// may be called multiple times (subsequent calls will wait on previously requested shutdown) func (c *Client) close() { - c.mu.Lock() - defer c.mu.Unlock() - - select { - case <-c.stop: - //already shutting down, do nothing - return - default: - } - - close(c.stop) - close(c.publishPackets) + c.cancelFunc() // cleanup handled by AfterFunc defined in Connect + <-c.done +} - c.debug.Println("client stopped") - c.PingHandler.Stop() - c.debug.Println("ping stopped") - _ = c.Conn.Close() +// shutdown cleanly shutdown the client +// This should only be called via the AfterFunc in `Connect` (shutdown must not be called more than once) +func (c *Client) shutdown(done chan<- struct{}) { + c.debug.Println("client stop requested") + _ = c.config.Conn.Close() c.debug.Println("conn closed") c.acksTracker.reset() c.debug.Println("acks tracker reset") + c.config.Session.ConnectionLost(nil) + if c.config.autoCloseSession { + if err := c.config.Session.Close(); err != nil { + c.errors.Println("error closing session", err) + } + } + c.debug.Println("session updated, waiting on workers") + c.workers.Wait() + c.debug.Println("workers done") + close(done) } // error is called to signify that an error situation has occurred, this @@ -558,15 +601,13 @@ func (c *Client) close() { func (c *Client) error(e error) { c.debug.Println("error called:", e) c.close() - c.workers.Wait() - go c.OnClientError(e) + go c.config.OnClientError(e) } func (c *Client) serverDisconnect(d *Disconnect) { c.close() - c.workers.Wait() c.debug.Println("calling OnServerDisconnect") - go c.OnServerDisconnect(d) + go c.config.OnServerDisconnect(d) } // Authenticate is used to initiate a reauthentication of credentials with the @@ -576,39 +617,39 @@ func (c *Client) serverDisconnect(d *Disconnect) { // is received. func (c *Client) Authenticate(ctx context.Context, a *Auth) (*AuthResponse, error) { c.debug.Println("client initiated reauthentication") - - c.mu.Lock() - if c.raCtx != nil { - c.mu.Unlock() + authResp := make(chan packets.ControlPacket, 1) + c.authResponseMu.Lock() + if c.authResponse != nil { + c.authResponseMu.Unlock() return nil, fmt.Errorf("previous authentication is still in progress") } - c.raCtx = &CPContext{ctx, make(chan packets.ControlPacket, 1)} - c.mu.Unlock() + c.authResponse = authResp + c.authResponseMu.Unlock() defer func() { - c.mu.Lock() - c.raCtx = nil - c.mu.Unlock() + c.authResponseMu.Lock() + c.authResponse = nil + c.authResponseMu.Unlock() }() c.debug.Println("sending AUTH") - if _, err := a.Packet().WriteTo(c.Conn); err != nil { + if _, err := a.Packet().WriteTo(c.config.Conn); err != nil { return nil, err } + c.config.PingHandler.PacketSent() var rp packets.ControlPacket select { case <-ctx.Done(): - if ctxErr := ctx.Err(); ctxErr != nil { - c.debug.Println(fmt.Sprintf("terminated due to context: %v", ctxErr)) - return nil, ctxErr - } - case rp = <-c.raCtx.Return: + ctxErr := ctx.Err() + c.debug.Println(fmt.Sprintf("terminated due to context waiting for AUTH: %v", ctxErr)) + return nil, ctxErr + case rp = <-authResp: } switch rp.Type { case packets.AUTH: - //If we've received one here it must be successful, the only way - //to abort a reauth is a server initiated disconnect + // If we've received one here it must be successful, the only way + // to abort a reauth is a server initiated disconnect return AuthResponseFromPacketAuth(rp.Content.(*packets.Auth)), nil case packets.DISCONNECT: return AuthResponseFromPacketDisconnect(rp.Content.(*packets.Disconnect)), nil @@ -626,50 +667,52 @@ func (c *Client) Subscribe(ctx context.Context, s *Subscribe) (*Suback, error) { for _, sub := range s.Subscriptions { if strings.ContainsAny(sub.Topic, "#+") { // Using a wildcard in a subscription when not supported - return nil, fmt.Errorf("cannot subscribe to %s, server does not support wildcards", sub.Topic) + return nil, fmt.Errorf("%w: cannot subscribe to %s, server does not support wildcards", ErrInvalidArguments, sub.Topic) } } } if !c.serverProps.SubIDAvailable && s.Properties != nil && s.Properties.SubscriptionIdentifier != nil { - return nil, fmt.Errorf("cannot send subscribe with subID set, server does not support subID") + return nil, fmt.Errorf("%w: cannot send subscribe with subID set, server does not support subID", ErrInvalidArguments) } if !c.serverProps.SharedSubAvailable { for _, sub := range s.Subscriptions { if strings.HasPrefix(sub.Topic, "$share") { - return nil, fmt.Errorf("cannont subscribe to %s, server does not support shared subscriptions", sub.Topic) + return nil, fmt.Errorf("%w: cannont subscribe to %s, server does not support shared subscriptions", ErrInvalidArguments, sub.Topic) } } } c.debug.Printf("subscribing to %+v", s.Subscriptions) - subCtx, cf := context.WithTimeout(ctx, c.PacketTimeout) - defer cf() - cpCtx := &CPContext{subCtx, make(chan packets.ControlPacket, 1)} - + ret := make(chan packets.ControlPacket, 1) sp := s.Packet() - - mid, err := c.MIDs.Request(cpCtx) - if err != nil { + if err := c.config.Session.AddToSession(ctx, sp, ret); err != nil { return nil, err } - defer c.MIDs.Free(mid) - sp.PacketID = mid - c.debug.Println("sending SUBSCRIBE") - if _, err := sp.WriteTo(c.Conn); err != nil { + // From this point on the message is in store, and ret will receive something regardless of whether we succeed in + // writing the packet to the connection or not. + if _, err := sp.WriteTo(c.config.Conn); err != nil { + // The packet will remain in the session state until `Session` is notified of the disconnection. return nil, err } + c.config.PingHandler.PacketSent() + c.debug.Println("waiting for SUBACK") + subCtx, cf := context.WithTimeout(ctx, c.config.PacketTimeout) + defer cf() var sap packets.ControlPacket select { case <-subCtx.Done(): - if ctxErr := subCtx.Err(); ctxErr != nil { - c.debug.Println(fmt.Sprintf("terminated due to context: %v", ctxErr)) - return nil, ctxErr - } - case sap = <-cpCtx.Return: + ctxErr := subCtx.Err() + c.debug.Println(fmt.Sprintf("terminated due to context waiting for SUBACK: %v", ctxErr)) + return nil, ctxErr + case sap = <-ret: + } + + if sap.Type == 0 { // default ControlPacket indicates we are shutting down + return nil, ErrConnectionLost } if sap.Type != packets.SUBACK { @@ -706,33 +749,35 @@ func (c *Client) Subscribe(ctx context.Context, s *Subscribe) (*Suback, error) { // is returned from the function, along with any errors. func (c *Client) Unsubscribe(ctx context.Context, u *Unsubscribe) (*Unsuback, error) { c.debug.Printf("unsubscribing from %+v", u.Topics) - unsubCtx, cf := context.WithTimeout(ctx, c.PacketTimeout) - defer cf() - cpCtx := &CPContext{unsubCtx, make(chan packets.ControlPacket, 1)} - + ret := make(chan packets.ControlPacket, 1) up := u.Packet() - - mid, err := c.MIDs.Request(cpCtx) - if err != nil { + if err := c.config.Session.AddToSession(ctx, up, ret); err != nil { return nil, err } - defer c.MIDs.Free(mid) - up.PacketID = mid - c.debug.Println("sending UNSUBSCRIBE") - if _, err := up.WriteTo(c.Conn); err != nil { + // From this point on the message is in store, and ret will receive something regardless of whether we succeed in + // writing the packet to the connection or not + if _, err := up.WriteTo(c.config.Conn); err != nil { + // The packet will remain in the session state until `Session` is notified of the disconnection. return nil, err } - c.debug.Println("waiting for UNSUBACK") + c.config.PingHandler.PacketSent() + + unsubCtx, cf := context.WithTimeout(ctx, c.config.PacketTimeout) + defer cf() var uap packets.ControlPacket + c.debug.Println("waiting for UNSUBACK") select { case <-unsubCtx.Done(): - if ctxErr := unsubCtx.Err(); ctxErr != nil { - c.debug.Println(fmt.Sprintf("terminated due to context: %v", ctxErr)) - return nil, ctxErr - } - case uap = <-cpCtx.Return: + ctxErr := unsubCtx.Err() + c.debug.Println(fmt.Sprintf("terminated due to context waiting for UNSUBACK: %v", ctxErr)) + return nil, ctxErr + case uap = <-ret: + } + + if uap.Type == 0 { // default ControlPacket indicates we are shutting down + return nil, ErrConnectionLost } if uap.Type != packets.UNSUBACK { @@ -764,27 +809,52 @@ func (c *Client) Unsubscribe(ctx context.Context, u *Unsubscribe) (*Unsuback, er } // Publish is used to send a publication to the MQTT server. -// It is passed a pre-prepared Publish packet and blocks waiting for -// the appropriate response, or for the timeout to fire. -// Any response message is returned from the function, along with any errors. +// It is passed a pre-prepared Publish packet and blocks waiting for the appropriate response, or for the timeout to fire. +// A PublishResponse is returned, which is relevant for QOS1+. For QOS0, a default success response is returned. +// Note that a message may still be delivered even if Publish times out (once the message is part of the session state, +// it may even be delivered following an application restart). +// Warning: Publish may outlive the connection when QOS1+ (managed in `session_state`) func (c *Client) Publish(ctx context.Context, p *Publish) (*PublishResponse, error) { + return c.PublishWithOptions(ctx, p, PublishOptions{}) +} + +type PublishMethod int + +const ( + PublishMethod_Blocking PublishMethod = iota // by default PublishWithOptions will block until the publish transaction is complete + PublishMethod_AsyncSend // PublishWithOptions will add the message to the session and then return (no method to check status is provided) +) + +// PublishOptions enables the behaviour of Publish to be modified +type PublishOptions struct { + // Method enables a degree of control over how PublishWithOptions operates + Method PublishMethod +} + +// PublishWithOptions is used to send a publication to the MQTT server (with options to customise its behaviour) +// It is passed a pre-prepared Publish packet and, by default, blocks waiting for the appropriate response, or for the +// timeout to fire. A PublishResponse is returned, which is relevant for QOS1+. For QOS0, a default success response is returned. +// Note that a message may still be delivered even if Publish times out (once the message is part of the session state, +// it may even be delivered following an application restart). +// Warning: Publish may outlive the connection when QOS1+ (managed in `session_state`) +func (c *Client) PublishWithOptions(ctx context.Context, p *Publish, o PublishOptions) (*PublishResponse, error) { if p.QoS > c.serverProps.MaximumQoS { - return nil, fmt.Errorf("cannot send Publish with QoS %d, server maximum QoS is %d", p.QoS, c.serverProps.MaximumQoS) + return nil, fmt.Errorf("%w: cannot send Publish with QoS %d, server maximum QoS is %d", ErrInvalidArguments, p.QoS, c.serverProps.MaximumQoS) } if p.Properties != nil && p.Properties.TopicAlias != nil { if c.serverProps.TopicAliasMaximum > 0 && *p.Properties.TopicAlias > c.serverProps.TopicAliasMaximum { - return nil, fmt.Errorf("cannot send publish with TopicAlias %d, server topic alias maximum is %d", *p.Properties.TopicAlias, c.serverProps.TopicAliasMaximum) + return nil, fmt.Errorf("%w: cannot send publish with TopicAlias %d, server topic alias maximum is %d", ErrInvalidArguments, *p.Properties.TopicAlias, c.serverProps.TopicAliasMaximum) } } if !c.serverProps.RetainAvailable && p.Retain { - return nil, fmt.Errorf("cannot send Publish with retain flag set, server does not support retained messages") + return nil, fmt.Errorf("%w: cannot send Publish with retain flag set, server does not support retained messages", ErrInvalidArguments) } if (p.Properties == nil || p.Properties.TopicAlias == nil) && p.Topic == "" { - return nil, fmt.Errorf("cannot send a publish with no TopicAlias and no Topic set") + return nil, fmt.Errorf("%w: cannot send a publish with no TopicAlias and no Topic set", ErrInvalidArguments) } - if c.ClientConfig.PublishHook != nil { - c.ClientConfig.PublishHook(p) + if c.config.PublishHook != nil { + c.config.PublishHook(p) } c.debug.Printf("sending message to %s", p.Topic) @@ -794,46 +864,54 @@ func (c *Client) Publish(ctx context.Context, p *Publish) (*PublishResponse, err switch p.QoS { case 0: c.debug.Println("sending QoS0 message") - if _, err := pb.WriteTo(c.Conn); err != nil { + if _, err := pb.WriteTo(c.config.Conn); err != nil { + go c.error(err) return nil, err } - return nil, nil + c.config.PingHandler.PacketSent() + return &PublishResponse{}, nil case 1, 2: - return c.publishQoS12(ctx, pb) + return c.publishQoS12(ctx, pb, o) } - return nil, fmt.Errorf("QoS isn't 0, 1 or 2") + return nil, fmt.Errorf("%w: QoS isn't 0, 1 or 2", ErrInvalidArguments) } -func (c *Client) publishQoS12(ctx context.Context, pb *packets.Publish) (*PublishResponse, error) { +func (c *Client) publishQoS12(ctx context.Context, pb *packets.Publish, o PublishOptions) (*PublishResponse, error) { c.debug.Println("sending QoS12 message") - pubCtx, cf := context.WithTimeout(ctx, c.PacketTimeout) + pubCtx, cf := context.WithTimeout(ctx, c.config.PacketTimeout) defer cf() - if err := c.serverInflight.Acquire(pubCtx, 1); err != nil { + + ret := make(chan packets.ControlPacket, 1) + if err := c.config.Session.AddToSession(pubCtx, pb, ret); err != nil { return nil, err } - defer c.serverInflight.Release(1) - cpCtx := &CPContext{pubCtx, make(chan packets.ControlPacket, 1)} - mid, err := c.MIDs.Request(cpCtx) - if err != nil { - return nil, err + // From this point on the message is in store, and ret will receive something regardless of whether we succeed in + // writing the packet to the connection + if _, err := pb.WriteTo(c.config.Conn); err != nil { + c.debug.Printf("failed to write packet %d to connection: %s", pb.PacketID, err) + if o.Method == PublishMethod_AsyncSend { + return nil, ErrNetworkErrorAfterStored // Async send, so we don't wait for the response (may add callbacks in the future to enable user to obtain status) + } } - defer c.MIDs.Free(mid) - pb.PacketID = mid + c.config.PingHandler.PacketSent() - if _, err := pb.WriteTo(c.Conn); err != nil { - return nil, err + if o.Method == PublishMethod_AsyncSend { + return nil, nil // Async send, so we don't wait for the response (may add callbacks in the future to enable user to obtain status) } - var resp packets.ControlPacket + var resp packets.ControlPacket select { case <-pubCtx.Done(): - if ctxErr := pubCtx.Err(); ctxErr != nil { - c.debug.Println(fmt.Sprintf("terminated due to context: %v", ctxErr)) - return nil, ctxErr - } - case resp = <-cpCtx.Return: + ctxErr := pubCtx.Err() + c.debug.Println(fmt.Sprintf("terminated due to context waiting for Publish ack: %v", ctxErr)) + return nil, ctxErr + case resp = <-ret: + } + + if resp.Type == 0 { // default ControlPacket indicates we are shutting down + return nil, errors.New("PUBLISH transmitted but not fully acknowledged at time of shutdown") } switch pb.QoS { @@ -867,7 +945,7 @@ func (c *Client) publishQoS12(ctx context.Context, pb *packets.Publish) (*Publis } func (c *Client) expectConnack(packet chan<- *packets.Connack, errs chan<- error) { - recv, err := packets.ReadPacket(c.Conn) + recv, err := packets.ReadPacket(c.config.Conn) if err != nil { errs <- err return @@ -877,17 +955,17 @@ func (c *Client) expectConnack(packet chan<- *packets.Connack, errs chan<- error c.debug.Println("received CONNACK") if r.ReasonCode == packets.ConnackSuccess && r.Properties != nil && r.Properties.AuthMethod != "" { // Successful connack and AuthMethod is defined, must have successfully authed during connect - go c.AuthHandler.Authenticated() + go c.config.AuthHandler.Authenticated() } packet <- r case *packets.Auth: c.debug.Println("received AUTH") - if c.AuthHandler == nil { + if c.config.AuthHandler == nil { errs <- fmt.Errorf("enhanced authentication flow started but no AuthHandler configured") return } c.debug.Println("sending AUTH") - _, err := c.AuthHandler.Authenticate(AuthFromPacketAuth(r)).Packet().WriteTo(c.Conn) + _, err := c.config.AuthHandler.Authenticate(AuthFromPacketAuth(r)).Packet().WriteTo(c.config.Conn) if err != nil { errs <- fmt.Errorf("error sending authentication packet: %w", err) return @@ -905,23 +983,77 @@ func (c *Client) expectConnack(packet chan<- *packets.Connack, errs chan<- error // (and if it does this function returns any error) the network connection // is closed. func (c *Client) Disconnect(d *Disconnect) error { - c.debug.Println("disconnecting") - _, err := d.Packet().WriteTo(c.Conn) + c.debug.Println("disconnecting", d) + _, err := d.Packet().WriteTo(c.config.Conn) c.close() - c.workers.Wait() return err } +// AddOnPublishReceived adds a function that will be called when a PUBLISH is received +// The new function will be called after any functions already in the list +// Returns a function that can be called to remove the callback +func (c *Client) AddOnPublishReceived(f func(PublishReceived) (bool, error)) func() { + c.onPublishReceivedMu.Lock() + defer c.onPublishReceivedMu.Unlock() + + c.onPublishReceived = append(c.onPublishReceived, f) + + // We insert a unique ID into the same position in onPublishReceivedTracker; this enables us to + // remove the handler later (without complicating onPublishReceived which will be called frequently) + var id int +idLoop: + for id = 0; ; id++ { + for _, used := range c.onPublishReceivedTracker { + if used == id { + continue idLoop + } + } + break + } + c.onPublishReceivedTracker = append(c.onPublishReceivedTracker, id) + + return func() { + c.onPublishReceivedMu.Lock() + defer c.onPublishReceivedMu.Unlock() + for pos, storedID := range c.onPublishReceivedTracker { + if id == storedID { + c.onPublishReceivedTracker = append(c.onPublishReceivedTracker[:pos], c.onPublishReceivedTracker[pos+1:]...) + c.onPublishReceived = append(c.onPublishReceived[:pos], c.onPublishReceived[pos+1:]...) + } + } + } +} + +// ClientID retrieves the client ID from the config (sometimes used in handlers that require the ID) +func (c *Client) ClientID() string { + return c.config.ClientID +} + // SetDebugLogger takes an instance of the paho Logger interface // and sets it to be used by the debug log endpoint -func (c *Client) SetDebugLogger(l Logger) { +func (c *Client) SetDebugLogger(l log.Logger) { c.debug = l + if c.config.autoCloseSession { // If we created the session store then it should use the same logger + c.config.Session.SetDebugLogger(l) + } + if c.config.defaultPinger { // Debug logger is set after the client is created so need to copy it to pinger + c.config.PingHandler.SetDebug(c.debug) + } } // SetErrorLogger takes an instance of the paho Logger interface // and sets it to be used by the error log endpoint -func (c *Client) SetErrorLogger(l Logger) { +func (c *Client) SetErrorLogger(l log.Logger) { c.errors = l + if c.config.autoCloseSession { // If we created the session store then it should use the same logger + c.config.Session.SetErrorLogger(l) + } +} + +// TerminateConnectionForTest closes the active connection (if any). This function is intended for testing only, it +// simulates connection loss which supports testing QOS1 and 2 message delivery. +func (c *Client) TerminateConnectionForTest() { + _ = c.config.Conn.Close() } diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_auth.go b/vendor/github.com/eclipse/paho.golang/paho/cp_auth.go index 6ccef9b47de..f2799166624 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_auth.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_auth.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" @@ -82,7 +97,7 @@ func AuthResponseFromPacketAuth(a *packets.Auth) *AuthResponse { // returns a paho library AuthResponse func AuthResponseFromPacketDisconnect(d *packets.Disconnect) *AuthResponse { return &AuthResponse{ - Success: true, + Success: false, ReasonCode: d.ReasonCode, Properties: &AuthProperties{ ReasonString: d.Properties.ReasonString, diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_connack.go b/vendor/github.com/eclipse/paho.golang/paho/cp_connack.go index 2a525eb48b0..ef8a58605f6 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_connack.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_connack.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_connect.go b/vendor/github.com/eclipse/paho.golang/paho/cp_connect.go index 8d731764d14..76adb183a0d 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_connect.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_connect.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" @@ -26,7 +41,6 @@ type ( WillDelayInterval *uint32 ReceiveMaximum *uint16 TopicAliasMaximum *uint16 - MaximumQOS *byte MaximumPacketSize *uint32 User UserProperties RequestProblemInfo bool @@ -47,7 +61,6 @@ func (c *Connect) InitProperties(p *packets.Properties) { RequestProblemInfo: true, ReceiveMaximum: p.ReceiveMaximum, TopicAliasMaximum: p.TopicAliasMaximum, - MaximumQOS: p.MaximumQOS, MaximumPacketSize: p.MaximumPacketSize, User: UserPropertiesFromPacketUser(p.User), } @@ -122,7 +135,6 @@ func (c *Connect) Packet() *packets.Connect { WillDelayInterval: c.Properties.WillDelayInterval, ReceiveMaximum: c.Properties.ReceiveMaximum, TopicAliasMaximum: c.Properties.TopicAliasMaximum, - MaximumQOS: c.Properties.MaximumQOS, MaximumPacketSize: c.Properties.MaximumPacketSize, User: c.Properties.User.ToPacketProperties(), } diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_disconnect.go b/vendor/github.com/eclipse/paho.golang/paho/cp_disconnect.go index 5caa85b147c..ac5931c40a1 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_disconnect.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_disconnect.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_publish.go b/vendor/github.com/eclipse/paho.golang/paho/cp_publish.go index 1bb9654b341..7f845e3d844 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_publish.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_publish.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( @@ -12,6 +27,7 @@ type ( Publish struct { PacketID uint16 QoS byte + duplicate bool // private because this should only ever be set in paho/session Retain bool Topic string Properties *PublishProperties @@ -52,26 +68,34 @@ func (p *Publish) InitProperties(prop *packets.Properties) { // returns a paho library Publish func PublishFromPacketPublish(p *packets.Publish) *Publish { v := &Publish{ - PacketID: p.PacketID, - QoS: p.QoS, - Retain: p.Retain, - Topic: p.Topic, - Payload: p.Payload, + PacketID: p.PacketID, + QoS: p.QoS, + duplicate: p.Duplicate, + Retain: p.Retain, + Topic: p.Topic, + Payload: p.Payload, } v.InitProperties(p.Properties) return v } +// Duplicate returns true if the duplicate flag is set (the server sets this if the message has +// been sent previously; this does not necessarily mean the client has previously processed the message). +func (p *Publish) Duplicate() bool { + return p.duplicate +} + // Packet returns a packets library Publish from the paho Publish // on which it is called func (p *Publish) Packet() *packets.Publish { v := &packets.Publish{ - PacketID: p.PacketID, - QoS: p.QoS, - Retain: p.Retain, - Topic: p.Topic, - Payload: p.Payload, + PacketID: p.PacketID, + QoS: p.QoS, + Duplicate: p.duplicate, + Retain: p.Retain, + Topic: p.Topic, + Payload: p.Payload, } if p.Properties != nil { v.Properties = &packets.Properties{ @@ -90,6 +114,9 @@ func (p *Publish) Packet() *packets.Publish { } func (p *Publish) String() string { + if p == nil { + return "Publish==nil" + } var b bytes.Buffer fmt.Fprintf(&b, "topic: %s qos: %d retain: %t\n", p.Topic, p.QoS, p.Retain) diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_pubresp.go b/vendor/github.com/eclipse/paho.golang/paho/cp_pubresp.go index 0c4e174aa00..bf47fca569e 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_pubresp.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_pubresp.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_suback.go b/vendor/github.com/eclipse/paho.golang/paho/cp_suback.go index c1034c26c30..f9bce038933 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_suback.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_suback.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_subscribe.go b/vendor/github.com/eclipse/paho.golang/paho/cp_subscribe.go index 52dc54017f2..04298accf0e 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_subscribe.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_subscribe.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_unsuback.go b/vendor/github.com/eclipse/paho.golang/paho/cp_unsuback.go index 15ca83885a0..d9f1ad2c127 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_unsuback.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_unsuback.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_unsubscribe.go b/vendor/github.com/eclipse/paho.golang/paho/cp_unsubscribe.go index 375b917c8f6..ff20acf9978 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_unsubscribe.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_unsubscribe.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import "github.com/eclipse/paho.golang/packets" diff --git a/vendor/github.com/eclipse/paho.golang/paho/cp_utils.go b/vendor/github.com/eclipse/paho.golang/paho/cp_utils.go index 2d7995f5ca7..a1ca35ebef0 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/cp_utils.go +++ b/vendor/github.com/eclipse/paho.golang/paho/cp_utils.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( diff --git a/vendor/github.com/eclipse/paho.golang/paho/log/test.go b/vendor/github.com/eclipse/paho.golang/paho/log/test.go new file mode 100644 index 00000000000..4e8ff4d7e3b --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/log/test.go @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package log + +import ( + "sync" + "time" +) + +// test implements a logger than can be passed a testing.T (which will only output logs for failed tests) + +// testLogger contains the logging functions provided by testing.T +type testLogger interface { + Log(args ...interface{}) + Logf(format string, args ...interface{}) +} + +// The TestLog type is an adapter to allow the use of testing.T as a paho.Logger. +// With this implementation, log messages will only be output when a test fails (and will be associated with the test). +type TestLog struct { + sync.Mutex + l testLogger + prefix string +} + +// NewTestLogger accepts a testLogger (e.g. Testing.T) and a prefix (added to messages logged) and returns a Logger +func NewTestLogger(l testLogger, prefix string) *TestLog { + return &TestLog{ + l: l, + prefix: prefix, + } +} + +// Println prints a line to the log +// Println its arguments in the test log (only printed if the test files or appropriate arguments passed to go test). +func (t *TestLog) Println(v ...interface{}) { + t.Lock() + defer t.Unlock() + if t.l != nil { + t.l.Log(append([]interface{}{time.Now().Format(time.RFC3339Nano), t.prefix}, v...)...) + } +} + +// Printf formats its arguments according to the format, analogous to fmt.Printf, and +// records the text in the test log (only printed if the test files or appropriate arguments passed to go test). +func (t *TestLog) Printf(format string, v ...interface{}) { + t.Lock() + defer t.Unlock() + if t.l != nil { + t.l.Logf(time.Now().Format(time.RFC3339Nano)+" "+t.prefix+format, v...) + } +} + +// Stop prevents future logging +// func (t *TestLog) Stop() { +// t.Lock() +// defer t.Unlock() +// t.l = nil +// } diff --git a/vendor/github.com/eclipse/paho.golang/paho/trace.go b/vendor/github.com/eclipse/paho.golang/paho/log/trace.go similarity index 55% rename from vendor/github.com/eclipse/paho.golang/paho/trace.go rename to vendor/github.com/eclipse/paho.golang/paho/log/trace.go index 586c9239891..8363f7254e4 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/trace.go +++ b/vendor/github.com/eclipse/paho.golang/paho/log/trace.go @@ -1,4 +1,19 @@ -package paho +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package log type ( // Logger interface allows implementations to provide to this package any diff --git a/vendor/github.com/eclipse/paho.golang/paho/message_ids.go b/vendor/github.com/eclipse/paho.golang/paho/message_ids.go deleted file mode 100644 index ad287b5c755..00000000000 --- a/vendor/github.com/eclipse/paho.golang/paho/message_ids.go +++ /dev/null @@ -1,110 +0,0 @@ -package paho - -import ( - "context" - "errors" - "sync" - - "github.com/eclipse/paho.golang/packets" -) - -const ( - midMin uint16 = 1 - midMax uint16 = 65535 -) - -// ErrorMidsExhausted is returned from Request() when there are no -// free message ids to be used. -var ErrorMidsExhausted = errors.New("all message ids in use") - -// MIDService defines the interface for a struct that handles the -// relationship between message ids and CPContexts -// Request() takes a *CPContext and returns a uint16 that is the -// messageid that should be used by the code that called Request() -// Get() takes a uint16 that is a messageid and returns the matching -// *CPContext that the MIDService has associated with that messageid -// Free() takes a uint16 that is a messageid and instructs the MIDService -// to mark that messageid as available for reuse -// Clear() resets the internal state of the MIDService -type MIDService interface { - Request(*CPContext) (uint16, error) - Get(uint16) *CPContext - Free(uint16) - Clear() -} - -// CPContext is the struct that is used to return responses to -// ControlPackets that have them, eg: the suback to a subscribe. -// The response packet is send down the Return channel and the -// Context is used to track timeouts. -type CPContext struct { - Context context.Context - Return chan packets.ControlPacket -} - -// MIDs is the default MIDService provided by this library. -// It uses a slice of *CPContext to track responses -// to messages with a messageid tracking the last used message id -type MIDs struct { - sync.Mutex - lastMid uint16 - index []*CPContext // index of slice is (messageid - 1) -} - -// Request is the library provided MIDService's implementation of -// the required interface function() -func (m *MIDs) Request(c *CPContext) (uint16, error) { - m.Lock() - defer m.Unlock() - - // Scan from lastMid to end of range. - for i := m.lastMid; i < midMax; i++ { - if m.index[i] != nil { - continue - } - m.index[i] = c - m.lastMid = i + 1 - return i + 1, nil - } - // Scan from start of range to lastMid - for i := uint16(0); i < m.lastMid; i++ { - if m.index[i] != nil { - continue - } - m.index[i] = c - m.lastMid = i + 1 - return i + 1, nil - } - - return 0, ErrorMidsExhausted -} - -// Get is the library provided MIDService's implementation of -// the required interface function() -func (m *MIDs) Get(i uint16) *CPContext { - // 0 Packet Identifier is invalid but just in case handled with returning nil to avoid panic. - if i == 0 { - return nil - } - m.Lock() - defer m.Unlock() - return m.index[i-1] -} - -// Free is the library provided MIDService's implementation of -// the required interface function() -func (m *MIDs) Free(i uint16) { - // 0 Packet Identifier is invalid but just in case handled to avoid panic. - if i == 0 { - return - } - m.Lock() - m.index[i-1] = nil - m.Unlock() -} - -// Clear is the library provided MIDService's implementation of -// the required interface function() -func (m *MIDs) Clear() { - m.index = make([]*CPContext, int(midMax)) -} diff --git a/vendor/github.com/eclipse/paho.golang/paho/noop_persistence.go b/vendor/github.com/eclipse/paho.golang/paho/noop_persistence.go deleted file mode 100644 index d2d15704f1e..00000000000 --- a/vendor/github.com/eclipse/paho.golang/paho/noop_persistence.go +++ /dev/null @@ -1,23 +0,0 @@ -package paho - -import "github.com/eclipse/paho.golang/packets" - -type noopPersistence struct{} - -func (n *noopPersistence) Open() {} - -func (n *noopPersistence) Put(id uint16, cp packets.ControlPacket) {} - -func (n *noopPersistence) Get(id uint16) packets.ControlPacket { - return packets.ControlPacket{} -} - -func (n *noopPersistence) All() []packets.ControlPacket { - return nil -} - -func (n *noopPersistence) Delete(id uint16) {} - -func (n *noopPersistence) Close() {} - -func (n *noopPersistence) Reset() {} diff --git a/vendor/github.com/eclipse/paho.golang/paho/persistence.go b/vendor/github.com/eclipse/paho.golang/paho/persistence.go deleted file mode 100644 index f02b846cc2d..00000000000 --- a/vendor/github.com/eclipse/paho.golang/paho/persistence.go +++ /dev/null @@ -1,98 +0,0 @@ -package paho - -import ( - "sync" - - "github.com/eclipse/paho.golang/packets" -) - -// Persistence is an interface of the functions for a struct -// that is used to persist ControlPackets. -// Open() is an initialiser to prepare the Persistence for use -// Put() takes a uint16 which is a messageid and a ControlPacket -// to persist against that messageid -// Get() takes a uint16 which is a messageid and returns the -// persisted ControlPacket from the Persistence for that messageid -// All() returns a slice of all ControlPackets persisted -// Delete() takes a uint16 which is a messageid and deletes the -// associated stored ControlPacket from the Persistence -// Close() closes the Persistence -// Reset() clears the Persistence and prepares it to be reused -type Persistence interface { - Open() - Put(uint16, packets.ControlPacket) - Get(uint16) packets.ControlPacket - All() []packets.ControlPacket - Delete(uint16) - Close() - Reset() -} - -// MemoryPersistence is an implementation of a Persistence -// that stores the ControlPackets in memory using a map -type MemoryPersistence struct { - sync.RWMutex - packets map[uint16]packets.ControlPacket -} - -// Open is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) Open() { - m.Lock() - m.packets = make(map[uint16]packets.ControlPacket) - m.Unlock() -} - -// Put is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) Put(id uint16, cp packets.ControlPacket) { - m.Lock() - m.packets[id] = cp - m.Unlock() -} - -// Get is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) Get(id uint16) packets.ControlPacket { - m.RLock() - defer m.RUnlock() - return m.packets[id] -} - -// All is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) All() []packets.ControlPacket { - m.Lock() - defer m.RUnlock() - ret := make([]packets.ControlPacket, len(m.packets)) - - for _, cp := range m.packets { - ret = append(ret, cp) - } - - return ret -} - -// Delete is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) Delete(id uint16) { - m.Lock() - delete(m.packets, id) - m.Unlock() -} - -// Close is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) Close() { - m.Lock() - m.packets = nil - m.Unlock() -} - -// Reset is the library provided MemoryPersistence's implementation of -// the required interface function() -func (m *MemoryPersistence) Reset() { - m.Lock() - m.packets = make(map[uint16]packets.ControlPacket) - m.Unlock() -} diff --git a/vendor/github.com/eclipse/paho.golang/paho/pinger.go b/vendor/github.com/eclipse/paho.golang/paho/pinger.go index e135d25acfe..67c1e84aa26 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/pinger.go +++ b/vendor/github.com/eclipse/paho.golang/paho/pinger.go @@ -1,122 +1,168 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( + "context" "fmt" "net" "sync" - "sync/atomic" "time" "github.com/eclipse/paho.golang/packets" + "github.com/eclipse/paho.golang/paho/log" ) -// PingFailHandler is a type for the function that is invoked -// when we have sent a Pingreq to the server and not received -// a Pingresp within 1.5x our pingtimeout -type PingFailHandler func(error) - -// Pinger is an interface of the functions for a struct that is -// used to manage sending PingRequests and responding to -// PingResponses -// Start() takes a net.Conn which is a connection over which an -// MQTT session has already been established, and a time.Duration -// of the keepalive setting passed to the server when the MQTT -// session was established. -// Stop() is used to stop the Pinger -// PingResp() is the function that is called by the Client when -// a PingResponse is received -// SetDebug() is used to pass in a Logger to be used to log debug -// information, for example sharing a logger with the main client type Pinger interface { - Start(net.Conn, time.Duration) - Stop() + // Run starts the pinger. It blocks until the pinger is stopped. + // If the pinger stops due to an error, it returns the error. + // If the keepAlive is 0, it returns nil immediately. + // Run() may be called multiple times, but only after prior instances have terminated. + Run(ctx context.Context, conn net.Conn, keepAlive uint16) error + + // PacketSent is called when a packet is sent to the server. + PacketSent() + + // PacketReceived is called when a packet (possibly a PINGRESP) is received from the server + PacketReceived() + + // PingResp is called when a PINGRESP is received from the server. PingResp() - SetDebug(Logger) + + // SetDebug sets the logger for debugging. + // It is not thread-safe and must be called before Run() to avoid race conditions. + SetDebug(log.Logger) } -// PingHandler is the library provided default Pinger -type PingHandler struct { - mu sync.Mutex - lastPing time.Time - conn net.Conn - stop chan struct{} - pingFailHandler PingFailHandler - pingOutstanding int32 - debug Logger +// DefaultPinger is the default implementation of Pinger. +type DefaultPinger struct { + lastPacketSent time.Time + lastPacketReceived time.Time + lastPingResponse time.Time + + debug log.Logger + + running bool // Used to prevent concurrent calls to Run + + mu sync.Mutex // Protects all of the above } -// DefaultPingerWithCustomFailHandler returns an instance of the -// default Pinger but with a custom PingFailHandler that is called -// when the client has not received a response to a PingRequest -// within the appropriate amount of time -func DefaultPingerWithCustomFailHandler(pfh PingFailHandler) *PingHandler { - return &PingHandler{ - pingFailHandler: pfh, - debug: NOOPLogger{}, +// NewDefaultPinger creates a DefaultPinger +func NewDefaultPinger() *DefaultPinger { + return &DefaultPinger{ + debug: log.NOOPLogger{}, } } -// Start is the library provided Pinger's implementation of -// the required interface function() -func (p *PingHandler) Start(c net.Conn, pt time.Duration) { +// Run starts the pinger; blocks until done (either context cancelled or error encountered) +func (p *DefaultPinger) Run(ctx context.Context, conn net.Conn, keepAlive uint16) error { + if keepAlive == 0 { + p.debug.Println("Run() returning immediately due to keepAlive == 0") + return nil + } + if conn == nil { + return fmt.Errorf("conn is nil") + } p.mu.Lock() - p.conn = c - p.stop = make(chan struct{}) + if p.running { + p.mu.Unlock() + return fmt.Errorf("Run() already in progress") + } + p.running = true p.mu.Unlock() - checkTicker := time.NewTicker(pt / 4) - defer checkTicker.Stop() + defer func() { + p.mu.Lock() + p.running = false + p.mu.Unlock() + }() + + interval := time.Duration(keepAlive) * time.Second + timer := time.NewTimer(0) // Immediately send first pingreq + // If timer is not stopped, it cannot be garbage collected until it fires. + defer timer.Stop() + var lastPingSent time.Time + // errCh should be buffered, so that the goroutine sending the error does not block if the context is cancelled + errCh := make(chan error, 1) for { select { - case <-p.stop: - return - case <-checkTicker.C: - if atomic.LoadInt32(&p.pingOutstanding) > 0 && time.Since(p.lastPing) > (pt+pt>>1) { - p.pingFailHandler(fmt.Errorf("ping resp timed out")) - //ping outstanding and not reset in 1.5 times ping timer - return + case <-ctx.Done(): + return nil + case t := <-timer.C: + p.mu.Lock() + lastPingResponse := p.lastPingResponse + // The MQTT Spec only requires that a ping be sent if no control packets have been SENT within the keepalive + // period (MQTT-3.1.2-20). Only sending PING in that one case can cause issues if the only activity is + // outgoing messages, a half-open connection should result in a TCP timeout but this can take a long time + //(issue #288). To address this we PING if we have not both sent, and received, packets within keepAlive. + var pingDue time.Time + if p.lastPacketSent.Before(p.lastPacketReceived) { + pingDue = p.lastPacketSent.Add(interval) + } else { + pingDue = p.lastPacketReceived.Add(interval) } - if time.Since(p.lastPing) >= pt { - //time to send a ping - if _, err := packets.NewControlPacket(packets.PINGREQ).WriteTo(p.conn); err != nil { - if p.pingFailHandler != nil { - p.pingFailHandler(err) - } - return - } - atomic.AddInt32(&p.pingOutstanding, 1) - p.lastPing = time.Now() - p.debug.Println("pingHandler sending ping request") + p.mu.Unlock() + + if !lastPingSent.IsZero() && lastPingSent.After(lastPingResponse) { + p.debug.Printf("DefaultPinger PINGRESP timeout") + return fmt.Errorf("PINGRESP timed out") } + + if t.Before(pingDue) { + // A Control Packet has been sent since we last checked, meaning the ping can be delayed + timer.Reset(pingDue.Sub(t)) + continue + } + lastPingSent = time.Now() + go func() { + // WriteTo may not complete within KeepAlive period due to slow/unstable network. + // For instance, if a huge message is sent over a very slow link at the same time as PINGREQ packet, + // the Write operation may block for longer than KeepAlive interval. + // Note: connection closure unblocks the Write operation. So, the goroutine is not leaked. + if _, err := packets.NewControlPacket(packets.PINGREQ).WriteTo(conn); err != nil { + p.debug.Printf("DefaultPinger packet write error: %v", err) + errCh <- fmt.Errorf("failed to send PINGREQ: %w", err) + } + }() + timer.Reset(interval) + case err := <-errCh: + return err } } } -// Stop is the library provided Pinger's implementation of -// the required interface function() -func (p *PingHandler) Stop() { +func (p *DefaultPinger) PacketSent() { p.mu.Lock() defer p.mu.Unlock() - if p.stop == nil { - return - } - p.debug.Println("pingHandler stopping") - select { - case <-p.stop: - //Already stopped, do nothing - default: - close(p.stop) - } + p.lastPacketSent = time.Now() } -// PingResp is the library provided Pinger's implementation of -// the required interface function() -func (p *PingHandler) PingResp() { - p.debug.Println("pingHandler resetting pingOutstanding") - atomic.StoreInt32(&p.pingOutstanding, 0) +func (p *DefaultPinger) PacketReceived() { + p.mu.Lock() + defer p.mu.Unlock() + p.lastPacketReceived = time.Now() } -// SetDebug sets the logger l to be used for printing debug -// information for the pinger -func (p *PingHandler) SetDebug(l Logger) { - p.debug = l +func (p *DefaultPinger) PingResp() { + p.mu.Lock() + defer p.mu.Unlock() + p.lastPingResponse = time.Now() +} + +func (p *DefaultPinger) SetDebug(debug log.Logger) { + p.mu.Lock() + defer p.mu.Unlock() + p.debug = debug } diff --git a/vendor/github.com/eclipse/paho.golang/paho/router.go b/vendor/github.com/eclipse/paho.golang/paho/router.go index 05031596f29..dc6fa7062f5 100644 --- a/vendor/github.com/eclipse/paho.golang/paho/router.go +++ b/vendor/github.com/eclipse/paho.golang/paho/router.go @@ -1,3 +1,18 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + package paho import ( @@ -5,10 +20,14 @@ import ( "sync" "github.com/eclipse/paho.golang/packets" + "github.com/eclipse/paho.golang/paho/log" ) // MessageHandler is a type for a function that is invoked // by a Router when it has received a Publish. +// MessageHandlers should complete quickly (start a go routine for +// long-running processes) and should not call functions within the +// paho instance that triggered them (due to potential deadlocks). type MessageHandler func(*Publish) // Router is an interface of the functions for a struct that is @@ -24,16 +43,17 @@ type Router interface { RegisterHandler(string, MessageHandler) UnregisterHandler(string) Route(*packets.Publish) - SetDebugLogger(Logger) + SetDebugLogger(log.Logger) } // StandardRouter is a library provided implementation of a Router that // allows for unique and multiple MessageHandlers per topic type StandardRouter struct { sync.RWMutex - subscriptions map[string][]MessageHandler - aliases map[uint16]string - debug Logger + defaultHandler MessageHandler + subscriptions map[string][]MessageHandler + aliases map[uint16]string + debug log.Logger } // NewStandardRouter instantiates and returns an instance of a StandardRouter @@ -41,10 +61,19 @@ func NewStandardRouter() *StandardRouter { return &StandardRouter{ subscriptions: make(map[string][]MessageHandler), aliases: make(map[uint16]string), - debug: NOOPLogger{}, + debug: log.NOOPLogger{}, } } +// NewStandardRouterWithDefault instantiates and returns an instance of a StandardRouter +// with the default handler set to the value passed in (for convenience when creating +// handler inline). +func NewStandardRouterWithDefault(h MessageHandler) *StandardRouter { + r := NewStandardRouter() + r.DefaultHandler(h) + return r +} + // RegisterHandler is the library provided StandardRouter's // implementation of the required interface function() func (r *StandardRouter) RegisterHandler(topic string, h MessageHandler) { @@ -78,7 +107,7 @@ func (r *StandardRouter) Route(pb *packets.Publish) { if pb.Properties.TopicAlias != nil { r.debug.Println("message is using topic aliasing") if pb.Topic != "" { - //Register new alias + // Register new alias r.debug.Printf("registering new topic alias '%d' for topic '%s'", *pb.Properties.TopicAlias, m.Topic) r.aliases[*pb.Properties.TopicAlias] = pb.Topic } @@ -90,22 +119,37 @@ func (r *StandardRouter) Route(pb *packets.Publish) { topic = m.Topic } + handlerCalled := false for route, handlers := range r.subscriptions { if match(route, topic) { r.debug.Println("found handler for:", route) for _, handler := range handlers { handler(m) + handlerCalled = true } } } + + if !handlerCalled && r.defaultHandler != nil { + r.defaultHandler(m) + } } // SetDebugLogger sets the logger l to be used for printing debug // information for the router -func (r *StandardRouter) SetDebugLogger(l Logger) { +func (r *StandardRouter) SetDebugLogger(l log.Logger) { r.debug = l } +// DefaultHandler sets handler to be called for messages that don't trigger another handler +// Pass nil to unset. +func (r *StandardRouter) DefaultHandler(h MessageHandler) { + r.debug.Println("registering default handler") + r.Lock() + defer r.Unlock() + r.defaultHandler = h +} + func match(route, topic string) bool { return route == topic || routeIncludesTopic(route, topic) } @@ -153,60 +197,12 @@ func topicSplit(topic string) []string { return strings.Split(topic, "/") } -// SingleHandlerRouter is a library provided implementation of a Router -// that stores only a single MessageHandler and invokes this MessageHandler -// for all received Publishes -type SingleHandlerRouter struct { - sync.Mutex - aliases map[uint16]string - handler MessageHandler - debug Logger -} - -// NewSingleHandlerRouter instantiates and returns an instance of a SingleHandlerRouter -func NewSingleHandlerRouter(h MessageHandler) *SingleHandlerRouter { - return &SingleHandlerRouter{ - aliases: make(map[uint16]string), - handler: h, - debug: NOOPLogger{}, - } -} - -// RegisterHandler is the library provided SingleHandlerRouter's -// implementation of the required interface function() -func (s *SingleHandlerRouter) RegisterHandler(topic string, h MessageHandler) { - s.debug.Println("registering handler for:", topic) - s.handler = h -} - -// UnregisterHandler is the library provided SingleHandlerRouter's -// implementation of the required interface function() -func (s *SingleHandlerRouter) UnregisterHandler(topic string) {} - -// Route is the library provided SingleHandlerRouter's -// implementation of the required interface function() -func (s *SingleHandlerRouter) Route(pb *packets.Publish) { - m := PublishFromPacketPublish(pb) - - s.debug.Println("routing message for:", m.Topic) - - if pb.Properties.TopicAlias != nil { - s.debug.Println("message is using topic aliasing") - if pb.Topic != "" { - //Register new alias - s.debug.Printf("registering new topic alias '%d' for topic '%s'", *pb.Properties.TopicAlias, m.Topic) - s.aliases[*pb.Properties.TopicAlias] = pb.Topic - } - if t, ok := s.aliases[*pb.Properties.TopicAlias]; ok { - s.debug.Printf("aliased topic '%d' translates to '%s'", *pb.Properties.TopicAlias, m.Topic) - m.Topic = t - } - } - s.handler(m) -} - -// SetDebugLogger sets the logger l to be used for printing debug -// information for the router -func (s *SingleHandlerRouter) SetDebugLogger(l Logger) { - s.debug = l +// NewSingleHandlerRouter instantiates a router that will call the passed in message handler for all +// inbound messages (assuming `RegisterHandler` is never called). +// +// Deprecated: SingleHandlerRouter has been removed because it did not meet the requirements set out +// in the `Router` interface documentation. This function is only included to maintain compatibility, +// but there are limits (this version does not ignore calls to `RegisterHandler`). +func NewSingleHandlerRouter(h MessageHandler) *StandardRouter { + return NewStandardRouterWithDefault(h) } diff --git a/vendor/github.com/eclipse/paho.golang/paho/session/session.go b/vendor/github.com/eclipse/paho.golang/paho/session/session.go new file mode 100644 index 00000000000..a8d4a534945 --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/session/session.go @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package session + +import ( + "context" + "errors" + "io" + + "github.com/eclipse/paho.golang/packets" + paholog "github.com/eclipse/paho.golang/paho/log" +) + +// The session state includes: +// * Inflight QOS1/2 Publish transactions (both sent and received) +// * All requests + +var ( + ErrNoConnection = errors.New("no connection available") // We are not in-between a call to ConAckReceived and ConnectionLost + ErrPacketIdentifiersExhausted = errors.New("all packet identifiers in use") // There are no available Packet IDs +) + +// Packet provides sufficient functionality to enable a packet to be transmitted with a packet identifier +type Packet interface { + SetIdentifier(uint16) // Sets the packet identifier + Type() byte // Gets the packet type + WriteTo(io.Writer) (int64, error) +} + +// SessionManager will manage the mqtt session state; note that the state may outlast a single `Client` instance +type SessionManager interface { + // ConAckReceived must be called when a CONNACK has been received (with no error). If an error is returned + // then the connection will be dropped. + ConAckReceived(io.Writer, *packets.Connect, *packets.Connack) error + + // ConnectionLost must be called whenever the connection is lost or a DISCONNECT packet is received. It can be + // called multiple times for the same event as long as ConAckReceived is not called in the interim. + ConnectionLost(dp *packets.Disconnect) error + + // AddToSession adds a packet to the session state (including allocation of a message identifier). + // This should only be used for packets that impact the session state (which does not include QOS0 publish). + // If this function returns a nil then: + // - A message Identifier has been added to the passed in packet + // - If a `PUBLISH` then a slot has been allocated (function will block if RECEIVE MAXIMUM messages are inflight) + // - Publish messages will have been written to the store (and will be automatically transmitted if a new connection + // is established before the message is fully acknowledged - subject to state rules in the MQTTv5 spec) + // - Something will be sent to `resp` when either the message is fully acknowledged or the packet is removed from + // the session (in which case nil will be sent). + // + // If the function returns an error, then any actions taken will be rewound prior to return. + AddToSession(ctx context.Context, packet Packet, resp chan<- packets.ControlPacket) error + + // PacketReceived must be called when any packet with a packet identifier is received. It will make any required + // response and pass any `PUBLISH` messages that need to be passed to the user via the channel. + PacketReceived(*packets.ControlPacket, chan<- *packets.Publish) error + + // Ack must be called when the client message handlers have completed (or, if manual acknowledgements are enabled, + // when`client.ACK()` has been called - note the potential issues discussed in issue #160. + Ack(pb *packets.Publish) error + + // Close shuts down the session store, this will release any blocked calls + // Note: `paho` will only call this if it created the session (i.e. it was not passed in the config) + Close() error + + // SetErrorLogger enables error logging via the passed logger (not thread safe) + SetErrorLogger(l paholog.Logger) + + // SetDebugLogger enables debug logging via the passed logger (not thread safe) + SetDebugLogger(l paholog.Logger) +} diff --git a/vendor/github.com/eclipse/paho.golang/paho/session/state/readme.md b/vendor/github.com/eclipse/paho.golang/paho/session/state/readme.md new file mode 100644 index 00000000000..cbeec0f88ea --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/session/state/readme.md @@ -0,0 +1,5 @@ +paho.golang/paho/session/state +============================== + +This is an implementation of the `paho.golang/paho/session.SessionManager` interface and is the implementation used +by default (should be suitable for mose use cases but can be replaced if it does not meet your needs). \ No newline at end of file diff --git a/vendor/github.com/eclipse/paho.golang/paho/session/state/sendquota.go b/vendor/github.com/eclipse/paho.golang/paho/session/state/sendquota.go new file mode 100644 index 00000000000..d48f053037d --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/session/state/sendquota.go @@ -0,0 +1,130 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package state + +import ( + "context" + "errors" + "fmt" + "sync" +) + +// Implements send quota as described in section 4.9 of the spec. This is used to honour the receive-maximum +// received from the broker; each time a qos1/2 PUBLISH is to be sent `Acquire` must be called, and this will +// block until a slot is available (`Release` is called when the message is fully acknowledged). + +// This function was previously performed by `golang.org/x/sync/semaphore` but, as per the MQTT spec: +// +// > The send quota is not incremented if it is already equal to the initial send quota. The attempt to increment above +// > the initial send quota might be caused by the re-transmission of a PUBREL packet after a new Network Connection is +// > established. +// +// The result of this happening with `semaphore` is a `panic` which is not ideal. +// It is also possible (as per issue #179) that bugs, or unexpected circumstances, may result in the same situation. For +// example: if the local session state is lost but there is a session state on the server (meaning it sends an unexpected +// PUBACK). +// +// Note: If the broker does not correctly acknowledge messages, then the quota will be consumed over time. There +// should probably be a process to drop the connection if there are no slots available and no acknowledgements have been +// received recently. + +// ErrUnexpectedRelease is for logging only (to help identify if there are issues with state management) +var ErrUnexpectedRelease = errors.New("release called when quota at initial value") + +// newSendQuota creates a new tracker limited to quota concurrent messages +func newSendQuota(quota uint16) *sendQuota { + w := &sendQuota{initialQuota: quota, quota: quota} + return w +} + +// sendQuota provides a way to bound concurrent access to a resource. +// The callers can request access with a given weight. +type sendQuota struct { + mu sync.Mutex + initialQuota uint16 + quota uint16 + waiters []chan<- struct{} // using a slice because would generally expect this to be small +} + +// Retransmit takes a slot for a message that is being redelivered and will never block. +// This is not in compliance with the MQTT v5 spec and should be removed in the future. +func (s *sendQuota) Retransmit() error { + return s.acquire(context.Background(), true) +} + +// Acquire waits for a slot to become available so a message can be published +// If ctx is already done, Acquire may still succeed without blocking. +func (s *sendQuota) Acquire(ctx context.Context) error { + return s.acquire(ctx, false) +} + +// acquire attempts to allocate a slot for a message to be published +// If noWait is true quota will be ignored and the call will return immediately, otherwise acquire will block +// until a slot is available. +func (s *sendQuota) acquire(ctx context.Context, noWait bool) error { + s.mu.Lock() + if noWait || (s.quota > 0 && len(s.waiters) == 0) { + s.quota-- // Note: can go < 0 if noWait used + s.mu.Unlock() + return nil + } + + // We need to join the queue + ready := make(chan struct{}) + s.waiters = append(s.waiters, ready) + s.mu.Unlock() + + var err error + select { + case <-ctx.Done(): + err = ctx.Err() + s.mu.Lock() + select { + case <-ready: // If ready then already removed from s.waiters + // Acquired the semaphore after we were cancelled. Rather than trying to + // fix up the queue, just pretend we didn't notice the cancellation. + err = nil + fmt.Println("quota released entry but ready so nil error ", s.quota) + default: + // Remove ourselves from the list of waiters + for i, r := range s.waiters { + if ready == r { + s.waiters = append(s.waiters[:i], s.waiters[i+1:]...) + } + } + } + s.mu.Unlock() + case <-ready: // Note that quota already accounts for this item + } + return err +} + +// Release releases slot +func (s *sendQuota) Release() error { + s.mu.Lock() + defer s.mu.Unlock() + + if s.quota >= 0 && len(s.waiters) > 0 { // Possible quota could go negative when using noWait + close(s.waiters[0]) + s.waiters = append(s.waiters[:0], s.waiters[1:]...) + return nil + } + if s.quota < s.initialQuota { + s.quota++ + return nil + } + return ErrUnexpectedRelease +} diff --git a/vendor/github.com/eclipse/paho.golang/paho/session/state/state.go b/vendor/github.com/eclipse/paho.golang/paho/session/state/state.go new file mode 100644 index 00000000000..bd197046e99 --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/session/state/state.go @@ -0,0 +1,739 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package state + +import ( + "context" + "errors" + "fmt" + "io" + "sync" + "time" + + "github.com/eclipse/paho.golang/packets" + paholog "github.com/eclipse/paho.golang/paho/log" + "github.com/eclipse/paho.golang/paho/session" + "github.com/eclipse/paho.golang/paho/store/memory" +) + +// The Session State, as per the MQTT spec, contains: +// +// > QoS 1 and QoS 2 messages which have been sent to the Server, but have not been completely acknowledged. +// > QoS 2 messages which have been received from the Server, but have not been completely acknowledged. +// +// and, importantly, is used when resending as follows: +// +// > When a Client reconnects with Clean Start set to 0 and a session is present, both the Client and Server MUST resend +// > any unacknowledged PUBLISH packets (where QoS > 0) and PUBREL packets using their original Packet Identifiers. This +// > is the only circumstance where a Client or Server is REQUIRED to resend messages. Clients and Servers MUST NOT +// > resend messages at any other time +// +// There are a few other areas where the State is important: +// * When allocating a new packet identifier we need to know what Id's are already in the session state. +// * If a QOS2 Publish with `DUP=TRUE` is received then we should not pass it to the client if we have previously +// sent a `PUBREC` (indicating that the message has already been processed). +// * Some subscribers may need a transaction (i.e. commit transaction when `PUBREL` received), this is not implemented +// here, but the option is left open. +// +// This means that the following information may need to be retained after the connection is lost: +// * The IDs of any transactions initiated by the client (so that we don't reuse IDs and can notify the requester (if +// known) when a response is received or the request is removed from the state). +// * For client initiated publish: +// * Outgoing `PUBLISH` packets to allow resend. +// * Outgoing `PUBREL` packets to allow resend. +// * For server initiated publish: +// * Outgoing `PUBREL` packets. The fact that this has been sent indicates that the user app has acknowledged the +// message, and it should not be re-presented (doing so would breach the "exactly once" requirement). +// * In memory only - the fact that a QOS2 PUBLISH has been received and sent to the handler, but not acknowledged. +// This allows us to avoid presenting the message a second time (if the application is restarted, we have no option +// but to re-present it because we have no way of knowing if the application completed handling it). +// +// It is important to note that there are packets with identifiers that do not form part of the session state +// (SUBSCRIBE, SUBACK, UNSUBSCRIBE, UNSUBACK). Whilst these will never be stored to disk, it is important to track +// the packet IDs to ensure we don't reuse them. +// For packets relating to client-initiated transactions sent during a `session.State` lifetime we also want to link +// a channel to the message ID so that we can notify our user when the transaction is complete (allowing a call to, for +// instance `Publish()` to block until the message is fully acknowledged even if we disconnect/reconnect in the interim. + +const ( + midMin uint16 = 1 + midMax uint16 = 65535 +) + +type ( + // clientGenerated holds information on client-generated packets (e.g. an outgoing SUBSCRIBE request) + clientGenerated struct { + packetType byte // The type of the last packet sent (i.e. PUBLISH, SUBSCRIBE or UNSUBSCRIBE) - 0 means unknown until loaded from the store + + // When a message is fully acknowledged, we need to let the requester know by sending the final response to this + // channel. One and only one message will be sent (the channel will then be closed to ensure this!). + // We also guarantee to always send to the channel (assuming there is a clean shutdown) so that the end user knows + // the status of the request. + responseChan chan<- packets.ControlPacket + } +) + +// State manages the session state. The client will send messages that may impact the state via +// us, and we will maintain the session state +type State struct { + mu sync.Mutex // protects whole struct (operations should be quick, so the impact of multiple mutexes is likely to be low) + connectionLostAt time.Time // Time that the connection was lost + sessionExpiryInterval uint32 // The session expiry interval sent with the most recent CONNECT packet + + conn io.Writer // current connection or nil if we are not connected + connCtx context.Context // Context will be closed if the connection is lost (only valid when conn != nil) + connCtxCancel func() // Cancels the above context + + // client store - holds packets where the message ID was generated on the client (i.e. by paho.golang) + clientPackets map[uint16]clientGenerated // Store relating to messages sent TO the server + clientStore storer // Used to store session state that survives connection loss + lastMid uint16 // The message ID most recently issued + + // server store - holds packets where the message ID was generated on the server + serverPackets map[uint16]byte // The last packet received from the server with this ID (cleared when the transaction is complete) + serverStore storer // Used to store session state that survives connection loss + + // The number of messages in flight needs to be limited, as per receive maximum received from the server. + inflight *sendQuota + + debug paholog.Logger + errors paholog.Logger +} + +// New creates a new state which will persist information using the passed in storer's. +func New(client storer, server storer) *State { + return &State{ + clientStore: client, + serverStore: server, + debug: paholog.NOOPLogger{}, + errors: paholog.NOOPLogger{}, + } +} + +// NewInMemory returns a default State that stores all information in memory +func NewInMemory() *State { + return &State{ + clientStore: memory.New(), + serverStore: memory.New(), + debug: paholog.NOOPLogger{}, + errors: paholog.NOOPLogger{}, + } +} + +// Close closes the session state +func (s *State) Close() error { + s.mu.Lock() + defer s.mu.Unlock() + s.connectionLost(nil) // Connection may be up in which case we need to cleanup. + for packetID, cg := range s.clientPackets { + cg.responseChan <- packets.ControlPacket{} // Default control packet indicates that we are shutting down (TODO: better solution?) + delete(s.clientPackets, packetID) + } + return nil +} + +// ConAckReceived will be called when the client receives a CONACK that indicates the connection has been successfully +// established. This indicates that a new connection is live and the passed in connection should be used going forward. +// It is also the trigger to resend any queued messages. Note that this function should not be called concurrently with +// others (we should not begin sending/receiving packets until after the CONACK has been processed). +// TODO: Add errors() function so we can notify the client of errors whilst transmitting the session stuff? +func (s *State) ConAckReceived(conn io.Writer, cp *packets.Connect, ca *packets.Connack) error { + // We could use cp.Properties.SessionExpiryInterval / ca.Properties.SessionExpiryInterval to clear the session + // after the specified time period (if the Session Expiry Interval is absent the value in the CONNECT Packet used) + // however, this is not something the generic client can really accomplish (forks may wish to do this!). + s.mu.Lock() + defer s.mu.Unlock() + if s.conn != nil { + s.errors.Println("ConAckReceived called whilst connection active (you MUST call ConnectionLost before starting a new connection") + _ = s.connectionLost(nil) // assume the connection dropped + } + s.conn = conn + s.connCtx, s.connCtxCancel = context.WithCancel(context.Background()) + + // If the Server accepts a connection with Clean Start set to 1, the Server MUST set Session Present to 0 in the + // CONNACK packet in addition to setting a 0x00 (Success) Reason Code in the CONNACK packet [MQTT-3.2.2-2]. + // If the Server accepts a connection with Clean Start set to 0 and the Server has Session State for the ClientID, + // it MUST set Session Present to 1 in the CONNACK packet, otherwise it MUST set Session Present to 0 in the CONNACK + // packet. In both cases, it MUST set a 0x00 (Success) Reason Code in the CONNACK packet [MQTT-3.2.2-3]. + if !ca.SessionPresent { + s.debug.Println("no session present - cleaning session state") + s.clean() + } + inFlight := uint16(len(s.clientPackets)) + s.debug.Printf("%d inflight transactions upon connection", inFlight) + + // "If the Session Expiry Interval is absent, the Session Expiry Interval in the CONNECT packet is used." + // If the Session Expiry Interval is absent the value 0 is used. If it is set to 0, or is absent, the Session ends + // when the Network Connection is closed (3.1.2.11.2). + if ca.Properties != nil && ca.Properties.SessionExpiryInterval != nil { + s.sessionExpiryInterval = *ca.Properties.SessionExpiryInterval + } else if cp.Properties != nil && cp.Properties.SessionExpiryInterval != nil { + s.sessionExpiryInterval = *cp.Properties.SessionExpiryInterval + } else { + s.sessionExpiryInterval = 0 + } + + // If clientPackets already exists, we re-use it so that the responseChan survives the reconnection + // the map will be populated/repopulated when we retransmit the messages. + if s.clientPackets == nil { + s.clientPackets = make(map[uint16]clientGenerated) // This will be populated whilst packets are resent + } + + if s.serverPackets == nil { + if err := s.loadServerSession(ca); err != nil { + return fmt.Errorf("failed to server session: %w", err) + } + } + + // As per section 4.9 "The send quota and Receive Maximum value are not preserved across Network Connections" + recvMax := uint16(65535) // Default as per MQTT spec + if ca.Properties != nil && ca.Properties.ReceiveMaximum != nil { + recvMax = *ca.Properties.ReceiveMaximum + } + s.inflight = newSendQuota(recvMax) + + // Now we need to resend any packets in the store; this must happen in order, the simplest approach is to complete + // the sending them before returning. + toResend, err := s.clientStore.List() + if err != nil { + return fmt.Errorf("failed to load stored message ids: %w", err) + } + s.debug.Printf("retransmitting %d messages", len(toResend)) + for _, id := range toResend { + s.debug.Printf("resending message ID %d", id) + r, err := s.clientStore.Get(id) + if err != nil { + s.errors.Printf("failed to load packet %d from client store: %s", id, err) + continue + } + + // DUP needs to be set when resending PUBLISH + // Read/parse the full packet, so we can detect corruption (e.g. 0 byte file) + p, err := packets.ReadPacket(r) + if cErr := r.Close(); cErr != nil { + s.errors.Printf("failed to close stored client packet %d: %s", id, cErr) + } + if err != nil { // If the packet cannot be read, we quarantine it; otherwise we may retry infinitely. + if err := s.clientStore.Quarantine(id); err != nil { + s.errors.Printf("failed to quarantine packet %d from client store: %s", id, err) + } + s.errors.Printf("failed to retrieve/parse packet %d from client store: %s", id, err) + continue + } + + switch p.Type { + case packets.PUBLISH: + pub := p.Content.(*packets.Publish) + pub.Duplicate = true + case packets.PUBREL: + default: + if err := s.clientStore.Quarantine(id); err != nil { + s.errors.Printf("failed to quarantine packet %d from client store: %s", id, err) + } + s.errors.Printf("unexpected packet type %d (for packet identifier %d) in client store", p.Type, id) + continue + } + + // The messages being retransmitted form part of the "send quota"; however, as per the V5 spec, + // the limit does not apply to messages being resent (the quota can go under 0) + s.inflight.Retransmit() // This will never block (but is needed to block new messages) + + // Any failure from this point should result in loss of connection (so fatal) + if _, err := p.WriteTo(conn); err != nil { + s.debug.Printf("retransmitting of identifier %d failed: %s", id, err) + return fmt.Errorf("failed to retransmit message (%d): %w", id, err) + } + s.debug.Printf("retransmitted message with identifier %d", id) + // On initial connection, the packet needs to be added to our record of client-generated packets. + if _, ok := s.clientPackets[id]; !ok { + s.clientPackets[id] = clientGenerated{ + packetType: p.Type, + responseChan: make(chan packets.ControlPacket, 1), // Nothing will wait on this + } + } + } + return nil +} + +// loadServerSession should be called once, when the first connection is established. +// It loads the server session state from the store. +// The caller must hold a lock on s.mu +func (s *State) loadServerSession(ca *packets.Connack) error { + s.serverPackets = make(map[uint16]byte) + ids, err := s.serverStore.List() + if err != nil { + return fmt.Errorf("failed to load stored server message ids: %w", err) + } + for _, id := range ids { + r, err := s.serverStore.Get(id) + if err != nil { + s.errors.Printf("failed to load packet %d from server store: %s", id, err) + continue + } + // We only need to know the packet type so there is no need to process the entire packet + byte1 := make([]byte, 1) + _, err = r.Read(byte1) + _ = r.Close() + if err != nil { + if err := s.serverStore.Quarantine(id); err != nil { + s.errors.Printf("failed to quarantine packet %d from server store (failed to read): %s", id, err) + } + s.errors.Printf("packet %d from server store could not be read: %s", id, err) + continue // don't want to fail so quarantine and continue is the best we can do + } + packetType := byte1[0] >> 4 + switch packetType { + case packets.PUBLISH: + s.serverPackets[id] = packets.PUBLISH + case packets.PUBREC: + s.serverPackets[id] = packets.PUBREC + default: + if err := s.serverStore.Quarantine(id); err != nil { + s.errors.Printf("failed to quarantine packet %d from server store: %s", id, err) + } + s.errors.Printf("packet %d from server store had unexpected type %d", id, packetType) + continue // don't want to fail so quarantine and continue is the best we can do + } + } + return nil +} + +// ConnectionLost will be called when the connection is lost; either because we received a DISCONNECT packet or due +// to a network error (`nil` will be passed in) +func (s *State) ConnectionLost(dp *packets.Disconnect) error { + s.mu.Lock() + defer s.mu.Unlock() + return s.connectionLost(dp) +} + +// connectionLost process loss of connection +// Caller MUST have locked c.Mu +func (s *State) connectionLost(dp *packets.Disconnect) error { + if s.conn == nil { + return nil // ConnectionLost may be called multiple times (but call ref Disconnect packet should be first) + } + s.connCtxCancel() + s.conn, s.connCtx, s.connCtxCancel = nil, nil, nil + s.connectionLostAt = time.Now() + + if dp != nil && dp.Properties != nil && dp.Properties.SessionExpiryInterval != nil { + s.sessionExpiryInterval = *dp.Properties.SessionExpiryInterval + } + // The Client and Server MUST store the Session State after the Network Connection is closed if the Session Expiry + // Interval is greater than 0 [MQTT-3.1.2-23] + if s.sessionExpiryInterval == 0 { + s.debug.Println("sessionExpiryInterval is 0 and connection lost - cleaning session state") + s.clean() + } + return nil +} + +// AddToSession adds a packet to the session state (including allocation of a Message Identifier). +// If this function returns a nil then: +// - A slot has been allocated if the packet is a PUBLISH (function will block if RECEIVE MAXIMUM messages are inflight) +// - A message Identifier has been added to the passed in packet +// - Publish messages will have been written to the store (and will be automatically transmitted if a new connection +// is established before the message is fully acknowledged - subject to state rules in the MQTTv5 spec) +// - Something will be sent to `resp` when either the message is fully acknowledged or the packet is removed from +// the session (in which case nil will be sent). +// +// If the function returns an error, then any actions taken will be rewound prior to return. +func (s *State) AddToSession(ctx context.Context, packet session.Packet, resp chan<- packets.ControlPacket) error { + ctx, cancel := context.WithCancel(ctx) + defer cancel() + s.mu.Lock() // There may be a delay waiting for semaphore so check for connection before and after + if s.conn == nil { + s.mu.Unlock() + return session.ErrNoConnection + } + // If the connection is lost whilst we are waiting, then in Acquire should terminate. + connCtx := s.connCtx + s.mu.Unlock() + + // If the connection drops while waiting we should abort + go func() { + select { + case <-connCtx.Done(): + cancel() + case <-ctx.Done(): + } + }() + + pt := packet.Type() + + // Ensure only "RECEIVE MAXIMUM" PUBLISH transactions are in flight at any time + if pt == packets.PUBLISH { + if err := s.inflight.Acquire(ctx); err != nil { + if connCtx.Err() != nil { + return session.ErrNoConnection + } + return err // Allow user to confirm if it was their context that led to termination + } + } + + // We have a slot, so acquire a Message ID + // Need to look at what to do if this fails. Should be infrequent as: + // its a lot of messages + // receive max often defaults to a fairly low value + // Maximum recieve max is 65535 which matches the number of slots (so would also need a SUB/UNSUB in flight). + packetID, err := s.allocateNextPacketId(pt, resp) + if err != nil { + if pt == packets.PUBLISH { + if qErr := s.inflight.Release(); qErr != nil { + s.errors.Printf("quota release due to packet id issue: %s", qErr) + } + } + return err + } + packet.SetIdentifier(packetID) + if pt == packets.PUBLISH { + if err = s.clientStore.Put(packetID, pt, packet); err != nil { + s.mu.Lock() + delete(s.clientPackets, packetID) + s.mu.Unlock() + if qErr := s.inflight.Release(); qErr != nil { + s.errors.Printf("quota release due to store issue: %s", qErr) + } + packet.SetIdentifier(0) // ensure the Message identifier is not used + return err + } + } + return nil +} + +// endClientGenerated should be called when a client-generated transaction has been fully acknowledged +// (or if, due to connection loss, it will never be acknowledged). +func (s *State) endClientGenerated(packetID uint16, recv *packets.ControlPacket) error { + s.mu.Lock() + defer s.mu.Unlock() + if cg, ok := s.clientPackets[packetID]; ok { + cg.responseChan <- *recv + delete(s.clientPackets, packetID) + // Outgoing publish messages will be in the store (replaced with PUBREL that is sent) + if cg.packetType == packets.PUBLISH || cg.packetType == packets.PUBREL { + if qErr := s.inflight.Release(); qErr != nil { + s.errors.Printf("quota release due to %s: %s", recv.PacketType(), qErr) + } + if err := s.clientStore.Delete(packetID); err != nil { + s.errors.Printf("failed to remove message %d from store: %s", packetID, err) + } + } + } else { + s.debug.Println("received a response for a message ID we don't know:", recv.PacketID()) + } + return nil // TODO: Should we return errors here (not much that could be done with them) +} + +// Ack is called when the client message handlers have completed (or, if manual acknowledgements are enabled, when +// `client.ACK()` has been called - this may happen some time after the message was received and it is conceivable that +// the connection may have been dropped and reestablished in the interim). +// See issue 160 re issues when the State is called after the connection is dropped. We assume that the +// user will ensure that all ACK's are completed before the State is applied to a new connection (not doing +// this may have unpredictable results). +func (s *State) Ack(pb *packets.Publish) error { + return s.ack(pb) +} + +// ack sends an acknowledgment of the `PUBLISH` (which will have been received from the server) +// `s.mu` must NOT be locked when this is called. +// Note: Adding properties to the response is not currently supported. If this functionality is added, then it is +// important to note that QOS2 PUBREC's may be resent if a duplicate `PUBLISH` is received. +// This function will only return comms related errors (so caller can assume connection has been lost). +func (s *State) ack(pb *packets.Publish) error { + s.mu.Lock() + defer s.mu.Unlock() + var err error + switch pb.QoS { + case 1: + pa := packets.Puback{ + Properties: &packets.Properties{}, + PacketID: pb.PacketID, + } + if s.conn != nil { + s.debug.Println("sending PUBACK") + _, err = pa.WriteTo(s.conn) + if err != nil { + s.errors.Printf("failed to send PUBACK for %d: %s", pb.PacketID, err) + } + } else { + s.debug.Println("PUBACK not send because connection down") + } + // We don't store outbound PUBACK. The server will retransmit the PUBLISH if the connection is reestablished + // before it receives the ACK. Unfortunately, there is no definitive way to determine if + // such messages are duplicates or not (so we are forced to treat them all as if they are new). + case 2: + pr := packets.Pubrec{ + Properties: &packets.Properties{}, + PacketID: pb.PacketID, + } + if s.conn != nil { + s.debug.Printf("sending PUBREC") + _, err = pr.WriteTo(s.conn) + if err != nil { + s.errors.Printf("failed to send PUBREC for %d: %s", pb.PacketID, err) + } + } else { + s.debug.Println("PUBREC not send because connection down") + } + + // We need to record the fact that a PUBREC has been sent so we can detect receipt of a duplicate `PUBLISH` + // (which should not be passed to the client app) + cp := pr.ToControlPacket() + s.serverStore.Put(pb.PacketID, packets.PUBREC, cp) + s.serverPackets[pb.PacketID] = cp.Type + default: + err = errors.New("ack called but publish not QOS 1 or 2") + } + return err +} + +// PacketReceived should be called whenever one of the following is received: +// `PUBLISH` (QOS1+ only), `PUBACK`, `PUBREC`, `PUBREL`, `PUBCOMP`, `SUBACK`, `UNSUBACK` +// It will handle sending any neccessary response or passing the message to the client. +// pubChan will be sent a `PUBLISH` if applicable (and a receiver must be active whilst this function runs) +func (s *State) PacketReceived(recv *packets.ControlPacket, pubChan chan<- *packets.Publish) error { + // Note: we do a type switch rather than using the packet type because it's safer and easier to understand + switch rp := recv.Content.(type) { + // + // Packets in response to client-generated transactions + // + case *packets.Suback: // Not in store, just need to advise client and free Message Identifier + s.debug.Println("received SUBACK packet with id ", rp.PacketID) + s.endClientGenerated(rp.PacketID, recv) + return nil + case *packets.Unsuback: // Not in store, just need to advise client and free Message Identifier + s.debug.Println("received UNSUBACK packet with id ", rp.PacketID) + s.endClientGenerated(rp.PacketID, recv) + return nil + case *packets.Puback: // QOS 1 initial (and final) response + s.debug.Println("received PUBACK packet with id ", rp.PacketID) + s.endClientGenerated(rp.PacketID, recv) + return nil + case *packets.Pubrec: // Initial response to a QOS2 Publish + s.debug.Println("received PUBREC packet with id ", rp.PacketID) + s.mu.Lock() + _, ok := s.clientPackets[rp.PacketID] + s.mu.Unlock() + if !ok { + pl := packets.Pubrel{ // Respond with "Packet Identifier not found" + PacketID: recv.Content.(*packets.Pubrec).PacketID, + ReasonCode: 0x92, + } + s.debug.Println("sending PUBREL (unknown ID) for ", pl.PacketID) + _, err := pl.WriteTo(s.conn) + if err != nil { + s.errors.Printf("failed to send PUBREL for %d: %s", pl.PacketID, err) + } + } else { + if rp.ReasonCode >= 0x80 { + s.endClientGenerated(rp.PacketID, recv) + } else { + pl := packets.Pubrel{ + PacketID: rp.PacketID, + } + s.debug.Println("sending PUBREL for", rp.PacketID) + // Update the store (we should never resend the PUBLISH after receiving a PUBREL) + if err := s.clientStore.Put(rp.PacketID, packets.PUBREL, &pl); err != nil { + s.errors.Printf("failed to write PUBREL to store for %d: %s", rp.PacketID, err) + } + if _, err := pl.WriteTo(s.conn); err != nil { + s.errors.Printf("failed to send PUBREL for %d: %s", rp.PacketID, err) + } + } + } + return nil + case *packets.Pubcomp: // QOS 2 final response + s.debug.Printf("received PUBCOMP packet with id %d", rp.PacketID) + s.endClientGenerated(rp.PacketID, recv) + return nil + // + // Packets relating to server generated PUBLISH + // + case *packets.Publish: + s.debug.Printf("received QoS%d PUBLISH", rp.QoS) + // There is no need to store the packet because it will be resent if not acknowledged before the connection is + // reestablished. + if rp.QoS > 0 { + if rp.PacketID == 0 { // Invalid + return fmt.Errorf("received QOS %d PUBLISH with 0 PacketID", rp.QoS) + } + if rp.QoS == 2 { + s.mu.Lock() + if lastSent, ok := s.serverPackets[rp.PacketID]; ok { + // If we have sent a PUBREC, that means that the client has already seen this message, so we can + // simply resend the acknowledgment. + if lastSent == packets.PUBREC { + // If the message is not flagged as a duplicate, then something is wrong; to avoid message loss, + // we will treat this as a new message (because it appears there is a session mismatch, and we + // have not actually seen this message). + if rp.Duplicate { + // The client has already seen this message meaning we do not want to resend it and, instead + // immediately acknowledge it. + s.mu.Unlock() // mu must be unlocked to call ack + return s.ack(rp) + } + s.errors.Printf("received duplicate PUBLISH (%d) but dup flag not set (will assume this overwrites old publish)", rp.PacketID) + } else { + s.errors.Printf("received PUBLISH (%d) but lastSent type is %d (unexpected!)", lastSent) + } + } + s.mu.Unlock() + } + } + pubChan <- rp // the message will be passed to router (and thus the end user app) + return nil + case *packets.Pubrel: + s.debug.Println("received PUBREL for", recv.PacketID()) + // Auto respond to pubrels unless failure code + pr := recv.Content.(*packets.Pubrel) + if pr.ReasonCode >= 0x80 { + // Received a failure code meaning the server does not know about the message (so all we can do is to remove + // it from our store). + s.errors.Printf("received PUBREL with reason code %d ", pr.ReasonCode) + return nil + } else { + pc := packets.Pubcomp{ + PacketID: pr.PacketID, + } + s.mu.Lock() + defer s.mu.Unlock() + s.debug.Println("sending PUBCOMP for", pr.PacketID) + var err error + if s.conn != nil { + _, err = pc.WriteTo(s.conn) + if err != nil { + s.errors.Printf("failed to send PUBCOMP for %d: %s", pc.PacketID, err) + } + // Note: If connection is down we do not clear store (because the server will resend PUBREL upon reconnect) + delete(s.serverPackets, pr.PacketID) + if sErr := s.serverStore.Delete(pr.PacketID); sErr != nil { + s.errors.Printf("failed to remove message %d from server store: %s", pr.PacketID, sErr) + } + } + return err + } + default: + s.errors.Printf("State.PacketReceived received unexpected packet: %#v ", rp) + return nil + } +} + +// allocateNextPacketId assigns the next available packet ID +// Callers must NOT hold lock on s.mu +func (s *State) allocateNextPacketId(forPacketType byte, resp chan<- packets.ControlPacket) (uint16, error) { + s.mu.Lock() // There may be a delay waiting for semaphore so check for connection before and after + defer s.mu.Unlock() + + cg := clientGenerated{ + packetType: forPacketType, + responseChan: resp, + } + + // Scan from lastMid to end of range. + for i := s.lastMid + 1; i != 0; i++ { + if _, ok := s.clientPackets[i]; ok { + continue + } + s.clientPackets[i] = cg + s.lastMid = i + return i, nil + } + + // Default struct will set s.lastMid=0 meaning we have already scanned all mids + if s.lastMid == 0 { + s.lastMid = 1 + return 0, session.ErrPacketIdentifiersExhausted + } + + // Scan from start of range to lastMid (use +1 to avoid rolling over when s.lastMid = 65535) + for i := uint16(0); i < s.lastMid; i++ { + if _, ok := s.clientPackets[i+1]; ok { + continue + } + s.clientPackets[i+1] = cg + s.lastMid = i + 1 + return i + 1, nil + } + return 0, session.ErrPacketIdentifiersExhausted +} + +// clean deletes any existing stored session information +// does not touch inflight because this is not part of the session state (so is reset separately) +// caller is responsible for locking s.mu +func (s *State) clean() { + s.debug.Println("State.clean() called") + s.serverPackets = make(map[uint16]byte) + s.clientPackets = make(map[uint16]clientGenerated) + + s.serverStore.Reset() + s.clientStore.Reset() +} + +// clean deletes any existing stored session information +// as per section 4.1 in the spec; The Session State in the Client consists of: +// > · QoS 1 and QoS 2 messages which have been sent to the Server, but have not been completely acknowledged. +// > · QoS 2 messages which have been received from the Server, but have not been completely acknowledged. +// This means that we keep PUBLISH, PUBREC and PUBREL packets. PUBACK and PUBCOMP will not be stored (the MID +// will be free once they have been sent). PUBREC is retained so we can check newly received PUBLISH messages (and +// confirm if they have already been processed). +// We only resend PUBLISH (where QoS > 0) and PUBREL packets (as per spec section 4.4) +// caller is responsible for locking s.mu +func (s *State) tidy(trigger *packets.ControlPacket) { + s.debug.Println("State.tidy() called") + for id, p := range s.serverPackets { + switch p { + case packets.PUBREC: + // For inbound messages, we only retain `PUBREC` messages so that we can determine if a PUBLISH received has + // already been processed (the `PUBREL` will be sent when the message has been processed by our user). + // The broker will resend any `PUBLISH` and `PUBREL` messages, so there is no need to retain those. + default: + delete(s.serverPackets, id) + s.serverStore.Delete(id) + } + } + + for id, p := range s.clientPackets { + // We only need to remember `PUBLISH` and `PUBREL` messages (both originating from a PUBLISH) + if p.packetType != packets.PUBLISH { + delete(s.clientPackets, id) + s.clientStore.Delete(id) + p.responseChan <- packets.ControlPacket{} + } + } +} + +// SetDebugLogger takes an instance of the paho Logger interface +// and sets it to be used by the debug log endpoint +func (s *State) SetDebugLogger(l paholog.Logger) { + s.debug = l +} + +// SetErrorLogger takes an instance of the paho Logger interface +// and sets it to be used by the error log endpoint +func (s *State) SetErrorLogger(l paholog.Logger) { + s.errors = l +} + +// AllocateClientPacketIDForTest is intended for use in tests only. It allocates a packet ID in the client session state +// This feels like a hack but makes it easier to test packet identifier exhaustion +func (s *State) AllocateClientPacketIDForTest(packetID uint16, forPacketType byte, resp chan<- packets.ControlPacket) { + s.mu.Lock() + defer s.mu.Unlock() + s.clientPackets[packetID] = clientGenerated{ + packetType: forPacketType, + responseChan: resp, + } +} diff --git a/vendor/github.com/eclipse/paho.golang/paho/session/state/store.go b/vendor/github.com/eclipse/paho.golang/paho/session/state/store.go new file mode 100644 index 00000000000..b31a8e50ed3 --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/session/state/store.go @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package state + +import ( + "io" +) + +// storer must be implemented by session state stores +type storer interface { + Put(packetID uint16, packetType byte, w io.WriterTo) error // Store the packet + Get(packetID uint16) (io.ReadCloser, error) // Retrieve the packet with the specified in ID + Delete(id uint16) error // Removes the message with the specified store ID + + // Quarantine sets the message with the specified store ID into an error state; this may mean deleting it or storing + // it somewhere separate. This is intended for use when a corrupt packet is detected (as this may result in data + // loss, it's beneficial to have access to corrupt packets for analysis). + Quarantine(id uint16) error + + List() ([]uint16, error) // Returns packet IDs in the order they were Put + Reset() error // Clears the store (deleting all messages) +} diff --git a/vendor/github.com/eclipse/paho.golang/paho/store/memory/store.go b/vendor/github.com/eclipse/paho.golang/paho/store/memory/store.go new file mode 100644 index 00000000000..03c52febb46 --- /dev/null +++ b/vendor/github.com/eclipse/paho.golang/paho/store/memory/store.go @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v2.0 + * and Eclipse Distribution License v1.0 which accompany this distribution. + * + * The Eclipse Public License is available at + * https://www.eclipse.org/legal/epl-2.0/ + * and the Eclipse Distribution License is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +package memory + +import ( + "bytes" + "errors" + "fmt" + "io" + "sync" + + "github.com/eclipse/paho.golang/packets" +) + +var ( + ErrNotInStore = errors.New("the requested ID was not found in the store") // Returned when requested ID not found +) + +// memoryPacket is an element in the memory store +type memoryPacket struct { + c int // message count (used for ordering; as this is 32 bit min chance of rolling over seems remote) + p []byte // the packet we are storing +} + +// New creates a Store +func New() *Store { + return &Store{ + data: make(map[uint16]memoryPacket), + } + +} + +// Store is an implementation of a Store that stores the data in memory +type Store struct { + // server store - holds packets where the message ID was generated on the server + sync.Mutex + data map[uint16]memoryPacket // Holds messages initiated by the server (i.e. we will receive the PUBLISH) + c int // sequence counter used to maintain message order +} + +// Put stores the packet +func (m *Store) Put(packetID uint16, packetType byte, w io.WriterTo) error { + m.Lock() + defer m.Unlock() + var buff bytes.Buffer + + _, err := w.WriteTo(&buff) + if err != nil { + panic(err) + } + + m.data[packetID] = memoryPacket{ + c: m.c, + p: buff.Bytes(), + } + m.c++ + return nil +} + +func (m *Store) Get(packetID uint16) (io.ReadCloser, error) { + m.Lock() + defer m.Unlock() + d, ok := m.data[packetID] + if !ok { + return nil, ErrNotInStore + } + return io.NopCloser(bytes.NewReader(d.p)), nil +} + +// Delete removes the message with the specified store ID +func (m *Store) Delete(id uint16) error { + m.Lock() + defer m.Unlock() + if _, ok := m.data[id]; !ok { + // This could be ignored, but reporting it may help reveal other issues + return fmt.Errorf("request to delete packet %d; packet not found", id) + } + delete(m.data, id) + return nil +} + +// Quarantine is called if a corrupt packet is detected. +// There is little we can do other than deleting the packet. +func (m *Store) Quarantine(id uint16) error { + return m.Delete(id) +} + +// List returns packet IDs in the order they were Put +func (m *Store) List() ([]uint16, error) { + m.Lock() + defer m.Unlock() + + ids := make([]uint16, 0, len(m.data)) + seq := make([]int, 0, len(m.data)) + + // Basic insert sort from map ordered by time + // As the map is relatively small, this should be quick enough (data is retrieved infrequently) + itemNo := 0 + var pos int + for i, v := range m.data { + for pos = 0; pos < itemNo; pos++ { + if seq[pos] > v.c { + break + } + } + ids = append(ids[:pos], append([]uint16{i}, ids[pos:]...)...) + seq = append(seq[:pos], append([]int{v.c}, seq[pos:]...)...) + itemNo++ + } + return ids, nil +} + +// Reset clears the store (deleting all messages) +func (m *Store) Reset() error { + m.Lock() + defer m.Unlock() + m.data = make(map[uint16]memoryPacket) + return nil +} + +// String is for debugging purposes; it dumps the content of the store in a readable format +func (m *Store) String() string { + var b bytes.Buffer + for i, c := range m.data { + p, err := packets.ReadPacket(bytes.NewReader(c.p)) + if err != nil { + b.WriteString(fmt.Sprintf("packet %d could not be read: %s\n", i, err)) + continue + } + + b.WriteString(fmt.Sprintf("packet %d is %s\n", i, p)) + } + return b.String() +} diff --git a/vendor/github.com/emicklei/go-restful/v3/.travis.yml b/vendor/github.com/emicklei/go-restful/v3/.travis.yml deleted file mode 100644 index 3a0bf5ff1b8..00000000000 --- a/vendor/github.com/emicklei/go-restful/v3/.travis.yml +++ /dev/null @@ -1,13 +0,0 @@ -language: go - -go: - - 1.x - -before_install: - - go test -v - -script: - - go test -race -coverprofile=coverage.txt -covermode=atomic - -after_success: - - bash <(curl -s https://codecov.io/bash) \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md index 6f24dfff562..4fcd920abea 100644 --- a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md +++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md @@ -1,5 +1,9 @@ # Change history of go-restful +## [v3.13.0] - 2025-08-14 + +- optimize performance of path matching in CurlyRouter ( thanks @wenhuang, Wen Huang) + ## [v3.12.2] - 2025-02-21 - allow empty payloads in post,put,patch, issue #580 ( thanks @liggitt, Jordan Liggitt) diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md index 3fb40d19808..50a79ab692d 100644 --- a/vendor/github.com/emicklei/go-restful/v3/README.md +++ b/vendor/github.com/emicklei/go-restful/v3/README.md @@ -84,6 +84,7 @@ func (u UserResource) findUser(request *restful.Request, response *restful.Respo - Configurable (trace) logging - Customizable gzip/deflate readers and writers using CompressorProvider registration - Inject your own http.Handler using the `HttpMiddlewareHandlerToFilter` function +- Added `SetPathTokenCacheEnabled` and `SetCustomVerbCacheEnabled` to disable regexp caching (default=true) ## How to customize There are several hooks to customize the behavior of the go-restful package. diff --git a/vendor/github.com/emicklei/go-restful/v3/curly.go b/vendor/github.com/emicklei/go-restful/v3/curly.go index 6fd2bcd5a11..eec43bfd067 100644 --- a/vendor/github.com/emicklei/go-restful/v3/curly.go +++ b/vendor/github.com/emicklei/go-restful/v3/curly.go @@ -9,11 +9,35 @@ import ( "regexp" "sort" "strings" + "sync" ) // CurlyRouter expects Routes with paths that contain zero or more parameters in curly brackets. type CurlyRouter struct{} +var ( + regexCache sync.Map // Cache for compiled regex patterns + pathTokenCacheEnabled = true // Enable/disable path token regex caching +) + +// SetPathTokenCacheEnabled enables or disables path token regex caching for CurlyRouter. +// When disabled, regex patterns will be compiled on every request. +// When enabled (default), compiled regex patterns are cached for better performance. +func SetPathTokenCacheEnabled(enabled bool) { + pathTokenCacheEnabled = enabled +} + +// getCachedRegexp retrieves a compiled regex from the cache if found and valid. +// Returns the regex and true if found and valid, nil and false otherwise. +func getCachedRegexp(cache *sync.Map, pattern string) (*regexp.Regexp, bool) { + if cached, found := cache.Load(pattern); found { + if regex, ok := cached.(*regexp.Regexp); ok { + return regex, true + } + } + return nil, false +} + // SelectRoute is part of the Router interface and returns the best match // for the WebService and its Route for the given Request. func (c CurlyRouter) SelectRoute( @@ -113,8 +137,28 @@ func (c CurlyRouter) regularMatchesPathToken(routeToken string, colon int, reque } return true, true } - matched, err := regexp.MatchString(regPart, requestToken) - return (matched && err == nil), false + + // Check cache first (if enabled) + if pathTokenCacheEnabled { + if regex, found := getCachedRegexp(®exCache, regPart); found { + matched := regex.MatchString(requestToken) + return matched, false + } + } + + // Compile the regex + regex, err := regexp.Compile(regPart) + if err != nil { + return false, false + } + + // Cache the regex (if enabled) + if pathTokenCacheEnabled { + regexCache.Store(regPart, regex) + } + + matched := regex.MatchString(requestToken) + return matched, false } var jsr311Router = RouterJSR311{} @@ -168,7 +212,7 @@ func (c CurlyRouter) computeWebserviceScore(requestTokens []string, routeTokens if matchesToken { score++ // extra score for regex match } - } + } } else { // not a parameter if eachRequestToken != eachRouteToken { diff --git a/vendor/github.com/emicklei/go-restful/v3/custom_verb.go b/vendor/github.com/emicklei/go-restful/v3/custom_verb.go index bfc17efde80..0b98eeb091c 100644 --- a/vendor/github.com/emicklei/go-restful/v3/custom_verb.go +++ b/vendor/github.com/emicklei/go-restful/v3/custom_verb.go @@ -1,14 +1,28 @@ package restful +// Copyright 2025 Ernest Micklei. All rights reserved. +// Use of this source code is governed by a license +// that can be found in the LICENSE file. + import ( "fmt" "regexp" + "sync" ) var ( - customVerbReg = regexp.MustCompile(":([A-Za-z]+)$") + customVerbReg = regexp.MustCompile(":([A-Za-z]+)$") + customVerbCache sync.Map // Cache for compiled custom verb regexes + customVerbCacheEnabled = true // Enable/disable custom verb regex caching ) +// SetCustomVerbCacheEnabled enables or disables custom verb regex caching. +// When disabled, custom verb regex patterns will be compiled on every request. +// When enabled (default), compiled custom verb regex patterns are cached for better performance. +func SetCustomVerbCacheEnabled(enabled bool) { + customVerbCacheEnabled = enabled +} + func hasCustomVerb(routeToken string) bool { return customVerbReg.MatchString(routeToken) } @@ -20,7 +34,23 @@ func isMatchCustomVerb(routeToken string, pathToken string) bool { } customVerb := rs[1] - specificVerbReg := regexp.MustCompile(fmt.Sprintf(":%s$", customVerb)) + regexPattern := fmt.Sprintf(":%s$", customVerb) + + // Check cache first (if enabled) + if customVerbCacheEnabled { + if specificVerbReg, found := getCachedRegexp(&customVerbCache, regexPattern); found { + return specificVerbReg.MatchString(pathToken) + } + } + + // Compile the regex + specificVerbReg := regexp.MustCompile(regexPattern) + + // Cache the regex (if enabled) + if customVerbCacheEnabled { + customVerbCache.Store(regexPattern, specificVerbReg) + } + return specificVerbReg.MatchString(pathToken) } diff --git a/vendor/github.com/emicklei/go-restful/v3/doc.go b/vendor/github.com/emicklei/go-restful/v3/doc.go index 69b13057d01..80809225b8d 100644 --- a/vendor/github.com/emicklei/go-restful/v3/doc.go +++ b/vendor/github.com/emicklei/go-restful/v3/doc.go @@ -1,7 +1,7 @@ /* Package restful , a lean package for creating REST-style WebServices without magic. -WebServices and Routes +### WebServices and Routes A WebService has a collection of Route objects that dispatch incoming Http Requests to a function calls. Typically, a WebService has a root path (e.g. /users) and defines common MIME types for its routes. @@ -30,14 +30,14 @@ The (*Request, *Response) arguments provide functions for reading information fr See the example https://github.com/emicklei/go-restful/blob/v3/examples/user-resource/restful-user-resource.go with a full implementation. -Regular expression matching Routes +### Regular expression matching Routes A Route parameter can be specified using the format "uri/{var[:regexp]}" or the special version "uri/{var:*}" for matching the tail of the path. For example, /persons/{name:[A-Z][A-Z]} can be used to restrict values for the parameter "name" to only contain capital alphabetic characters. Regular expressions must use the standard Go syntax as described in the regexp package. (https://code.google.com/p/re2/wiki/Syntax) This feature requires the use of a CurlyRouter. -Containers +### Containers A Container holds a collection of WebServices, Filters and a http.ServeMux for multiplexing http requests. Using the statements "restful.Add(...) and restful.Filter(...)" will register WebServices and Filters to the Default Container. @@ -47,7 +47,7 @@ You can create your own Container and create a new http.Server for that particul container := restful.NewContainer() server := &http.Server{Addr: ":8081", Handler: container} -Filters +### Filters A filter dynamically intercepts requests and responses to transform or use the information contained in the requests or responses. You can use filters to perform generic logging, measurement, authentication, redirect, set response headers etc. @@ -60,22 +60,21 @@ Use the following statement to pass the request,response pair to the next filter chain.ProcessFilter(req, resp) -Container Filters +### Container Filters These are processed before any registered WebService. // install a (global) filter for the default container (processed before any webservice) restful.Filter(globalLogging) -WebService Filters +### WebService Filters These are processed before any Route of a WebService. // install a webservice filter (processed before any route) ws.Filter(webserviceLogging).Filter(measureTime) - -Route Filters +### Route Filters These are processed before calling the function associated with the Route. @@ -84,7 +83,7 @@ These are processed before calling the function associated with the Route. See the example https://github.com/emicklei/go-restful/blob/v3/examples/filters/restful-filters.go with full implementations. -Response Encoding +### Response Encoding Two encodings are supported: gzip and deflate. To enable this for all responses: @@ -95,20 +94,20 @@ Alternatively, you can create a Filter that performs the encoding and install it See the example https://github.com/emicklei/go-restful/blob/v3/examples/encoding/restful-encoding-filter.go -OPTIONS support +### OPTIONS support By installing a pre-defined container filter, your Webservice(s) can respond to the OPTIONS Http request. Filter(OPTIONSFilter()) -CORS +### CORS By installing the filter of a CrossOriginResourceSharing (CORS), your WebService(s) can handle CORS requests. cors := CrossOriginResourceSharing{ExposeHeaders: []string{"X-My-Header"}, CookiesAllowed: false, Container: DefaultContainer} Filter(cors.Filter) -Error Handling +### Error Handling Unexpected things happen. If a request cannot be processed because of a failure, your service needs to tell via the response what happened and why. For this reason HTTP status codes exist and it is important to use the correct code in every exceptional situation. @@ -137,11 +136,11 @@ The request does not have or has an unknown Accept Header set for this operation The request does not have or has an unknown Content-Type Header set for this operation. -ServiceError +### ServiceError In addition to setting the correct (error) Http status code, you can choose to write a ServiceError message on the response. -Performance options +### Performance options This package has several options that affect the performance of your service. It is important to understand them and how you can change it. @@ -156,30 +155,27 @@ Default value is true If content encoding is enabled then the default strategy for getting new gzip/zlib writers and readers is to use a sync.Pool. Because writers are expensive structures, performance is even more improved when using a preloaded cache. You can also inject your own implementation. -Trouble shooting +### Trouble shooting This package has the means to produce detail logging of the complete Http request matching process and filter invocation. Enabling this feature requires you to set an implementation of restful.StdLogger (e.g. log.Logger) instance such as: restful.TraceLogger(log.New(os.Stdout, "[restful] ", log.LstdFlags|log.Lshortfile)) -Logging +### Logging The restful.SetLogger() method allows you to override the logger used by the package. By default restful uses the standard library `log` package and logs to stdout. Different logging packages are supported as long as they conform to `StdLogger` interface defined in the `log` sub-package, writing an adapter for your preferred package is simple. -Resources +### Resources -[project]: https://github.com/emicklei/go-restful +(c) 2012-2025, http://ernestmicklei.com. MIT License +[project]: https://github.com/emicklei/go-restful [examples]: https://github.com/emicklei/go-restful/blob/master/examples - -[design]: http://ernestmicklei.com/2012/11/11/go-restful-api-design/ - +[design]: http://ernestmicklei.com/2012/11/11/go-restful-api-design/ [showcases]: https://github.com/emicklei/mora, https://github.com/emicklei/landskape - -(c) 2012-2015, http://ernestmicklei.com. MIT License */ package restful diff --git a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml deleted file mode 100644 index 7f257e99ac9..00000000000 --- a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml +++ /dev/null @@ -1,14 +0,0 @@ -freebsd_task: - name: 'FreeBSD' - freebsd_instance: - image_family: freebsd-14-2 - install_script: - - pkg update -f - - pkg install -y go - test_script: - # run tests as user "cirrus" instead of root - - pw useradd cirrus -m - - chown -R cirrus:cirrus . - - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./... - - sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./... - - FSNOTIFY_DEBUG=1 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race -v ./... diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md index 6468d2cf400..3027f3c67a2 100644 --- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md +++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md @@ -1,5 +1,54 @@ # Changelog +1.10.1 2026-05-04 +----------------- + +### Changes and fixes + +- inotify: don't remove sibling watches sharing a path prefix ([#754]) + +- inotify, windows: don't rename sibling watches sharing a path prefix + ([#755]) + + +[#754]: https://github.com/fsnotify/fsnotify/pull/754 +[#755]: https://github.com/fsnotify/fsnotify/pull/755 + + +1.10.0 2026-04-30 +----------------- +This version of fsnotify needs Go 1.23. + +### Changes and fixes + +- inotify: improve initialization error message ([#731]) + +- inotify: send Rename event if recursive watch is renamed ([#696]) + +- inotify: avoid copying event buffers when reading names ([#741]) + +- kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a + bad entry no longer aborts Watcher.Add for the whole directory ([#748]) + +- kqueue: drop watches directly in Close() to fix a file descriptor leak + when recycling watchers ([#740]) + +- windows: fix nil pointer dereference in remWatch ([#736]) + +- windows: lock watch field updates against concurrent WatchList to fix + a race introduced in v1.9.0 ([#709], [#749]) + + +[#696]: https://github.com/fsnotify/fsnotify/pull/696 +[#709]: https://github.com/fsnotify/fsnotify/pull/709 +[#731]: https://github.com/fsnotify/fsnotify/pull/731 +[#736]: https://github.com/fsnotify/fsnotify/pull/736 +[#740]: https://github.com/fsnotify/fsnotify/pull/740 +[#741]: https://github.com/fsnotify/fsnotify/pull/741 +[#748]: https://github.com/fsnotify/fsnotify/pull/748 +[#749]: https://github.com/fsnotify/fsnotify/pull/749 + + 1.9.0 2024-04-04 ---------------- diff --git a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md index 4cc40fa597d..cd0ee612da6 100644 --- a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md +++ b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md @@ -77,6 +77,8 @@ End-of-line escapes with `\` are not supported. debug [yes/no] # Enable/disable FSNOTIFY_DEBUG (tests are run in parallel by default, so -parallel=1 is probably a good idea). + state # Print internal state to stderr (exact output differs + # per backend). print [any strings] # Print text to stdout; for debugging. touch path diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md index 1f4eb583d50..2e56ef4c9a5 100644 --- a/vendor/github.com/fsnotify/fsnotify/README.md +++ b/vendor/github.com/fsnotify/fsnotify/README.md @@ -1,7 +1,7 @@ fsnotify is a Go library to provide cross-platform filesystem notifications on Windows, Linux, macOS, BSD, and illumos. -Go 1.17 or newer is required; the full documentation is at +Go 1.23 or newer is required; the full documentation is at https://pkg.go.dev/github.com/fsnotify/fsnotify --- @@ -12,7 +12,7 @@ Platform support: | :-------------------- | :--------- | :------------------------------------------------------------------------ | | inotify | Linux | Supported | | kqueue | BSD, macOS | Supported | -| ReadDirectoryChangesW | Windows | Supported | +| ReadDirectoryChangesW | Windows | Supported ([excluding `Chmod` operations][#487]) | | FEN | illumos | Supported | | fanotify | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114) | | FSEvents | macOS | [Needs support in x/sys/unix][fsevents] | @@ -22,6 +22,7 @@ Platform support: Linux and illumos should include Android and Solaris, but these are currently untested. +[#487]: https://github.com/fsnotify/fsnotify/issues/487 [fsevents]: https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120 [usn]: https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847 @@ -126,7 +127,7 @@ settings* until we have a native FSEvents implementation (see [#11]). ### Watching a file doesn't work well Watching individual files (rather than directories) is generally not recommended as many programs (especially editors) update files atomically: it will write to -a temporary file which is then moved to to destination, overwriting the original +a temporary file which is then moved to a destination, overwriting the original (or some variant thereof). The watcher on the original file is now lost, as that no longer exists. @@ -151,26 +152,57 @@ This is the event that inotify sends, so not much can be changed about this. The `fs.inotify.max_user_watches` sysctl variable specifies the upper limit for the number of watches per user, and `fs.inotify.max_user_instances` specifies the maximum number of inotify instances per user. Every Watcher you create is an -"instance", and every path you add is a "watch". +"instance", and every path you add is a "watch". Reaching the limit will result +in a "no space left on device" or "too many open files" error. These are also exposed in `/proc` as `/proc/sys/fs/inotify/max_user_watches` and -`/proc/sys/fs/inotify/max_user_instances` +`/proc/sys/fs/inotify/max_user_instances`. The default values differ per distro +and available memory. To increase them you can use `sysctl` or write the value to proc file: - # The default values on Linux 5.18 - sysctl fs.inotify.max_user_watches=124983 - sysctl fs.inotify.max_user_instances=128 + sysctl fs.inotify.max_user_watches=200000 + sysctl fs.inotify.max_user_instances=256 To make the changes persist on reboot edit `/etc/sysctl.conf` or `/usr/lib/sysctl.d/50-default.conf` (details differ per Linux distro; check your distro's documentation): - fs.inotify.max_user_watches=124983 - fs.inotify.max_user_instances=128 + fs.inotify.max_user_watches=200000 + fs.inotify.max_user_instances=256 + +### Windows +Recursive watching is not currently enabled through fsnotify's public API +(see the FAQ "Are subdirectories watched?" above). The notes below +describe Windows backend behavior observed when recursive watching is +enabled internally (for example, in fsnotify's own tests). They are kept +here as a reference for maintainers and contributors who encounter the +behavior, since the recursive code path still exists in the backend. + +When recursive watching is enabled and you watch a directory, you may +receive a `Write` event for an intermediate directory whenever a child +entry inside it is created, renamed, or removed. For example, with a +recursive watch on `/a` and a new file `/a/b/c`, you will receive +`Create /a/b/c` and may also receive `Write /a/b`. + +This happens because, on NTFS-backed volumes, modifying the entries of a +directory updates that directory's last-write time, and the Windows +backend requests `FILE_NOTIFY_CHANGE_LAST_WRITE` to support `Write` events +on files. The same `Write` filter therefore picks up the directory's +metadata update. + +kqueue has the same "directory `Write` = directory contents changed" +semantics, so portable code that treats `Write` on a directory as +"something inside it changed" works on Windows and BSD/macOS, but not on +Linux (inotify uses `Write` only for file-content changes). If you only +care about file content, filter out `Write` events whose path refers to a +directory. + +Whether the directory `Write` is actually delivered alongside the child +events is not guaranteed: it depends on `ReadDirectoryChangesW` buffering, +NTFS metadata update timing, and event coalescing, none of which fsnotify +controls. -Reaching the limit will result in a "no space left on device" or "too many open -files" error. ### kqueue (macOS, all BSD systems) kqueue requires opening a file descriptor for every file that's being watched; diff --git a/vendor/github.com/fsnotify/fsnotify/backend_fen.go b/vendor/github.com/fsnotify/fsnotify/backend_fen.go index 57fc6928484..e43c6d088cc 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_fen.go @@ -158,7 +158,9 @@ func (w *fen) readEvents() { pevents := make([]unix.PortEvent, 8) for { - count, err := w.port.Get(pevents, 1, nil) + count, err := internal.IgnoringEINTR(func() (int, error) { + return w.port.Get(pevents, 1, nil) + }) if err != nil && err != unix.ETIME { // Interrupted system call (count should be 0) ignore and continue if errors.Is(err, unix.EINTR) && count == 0 { diff --git a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go index a36cb89d736..4c3f6f7c283 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go @@ -55,10 +55,10 @@ type ( path map[string]uint32 // pathname → wd } watch struct { - wd uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall) - flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags) - path string // Watch path. - recurse bool // Recursion with ./...? + wd uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall) + flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags) + path string // Watch path. + watchFlags watchFlag } koekje struct { cookie uint32 @@ -66,6 +66,9 @@ type ( } ) +func (w watch) byUser() bool { return w.watchFlags&flagByUser != 0 } +func (w watch) recurse() bool { return w.watchFlags&flagRecurse != 0 } + func newWatches() *watches { return &watches{ wd: make(map[uint32]*watch), @@ -79,6 +82,13 @@ func (w *watches) len() int { return len(w.wd) } func (w *watches) add(ww *watch) { w.wd[ww.wd] = ww; w.path[ww.path] = ww.wd } func (w *watches) remove(watch *watch) { delete(w.path, watch.path); delete(w.wd, watch.wd) } +func isSameOrDescendantPath(path, root string) bool { + if path == root { + return true + } + return strings.HasPrefix(path, root+string(os.PathSeparator)) +} + func (w *watches) removePath(path string) ([]uint32, error) { path, recurse := recursivePath(path) wd, ok := w.path[path] @@ -87,20 +97,20 @@ func (w *watches) removePath(path string) ([]uint32, error) { } watch := w.wd[wd] - if recurse && !watch.recurse { + if recurse && !watch.recurse() { return nil, fmt.Errorf("can't use /... with non-recursive watch %q", path) } delete(w.path, path) delete(w.wd, wd) - if !watch.recurse { + if !watch.recurse() { return []uint32{wd}, nil } wds := make([]uint32, 0, 8) wds = append(wds, wd) for p, rwd := range w.path { - if strings.HasPrefix(p, path) { + if isSameOrDescendantPath(p, path) { delete(w.path, p) delete(w.wd, rwd) wds = append(wds, rwd) @@ -139,7 +149,7 @@ func newBackend(ev chan Event, errs chan error) (backend, error) { // I/O operations won't terminate on close. fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK) if fd == -1 { - return nil, errno + return nil, fmt.Errorf("couldn't initialize inotify: %w", errno) } w := &inotify{ @@ -188,11 +198,8 @@ func (w *inotify) AddWith(path string, opts ...addOpt) error { return fmt.Errorf("%w: %s", xErrUnsupported, with.op) } - add := func(path string, with withOpts, recurse bool) error { + add := func(path string, with withOpts, wf watchFlag) error { var flags uint32 - if with.noFollow { - flags |= unix.IN_DONT_FOLLOW - } if with.op.Has(Create) { flags |= unix.IN_CREATE } @@ -220,7 +227,7 @@ func (w *inotify) AddWith(path string, opts ...addOpt) error { if with.op.Has(xUnportableCloseRead) { flags |= unix.IN_CLOSE_NOWRITE } - return w.register(path, flags, recurse) + return w.register(path, flags, wf) } w.mu.Lock() @@ -248,14 +255,18 @@ func (w *inotify) AddWith(path string, opts ...addOpt) error { w.sendEvent(Event{Name: root, Op: Create}) } - return add(root, with, true) + wf := flagRecurse + if root == path { + wf |= flagByUser + } + return add(root, with, wf) }) } - return add(path, with, false) + return add(path, with, 0) } -func (w *inotify) register(path string, flags uint32, recurse bool) error { +func (w *inotify) register(path string, flags uint32, wf watchFlag) error { return w.watches.updatePath(path, func(existing *watch) (*watch, error) { if existing != nil { flags |= existing.flags | unix.IN_MASK_ADD @@ -272,10 +283,10 @@ func (w *inotify) register(path string, flags uint32, recurse bool) error { if existing == nil { return &watch{ - wd: uint32(wd), - path: path, - flags: flags, - recurse: recurse, + wd: uint32(wd), + path: path, + flags: flags, + watchFlags: wf, }, nil } @@ -425,11 +436,7 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs nameLen = uint32(inEvent.Len) ) if nameLen > 0 { - /// Point "bytes" at the first byte of the filename - bb := *buf - bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&bb[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen] - /// The filename is padded with NULL bytes. TrimRight() gets rid of those. - name += "/" + strings.TrimRight(string(bytes[0:nameLen]), "\x00") + name += "/" + inotifyEventName(buf, offset, nameLen) } if debug { @@ -450,7 +457,9 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs // We can't really update the state when a watched path is moved; only // IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove the watch. if inEvent.Mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF { - if watch.recurse { // Do nothing + // Watch is set up as part of recurse: do nothing as the move gets + // registered from the parent directory. + if watch.recurse() && !watch.byUser() { return Event{}, true } @@ -460,6 +469,10 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs return Event{}, false } } + + if watch.recurse() { + return Event{Name: watch.path, Op: Rename}, true + } } /// Skip if we're watching both this path and the parent; the parent will @@ -473,11 +486,11 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs ev := w.newEvent(name, inEvent.Mask, inEvent.Cookie) // Need to update watch path for recurse. - if watch.recurse { + if watch.recurse() { isDir := inEvent.Mask&unix.IN_ISDIR == unix.IN_ISDIR /// New directory created: set up watch on it. if isDir && ev.Has(Create) { - err := w.register(ev.Name, watch.flags, true) + err := w.register(ev.Name, watch.flags, flagRecurse) if !w.sendError(err) { return Event{}, false } @@ -495,7 +508,7 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs if k == watch.wd || ww.path == ev.Name { continue } - if strings.HasPrefix(ww.path, ev.renamedFrom) { + if isSameOrDescendantPath(ww.path, ev.renamedFrom) { ww.path = strings.Replace(ww.path, ev.renamedFrom, ev.Name, 1) w.watches.wd[k] = ww } @@ -507,12 +520,13 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs return ev, true } -func (w *inotify) isRecursive(path string) bool { - ww := w.watches.byPath(path) - if ww == nil { // path could be a file, so also check the Dir. - ww = w.watches.byPath(filepath.Dir(path)) +func inotifyEventName(buf *[65536]byte, offset, nameLen uint32) string { + start := int(offset + unix.SizeofInotifyEvent) + bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[start]))[:nameLen:nameLen] + for nameLen > 0 && bytes[nameLen-1] == 0 { + nameLen-- } - return ww != nil && ww.recurse + return string(bytes[:nameLen]) } func (w *inotify) newEvent(name string, mask, cookie uint32) Event { @@ -578,6 +592,6 @@ func (w *inotify) state() { w.mu.Lock() defer w.mu.Unlock() for wd, ww := range w.watches.wd { - fmt.Fprintf(os.Stderr, "%4d: recurse=%t %q\n", wd, ww.recurse, ww.path) + fmt.Fprintf(os.Stderr, "%4d: %q watchFlags=0x%x\n", wd, ww.path, ww.watchFlags) } } diff --git a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go index 340aeec061c..d2c8cfb6c6a 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go @@ -8,6 +8,7 @@ import ( "os" "path/filepath" "runtime" + "sort" "sync" "time" @@ -245,9 +246,26 @@ func (w *kqueue) Close() error { return nil } + // Snapshot and drop all watches directly. w.Remove -> w.remove + // short-circuits on isClosed() (which is already true after + // w.shared.close() above), so calling Remove here in the happy path + // leaked every watched directory + file descriptor. On macOS a + // single directory watch opens an fd for every file in the dir, so + // long-running processes that recreate watchers (hot-reload dev + // servers, etc.) ran out of fds with EMFILE (#732). pathsToRemove := w.watches.listPaths(false) for _, name := range pathsToRemove { - w.Remove(name) + info, ok := w.watches.byPath(name) + if !ok { + // w.path has an entry for name but w.wd doesn't -- + // drop the stale lookup entry so the map state is + // consistent after Close. + w.watches.remove(0, name) + continue + } + _ = w.register([]int{info.wd}, unix.EV_DELETE, 0) + unix.Close(info.wd) + w.watches.remove(info.wd, name) } unix.Close(w.closepipe[1]) // Send "quit" message to readEvents @@ -376,19 +394,12 @@ func (w *kqueue) addWatch(name string, flags uint32, listDir bool) (string, erro } } - // Retry on EINTR; open() can return EINTR in practice on macOS. - // See #354, and Go issues 11180 and 39237. - for { - info.wd, err = unix.Open(name, openMode, 0) - if err == nil { - break - } - if errors.Is(err, unix.EINTR) { - continue - } + info.wd, err = internal.IgnoringEINTR(func() (int, error) { + return unix.Open(name, openMode, 0) + }) + if err != nil { return "", err } - info.isDir = fi.IsDir() } @@ -436,9 +447,10 @@ func (w *kqueue) readEvents() { eventBuffer := make([]unix.Kevent_t, 10) for { - kevents, err := w.read(eventBuffer) - // EINTR is okay, the syscall was interrupted before timeout expired. - if err != nil && err != unix.EINTR { + kevents, err := internal.IgnoringEINTR(func() ([]unix.Kevent_t, error) { + return w.read(eventBuffer) + }) + if err != nil { if !w.sendError(fmt.Errorf("fsnotify.readEvents: %w", err)) { return } @@ -583,12 +595,14 @@ func (w *kqueue) watchDirectoryFiles(dirPath string) error { cleanPath, err := w.internalWatch(path, fi) if err != nil { - // No permission to read the file; that's not a problem: just skip. - // But do add it to w.fileExists to prevent it from being picked up - // as a "new" file later (it still shows up in the directory + // No permission, or the entry resolved to a missing target + // (e.g. a dangling symlink): not a problem, just skip. But + // do mark it as seen to prevent it from being picked up as + // a "new" file later (it still shows up in the directory // listing). switch { - case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM): + case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) || + errors.Is(err, os.ErrNotExist): cleanPath = filepath.Clean(path) default: return fmt.Errorf("%q: %w", path, err) @@ -703,3 +717,19 @@ func (w *kqueue) xSupports(op Op) bool { } return true } + +func (w *kqueue) state() { + w.watches.mu.Lock() + defer w.watches.mu.Unlock() + + all := make([]int, 0, len(w.watches.wd)) + for wd := range w.watches.wd { + all = append(all, wd) + } + sort.Ints(all) + + for _, wd := range all { + ww := w.watches.wd[wd] + fmt.Fprintf(os.Stderr, "%4d %q linkname=%q\n", wd, ww.name, ww.linkName) + } +} diff --git a/vendor/github.com/fsnotify/fsnotify/backend_windows.go b/vendor/github.com/fsnotify/fsnotify/backend_windows.go index 3433642d641..fb9210f24ed 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_windows.go @@ -11,7 +11,6 @@ import ( "fmt" "os" "path/filepath" - "reflect" "runtime" "strings" "sync" @@ -37,6 +36,13 @@ type readDirChangesW struct { var defaultBufferSize = 50 +func isSameOrDescendantPath(path, root string) bool { + if path == root { + return true + } + return strings.HasPrefix(path, root+string(os.PathSeparator)) +} + func newBackend(ev chan Event, errs chan error) (backend, error) { port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0) if err != nil { @@ -359,22 +365,26 @@ func (w *readDirChangesW) addWatch(pathname string, flags uint64, bufsize int) e } else { windows.CloseHandle(ino.handle) } + w.mu.Lock() if pathname == dir { watchEntry.mask |= flags } else { watchEntry.names[filepath.Base(pathname)] |= flags } + w.mu.Unlock() err = w.startRead(watchEntry) if err != nil { return err } + w.mu.Lock() if pathname == dir { watchEntry.mask &= ^provisional } else { watchEntry.names[filepath.Base(pathname)] &= ^provisional } + w.mu.Unlock() return nil } @@ -394,8 +404,13 @@ func (w *readDirChangesW) remWatch(pathname string) error { w.mu.Lock() watch := w.watches.get(ino) w.mu.Unlock() + if watch == nil { + windows.CloseHandle(ino.handle) + return fmt.Errorf("%w: %s", ErrNonExistentWatch, pathname) + } if recurse && !watch.recurse { + windows.CloseHandle(ino.handle) return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname) } @@ -403,16 +418,19 @@ func (w *readDirChangesW) remWatch(pathname string) error { if err != nil { w.sendError(os.NewSyscallError("CloseHandle", err)) } - if watch == nil { - return fmt.Errorf("%w: %s", ErrNonExistentWatch, pathname) - } if pathname == dir { - w.sendEvent(watch.path, "", watch.mask&sysFSIGNORED) + w.mu.Lock() + mask := watch.mask watch.mask = 0 + w.mu.Unlock() + w.sendEvent(watch.path, "", mask&sysFSIGNORED) } else { name := filepath.Base(pathname) - w.sendEvent(filepath.Join(watch.path, name), "", watch.names[name]&sysFSIGNORED) + w.mu.Lock() + mask := watch.names[name] delete(watch.names, name) + w.mu.Unlock() + w.sendEvent(filepath.Join(watch.path, name), "", mask&sysFSIGNORED) } return w.startRead(watch) @@ -420,17 +438,23 @@ func (w *readDirChangesW) remWatch(pathname string) error { // Must run within the I/O thread. func (w *readDirChangesW) deleteWatch(watch *watch) { - for name, mask := range watch.names { - if mask&provisional == 0 { - w.sendEvent(filepath.Join(watch.path, name), "", mask&sysFSIGNORED) + // Snapshot+clear under the lock so concurrent WatchList() readers see a + // consistent state. sendEvent must run outside the lock since it can + // block on the user-facing Events channel. + w.mu.Lock() + names := watch.names + watch.names = make(map[string]uint64) + mask := watch.mask + watch.mask = 0 + w.mu.Unlock() + + for name, m := range names { + if m&provisional == 0 { + w.sendEvent(filepath.Join(watch.path, name), "", m&sysFSIGNORED) } - delete(watch.names, name) } - if watch.mask != 0 { - if watch.mask&provisional == 0 { - w.sendEvent(watch.path, "", watch.mask&sysFSIGNORED) - } - watch.mask = 0 + if mask != 0 && mask&provisional == 0 { + w.sendEvent(watch.path, "", mask&sysFSIGNORED) } } @@ -457,9 +481,8 @@ func (w *readDirChangesW) startRead(watch *watch) error { } // We need to pass the array, rather than the slice. - hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf)) rdErr := windows.ReadDirectoryChanges(watch.ino.handle, - (*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len), + unsafe.SliceData(watch.buf), uint32(len(watch.buf)), watch.recurse, mask, nil, &watch.ov, 0) if rdErr != nil { err := os.NewSyscallError("ReadDirectoryChanges", rdErr) @@ -565,12 +588,7 @@ func (w *readDirChangesW) readEvents() { // Create a buf that is the size of the path name size := int(raw.FileNameLength / 2) - var buf []uint16 - // TODO: Use unsafe.Slice in Go 1.17; https://stackoverflow.com/questions/51187973 - sh := (*reflect.SliceHeader)(unsafe.Pointer(&buf)) - sh.Data = uintptr(unsafe.Pointer(&raw.FileName)) - sh.Len = size - sh.Cap = size + buf := unsafe.Slice(&raw.FileName, size) name := windows.UTF16ToString(buf) fullname := filepath.Join(watch.path, name) @@ -587,31 +605,35 @@ func (w *readDirChangesW) readEvents() { case windows.FILE_ACTION_RENAMED_OLD_NAME: watch.rename = name case windows.FILE_ACTION_RENAMED_NEW_NAME: - // Update saved path of all sub-watches. + // Update saved path of all sub-watches and rename the + // names entry under the lock so WatchList() can't observe + // a torn state. old := filepath.Join(watch.path, watch.rename) w.mu.Lock() for _, watchMap := range w.watches { for _, ww := range watchMap { - if strings.HasPrefix(ww.path, old) { + if isSameOrDescendantPath(ww.path, old) { ww.path = filepath.Join(fullname, strings.TrimPrefix(ww.path, old)) } } } - w.mu.Unlock() - if watch.names[watch.rename] != 0 { watch.names[name] |= watch.names[watch.rename] delete(watch.names, watch.rename) mask = sysFSMOVESELF } + w.mu.Unlock() } if raw.Action != windows.FILE_ACTION_RENAMED_NEW_NAME { w.sendEvent(fullname, "", watch.names[name]&mask) } if raw.Action == windows.FILE_ACTION_REMOVED { - w.sendEvent(fullname, "", watch.names[name]&sysFSIGNORED) + w.mu.Lock() + ignored := watch.names[name] & sysFSIGNORED delete(watch.names, name) + w.mu.Unlock() + w.sendEvent(fullname, "", ignored) } if watch.rename != "" && raw.Action == windows.FILE_ACTION_RENAMED_NEW_NAME { diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go index f64be4bf98e..38cb4dd481c 100644 --- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go +++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go @@ -51,26 +51,25 @@ import ( // The fs.inotify.max_user_watches sysctl variable specifies the upper limit // for the number of watches per user, and fs.inotify.max_user_instances // specifies the maximum number of inotify instances per user. Every Watcher you -// create is an "instance", and every path you add is a "watch". +// create is an "instance", and every path you add is a "watch". Reaching the +// limit will result in a "no space left on device" or "too many open files" +// error. // // These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and -// /proc/sys/fs/inotify/max_user_instances +// /proc/sys/fs/inotify/max_user_instances. The default values differ per distro +// and available memory. // // To increase them you can use sysctl or write the value to the /proc file: // -// # Default values on Linux 5.18 -// sysctl fs.inotify.max_user_watches=124983 -// sysctl fs.inotify.max_user_instances=128 +// sysctl fs.inotify.max_user_watches=200000 +// sysctl fs.inotify.max_user_instances=256 // // To make the changes persist on reboot edit /etc/sysctl.conf or // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check // your distro's documentation): // -// fs.inotify.max_user_watches=124983 -// fs.inotify.max_user_instances=128 -// -// Reaching the limit will result in a "no space left on device" or "too many open -// files" error. +// fs.inotify.max_user_watches=200000 +// fs.inotify.max_user_instances=256 // // # kqueue notes (macOS, BSD) // @@ -93,6 +92,28 @@ import ( // Sometimes it will send events for all files, sometimes it will send no // events, and often only for some files. // +// Recursive watching is not currently enabled through fsnotify's public +// API; the recursive code path is gated and only exercised by fsnotify's +// own tests. The note below describes backend behavior observed when +// recursive watching is enabled internally, and is kept here as a +// reference for maintainers and contributors who encounter it. +// +// When recursive watching is enabled and you watch a directory, you may +// receive a Write event for an intermediate directory whenever a child +// entry inside it is created, renamed, or removed. For example, with a +// recursive watch on /a and a new file /a/b/c, you will receive +// Create /a/b/c and may also receive Write /a/b. +// +// This happens because, on NTFS-backed volumes, modifying the entries of a +// directory updates that directory's last-write time, and the Windows +// backend requests FILE_NOTIFY_CHANGE_LAST_WRITE to support Write events +// on files. The same Write filter therefore picks up the directory's +// metadata update. +// +// Whether the directory Write is actually delivered alongside the child +// events is not guaranteed; it depends on ReadDirectoryChangesW buffering, +// NTFS metadata update timing, and event coalescing. +// // The default ReadDirectoryChangesW() buffer size is 64K, which is the largest // value that is guaranteed to work with SMB filesystems. If you have many // events in quick succession this may not be enough, and you will have to use @@ -129,8 +150,12 @@ type Watcher struct { // want to wait until you've stopped receiving them // (see the dedup example in cmd/fsnotify). // - // Some systems may send Write event for directories - // when the directory content changes. + // Some systems also send Write events for directories + // when the directory contents change. This is the + // case for kqueue, and on Windows for the directory + // that contains a created, renamed, or removed child + // entry. It does not happen on inotify. See the + // per-platform notes on [Watcher]. // // fsnotify.Chmod Attributes were changed. On Linux this is also sent // when a file is removed (or more accurately, when a @@ -179,7 +204,9 @@ const ( Create Op = 1 << iota // The pathname was written to; this does *not* mean the write has finished, - // and a write can be followed by more writes. + // and a write can be followed by more writes. On Windows and kqueue, a + // Write on a directory can also indicate that its contents changed; see + // the per-platform notes on [Watcher]. Write // The path was removed; any watches on it will be removed. Some "remove" @@ -220,7 +247,7 @@ const ( // File opened for reading was closed. // - // Only works on Linux and FreeBSD. + // Only works on Linux. xUnportableCloseRead ) @@ -410,7 +437,6 @@ type ( withOpts struct { bufsize int op Op - noFollow bool sendCreate bool } ) @@ -469,12 +495,6 @@ func withOps(op Op) addOpt { return func(opt *withOpts) { opt.op = op } } -// WithNoFollow disables following symlinks, so the symlinks themselves are -// watched. -func withNoFollow() addOpt { - return func(opt *withOpts) { opt.noFollow = true } -} - // "Internal" option for recursive watches on inotify. func withCreate() addOpt { return func(opt *withOpts) { opt.sendCreate = true } @@ -494,3 +514,13 @@ func recursivePath(path string) (string, bool) { } return path, false } + +type watchFlag uint8 + +const ( + // Added by user with Add(), rather than an internal watch. + flagByUser = watchFlag(0x01) + // Part of recursive watch; as the top-level path added by the user or an + // "internal" watch. + flagRecurse = watchFlag(0x02) +) diff --git a/vendor/github.com/fsnotify/fsnotify/internal/darwin.go b/vendor/github.com/fsnotify/fsnotify/internal/darwin.go index 0b01bc182a1..6721aa60968 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/darwin.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/darwin.go @@ -15,25 +15,6 @@ var ( var maxfiles uint64 -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = l.Cur - - if n, err := syscall.SysctlUint32("kern.maxfiles"); err == nil && uint64(n) < maxfiles { - maxfiles = uint64(n) - } - - if n, err := syscall.SysctlUint32("kern.maxfilesperproc"); err == nil && uint64(n) < maxfiles { - maxfiles = uint64(n) - } -} - func Maxfiles() uint64 { return maxfiles } func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, dev) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go index 928319fb09a..7600180742b 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go @@ -6,52 +6,10 @@ var names = []struct { n string m uint32 }{ - {"NOTE_ABSOLUTE", unix.NOTE_ABSOLUTE}, {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_BACKGROUND", unix.NOTE_BACKGROUND}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_CRITICAL", unix.NOTE_CRITICAL}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXITSTATUS", unix.NOTE_EXITSTATUS}, - {"NOTE_EXIT_CSERROR", unix.NOTE_EXIT_CSERROR}, - {"NOTE_EXIT_DECRYPTFAIL", unix.NOTE_EXIT_DECRYPTFAIL}, - {"NOTE_EXIT_DETAIL", unix.NOTE_EXIT_DETAIL}, - {"NOTE_EXIT_DETAIL_MASK", unix.NOTE_EXIT_DETAIL_MASK}, - {"NOTE_EXIT_MEMORY", unix.NOTE_EXIT_MEMORY}, - {"NOTE_EXIT_REPARENTED", unix.NOTE_EXIT_REPARENTED}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_FUNLOCK", unix.NOTE_FUNLOCK}, - {"NOTE_LEEWAY", unix.NOTE_LEEWAY}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_MACHTIME", unix.NOTE_MACHTIME}, - {"NOTE_MACH_CONTINUOUS_TIME", unix.NOTE_MACH_CONTINUOUS_TIME}, - {"NOTE_NONE", unix.NOTE_NONE}, - {"NOTE_NSECONDS", unix.NOTE_NSECONDS}, - {"NOTE_OOB", unix.NOTE_OOB}, - //{"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, -0x100000 (?!) - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_REAP", unix.NOTE_REAP}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_SECONDS", unix.NOTE_SECONDS}, - {"NOTE_SIGNAL", unix.NOTE_SIGNAL}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_USECONDS", unix.NOTE_USECONDS}, - {"NOTE_VM_ERROR", unix.NOTE_VM_ERROR}, - {"NOTE_VM_PRESSURE", unix.NOTE_VM_PRESSURE}, - {"NOTE_VM_PRESSURE_SUDDEN_TERMINATE", unix.NOTE_VM_PRESSURE_SUDDEN_TERMINATE}, - {"NOTE_VM_PRESSURE_TERMINATE", unix.NOTE_VM_PRESSURE_TERMINATE}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go index 3186b0c3491..7600180742b 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go @@ -7,27 +7,9 @@ var names = []struct { m uint32 }{ {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FORK", unix.NOTE_FORK}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_OOB", unix.NOTE_OOB}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go index f69fdb930f5..b9e45f55512 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go @@ -6,37 +6,15 @@ var names = []struct { n string m uint32 }{ - {"NOTE_ABSTIME", unix.NOTE_ABSTIME}, - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_CLOSE", unix.NOTE_CLOSE}, - {"NOTE_CLOSE_WRITE", unix.NOTE_CLOSE_WRITE}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, + {"NOTE_WRITE", unix.NOTE_WRITE}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FILE_POLL", unix.NOTE_FILE_POLL}, - {"NOTE_FORK", unix.NOTE_FORK}, + {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_MSECONDS", unix.NOTE_MSECONDS}, - {"NOTE_NSECONDS", unix.NOTE_NSECONDS}, - {"NOTE_OPEN", unix.NOTE_OPEN}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_READ", unix.NOTE_READ}, {"NOTE_RENAME", unix.NOTE_RENAME}, {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_SECONDS", unix.NOTE_SECONDS}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_USECONDS", unix.NOTE_USECONDS}, - {"NOTE_WRITE", unix.NOTE_WRITE}, + {"NOTE_OPEN", unix.NOTE_OPEN}, + {"NOTE_CLOSE", unix.NOTE_CLOSE}, + {"NOTE_CLOSE_WRITE", unix.NOTE_CLOSE_WRITE}, + {"NOTE_READ", unix.NOTE_READ}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go index 607e683bd73..5d8116436db 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go @@ -27,6 +27,6 @@ func Debug(name string, kevent *unix.Kevent_t) { if unknown > 0 { l = append(l, fmt.Sprintf("0x%x", unknown)) } - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %10d:%-60s → %q\n", + fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %10d:%-20s → %q\n", time.Now().Format("15:04:05.000000000"), mask, strings.Join(l, " | "), name) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go index e5b3b6f6943..7600180742b 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go @@ -7,19 +7,9 @@ var names = []struct { m uint32 }{ {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FORK", unix.NOTE_FORK}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go index 1dd455bc5a4..871766d6997 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go @@ -7,22 +7,10 @@ var names = []struct { m uint32 }{ {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - // {"NOTE_CHANGE", unix.NOTE_CHANGE}, // Not on 386? - {"NOTE_CHILD", unix.NOTE_CHILD}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EOF", unix.NOTE_EOF}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FORK", unix.NOTE_FORK}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, {"NOTE_TRUNCATE", unix.NOTE_TRUNCATE}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go b/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go index 5ac8b507978..758a2490525 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go @@ -15,17 +15,6 @@ var ( var maxfiles uint64 -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = uint64(l.Cur) -} - func Maxfiles() uint64 { return maxfiles } func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, uint64(dev)) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/unix.go b/vendor/github.com/fsnotify/fsnotify/internal/unix.go index b251fb80386..9c66f5d30db 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/unix.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/unix.go @@ -15,17 +15,6 @@ var ( var maxfiles uint64 -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = uint64(l.Cur) -} - func Maxfiles() uint64 { return maxfiles } func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, dev) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/unix2.go b/vendor/github.com/fsnotify/fsnotify/internal/unix2.go index 37dfeddc289..b2d89592f7c 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/unix2.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/unix2.go @@ -2,6 +2,24 @@ package internal +import "syscall" + func HasPrivilegesForSymlink() bool { return true } + +// IgnoringEINTR makes a function call and repeats it if it returns an +// EINTR error. This appears to be required even though we install all +// signal handlers with SA_RESTART: see #22838, #38033, #38836, #40846. +// Also #20400 and #36644 are issues in which a signal handler is +// installed without setting SA_RESTART. None of these are the common case, +// but there are enough of them that it seems that we can't avoid +// an EINTR loop. +func IgnoringEINTR[T any](fn func() (T, error)) (T, error) { + for { + v, err := fn() + if err != syscall.EINTR { + return v, err + } + } +} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/windows.go b/vendor/github.com/fsnotify/fsnotify/internal/windows.go index 896bc2e5a2f..e24d5692641 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/windows.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/windows.go @@ -14,7 +14,6 @@ var ( ErrUnixEACCES = errors.New("dummy") ) -func SetRlimit() {} func Maxfiles() uint64 { return 1<<64 - 1 } func Mkfifo(path string, mode uint32) error { return errors.New("no FIFOs on Windows") } func Mknod(path string, mode uint32, dev int) error { return errors.New("no device nodes on Windows") } diff --git a/vendor/github.com/go-jose/go-jose/v4/.gitignore b/vendor/github.com/go-jose/go-jose/v4/.gitignore new file mode 100644 index 00000000000..eb29ebaefd8 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/.gitignore @@ -0,0 +1,2 @@ +jose-util/jose-util +jose-util.t.err \ No newline at end of file diff --git a/vendor/github.com/go-jose/go-jose/v4/.golangci.yml b/vendor/github.com/go-jose/go-jose/v4/.golangci.yml new file mode 100644 index 00000000000..2a577a8f95b --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/.golangci.yml @@ -0,0 +1,53 @@ +# https://github.com/golangci/golangci-lint + +run: + skip-files: + - doc_test.go + modules-download-mode: readonly + +linters: + enable-all: true + disable: + - gochecknoglobals + - goconst + - lll + - maligned + - nakedret + - scopelint + - unparam + - funlen # added in 1.18 (requires go-jose changes before it can be enabled) + +linters-settings: + gocyclo: + min-complexity: 35 + +issues: + exclude-rules: + - text: "don't use ALL_CAPS in Go names" + linters: + - golint + - text: "hardcoded credentials" + linters: + - gosec + - text: "weak cryptographic primitive" + linters: + - gosec + - path: json/ + linters: + - dupl + - errcheck + - gocritic + - gocyclo + - golint + - govet + - ineffassign + - staticcheck + - structcheck + - stylecheck + - unused + - path: _test\.go + linters: + - scopelint + - path: jwk.go + linters: + - gocyclo diff --git a/vendor/github.com/go-jose/go-jose/v4/.travis.yml b/vendor/github.com/go-jose/go-jose/v4/.travis.yml new file mode 100644 index 00000000000..48de631b003 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/.travis.yml @@ -0,0 +1,33 @@ +language: go + +matrix: + fast_finish: true + allow_failures: + - go: tip + +go: + - "1.13.x" + - "1.14.x" + - tip + +before_script: + - export PATH=$HOME/.local/bin:$PATH + +before_install: + - go get -u github.com/mattn/goveralls github.com/wadey/gocovmerge + - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.18.0 + - pip install cram --user + +script: + - go test -v -covermode=count -coverprofile=profile.cov . + - go test -v -covermode=count -coverprofile=cryptosigner/profile.cov ./cryptosigner + - go test -v -covermode=count -coverprofile=cipher/profile.cov ./cipher + - go test -v -covermode=count -coverprofile=jwt/profile.cov ./jwt + - go test -v ./json # no coverage for forked encoding/json package + - golangci-lint run + - cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t # cram tests jose-util + - cd .. + +after_success: + - gocovmerge *.cov */*.cov > merged.coverprofile + - goveralls -coverprofile merged.coverprofile -service=travis-ci diff --git a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md new file mode 100644 index 00000000000..4b4805add65 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md @@ -0,0 +1,9 @@ +# Contributing + +If you would like to contribute code to go-jose you can do so through GitHub by +forking the repository and sending a pull request. + +When submitting code, please make every effort to follow existing conventions +and style in order to keep the code as readable as possible. Please also make +sure all tests pass by running `go test`, and format your code with `go fmt`. +We also recommend using `golint` and `errcheck`. diff --git a/vendor/github.com/go-jose/go-jose/v4/LICENSE b/vendor/github.com/go-jose/go-jose/v4/LICENSE new file mode 100644 index 00000000000..d6456956733 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/go-jose/go-jose/v4/README.md b/vendor/github.com/go-jose/go-jose/v4/README.md new file mode 100644 index 00000000000..55c5509176b --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/README.md @@ -0,0 +1,108 @@ +# Go JOSE + +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4) +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt) +[![license](https://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE) + +Package jose aims to provide an implementation of the Javascript Object Signing +and Encryption set of standards. This includes support for JSON Web Encryption, +JSON Web Signature, and JSON Web Token standards. + +## Overview + +The implementation follows the +[JSON Web Encryption](https://dx.doi.org/10.17487/RFC7516) (RFC 7516), +[JSON Web Signature](https://dx.doi.org/10.17487/RFC7515) (RFC 7515), and +[JSON Web Token](https://dx.doi.org/10.17487/RFC7519) (RFC 7519) specifications. +Tables of supported algorithms are shown below. The library supports both +the compact and JWS/JWE JSON Serialization formats, and has optional support for +multiple recipients. It also comes with a small command-line utility +([`jose-util`](https://pkg.go.dev/github.com/go-jose/go-jose/jose-util)) +for dealing with JOSE messages in a shell. + +**Note**: We use a forked version of the `encoding/json` package from the Go +standard library which uses case-sensitive matching for member names (instead +of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)). +This is to avoid differences in interpretation of messages between go-jose and +libraries in other languages. + +### Versions + +The forthcoming Version 5 will be released with several breaking API changes, +and will require Golang's `encoding/json/v2`, which is currently requires +Go 1.25 built with GOEXPERIMENT=jsonv2. + +Version 4 is the current stable version: + + import "github.com/go-jose/go-jose/v4" + +It supports at least the current and previous Golang release. Currently it +requires Golang 1.24. + +Version 3 is only receiving critical security updates. Migration to Version 4 is recommended. + +Versions 1 and 2 are obsolete, but can be found in the old repository, [square/go-jose](https://github.com/square/go-jose). + +### Supported algorithms + +See below for a table of supported algorithms. Algorithm identifiers match +the names in the [JSON Web Algorithms](https://dx.doi.org/10.17487/RFC7518) +standard where possible. The Godoc reference has a list of constants. + +| Key encryption | Algorithm identifier(s) | +|:-----------------------|:-----------------------------------------------| +| RSA-PKCS#1v1.5 | RSA1_5 | +| RSA-OAEP | RSA-OAEP, RSA-OAEP-256 | +| AES key wrap | A128KW, A192KW, A256KW | +| AES-GCM key wrap | A128GCMKW, A192GCMKW, A256GCMKW | +| ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW | +| ECDH-ES (direct) | ECDH-ES1 | +| Direct encryption | dir1 | + +1. Not supported in multi-recipient mode + +| Signing / MAC | Algorithm identifier(s) | +|:------------------|:------------------------| +| RSASSA-PKCS#1v1.5 | RS256, RS384, RS512 | +| RSASSA-PSS | PS256, PS384, PS512 | +| HMAC | HS256, HS384, HS512 | +| ECDSA | ES256, ES384, ES512 | +| Ed25519 | EdDSA2 | + +2. Only available in version 2 of the package + +| Content encryption | Algorithm identifier(s) | +|:-------------------|:--------------------------------------------| +| AES-CBC+HMAC | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 | +| AES-GCM | A128GCM, A192GCM, A256GCM | + +| Compression | Algorithm identifiers(s) | +|:-------------------|--------------------------| +| DEFLATE (RFC 1951) | DEF | + +### Supported key types + +See below for a table of supported key types. These are understood by the +library, and can be passed to corresponding functions such as `NewEncrypter` or +`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which +allows attaching a key id. + +| Algorithm(s) | Corresponding types | +|:------------------|--------------------------------------------------------------------------------------------------------------------------------------| +| RSA | *[rsa.PublicKey](https://pkg.go.dev/crypto/rsa/#PublicKey), *[rsa.PrivateKey](https://pkg.go.dev/crypto/rsa/#PrivateKey) | +| ECDH, ECDSA | *[ecdsa.PublicKey](https://pkg.go.dev/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](https://pkg.go.dev/crypto/ecdsa/#PrivateKey) | +| EdDSA1 | [ed25519.PublicKey](https://pkg.go.dev/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://pkg.go.dev/crypto/ed25519#PrivateKey) | +| AES, HMAC | []byte | + +1. Only available in version 2 or later of the package + +## Examples + +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4) +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt) + +Examples can be found in the Godoc +reference for this package. The +[`jose-util`](https://github.com/go-jose/go-jose/tree/main/jose-util) +subdirectory also contains a small command-line utility which might be useful +as an example as well. diff --git a/vendor/github.com/go-jose/go-jose/v4/SECURITY.md b/vendor/github.com/go-jose/go-jose/v4/SECURITY.md new file mode 100644 index 00000000000..2f18a75a822 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy +This document explains how to contact the Let's Encrypt security team to report security vulnerabilities. + +## Supported Versions +| Version | Supported | +| ------- | ----------| +| >= v3 | ✓ | +| v2 | ✗ | +| v1 | ✗ | + +## Reporting a vulnerability + +Please see [https://letsencrypt.org/contact/#security](https://letsencrypt.org/contact/#security) for the email address to report a vulnerability. Ensure that the subject line for your report contains the word `vulnerability` and is descriptive. Your email should be acknowledged within 24 hours. If you do not receive a response within 24 hours, please follow-up again with another email. diff --git a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go new file mode 100644 index 00000000000..7784cd4584e --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go @@ -0,0 +1,603 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jose + +import ( + "crypto" + "crypto/aes" + "crypto/ecdsa" + "crypto/ed25519" + "crypto/rand" + "crypto/rsa" + "crypto/sha1" + "crypto/sha256" + "errors" + "fmt" + "math/big" + + josecipher "github.com/go-jose/go-jose/v4/cipher" + "github.com/go-jose/go-jose/v4/json" +) + +// A generic RSA-based encrypter/verifier +type rsaEncrypterVerifier struct { + publicKey *rsa.PublicKey +} + +// A generic RSA-based decrypter/signer +type rsaDecrypterSigner struct { + privateKey *rsa.PrivateKey +} + +// A generic EC-based encrypter/verifier +type ecEncrypterVerifier struct { + publicKey *ecdsa.PublicKey +} + +type edEncrypterVerifier struct { + publicKey ed25519.PublicKey +} + +// A key generator for ECDH-ES +type ecKeyGenerator struct { + size int + algID string + publicKey *ecdsa.PublicKey +} + +// A generic EC-based decrypter/signer +type ecDecrypterSigner struct { + privateKey *ecdsa.PrivateKey +} + +type edDecrypterSigner struct { + privateKey ed25519.PrivateKey +} + +// newRSARecipient creates recipientKeyInfo based on the given key. +func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch keyAlg { + case RSA1_5, RSA_OAEP, RSA_OAEP_256: + default: + return recipientKeyInfo{}, ErrUnsupportedAlgorithm + } + + if publicKey == nil { + return recipientKeyInfo{}, errors.New("invalid public key") + } + + return recipientKeyInfo{ + keyAlg: keyAlg, + keyEncrypter: &rsaEncrypterVerifier{ + publicKey: publicKey, + }, + }, nil +} + +// newRSASigner creates a recipientSigInfo based on the given key. +func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch sigAlg { + case RS256, RS384, RS512, PS256, PS384, PS512: + default: + return recipientSigInfo{}, ErrUnsupportedAlgorithm + } + + if privateKey == nil { + return recipientSigInfo{}, errors.New("invalid private key") + } + + return recipientSigInfo{ + sigAlg: sigAlg, + publicKey: staticPublicKey(&JSONWebKey{ + Key: privateKey.Public(), + }), + signer: &rsaDecrypterSigner{ + privateKey: privateKey, + }, + }, nil +} + +func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) { + if sigAlg != EdDSA { + return recipientSigInfo{}, ErrUnsupportedAlgorithm + } + + if privateKey == nil { + return recipientSigInfo{}, errors.New("invalid private key") + } + return recipientSigInfo{ + sigAlg: sigAlg, + publicKey: staticPublicKey(&JSONWebKey{ + Key: privateKey.Public(), + }), + signer: &edDecrypterSigner{ + privateKey: privateKey, + }, + }, nil +} + +// newECDHRecipient creates recipientKeyInfo based on the given key. +func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch keyAlg { + case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: + default: + return recipientKeyInfo{}, ErrUnsupportedAlgorithm + } + + if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { + return recipientKeyInfo{}, errors.New("invalid public key") + } + + return recipientKeyInfo{ + keyAlg: keyAlg, + keyEncrypter: &ecEncrypterVerifier{ + publicKey: publicKey, + }, + }, nil +} + +// newECDSASigner creates a recipientSigInfo based on the given key. +func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch sigAlg { + case ES256, ES384, ES512: + default: + return recipientSigInfo{}, ErrUnsupportedAlgorithm + } + + if privateKey == nil { + return recipientSigInfo{}, errors.New("invalid private key") + } + + return recipientSigInfo{ + sigAlg: sigAlg, + publicKey: staticPublicKey(&JSONWebKey{ + Key: privateKey.Public(), + }), + signer: &ecDecrypterSigner{ + privateKey: privateKey, + }, + }, nil +} + +// Encrypt the given payload and update the object. +func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { + encryptedKey, err := ctx.encrypt(cek, alg) + if err != nil { + return recipientInfo{}, err + } + + return recipientInfo{ + encryptedKey: encryptedKey, + header: &rawHeader{}, + }, nil +} + +// Encrypt the given payload. Based on the key encryption algorithm, +// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). +func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) { + switch alg { + case RSA1_5: + return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek) + case RSA_OAEP: + return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{}) + case RSA_OAEP_256: + return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{}) + } + + return nil, ErrUnsupportedAlgorithm +} + +// Decrypt the given payload and return the content encryption key. +func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { + return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator) +} + +// Decrypt the given payload. Based on the key encryption algorithm, +// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). +func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) { + // Note: The random reader on decrypt operations is only used for blinding, + // so stubbing is meanlingless (hence the direct use of rand.Reader). + switch alg { + case RSA1_5: + defer func() { + // DecryptPKCS1v15SessionKey sometimes panics on an invalid payload + // because of an index out of bounds error, which we want to ignore. + // This has been fixed in Go 1.3.1 (released 2014/08/13), the recover() + // only exists for preventing crashes with unpatched versions. + // See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k + // See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33 + _ = recover() + }() + + // Perform some input validation. + keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8 + if keyBytes != len(jek) { + // Input size is incorrect, the encrypted payload should always match + // the size of the public modulus (e.g. using a 2048 bit key will + // produce 256 bytes of output). Reject this since it's invalid input. + return nil, ErrCryptoFailure + } + + cek, _, err := generator.genKey() + if err != nil { + return nil, ErrCryptoFailure + } + + // When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to + // prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing + // the Million Message Attack on Cryptographic Message Syntax". We are + // therefore deliberately ignoring errors here. + _ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek) + + return cek, nil + case RSA_OAEP: + // Use rand.Reader for RSA blinding + return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{}) + case RSA_OAEP_256: + // Use rand.Reader for RSA blinding + return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{}) + } + + return nil, ErrUnsupportedAlgorithm +} + +// Sign the given payload +func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { + var hash crypto.Hash + + switch alg { + case RS256, PS256: + hash = crypto.SHA256 + case RS384, PS384: + hash = crypto.SHA384 + case RS512, PS512: + hash = crypto.SHA512 + default: + return Signature{}, ErrUnsupportedAlgorithm + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + var out []byte + var err error + + switch alg { + case RS256, RS384, RS512: + // TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the + // random parameter is legacy and ignored, and it can be nil. + // https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1 + out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed) + case PS256, PS384, PS512: + out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{ + SaltLength: rsa.PSSSaltLengthEqualsHash, + }) + } + + if err != nil { + return Signature{}, err + } + + return Signature{ + Signature: out, + protected: &rawHeader{}, + }, nil +} + +// Verify the given payload +func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { + var hash crypto.Hash + + switch alg { + case RS256, PS256: + hash = crypto.SHA256 + case RS384, PS384: + hash = crypto.SHA384 + case RS512, PS512: + hash = crypto.SHA512 + default: + return ErrUnsupportedAlgorithm + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + switch alg { + case RS256, RS384, RS512: + return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature) + case PS256, PS384, PS512: + return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil) + } + + return ErrUnsupportedAlgorithm +} + +// Encrypt the given payload and update the object. +func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { + switch alg { + case ECDH_ES: + // ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key. + return recipientInfo{ + header: &rawHeader{}, + }, nil + case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: + default: + return recipientInfo{}, ErrUnsupportedAlgorithm + } + + generator := ecKeyGenerator{ + algID: string(alg), + publicKey: ctx.publicKey, + } + + switch alg { + case ECDH_ES_A128KW: + generator.size = 16 + case ECDH_ES_A192KW: + generator.size = 24 + case ECDH_ES_A256KW: + generator.size = 32 + } + + kek, header, err := generator.genKey() + if err != nil { + return recipientInfo{}, err + } + + block, err := aes.NewCipher(kek) + if err != nil { + return recipientInfo{}, err + } + + jek, err := josecipher.KeyWrap(block, cek) + if err != nil { + return recipientInfo{}, err + } + + return recipientInfo{ + encryptedKey: jek, + header: &header, + }, nil +} + +// Get key size for EC key generator +func (ctx ecKeyGenerator) keySize() int { + return ctx.size +} + +// Get a content encryption key for ECDH-ES +func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) { + priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader) + if err != nil { + return nil, rawHeader{}, err + } + + out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size) + + b, err := json.Marshal(&JSONWebKey{ + Key: &priv.PublicKey, + }) + if err != nil { + return nil, nil, err + } + + headers := rawHeader{ + headerEPK: makeRawMessage(b), + } + + return out, headers, nil +} + +// Decrypt the given payload and return the content encryption key. +func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { + if recipient == nil { + return nil, errors.New("go-jose/go-jose: missing recipient") + } + epk, err := headers.getEPK() + if err != nil { + return nil, errors.New("go-jose/go-jose: invalid epk header") + } + if epk == nil { + return nil, errors.New("go-jose/go-jose: missing epk header") + } + + publicKey, ok := epk.Key.(*ecdsa.PublicKey) + if publicKey == nil || !ok { + return nil, errors.New("go-jose/go-jose: invalid epk header") + } + + if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { + return nil, errors.New("go-jose/go-jose: invalid public key in epk header") + } + + apuData, err := headers.getAPU() + if err != nil { + return nil, errors.New("go-jose/go-jose: invalid apu header") + } + apvData, err := headers.getAPV() + if err != nil { + return nil, errors.New("go-jose/go-jose: invalid apv header") + } + + deriveKey := func(algID string, size int) []byte { + return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size) + } + + var keySize int + + algorithm := headers.getAlgorithm() + switch algorithm { + case ECDH_ES: + // ECDH-ES uses direct key agreement, no key unwrapping necessary. + return deriveKey(string(headers.getEncryption()), generator.keySize()), nil + case ECDH_ES_A128KW: + keySize = 16 + case ECDH_ES_A192KW: + keySize = 24 + case ECDH_ES_A256KW: + keySize = 32 + default: + return nil, ErrUnsupportedAlgorithm + } + + encryptedKey := recipient.encryptedKey + if len(encryptedKey) == 0 { + return nil, errors.New("go-jose/go-jose: missing JWE Encrypted Key") + } + + key := deriveKey(string(algorithm), keySize) + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + + return josecipher.KeyUnwrap(block, encryptedKey) +} + +func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { + if alg != EdDSA { + return Signature{}, ErrUnsupportedAlgorithm + } + + sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0)) + if err != nil { + return Signature{}, err + } + + return Signature{ + Signature: sig, + protected: &rawHeader{}, + }, nil +} + +func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { + if alg != EdDSA { + return ErrUnsupportedAlgorithm + } + ok := ed25519.Verify(ctx.publicKey, payload, signature) + if !ok { + return errors.New("go-jose/go-jose: ed25519 signature failed to verify") + } + return nil +} + +// Sign the given payload +func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { + var expectedBitSize int + var hash crypto.Hash + + switch alg { + case ES256: + expectedBitSize = 256 + hash = crypto.SHA256 + case ES384: + expectedBitSize = 384 + hash = crypto.SHA384 + case ES512: + expectedBitSize = 521 + hash = crypto.SHA512 + } + + curveBits := ctx.privateKey.Curve.Params().BitSize + if expectedBitSize != curveBits { + return Signature{}, fmt.Errorf("go-jose/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits) + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed) + if err != nil { + return Signature{}, err + } + + keyBytes := curveBits / 8 + if curveBits%8 > 0 { + keyBytes++ + } + + // We serialize the outputs (r and s) into big-endian byte arrays and pad + // them with zeros on the left to make sure the sizes work out. Both arrays + // must be keyBytes long, and the output must be 2*keyBytes long. + rBytes := r.Bytes() + rBytesPadded := make([]byte, keyBytes) + copy(rBytesPadded[keyBytes-len(rBytes):], rBytes) + + sBytes := s.Bytes() + sBytesPadded := make([]byte, keyBytes) + copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) + + out := append(rBytesPadded, sBytesPadded...) + + return Signature{ + Signature: out, + protected: &rawHeader{}, + }, nil +} + +// Verify the given payload +func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { + var keySize int + var hash crypto.Hash + + switch alg { + case ES256: + keySize = 32 + hash = crypto.SHA256 + case ES384: + keySize = 48 + hash = crypto.SHA384 + case ES512: + keySize = 66 + hash = crypto.SHA512 + default: + return ErrUnsupportedAlgorithm + } + + if len(signature) != 2*keySize { + return fmt.Errorf("go-jose/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize) + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + r := big.NewInt(0).SetBytes(signature[:keySize]) + s := big.NewInt(0).SetBytes(signature[keySize:]) + + match := ecdsa.Verify(ctx.publicKey, hashed, r, s) + if !match { + return errors.New("go-jose/go-jose: ecdsa signature failed to verify") + } + + return nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go b/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go new file mode 100644 index 00000000000..af029cec0ba --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go @@ -0,0 +1,196 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "bytes" + "crypto/cipher" + "crypto/hmac" + "crypto/sha256" + "crypto/sha512" + "crypto/subtle" + "encoding/binary" + "errors" + "hash" +) + +const ( + nonceBytes = 16 +) + +// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC. +func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) { + keySize := len(key) / 2 + integrityKey := key[:keySize] + encryptionKey := key[keySize:] + + blockCipher, err := newBlockCipher(encryptionKey) + if err != nil { + return nil, err + } + + var hash func() hash.Hash + switch keySize { + case 16: + hash = sha256.New + case 24: + hash = sha512.New384 + case 32: + hash = sha512.New + } + + return &cbcAEAD{ + hash: hash, + blockCipher: blockCipher, + authtagBytes: keySize, + integrityKey: integrityKey, + }, nil +} + +// An AEAD based on CBC+HMAC +type cbcAEAD struct { + hash func() hash.Hash + authtagBytes int + integrityKey []byte + blockCipher cipher.Block +} + +func (ctx *cbcAEAD) NonceSize() int { + return nonceBytes +} + +func (ctx *cbcAEAD) Overhead() int { + // Maximum overhead is block size (for padding) plus auth tag length, where + // the length of the auth tag is equivalent to the key size. + return ctx.blockCipher.BlockSize() + ctx.authtagBytes +} + +// Seal encrypts and authenticates the plaintext. +func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte { + // Output buffer -- must take care not to mangle plaintext input. + ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)] + copy(ciphertext, plaintext) + ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize()) + + cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce) + + cbc.CryptBlocks(ciphertext, ciphertext) + authtag := ctx.computeAuthTag(data, nonce, ciphertext) + + ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag))) + copy(out, ciphertext) + copy(out[len(ciphertext):], authtag) + + return ret +} + +// Open decrypts and authenticates the ciphertext. +func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { + if len(ciphertext) < ctx.authtagBytes { + return nil, errors.New("go-jose/go-jose: invalid ciphertext (too short)") + } + + offset := len(ciphertext) - ctx.authtagBytes + expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset]) + match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:]) + if match != 1 { + return nil, errors.New("go-jose/go-jose: invalid ciphertext (auth tag mismatch)") + } + + cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce) + + // Make copy of ciphertext buffer, don't want to modify in place + buffer := append([]byte{}, ciphertext[:offset]...) + + if len(buffer)%ctx.blockCipher.BlockSize() > 0 { + return nil, errors.New("go-jose/go-jose: invalid ciphertext (invalid length)") + } + + cbc.CryptBlocks(buffer, buffer) + + // Remove padding + plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize()) + if err != nil { + return nil, err + } + + ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext))) + copy(out, plaintext) + + return ret, nil +} + +// Compute an authentication tag +func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte { + buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8) + n := 0 + n += copy(buffer, aad) + n += copy(buffer[n:], nonce) + n += copy(buffer[n:], ciphertext) + binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8) + + // According to documentation, Write() on hash.Hash never fails. + hmac := hmac.New(ctx.hash, ctx.integrityKey) + _, _ = hmac.Write(buffer) + + return hmac.Sum(nil)[:ctx.authtagBytes] +} + +// resize ensures that the given slice has a capacity of at least n bytes. +// If the capacity of the slice is less than n, a new slice is allocated +// and the existing data will be copied. +func resize(in []byte, n uint64) (head, tail []byte) { + if uint64(cap(in)) >= n { + head = in[:n] + } else { + head = make([]byte, n) + copy(head, in) + } + + tail = head[len(in):] + return +} + +// Apply padding +func padBuffer(buffer []byte, blockSize int) []byte { + missing := blockSize - (len(buffer) % blockSize) + ret, out := resize(buffer, uint64(len(buffer))+uint64(missing)) + padding := bytes.Repeat([]byte{byte(missing)}, missing) + copy(out, padding) + return ret +} + +// Remove padding +func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) { + if len(buffer)%blockSize != 0 { + return nil, errors.New("go-jose/go-jose: invalid padding") + } + + last := buffer[len(buffer)-1] + count := int(last) + + if count == 0 || count > blockSize || count > len(buffer) { + return nil, errors.New("go-jose/go-jose: invalid padding") + } + + padding := bytes.Repeat([]byte{last}, count) + if !bytes.HasSuffix(buffer, padding) { + return nil, errors.New("go-jose/go-jose: invalid padding") + } + + return buffer[:len(buffer)-count], nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go b/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go new file mode 100644 index 00000000000..f62c3bdba5d --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go @@ -0,0 +1,75 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "crypto" + "encoding/binary" + "hash" + "io" +) + +type concatKDF struct { + z, info []byte + i uint32 + cache []byte + hasher hash.Hash +} + +// NewConcatKDF builds a KDF reader based on the given inputs. +func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader { + buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo))) + n := 0 + n += copy(buffer, algID) + n += copy(buffer[n:], ptyUInfo) + n += copy(buffer[n:], ptyVInfo) + n += copy(buffer[n:], supPubInfo) + copy(buffer[n:], supPrivInfo) + + hasher := hash.New() + + return &concatKDF{ + z: z, + info: buffer, + hasher: hasher, + cache: []byte{}, + i: 1, + } +} + +func (ctx *concatKDF) Read(out []byte) (int, error) { + copied := copy(out, ctx.cache) + ctx.cache = ctx.cache[copied:] + + for copied < len(out) { + ctx.hasher.Reset() + + // Write on a hash.Hash never fails + _ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i) + _, _ = ctx.hasher.Write(ctx.z) + _, _ = ctx.hasher.Write(ctx.info) + + hash := ctx.hasher.Sum(nil) + chunkCopied := copy(out[copied:], hash) + copied += chunkCopied + ctx.cache = hash[chunkCopied:] + + ctx.i++ + } + + return copied, nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go b/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go new file mode 100644 index 00000000000..093c646740b --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go @@ -0,0 +1,86 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "bytes" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "encoding/binary" +) + +// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA. +// It is an error to call this function with a private/public key that are not on the same +// curve. Callers must ensure that the keys are valid before calling this function. Output +// size may be at most 1<<16 bytes (64 KiB). +func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte { + if size > 1<<16 { + panic("ECDH-ES output size too large, must be less than or equal to 1<<16") + } + + // algId, partyUInfo, partyVInfo inputs must be prefixed with the length + algID := lengthPrefixed([]byte(alg)) + ptyUInfo := lengthPrefixed(apuData) + ptyVInfo := lengthPrefixed(apvData) + + // suppPubInfo is the encoded length of the output size in bits + supPubInfo := make([]byte, 4) + binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8) + + if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) { + panic("public key not on same curve as private key") + } + + z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes()) + zBytes := z.Bytes() + + // Note that calling z.Bytes() on a big.Int may strip leading zero bytes from + // the returned byte array. This can lead to a problem where zBytes will be + // shorter than expected which breaks the key derivation. Therefore we must pad + // to the full length of the expected coordinate here before calling the KDF. + octSize := dSize(priv.Curve) + if len(zBytes) != octSize { + zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...) + } + + reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{}) + key := make([]byte, size) + + // Read on the KDF will never fail + _, _ = reader.Read(key) + + return key +} + +// dSize returns the size in octets for a coordinate on a elliptic curve. +func dSize(curve elliptic.Curve) int { + order := curve.Params().P + bitLen := order.BitLen() + size := bitLen / 8 + if bitLen%8 != 0 { + size++ + } + return size +} + +func lengthPrefixed(data []byte) []byte { + out := make([]byte, len(data)+4) + binary.BigEndian.PutUint32(out, uint32(len(data))) + copy(out[4:], data) + return out +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go new file mode 100644 index 00000000000..a2f86e3db95 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go @@ -0,0 +1,117 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "crypto/cipher" + "crypto/subtle" + "encoding/binary" + "errors" +) + +var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6} + +// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher. +func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) { + if len(cek)%8 != 0 { + return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") + } + + n := len(cek) / 8 + r := make([][]byte, n) + + for i := range r { + r[i] = make([]byte, 8) + copy(r[i], cek[i*8:]) + } + + buffer := make([]byte, 16) + tBytes := make([]byte, 8) + copy(buffer, defaultIV) + + for t := 0; t < 6*n; t++ { + copy(buffer[8:], r[t%n]) + + block.Encrypt(buffer, buffer) + + binary.BigEndian.PutUint64(tBytes, uint64(t+1)) + + for i := 0; i < 8; i++ { + buffer[i] ^= tBytes[i] + } + copy(r[t%n], buffer[8:]) + } + + out := make([]byte, (n+1)*8) + copy(out, buffer[:8]) + for i := range r { + copy(out[(i+1)*8:], r[i]) + } + + return out, nil +} + +// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher. +// +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.4 +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.6 +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.8 +func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) { + n := (len(ciphertext) / 8) - 1 + if n <= 0 { + return nil, errors.New("go-jose/go-jose: JWE Encrypted Key too short") + } + + if len(ciphertext)%8 != 0 { + return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") + } + + r := make([][]byte, n) + + for i := range r { + r[i] = make([]byte, 8) + copy(r[i], ciphertext[(i+1)*8:]) + } + + buffer := make([]byte, 16) + tBytes := make([]byte, 8) + copy(buffer[:8], ciphertext[:8]) + + for t := 6*n - 1; t >= 0; t-- { + binary.BigEndian.PutUint64(tBytes, uint64(t+1)) + + for i := 0; i < 8; i++ { + buffer[i] ^= tBytes[i] + } + copy(buffer[8:], r[t%n]) + + block.Decrypt(buffer, buffer) + + copy(r[t%n], buffer[8:]) + } + + if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 { + return nil, errors.New("go-jose/go-jose: failed to unwrap key") + } + + out := make([]byte, n*8) + for i := range r { + copy(out[i*8:], r[i]) + } + + return out, nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/crypter.go b/vendor/github.com/go-jose/go-jose/v4/crypter.go new file mode 100644 index 00000000000..31290fc8715 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/crypter.go @@ -0,0 +1,595 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jose + +import ( + "crypto/ecdsa" + "crypto/rsa" + "errors" + "fmt" + + "github.com/go-jose/go-jose/v4/json" +) + +// Encrypter represents an encrypter which produces an encrypted JWE object. +type Encrypter interface { + Encrypt(plaintext []byte) (*JSONWebEncryption, error) + EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error) + Options() EncrypterOptions +} + +// A generic content cipher +type contentCipher interface { + keySize() int + encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error) + decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error) +} + +// A key generator (for generating/getting a CEK) +type keyGenerator interface { + keySize() int + genKey() ([]byte, rawHeader, error) +} + +// A generic key encrypter +type keyEncrypter interface { + encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key +} + +// A generic key decrypter +type keyDecrypter interface { + decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key +} + +// A generic encrypter based on the given key encrypter and content cipher. +type genericEncrypter struct { + contentAlg ContentEncryption + compressionAlg CompressionAlgorithm + cipher contentCipher + recipients []recipientKeyInfo + keyGenerator keyGenerator + extraHeaders map[HeaderKey]interface{} +} + +type recipientKeyInfo struct { + keyID string + keyAlg KeyAlgorithm + keyEncrypter keyEncrypter +} + +// EncrypterOptions represents options that can be set on new encrypters. +type EncrypterOptions struct { + Compression CompressionAlgorithm + + // Optional map of name/value pairs to be inserted into the protected + // header of a JWS object. Some specifications which make use of + // JWS require additional values here. + // + // Values will be serialized by [json.Marshal] and must be valid inputs to + // that function. + // + // [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal + ExtraHeaders map[HeaderKey]interface{} +} + +// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it +// if necessary, and returns the updated EncrypterOptions. +// +// The v parameter will be serialized by [json.Marshal] and must be a valid +// input to that function. +// +// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal +func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions { + if eo.ExtraHeaders == nil { + eo.ExtraHeaders = map[HeaderKey]interface{}{} + } + eo.ExtraHeaders[k] = v + return eo +} + +// WithContentType adds a content type ("cty") header and returns the updated +// EncrypterOptions. +func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions { + return eo.WithHeader(HeaderContentType, contentType) +} + +// WithType adds a type ("typ") header and returns the updated EncrypterOptions. +func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions { + return eo.WithHeader(HeaderType, typ) +} + +// Recipient represents an algorithm/key to encrypt messages to. +// +// PBES2Count and PBES2Salt correspond with the "p2c" and "p2s" headers used +// on the password-based encryption algorithms PBES2-HS256+A128KW, +// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe +// default of 100000 will be used for the count and a 128-bit random salt will +// be generated. +type Recipient struct { + Algorithm KeyAlgorithm + // Key must have one of these types: + // - ed25519.PublicKey + // - *ecdsa.PublicKey + // - *rsa.PublicKey + // - *JSONWebKey + // - JSONWebKey + // - []byte (a symmetric key) + // - Any type that satisfies the OpaqueKeyEncrypter interface + // + // The type of Key must match the value of Algorithm. + Key interface{} + KeyID string + PBES2Count int + PBES2Salt []byte +} + +// NewEncrypter creates an appropriate encrypter based on the key type +func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) { + encrypter := &genericEncrypter{ + contentAlg: enc, + recipients: []recipientKeyInfo{}, + cipher: getContentCipher(enc), + } + if opts != nil { + encrypter.compressionAlg = opts.Compression + encrypter.extraHeaders = opts.ExtraHeaders + } + + if encrypter.cipher == nil { + return nil, ErrUnsupportedAlgorithm + } + + var keyID string + var rawKey interface{} + switch encryptionKey := rcpt.Key.(type) { + case JSONWebKey: + keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key + case *JSONWebKey: + keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key + case OpaqueKeyEncrypter: + keyID, rawKey = encryptionKey.KeyID(), encryptionKey + default: + rawKey = encryptionKey + } + + switch rcpt.Algorithm { + case DIRECT: + // Direct encryption mode must be treated differently + keyBytes, ok := rawKey.([]byte) + if !ok { + return nil, ErrUnsupportedKeyType + } + if encrypter.cipher.keySize() != len(keyBytes) { + return nil, ErrInvalidKeySize + } + encrypter.keyGenerator = staticKeyGenerator{ + key: keyBytes, + } + recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, keyBytes) + recipientInfo.keyID = keyID + if rcpt.KeyID != "" { + recipientInfo.keyID = rcpt.KeyID + } + encrypter.recipients = []recipientKeyInfo{recipientInfo} + return encrypter, nil + case ECDH_ES: + // ECDH-ES (w/o key wrapping) is similar to DIRECT mode + keyDSA, ok := rawKey.(*ecdsa.PublicKey) + if !ok { + return nil, ErrUnsupportedKeyType + } + encrypter.keyGenerator = ecKeyGenerator{ + size: encrypter.cipher.keySize(), + algID: string(enc), + publicKey: keyDSA, + } + recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, keyDSA) + recipientInfo.keyID = keyID + if rcpt.KeyID != "" { + recipientInfo.keyID = rcpt.KeyID + } + encrypter.recipients = []recipientKeyInfo{recipientInfo} + return encrypter, nil + default: + // Can just add a standard recipient + encrypter.keyGenerator = randomKeyGenerator{ + size: encrypter.cipher.keySize(), + } + err := encrypter.addRecipient(rcpt) + return encrypter, err + } +} + +// NewMultiEncrypter creates a multi-encrypter based on the given parameters +func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) { + cipher := getContentCipher(enc) + + if cipher == nil { + return nil, ErrUnsupportedAlgorithm + } + if len(rcpts) == 0 { + return nil, fmt.Errorf("go-jose/go-jose: recipients is nil or empty") + } + + encrypter := &genericEncrypter{ + contentAlg: enc, + recipients: []recipientKeyInfo{}, + cipher: cipher, + keyGenerator: randomKeyGenerator{ + size: cipher.keySize(), + }, + } + + if opts != nil { + encrypter.compressionAlg = opts.Compression + encrypter.extraHeaders = opts.ExtraHeaders + } + + for _, recipient := range rcpts { + err := encrypter.addRecipient(recipient) + if err != nil { + return nil, err + } + } + + return encrypter, nil +} + +func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) { + var recipientInfo recipientKeyInfo + + switch recipient.Algorithm { + case DIRECT, ECDH_ES: + return fmt.Errorf("go-jose/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm) + } + + recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key) + if recipient.KeyID != "" { + recipientInfo.keyID = recipient.KeyID + } + + switch recipient.Algorithm { + case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: + if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok { + sr.p2c = recipient.PBES2Count + sr.p2s = recipient.PBES2Salt + } + } + + if err == nil { + ctx.recipients = append(ctx.recipients, recipientInfo) + } + return err +} + +func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) { + switch encryptionKey := encryptionKey.(type) { + case *rsa.PublicKey: + return newRSARecipient(alg, encryptionKey) + case *ecdsa.PublicKey: + return newECDHRecipient(alg, encryptionKey) + case []byte: + return newSymmetricRecipient(alg, encryptionKey) + case string: + return newSymmetricRecipient(alg, []byte(encryptionKey)) + case JSONWebKey: + recipient, err := makeJWERecipient(alg, encryptionKey.Key) + recipient.keyID = encryptionKey.KeyID + return recipient, err + case *JSONWebKey: + recipient, err := makeJWERecipient(alg, encryptionKey.Key) + recipient.keyID = encryptionKey.KeyID + return recipient, err + case OpaqueKeyEncrypter: + return newOpaqueKeyEncrypter(alg, encryptionKey) + } + return recipientKeyInfo{}, ErrUnsupportedKeyType +} + +// newDecrypter creates an appropriate decrypter based on the key type +func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) { + switch decryptionKey := decryptionKey.(type) { + case *rsa.PrivateKey: + return &rsaDecrypterSigner{ + privateKey: decryptionKey, + }, nil + case *ecdsa.PrivateKey: + return &ecDecrypterSigner{ + privateKey: decryptionKey, + }, nil + case []byte: + return &symmetricKeyCipher{ + key: decryptionKey, + }, nil + case string: + return &symmetricKeyCipher{ + key: []byte(decryptionKey), + }, nil + case JSONWebKey: + return newDecrypter(decryptionKey.Key) + case *JSONWebKey: + return newDecrypter(decryptionKey.Key) + case OpaqueKeyDecrypter: + return &opaqueKeyDecrypter{decrypter: decryptionKey}, nil + default: + return nil, ErrUnsupportedKeyType + } +} + +// Implementation of encrypt method producing a JWE object. +func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) { + return ctx.EncryptWithAuthData(plaintext, nil) +} + +// Implementation of encrypt method producing a JWE object. +func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) { + obj := &JSONWebEncryption{} + obj.aad = aad + + obj.protected = &rawHeader{} + err := obj.protected.set(headerEncryption, ctx.contentAlg) + if err != nil { + return nil, err + } + + obj.recipients = make([]recipientInfo, len(ctx.recipients)) + + if len(ctx.recipients) == 0 { + return nil, fmt.Errorf("go-jose/go-jose: no recipients to encrypt to") + } + + cek, headers, err := ctx.keyGenerator.genKey() + if err != nil { + return nil, err + } + + obj.protected.merge(&headers) + + for i, info := range ctx.recipients { + recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg) + if err != nil { + return nil, err + } + + err = recipient.header.set(headerAlgorithm, info.keyAlg) + if err != nil { + return nil, err + } + + if info.keyID != "" { + err = recipient.header.set(headerKeyID, info.keyID) + if err != nil { + return nil, err + } + } + obj.recipients[i] = recipient + } + + if len(ctx.recipients) == 1 { + // Move per-recipient headers into main protected header if there's + // only a single recipient. + obj.protected.merge(obj.recipients[0].header) + obj.recipients[0].header = nil + } + + if ctx.compressionAlg != NONE { + plaintext, err = compress(ctx.compressionAlg, plaintext) + if err != nil { + return nil, err + } + + err = obj.protected.set(headerCompression, ctx.compressionAlg) + if err != nil { + return nil, err + } + } + + for k, v := range ctx.extraHeaders { + b, err := json.Marshal(v) + if err != nil { + return nil, err + } + (*obj.protected)[k] = makeRawMessage(b) + } + + authData := obj.computeAuthData() + parts, err := ctx.cipher.encrypt(cek, authData, plaintext) + if err != nil { + return nil, err + } + + obj.iv = parts.iv + obj.ciphertext = parts.ciphertext + obj.tag = parts.tag + + return obj, nil +} + +func (ctx *genericEncrypter) Options() EncrypterOptions { + return EncrypterOptions{ + Compression: ctx.compressionAlg, + ExtraHeaders: ctx.extraHeaders, + } +} + +// Decrypt and validate the object and return the plaintext. This +// function does not support multi-recipient. If you desire multi-recipient +// decryption use DecryptMulti instead. +// +// The decryptionKey argument must contain a private or symmetric key +// and must have one of these types: +// - *ecdsa.PrivateKey +// - *rsa.PrivateKey +// - *JSONWebKey +// - JSONWebKey +// - *JSONWebKeySet +// - JSONWebKeySet +// - []byte (a symmetric key) +// - string (a symmetric key) +// - Any type that satisfies the OpaqueKeyDecrypter interface. +// +// Note that ed25519 is only available for signatures, not encryption, so is +// not an option here. +// +// Automatically decompresses plaintext, but returns an error if the decompressed +// data would be >250kB or >10x the size of the compressed data, whichever is larger. +func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) { + headers := obj.mergedHeaders(nil) + + if len(obj.recipients) > 1 { + return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one") + } + + err := headers.checkNoCritical() + if err != nil { + return nil, err + } + + key, err := tryJWKS(decryptionKey, obj.Header) + if err != nil { + return nil, err + } + decrypter, err := newDecrypter(key) + if err != nil { + return nil, err + } + + cipher := getContentCipher(headers.getEncryption()) + if cipher == nil { + return nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(headers.getEncryption())) + } + + generator := randomKeyGenerator{ + size: cipher.keySize(), + } + + parts := &aeadParts{ + iv: obj.iv, + ciphertext: obj.ciphertext, + tag: obj.tag, + } + + authData := obj.computeAuthData() + + var plaintext []byte + recipient := obj.recipients[0] + recipientHeaders := obj.mergedHeaders(&recipient) + + cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) + if err == nil { + // Found a valid CEK -- let's try to decrypt. + plaintext, err = cipher.decrypt(cek, authData, parts) + } + + if plaintext == nil { + return nil, ErrCryptoFailure + } + + // The "zip" header parameter may only be present in the protected header. + if comp := obj.protected.getCompression(); comp != "" { + plaintext, err = decompress(comp, plaintext) + if err != nil { + return nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err) + } + } + + return plaintext, nil +} + +// DecryptMulti decrypts and validates the object and returns the plaintexts, +// with support for multiple recipients. It returns the index of the recipient +// for which the decryption was successful, the merged headers for that recipient, +// and the plaintext. +// +// The decryptionKey argument must have one of the types allowed for the +// decryptionKey argument of Decrypt(). +// +// Automatically decompresses plaintext, but returns an error if the decompressed +// data would be >250kB or >3x the size of the compressed data, whichever is larger. +func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) { + globalHeaders := obj.mergedHeaders(nil) + + err := globalHeaders.checkNoCritical() + if err != nil { + return -1, Header{}, nil, err + } + + key, err := tryJWKS(decryptionKey, obj.Header) + if err != nil { + return -1, Header{}, nil, err + } + decrypter, err := newDecrypter(key) + if err != nil { + return -1, Header{}, nil, err + } + + encryption := globalHeaders.getEncryption() + cipher := getContentCipher(encryption) + if cipher == nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(encryption)) + } + + generator := randomKeyGenerator{ + size: cipher.keySize(), + } + + parts := &aeadParts{ + iv: obj.iv, + ciphertext: obj.ciphertext, + tag: obj.tag, + } + + authData := obj.computeAuthData() + + index := -1 + var plaintext []byte + var headers rawHeader + + for i, recipient := range obj.recipients { + recipientHeaders := obj.mergedHeaders(&recipient) + + cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) + if err == nil { + // Found a valid CEK -- let's try to decrypt. + plaintext, err = cipher.decrypt(cek, authData, parts) + if err == nil { + index = i + headers = recipientHeaders + break + } + } + } + + if plaintext == nil { + return -1, Header{}, nil, ErrCryptoFailure + } + + // The "zip" header parameter may only be present in the protected header. + if comp := obj.protected.getCompression(); comp != "" { + plaintext, err = decompress(comp, plaintext) + if err != nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err) + } + } + + sanitized, err := headers.sanitized() + if err != nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to sanitize header: %v", err) + } + + return index, sanitized, plaintext, err +} diff --git a/vendor/github.com/go-jose/go-jose/v4/doc.go b/vendor/github.com/go-jose/go-jose/v4/doc.go new file mode 100644 index 00000000000..0ad40ca085f --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/doc.go @@ -0,0 +1,25 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* +Package jose aims to provide an implementation of the Javascript Object Signing +and Encryption set of standards. It implements encryption and signing based on +the JSON Web Encryption and JSON Web Signature standards, with optional JSON Web +Token support available in a sub-package. The library supports both the compact +and JWS/JWE JSON Serialization formats, and has optional support for multiple +recipients. +*/ +package jose diff --git a/vendor/github.com/go-jose/go-jose/v4/encoding.go b/vendor/github.com/go-jose/go-jose/v4/encoding.go new file mode 100644 index 00000000000..4f6e0d4a5cf --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/encoding.go @@ -0,0 +1,228 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jose + +import ( + "bytes" + "compress/flate" + "encoding/base64" + "encoding/binary" + "fmt" + "io" + "math/big" + "strings" + "unicode" + + "github.com/go-jose/go-jose/v4/json" +) + +// Helper function to serialize known-good objects. +// Precondition: value is not a nil pointer. +func mustSerializeJSON(value interface{}) []byte { + out, err := json.Marshal(value) + if err != nil { + panic(err) + } + // We never want to serialize the top-level value "null," since it's not a + // valid JOSE message. But if a caller passes in a nil pointer to this method, + // MarshalJSON will happily serialize it as the top-level value "null". If + // that value is then embedded in another operation, for instance by being + // base64-encoded and fed as input to a signing algorithm + // (https://github.com/go-jose/go-jose/issues/22), the result will be + // incorrect. Because this method is intended for known-good objects, and a nil + // pointer is not a known-good object, we are free to panic in this case. + // Note: It's not possible to directly check whether the data pointed at by an + // interface is a nil pointer, so we do this hacky workaround. + // https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I + if string(out) == "null" { + panic("Tried to serialize a nil pointer.") + } + return out +} + +// Strip all newlines and whitespace +func stripWhitespace(data string) string { + buf := strings.Builder{} + buf.Grow(len(data)) + for _, r := range data { + if !unicode.IsSpace(r) { + buf.WriteRune(r) + } + } + return buf.String() +} + +// Perform compression based on algorithm +func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { + switch algorithm { + case DEFLATE: + return deflate(input) + default: + return nil, ErrUnsupportedAlgorithm + } +} + +// Perform decompression based on algorithm +func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { + switch algorithm { + case DEFLATE: + return inflate(input) + default: + return nil, ErrUnsupportedAlgorithm + } +} + +// deflate compresses the input. +func deflate(input []byte) ([]byte, error) { + output := new(bytes.Buffer) + + // Writing to byte buffer, err is always nil + writer, _ := flate.NewWriter(output, 1) + _, _ = io.Copy(writer, bytes.NewBuffer(input)) + + err := writer.Close() + return output.Bytes(), err +} + +// inflate decompresses the input. +// +// Errors if the decompressed data would be >250kB or >10x the size of the +// compressed data, whichever is larger. +func inflate(input []byte) ([]byte, error) { + output := new(bytes.Buffer) + reader := flate.NewReader(bytes.NewBuffer(input)) + + maxCompressedSize := max(250_000, 10*int64(len(input))) + + limit := maxCompressedSize + 1 + n, err := io.CopyN(output, reader, limit) + if err != nil && err != io.EOF { + return nil, err + } + if n == limit { + return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize) + } + + err = reader.Close() + return output.Bytes(), err +} + +// byteBuffer represents a slice of bytes that can be serialized to url-safe base64. +type byteBuffer struct { + data []byte +} + +func newBuffer(data []byte) *byteBuffer { + if data == nil { + return nil + } + return &byteBuffer{ + data: data, + } +} + +func newFixedSizeBuffer(data []byte, length int) *byteBuffer { + if len(data) > length { + panic("go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)") + } + pad := make([]byte, length-len(data)) + return newBuffer(append(pad, data...)) +} + +func newBufferFromInt(num uint64) *byteBuffer { + data := make([]byte, 8) + binary.BigEndian.PutUint64(data, num) + return newBuffer(bytes.TrimLeft(data, "\x00")) +} + +func (b *byteBuffer) MarshalJSON() ([]byte, error) { + return json.Marshal(b.base64()) +} + +func (b *byteBuffer) UnmarshalJSON(data []byte) error { + var encoded string + err := json.Unmarshal(data, &encoded) + if err != nil { + return err + } + + if encoded == "" { + return nil + } + + decoded, err := base64.RawURLEncoding.DecodeString(encoded) + if err != nil { + return err + } + + *b = *newBuffer(decoded) + + return nil +} + +func (b *byteBuffer) base64() string { + return base64.RawURLEncoding.EncodeToString(b.data) +} + +func (b *byteBuffer) bytes() []byte { + // Handling nil here allows us to transparently handle nil slices when serializing. + if b == nil { + return nil + } + return b.data +} + +func (b byteBuffer) bigInt() *big.Int { + return new(big.Int).SetBytes(b.data) +} + +func (b byteBuffer) toInt() int { + return int(b.bigInt().Int64()) +} + +func base64EncodeLen(sl []byte) int { + return base64.RawURLEncoding.EncodedLen(len(sl)) +} + +func base64JoinWithDots(inputs ...[]byte) string { + if len(inputs) == 0 { + return "" + } + + // Count of dots. + totalCount := len(inputs) - 1 + + for _, input := range inputs { + totalCount += base64EncodeLen(input) + } + + out := make([]byte, totalCount) + startEncode := 0 + for i, input := range inputs { + base64.RawURLEncoding.Encode(out[startEncode:], input) + + if i == len(inputs)-1 { + continue + } + + startEncode += base64EncodeLen(input) + out[startEncode] = '.' + startEncode++ + } + + return string(out) +} diff --git a/vendor/github.com/gogo/protobuf/LICENSE b/vendor/github.com/go-jose/go-jose/v4/json/LICENSE similarity index 73% rename from vendor/github.com/gogo/protobuf/LICENSE rename to vendor/github.com/go-jose/go-jose/v4/json/LICENSE index f57de90da8a..74487567632 100644 --- a/vendor/github.com/gogo/protobuf/LICENSE +++ b/vendor/github.com/go-jose/go-jose/v4/json/LICENSE @@ -1,23 +1,16 @@ -Copyright (c) 2013, The GoGo Authors. All rights reserved. - -Protocol Buffers for Go with Gadgets - -Go support for Protocol Buffers - Google's data interchange format - -Copyright 2010 The Go Authors. All rights reserved. -https://github.com/golang/protobuf +Copyright (c) 2012 The Go Authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright + * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above + * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -32,4 +25,3 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - diff --git a/vendor/github.com/go-jose/go-jose/v4/json/README.md b/vendor/github.com/go-jose/go-jose/v4/json/README.md new file mode 100644 index 00000000000..86de5e5581f --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/README.md @@ -0,0 +1,13 @@ +# Safe JSON + +This repository contains a fork of the `encoding/json` package from Go 1.6. + +The following changes were made: + +* Object deserialization uses case-sensitive member name matching instead of + [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html). + This is to avoid differences in the interpretation of JOSE messages between + go-jose and libraries written in other languages. +* When deserializing a JSON object, we check for duplicate keys and reject the + input whenever we detect a duplicate. Rather than trying to work with malformed + data, we prefer to reject it right away. diff --git a/vendor/github.com/go-jose/go-jose/v4/json/decode.go b/vendor/github.com/go-jose/go-jose/v4/json/decode.go new file mode 100644 index 00000000000..50634dd8478 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/decode.go @@ -0,0 +1,1216 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Represents JSON data structure using native Go types: booleans, floats, +// strings, arrays, and maps. + +package json + +import ( + "bytes" + "encoding" + "encoding/base64" + "errors" + "fmt" + "math" + "reflect" + "runtime" + "strconv" + "unicode" + "unicode/utf16" + "unicode/utf8" +) + +// Unmarshal parses the JSON-encoded data and stores the result +// in the value pointed to by v. +// +// Unmarshal uses the inverse of the encodings that +// Marshal uses, allocating maps, slices, and pointers as necessary, +// with the following additional rules: +// +// To unmarshal JSON into a pointer, Unmarshal first handles the case of +// the JSON being the JSON literal null. In that case, Unmarshal sets +// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into +// the value pointed at by the pointer. If the pointer is nil, Unmarshal +// allocates a new value for it to point to. +// +// To unmarshal JSON into a struct, Unmarshal matches incoming object +// keys to the keys used by Marshal (either the struct field name or its tag), +// preferring an exact match but also accepting a case-insensitive match. +// Unmarshal will only set exported fields of the struct. +// +// To unmarshal JSON into an interface value, +// Unmarshal stores one of these in the interface value: +// +// bool, for JSON booleans +// float64, for JSON numbers +// string, for JSON strings +// []interface{}, for JSON arrays +// map[string]interface{}, for JSON objects +// nil for JSON null +// +// To unmarshal a JSON array into a slice, Unmarshal resets the slice length +// to zero and then appends each element to the slice. +// As a special case, to unmarshal an empty JSON array into a slice, +// Unmarshal replaces the slice with a new empty slice. +// +// To unmarshal a JSON array into a Go array, Unmarshal decodes +// JSON array elements into corresponding Go array elements. +// If the Go array is smaller than the JSON array, +// the additional JSON array elements are discarded. +// If the JSON array is smaller than the Go array, +// the additional Go array elements are set to zero values. +// +// To unmarshal a JSON object into a string-keyed map, Unmarshal first +// establishes a map to use, If the map is nil, Unmarshal allocates a new map. +// Otherwise Unmarshal reuses the existing map, keeping existing entries. +// Unmarshal then stores key-value pairs from the JSON object into the map. +// +// If a JSON value is not appropriate for a given target type, +// or if a JSON number overflows the target type, Unmarshal +// skips that field and completes the unmarshaling as best it can. +// If no more serious errors are encountered, Unmarshal returns +// an UnmarshalTypeError describing the earliest such error. +// +// The JSON null value unmarshals into an interface, map, pointer, or slice +// by setting that Go value to nil. Because null is often used in JSON to mean +// “not present,” unmarshaling a JSON null into any other Go type has no effect +// on the value and produces no error. +// +// When unmarshaling quoted strings, invalid UTF-8 or +// invalid UTF-16 surrogate pairs are not treated as an error. +// Instead, they are replaced by the Unicode replacement +// character U+FFFD. +func Unmarshal(data []byte, v interface{}) error { + // Check for well-formedness. + // Avoids filling out half a data structure + // before discovering a JSON syntax error. + var d decodeState + err := checkValid(data, &d.scan) + if err != nil { + return err + } + + d.init(data) + return d.unmarshal(v) +} + +// Unmarshaler is the interface implemented by objects +// that can unmarshal a JSON description of themselves. +// The input can be assumed to be a valid encoding of +// a JSON value. UnmarshalJSON must copy the JSON data +// if it wishes to retain the data after returning. +type Unmarshaler interface { + UnmarshalJSON([]byte) error +} + +// An UnmarshalTypeError describes a JSON value that was +// not appropriate for a value of a specific Go type. +type UnmarshalTypeError struct { + Value string // description of JSON value - "bool", "array", "number -5" + Type reflect.Type // type of Go value it could not be assigned to + Offset int64 // error occurred after reading Offset bytes +} + +func (e *UnmarshalTypeError) Error() string { + return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String() +} + +// An UnmarshalFieldError describes a JSON object key that +// led to an unexported (and therefore unwritable) struct field. +// (No longer used; kept for compatibility.) +type UnmarshalFieldError struct { + Key string + Type reflect.Type + Field reflect.StructField +} + +func (e *UnmarshalFieldError) Error() string { + return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String() +} + +// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal. +// (The argument to Unmarshal must be a non-nil pointer.) +type InvalidUnmarshalError struct { + Type reflect.Type +} + +func (e *InvalidUnmarshalError) Error() string { + if e.Type == nil { + return "json: Unmarshal(nil)" + } + + if e.Type.Kind() != reflect.Ptr { + return "json: Unmarshal(non-pointer " + e.Type.String() + ")" + } + return "json: Unmarshal(nil " + e.Type.String() + ")" +} + +func (d *decodeState) unmarshal(v interface{}) (err error) { + defer func() { + if r := recover(); r != nil { + if _, ok := r.(runtime.Error); ok { + panic(r) + } + err = r.(error) + } + }() + + rv := reflect.ValueOf(v) + if rv.Kind() != reflect.Ptr || rv.IsNil() { + return &InvalidUnmarshalError{reflect.TypeOf(v)} + } + + d.scan.reset() + // We decode rv not rv.Elem because the Unmarshaler interface + // test must be applied at the top level of the value. + d.value(rv) + return d.savedError +} + +// A Number represents a JSON number literal. +type Number string + +// String returns the literal text of the number. +func (n Number) String() string { return string(n) } + +// Float64 returns the number as a float64. +func (n Number) Float64() (float64, error) { + return strconv.ParseFloat(string(n), 64) +} + +// Int64 returns the number as an int64. +func (n Number) Int64() (int64, error) { + return strconv.ParseInt(string(n), 10, 64) +} + +// isValidNumber reports whether s is a valid JSON number literal. +func isValidNumber(s string) bool { + // This function implements the JSON numbers grammar. + // See https://tools.ietf.org/html/rfc7159#section-6 + // and http://json.org/number.gif + + if s == "" { + return false + } + + // Optional - + if s[0] == '-' { + s = s[1:] + if s == "" { + return false + } + } + + // Digits + switch { + default: + return false + + case s[0] == '0': + s = s[1:] + + case '1' <= s[0] && s[0] <= '9': + s = s[1:] + for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { + s = s[1:] + } + } + + // . followed by 1 or more digits. + if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' { + s = s[2:] + for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { + s = s[1:] + } + } + + // e or E followed by an optional - or + and + // 1 or more digits. + if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') { + s = s[1:] + if s[0] == '+' || s[0] == '-' { + s = s[1:] + if s == "" { + return false + } + } + for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { + s = s[1:] + } + } + + // Make sure we are at the end. + return s == "" +} + +type NumberUnmarshalType int + +const ( + // unmarshal a JSON number into an interface{} as a float64 + UnmarshalFloat NumberUnmarshalType = iota + // unmarshal a JSON number into an interface{} as a `json.Number` + UnmarshalJSONNumber + // unmarshal a JSON number into an interface{} as a int64 + // if value is an integer otherwise float64 + UnmarshalIntOrFloat +) + +// decodeState represents the state while decoding a JSON value. +type decodeState struct { + data []byte + off int // read offset in data + scan scanner + nextscan scanner // for calls to nextValue + savedError error + numberType NumberUnmarshalType +} + +// errPhase is used for errors that should not happen unless +// there is a bug in the JSON decoder or something is editing +// the data slice while the decoder executes. +var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?") + +func (d *decodeState) init(data []byte) *decodeState { + d.data = data + d.off = 0 + d.savedError = nil + return d +} + +// error aborts the decoding by panicking with err. +func (d *decodeState) error(err error) { + panic(err) +} + +// saveError saves the first err it is called with, +// for reporting at the end of the unmarshal. +func (d *decodeState) saveError(err error) { + if d.savedError == nil { + d.savedError = err + } +} + +// next cuts off and returns the next full JSON value in d.data[d.off:]. +// The next value is known to be an object or array, not a literal. +func (d *decodeState) next() []byte { + c := d.data[d.off] + item, rest, err := nextValue(d.data[d.off:], &d.nextscan) + if err != nil { + d.error(err) + } + d.off = len(d.data) - len(rest) + + // Our scanner has seen the opening brace/bracket + // and thinks we're still in the middle of the object. + // invent a closing brace/bracket to get it out. + if c == '{' { + d.scan.step(&d.scan, '}') + } else { + d.scan.step(&d.scan, ']') + } + + return item +} + +// scanWhile processes bytes in d.data[d.off:] until it +// receives a scan code not equal to op. +// It updates d.off and returns the new scan code. +func (d *decodeState) scanWhile(op int) int { + var newOp int + for { + if d.off >= len(d.data) { + newOp = d.scan.eof() + d.off = len(d.data) + 1 // mark processed EOF with len+1 + } else { + c := d.data[d.off] + d.off++ + newOp = d.scan.step(&d.scan, c) + } + if newOp != op { + break + } + } + return newOp +} + +// value decodes a JSON value from d.data[d.off:] into the value. +// it updates d.off to point past the decoded value. +func (d *decodeState) value(v reflect.Value) { + if !v.IsValid() { + _, rest, err := nextValue(d.data[d.off:], &d.nextscan) + if err != nil { + d.error(err) + } + d.off = len(d.data) - len(rest) + + // d.scan thinks we're still at the beginning of the item. + // Feed in an empty string - the shortest, simplest value - + // so that it knows we got to the end of the value. + if d.scan.redo { + // rewind. + d.scan.redo = false + d.scan.step = stateBeginValue + } + d.scan.step(&d.scan, '"') + d.scan.step(&d.scan, '"') + + n := len(d.scan.parseState) + if n > 0 && d.scan.parseState[n-1] == parseObjectKey { + // d.scan thinks we just read an object key; finish the object + d.scan.step(&d.scan, ':') + d.scan.step(&d.scan, '"') + d.scan.step(&d.scan, '"') + d.scan.step(&d.scan, '}') + } + + return + } + + switch op := d.scanWhile(scanSkipSpace); op { + default: + d.error(errPhase) + + case scanBeginArray: + d.array(v) + + case scanBeginObject: + d.object(v) + + case scanBeginLiteral: + d.literal(v) + } +} + +type unquotedValue struct{} + +// valueQuoted is like value but decodes a +// quoted string literal or literal null into an interface value. +// If it finds anything other than a quoted string literal or null, +// valueQuoted returns unquotedValue{}. +func (d *decodeState) valueQuoted() interface{} { + switch op := d.scanWhile(scanSkipSpace); op { + default: + d.error(errPhase) + + case scanBeginArray: + d.array(reflect.Value{}) + + case scanBeginObject: + d.object(reflect.Value{}) + + case scanBeginLiteral: + switch v := d.literalInterface().(type) { + case nil, string: + return v + } + } + return unquotedValue{} +} + +// indirect walks down v allocating pointers as needed, +// until it gets to a non-pointer. +// if it encounters an Unmarshaler, indirect stops and returns that. +// if decodingNull is true, indirect stops at the last pointer so it can be set to nil. +func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) { + // If v is a named type and is addressable, + // start with its address, so that if the type has pointer methods, + // we find them. + if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() { + v = v.Addr() + } + for { + // Load value from interface, but only if the result will be + // usefully addressable. + if v.Kind() == reflect.Interface && !v.IsNil() { + e := v.Elem() + if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) { + v = e + continue + } + } + + if v.Kind() != reflect.Ptr { + break + } + + if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() { + break + } + if v.IsNil() { + v.Set(reflect.New(v.Type().Elem())) + } + if v.Type().NumMethod() > 0 { + if u, ok := v.Interface().(Unmarshaler); ok { + return u, nil, reflect.Value{} + } + if u, ok := v.Interface().(encoding.TextUnmarshaler); ok { + return nil, u, reflect.Value{} + } + } + v = v.Elem() + } + return nil, nil, v +} + +// array consumes an array from d.data[d.off-1:], decoding into the value v. +// the first byte of the array ('[') has been read already. +func (d *decodeState) array(v reflect.Value) { + // Check for unmarshaler. + u, ut, pv := d.indirect(v, false) + if u != nil { + d.off-- + err := u.UnmarshalJSON(d.next()) + if err != nil { + d.error(err) + } + return + } + if ut != nil { + d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) + d.off-- + d.next() + return + } + + v = pv + + // Check type of target. + switch v.Kind() { + case reflect.Interface: + if v.NumMethod() == 0 { + // Decoding into nil interface? Switch to non-reflect code. + v.Set(reflect.ValueOf(d.arrayInterface())) + return + } + // Otherwise it's invalid. + fallthrough + default: + d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) + d.off-- + d.next() + return + case reflect.Array: + case reflect.Slice: + break + } + + i := 0 + for { + // Look ahead for ] - can only happen on first iteration. + op := d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + + // Back up so d.value can have the byte we just read. + d.off-- + d.scan.undo(op) + + // Get element of array, growing if necessary. + if v.Kind() == reflect.Slice { + // Grow slice if necessary + if i >= v.Cap() { + newcap := v.Cap() + v.Cap()/2 + if newcap < 4 { + newcap = 4 + } + newv := reflect.MakeSlice(v.Type(), v.Len(), newcap) + reflect.Copy(newv, v) + v.Set(newv) + } + if i >= v.Len() { + v.SetLen(i + 1) + } + } + + if i < v.Len() { + // Decode into element. + d.value(v.Index(i)) + } else { + // Ran out of fixed array: skip. + d.value(reflect.Value{}) + } + i++ + + // Next token must be , or ]. + op = d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + if op != scanArrayValue { + d.error(errPhase) + } + } + + if i < v.Len() { + if v.Kind() == reflect.Array { + // Array. Zero the rest. + z := reflect.Zero(v.Type().Elem()) + for ; i < v.Len(); i++ { + v.Index(i).Set(z) + } + } else { + v.SetLen(i) + } + } + if i == 0 && v.Kind() == reflect.Slice { + v.Set(reflect.MakeSlice(v.Type(), 0, 0)) + } +} + +var nullLiteral = []byte("null") + +// object consumes an object from d.data[d.off-1:], decoding into the value v. +// the first byte ('{') of the object has been read already. +func (d *decodeState) object(v reflect.Value) { + // Check for unmarshaler. + u, ut, pv := d.indirect(v, false) + if u != nil { + d.off-- + err := u.UnmarshalJSON(d.next()) + if err != nil { + d.error(err) + } + return + } + if ut != nil { + d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) + d.off-- + d.next() // skip over { } in input + return + } + v = pv + + // Decoding into nil interface? Switch to non-reflect code. + if v.Kind() == reflect.Interface && v.NumMethod() == 0 { + v.Set(reflect.ValueOf(d.objectInterface())) + return + } + + // Check type of target: struct or map[string]T + switch v.Kind() { + case reflect.Map: + // map must have string kind + t := v.Type() + if t.Key().Kind() != reflect.String { + d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) + d.off-- + d.next() // skip over { } in input + return + } + if v.IsNil() { + v.Set(reflect.MakeMap(t)) + } + case reflect.Struct: + + default: + d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) + d.off-- + d.next() // skip over { } in input + return + } + + var mapElem reflect.Value + keys := map[string]bool{} + + for { + // Read opening " of string key or closing }. + op := d.scanWhile(scanSkipSpace) + if op == scanEndObject { + // closing } - can only happen on first iteration. + break + } + if op != scanBeginLiteral { + d.error(errPhase) + } + + // Read key. + start := d.off - 1 + op = d.scanWhile(scanContinue) + item := d.data[start : d.off-1] + key, ok := unquote(item) + if !ok { + d.error(errPhase) + } + + // Check for duplicate keys. + _, ok = keys[key] + if !ok { + keys[key] = true + } else { + d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) + } + + // Figure out field corresponding to key. + var subv reflect.Value + destring := false // whether the value is wrapped in a string to be decoded first + + if v.Kind() == reflect.Map { + elemType := v.Type().Elem() + if !mapElem.IsValid() { + mapElem = reflect.New(elemType).Elem() + } else { + mapElem.Set(reflect.Zero(elemType)) + } + subv = mapElem + } else { + var f *field + fields := cachedTypeFields(v.Type()) + for i := range fields { + ff := &fields[i] + if bytes.Equal(ff.nameBytes, []byte(key)) { + f = ff + break + } + } + if f != nil { + subv = v + destring = f.quoted + for _, i := range f.index { + if subv.Kind() == reflect.Ptr { + if subv.IsNil() { + subv.Set(reflect.New(subv.Type().Elem())) + } + subv = subv.Elem() + } + subv = subv.Field(i) + } + } + } + + // Read : before value. + if op == scanSkipSpace { + op = d.scanWhile(scanSkipSpace) + } + if op != scanObjectKey { + d.error(errPhase) + } + + // Read value. + if destring { + switch qv := d.valueQuoted().(type) { + case nil: + d.literalStore(nullLiteral, subv, false) + case string: + d.literalStore([]byte(qv), subv, true) + default: + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type())) + } + } else { + d.value(subv) + } + + // Write value back to map; + // if using struct, subv points into struct already. + if v.Kind() == reflect.Map { + kv := reflect.ValueOf(key).Convert(v.Type().Key()) + v.SetMapIndex(kv, subv) + } + + // Next token must be , or }. + op = d.scanWhile(scanSkipSpace) + if op == scanEndObject { + break + } + if op != scanObjectValue { + d.error(errPhase) + } + } +} + +// literal consumes a literal from d.data[d.off-1:], decoding into the value v. +// The first byte of the literal has been read already +// (that's how the caller knows it's a literal). +func (d *decodeState) literal(v reflect.Value) { + // All bytes inside literal return scanContinue op code. + start := d.off - 1 + op := d.scanWhile(scanContinue) + + // Scan read one byte too far; back up. + d.off-- + d.scan.undo(op) + + d.literalStore(d.data[start:d.off], v, false) +} + +// convertNumber converts the number literal s to a float64, int64 or a Number +// depending on d.numberDecodeType. +func (d *decodeState) convertNumber(s string) (interface{}, error) { + switch d.numberType { + + case UnmarshalJSONNumber: + return Number(s), nil + case UnmarshalIntOrFloat: + v, err := strconv.ParseInt(s, 10, 64) + if err == nil { + return v, nil + } + + // tries to parse integer number in scientific notation + f, err := strconv.ParseFloat(s, 64) + if err != nil { + return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} + } + + // if it has no decimal value use int64 + if fi, fd := math.Modf(f); fd == 0.0 { + return int64(fi), nil + } + return f, nil + default: + f, err := strconv.ParseFloat(s, 64) + if err != nil { + return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} + } + return f, nil + } + +} + +var numberType = reflect.TypeOf(Number("")) + +// literalStore decodes a literal stored in item into v. +// +// fromQuoted indicates whether this literal came from unwrapping a +// string from the ",string" struct tag option. this is used only to +// produce more helpful error messages. +func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) { + // Check for unmarshaler. + if len(item) == 0 { + //Empty string given + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + return + } + wantptr := item[0] == 'n' // null + u, ut, pv := d.indirect(v, wantptr) + if u != nil { + err := u.UnmarshalJSON(item) + if err != nil { + d.error(err) + } + return + } + if ut != nil { + if item[0] != '"' { + if fromQuoted { + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + } + return + } + s, ok := unquoteBytes(item) + if !ok { + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(errPhase) + } + } + err := ut.UnmarshalText(s) + if err != nil { + d.error(err) + } + return + } + + v = pv + + switch c := item[0]; c { + case 'n': // null + switch v.Kind() { + case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice: + v.Set(reflect.Zero(v.Type())) + // otherwise, ignore null for primitives/string + } + case 't', 'f': // true, false + value := c == 't' + switch v.Kind() { + default: + if fromQuoted { + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) + } + case reflect.Bool: + v.SetBool(value) + case reflect.Interface: + if v.NumMethod() == 0 { + v.Set(reflect.ValueOf(value)) + } else { + d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) + } + } + + case '"': // string + s, ok := unquoteBytes(item) + if !ok { + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(errPhase) + } + } + switch v.Kind() { + default: + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + case reflect.Slice: + if v.Type().Elem().Kind() != reflect.Uint8 { + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + break + } + b := make([]byte, base64.StdEncoding.DecodedLen(len(s))) + n, err := base64.StdEncoding.Decode(b, s) + if err != nil { + d.saveError(err) + break + } + v.SetBytes(b[:n]) + case reflect.String: + v.SetString(string(s)) + case reflect.Interface: + if v.NumMethod() == 0 { + v.Set(reflect.ValueOf(string(s))) + } else { + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + } + } + + default: // number + if c != '-' && (c < '0' || c > '9') { + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(errPhase) + } + } + s := string(item) + switch v.Kind() { + default: + if v.Kind() == reflect.String && v.Type() == numberType { + v.SetString(s) + if !isValidNumber(s) { + d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)) + } + break + } + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) + } + case reflect.Interface: + n, err := d.convertNumber(s) + if err != nil { + d.saveError(err) + break + } + if v.NumMethod() != 0 { + d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) + break + } + v.Set(reflect.ValueOf(n)) + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + n, err := strconv.ParseInt(s, 10, 64) + if err != nil || v.OverflowInt(n) { + d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) + break + } + v.SetInt(n) + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + n, err := strconv.ParseUint(s, 10, 64) + if err != nil || v.OverflowUint(n) { + d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) + break + } + v.SetUint(n) + + case reflect.Float32, reflect.Float64: + n, err := strconv.ParseFloat(s, v.Type().Bits()) + if err != nil || v.OverflowFloat(n) { + d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) + break + } + v.SetFloat(n) + } + } +} + +// The xxxInterface routines build up a value to be stored +// in an empty interface. They are not strictly necessary, +// but they avoid the weight of reflection in this common case. + +// valueInterface is like value but returns interface{} +func (d *decodeState) valueInterface() interface{} { + switch d.scanWhile(scanSkipSpace) { + default: + d.error(errPhase) + panic("unreachable") + case scanBeginArray: + return d.arrayInterface() + case scanBeginObject: + return d.objectInterface() + case scanBeginLiteral: + return d.literalInterface() + } +} + +// arrayInterface is like array but returns []interface{}. +func (d *decodeState) arrayInterface() []interface{} { + var v = make([]interface{}, 0) + for { + // Look ahead for ] - can only happen on first iteration. + op := d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + + // Back up so d.value can have the byte we just read. + d.off-- + d.scan.undo(op) + + v = append(v, d.valueInterface()) + + // Next token must be , or ]. + op = d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + if op != scanArrayValue { + d.error(errPhase) + } + } + return v +} + +// objectInterface is like object but returns map[string]interface{}. +func (d *decodeState) objectInterface() map[string]interface{} { + m := make(map[string]interface{}) + keys := map[string]bool{} + + for { + // Read opening " of string key or closing }. + op := d.scanWhile(scanSkipSpace) + if op == scanEndObject { + // closing } - can only happen on first iteration. + break + } + if op != scanBeginLiteral { + d.error(errPhase) + } + + // Read string key. + start := d.off - 1 + op = d.scanWhile(scanContinue) + item := d.data[start : d.off-1] + key, ok := unquote(item) + if !ok { + d.error(errPhase) + } + + // Check for duplicate keys. + _, ok = keys[key] + if !ok { + keys[key] = true + } else { + d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) + } + + // Read : before value. + if op == scanSkipSpace { + op = d.scanWhile(scanSkipSpace) + } + if op != scanObjectKey { + d.error(errPhase) + } + + // Read value. + m[key] = d.valueInterface() + + // Next token must be , or }. + op = d.scanWhile(scanSkipSpace) + if op == scanEndObject { + break + } + if op != scanObjectValue { + d.error(errPhase) + } + } + return m +} + +// literalInterface is like literal but returns an interface value. +func (d *decodeState) literalInterface() interface{} { + // All bytes inside literal return scanContinue op code. + start := d.off - 1 + op := d.scanWhile(scanContinue) + + // Scan read one byte too far; back up. + d.off-- + d.scan.undo(op) + item := d.data[start:d.off] + + switch c := item[0]; c { + case 'n': // null + return nil + + case 't', 'f': // true, false + return c == 't' + + case '"': // string + s, ok := unquote(item) + if !ok { + d.error(errPhase) + } + return s + + default: // number + if c != '-' && (c < '0' || c > '9') { + d.error(errPhase) + } + n, err := d.convertNumber(string(item)) + if err != nil { + d.saveError(err) + } + return n + } +} + +// getu4 decodes \uXXXX from the beginning of s, returning the hex value, +// or it returns -1. +func getu4(s []byte) rune { + if len(s) < 6 || s[0] != '\\' || s[1] != 'u' { + return -1 + } + r, err := strconv.ParseUint(string(s[2:6]), 16, 64) + if err != nil { + return -1 + } + return rune(r) +} + +// unquote converts a quoted JSON string literal s into an actual string t. +// The rules are different than for Go, so cannot use strconv.Unquote. +func unquote(s []byte) (t string, ok bool) { + s, ok = unquoteBytes(s) + t = string(s) + return +} + +func unquoteBytes(s []byte) (t []byte, ok bool) { + if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' { + return + } + s = s[1 : len(s)-1] + + // Check for unusual characters. If there are none, + // then no unquoting is needed, so return a slice of the + // original bytes. + r := 0 + for r < len(s) { + c := s[r] + if c == '\\' || c == '"' || c < ' ' { + break + } + if c < utf8.RuneSelf { + r++ + continue + } + rr, size := utf8.DecodeRune(s[r:]) + if rr == utf8.RuneError && size == 1 { + break + } + r += size + } + if r == len(s) { + return s, true + } + + b := make([]byte, len(s)+2*utf8.UTFMax) + w := copy(b, s[0:r]) + for r < len(s) { + // Out of room? Can only happen if s is full of + // malformed UTF-8 and we're replacing each + // byte with RuneError. + if w >= len(b)-2*utf8.UTFMax { + nb := make([]byte, (len(b)+utf8.UTFMax)*2) + copy(nb, b[0:w]) + b = nb + } + switch c := s[r]; { + case c == '\\': + r++ + if r >= len(s) { + return + } + switch s[r] { + default: + return + case '"', '\\', '/', '\'': + b[w] = s[r] + r++ + w++ + case 'b': + b[w] = '\b' + r++ + w++ + case 'f': + b[w] = '\f' + r++ + w++ + case 'n': + b[w] = '\n' + r++ + w++ + case 'r': + b[w] = '\r' + r++ + w++ + case 't': + b[w] = '\t' + r++ + w++ + case 'u': + r-- + rr := getu4(s[r:]) + if rr < 0 { + return + } + r += 6 + if utf16.IsSurrogate(rr) { + rr1 := getu4(s[r:]) + if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar { + // A valid pair; consume. + r += 6 + w += utf8.EncodeRune(b[w:], dec) + break + } + // Invalid surrogate; fall back to replacement rune. + rr = unicode.ReplacementChar + } + w += utf8.EncodeRune(b[w:], rr) + } + + // Quote, control characters are invalid. + case c == '"', c < ' ': + return + + // ASCII + case c < utf8.RuneSelf: + b[w] = c + r++ + w++ + + // Coerce to well-formed UTF-8. + default: + rr, size := utf8.DecodeRune(s[r:]) + r += size + w += utf8.EncodeRune(b[w:], rr) + } + } + return b[0:w], true +} diff --git a/vendor/github.com/go-jose/go-jose/v4/json/encode.go b/vendor/github.com/go-jose/go-jose/v4/json/encode.go new file mode 100644 index 00000000000..98de68ce1e9 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/encode.go @@ -0,0 +1,1197 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package json implements encoding and decoding of JSON objects as defined in +// RFC 4627. The mapping between JSON objects and Go values is described +// in the documentation for the Marshal and Unmarshal functions. +// +// See "JSON and Go" for an introduction to this package: +// https://golang.org/doc/articles/json_and_go.html +package json + +import ( + "bytes" + "encoding" + "encoding/base64" + "fmt" + "math" + "reflect" + "runtime" + "sort" + "strconv" + "strings" + "sync" + "unicode" + "unicode/utf8" +) + +// Marshal returns the JSON encoding of v. +// +// Marshal traverses the value v recursively. +// If an encountered value implements the Marshaler interface +// and is not a nil pointer, Marshal calls its MarshalJSON method +// to produce JSON. If no MarshalJSON method is present but the +// value implements encoding.TextMarshaler instead, Marshal calls +// its MarshalText method. +// The nil pointer exception is not strictly necessary +// but mimics a similar, necessary exception in the behavior of +// UnmarshalJSON. +// +// Otherwise, Marshal uses the following type-dependent default encodings: +// +// Boolean values encode as JSON booleans. +// +// Floating point, integer, and Number values encode as JSON numbers. +// +// String values encode as JSON strings coerced to valid UTF-8, +// replacing invalid bytes with the Unicode replacement rune. +// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" +// to keep some browsers from misinterpreting JSON output as HTML. +// Ampersand "&" is also escaped to "\u0026" for the same reason. +// +// Array and slice values encode as JSON arrays, except that +// []byte encodes as a base64-encoded string, and a nil slice +// encodes as the null JSON object. +// +// Struct values encode as JSON objects. Each exported struct field +// becomes a member of the object unless +// - the field's tag is "-", or +// - the field is empty and its tag specifies the "omitempty" option. +// +// The empty values are false, 0, any +// nil pointer or interface value, and any array, slice, map, or string of +// length zero. The object's default key string is the struct field name +// but can be specified in the struct field's tag value. The "json" key in +// the struct field's tag value is the key name, followed by an optional comma +// and options. Examples: +// +// // Field is ignored by this package. +// Field int `json:"-"` +// +// // Field appears in JSON as key "myName". +// Field int `json:"myName"` +// +// // Field appears in JSON as key "myName" and +// // the field is omitted from the object if its value is empty, +// // as defined above. +// Field int `json:"myName,omitempty"` +// +// // Field appears in JSON as key "Field" (the default), but +// // the field is skipped if empty. +// // Note the leading comma. +// Field int `json:",omitempty"` +// +// The "string" option signals that a field is stored as JSON inside a +// JSON-encoded string. It applies only to fields of string, floating point, +// integer, or boolean types. This extra level of encoding is sometimes used +// when communicating with JavaScript programs: +// +// Int64String int64 `json:",string"` +// +// The key name will be used if it's a non-empty string consisting of +// only Unicode letters, digits, dollar signs, percent signs, hyphens, +// underscores and slashes. +// +// Anonymous struct fields are usually marshaled as if their inner exported fields +// were fields in the outer struct, subject to the usual Go visibility rules amended +// as described in the next paragraph. +// An anonymous struct field with a name given in its JSON tag is treated as +// having that name, rather than being anonymous. +// An anonymous struct field of interface type is treated the same as having +// that type as its name, rather than being anonymous. +// +// The Go visibility rules for struct fields are amended for JSON when +// deciding which field to marshal or unmarshal. If there are +// multiple fields at the same level, and that level is the least +// nested (and would therefore be the nesting level selected by the +// usual Go rules), the following extra rules apply: +// +// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered, +// even if there are multiple untagged fields that would otherwise conflict. +// 2) If there is exactly one field (tagged or not according to the first rule), that is selected. +// 3) Otherwise there are multiple fields, and all are ignored; no error occurs. +// +// Handling of anonymous struct fields is new in Go 1.1. +// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of +// an anonymous struct field in both current and earlier versions, give the field +// a JSON tag of "-". +// +// Map values encode as JSON objects. +// The map's key type must be string; the map keys are used as JSON object +// keys, subject to the UTF-8 coercion described for string values above. +// +// Pointer values encode as the value pointed to. +// A nil pointer encodes as the null JSON object. +// +// Interface values encode as the value contained in the interface. +// A nil interface value encodes as the null JSON object. +// +// Channel, complex, and function values cannot be encoded in JSON. +// Attempting to encode such a value causes Marshal to return +// an UnsupportedTypeError. +// +// JSON cannot represent cyclic data structures and Marshal does not +// handle them. Passing cyclic structures to Marshal will result in +// an infinite recursion. +func Marshal(v interface{}) ([]byte, error) { + e := &encodeState{} + err := e.marshal(v) + if err != nil { + return nil, err + } + return e.Bytes(), nil +} + +// MarshalIndent is like Marshal but applies Indent to format the output. +func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) { + b, err := Marshal(v) + if err != nil { + return nil, err + } + var buf bytes.Buffer + err = Indent(&buf, b, prefix, indent) + if err != nil { + return nil, err + } + return buf.Bytes(), nil +} + +// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029 +// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029 +// so that the JSON will be safe to embed inside HTML