+ // tag of the error XML response for a corresponding GetObject call. Cannot
+ // be used with a successful StatusCode header or when the transformed object
+ // is provided in the body. All error codes from S3 are sentence-cased. The
+ // regular expression (regex) value is "^[A-Z][a-zA-Z]+$".
+ ErrorCode *string `location:"header" locationName:"x-amz-fwd-error-code" type:"string"`
+
+ // Contains a generic description of the error condition. Returned in the
+ // tag of the error XML response for a corresponding GetObject call. Cannot
+ // be used with a successful StatusCode header or when the transformed object
+ // is provided in body.
+ ErrorMessage *string `location:"header" locationName:"x-amz-fwd-error-message" type:"string"`
+
+ // If the object expiration is configured (see PUT Bucket lifecycle), the response
+ // includes this header. It includes the expiry-date and rule-id key-value pairs
+ // that provide the object expiration information. The value of the rule-id
+ // is URL-encoded.
+ Expiration *string `location:"header" locationName:"x-amz-fwd-header-x-amz-expiration" type:"string"`
+
+ // The date and time at which the object is no longer cacheable.
+ Expires *time.Time `location:"header" locationName:"x-amz-fwd-header-Expires" type:"timestamp"`
+
+ // The date and time that the object was last modified.
+ LastModified *time.Time `location:"header" locationName:"x-amz-fwd-header-Last-Modified" type:"timestamp"`
+
+ // A map of metadata to store with the object in S3.
+ Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"`
+
+ // Set to the number of metadata entries not returned in x-amz-meta headers.
+ // This can happen if you create metadata using an API like SOAP that supports
+ // more flexible metadata than the REST API. For example, using SOAP, you can
+ // create metadata whose values are not legal HTTP headers.
+ MissingMeta *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-missing-meta" type:"integer"`
+
+ // Indicates whether an object stored in Amazon S3 has an active legal hold.
+ ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"`
+
+ // Indicates whether an object stored in Amazon S3 has Object Lock enabled.
+ // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html).
+ ObjectLockMode *string `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"`
+
+ // The date and time when Object Lock is configured to expire.
+ ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-fwd-header-x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"`
+
+ // The count of parts this object has.
+ PartsCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-mp-parts-count" type:"integer"`
+
+ // Indicates if request involves bucket that is either a source or destination
+ // in a Replication rule. For more information about S3 Replication, see Replication
+ // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html).
+ ReplicationStatus *string `location:"header" locationName:"x-amz-fwd-header-x-amz-replication-status" type:"string" enum:"ReplicationStatus"`
+
+ // If present, indicates that the requester was successfully charged for the
+ // request.
+ //
+ // This functionality is not supported for directory buckets.
+ RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"`
+
+ // Route prefix to the HTTP URL generated.
+ //
+ // RequestRoute is a required field
+ RequestRoute *string `location:"header" locationName:"x-amz-request-route" type:"string" required:"true"`
+
+ // A single use encrypted token that maps WriteGetObjectResponse to the end
+ // user GetObject request.
+ //
+ // RequestToken is a required field
+ RequestToken *string `location:"header" locationName:"x-amz-request-token" type:"string" required:"true"`
+
+ // Provides information about object restoration operation and expiration time
+ // of the restored object copy.
+ Restore *string `location:"header" locationName:"x-amz-fwd-header-x-amz-restore" type:"string"`
+
+ // Encryption algorithm used if server-side encryption with a customer-provided
+ // encryption key was specified for object stored in Amazon S3.
+ SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm" type:"string"`
+
+ // 128-bit MD5 digest of customer-provided encryption key used in Amazon S3
+ // to encrypt data stored in S3. For more information, see Protecting data using
+ // server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html).
+ SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"`
+
+ // If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon
+ // Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption
+ // customer managed key that was used for stored in Amazon S3 object.
+ //
+ // SSEKMSKeyId is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by WriteGetObjectResponseInput's
+ // String and GoString methods.
+ SSEKMSKeyId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"`
+
+ // The server-side encryption algorithm used when storing requested object in
+ // Amazon S3 (for example, AES256, aws:kms).
+ ServerSideEncryption *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"`
+
+ // The integer status code for an HTTP response of a corresponding GetObject
+ // request. The following is a list of status codes.
+ //
+ // * 200 - OK
+ //
+ // * 206 - Partial Content
+ //
+ // * 304 - Not Modified
+ //
+ // * 400 - Bad Request
+ //
+ // * 401 - Unauthorized
+ //
+ // * 403 - Forbidden
+ //
+ // * 404 - Not Found
+ //
+ // * 405 - Method Not Allowed
+ //
+ // * 409 - Conflict
+ //
+ // * 411 - Length Required
+ //
+ // * 412 - Precondition Failed
+ //
+ // * 416 - Range Not Satisfiable
+ //
+ // * 500 - Internal Server Error
+ //
+ // * 503 - Service Unavailable
+ StatusCode *int64 `location:"header" locationName:"x-amz-fwd-status" type:"integer"`
+
+ // Provides storage class information of the object. Amazon S3 returns this
+ // header for all objects except for S3 Standard storage class objects.
+ //
+ // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html).
+ StorageClass *string `location:"header" locationName:"x-amz-fwd-header-x-amz-storage-class" type:"string" enum:"StorageClass"`
+
+ // The number of tags, if any, on the object.
+ TagCount *int64 `location:"header" locationName:"x-amz-fwd-header-x-amz-tagging-count" type:"integer"`
+
+ // An ID used to reference a specific version of the object.
+ VersionId *string `location:"header" locationName:"x-amz-fwd-header-x-amz-version-id" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *WriteGetObjectResponseInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "WriteGetObjectResponseInput"}
+ if s.RequestRoute == nil {
+ invalidParams.Add(request.NewErrParamRequired("RequestRoute"))
+ }
+ if s.RequestRoute != nil && len(*s.RequestRoute) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("RequestRoute", 1))
+ }
+ if s.RequestToken == nil {
+ invalidParams.Add(request.NewErrParamRequired("RequestToken"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAcceptRanges sets the AcceptRanges field's value.
+func (s *WriteGetObjectResponseInput) SetAcceptRanges(v string) *WriteGetObjectResponseInput {
+ s.AcceptRanges = &v
+ return s
+}
+
+// SetBody sets the Body field's value.
+func (s *WriteGetObjectResponseInput) SetBody(v io.ReadSeeker) *WriteGetObjectResponseInput {
+ s.Body = v
+ return s
+}
+
+// SetBucketKeyEnabled sets the BucketKeyEnabled field's value.
+func (s *WriteGetObjectResponseInput) SetBucketKeyEnabled(v bool) *WriteGetObjectResponseInput {
+ s.BucketKeyEnabled = &v
+ return s
+}
+
+// SetCacheControl sets the CacheControl field's value.
+func (s *WriteGetObjectResponseInput) SetCacheControl(v string) *WriteGetObjectResponseInput {
+ s.CacheControl = &v
+ return s
+}
+
+// SetChecksumCRC32 sets the ChecksumCRC32 field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumCRC32(v string) *WriteGetObjectResponseInput {
+ s.ChecksumCRC32 = &v
+ return s
+}
+
+// SetChecksumCRC32C sets the ChecksumCRC32C field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumCRC32C(v string) *WriteGetObjectResponseInput {
+ s.ChecksumCRC32C = &v
+ return s
+}
+
+// SetChecksumSHA1 sets the ChecksumSHA1 field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumSHA1(v string) *WriteGetObjectResponseInput {
+ s.ChecksumSHA1 = &v
+ return s
+}
+
+// SetChecksumSHA256 sets the ChecksumSHA256 field's value.
+func (s *WriteGetObjectResponseInput) SetChecksumSHA256(v string) *WriteGetObjectResponseInput {
+ s.ChecksumSHA256 = &v
+ return s
+}
+
+// SetContentDisposition sets the ContentDisposition field's value.
+func (s *WriteGetObjectResponseInput) SetContentDisposition(v string) *WriteGetObjectResponseInput {
+ s.ContentDisposition = &v
+ return s
+}
+
+// SetContentEncoding sets the ContentEncoding field's value.
+func (s *WriteGetObjectResponseInput) SetContentEncoding(v string) *WriteGetObjectResponseInput {
+ s.ContentEncoding = &v
+ return s
+}
+
+// SetContentLanguage sets the ContentLanguage field's value.
+func (s *WriteGetObjectResponseInput) SetContentLanguage(v string) *WriteGetObjectResponseInput {
+ s.ContentLanguage = &v
+ return s
+}
+
+// SetContentLength sets the ContentLength field's value.
+func (s *WriteGetObjectResponseInput) SetContentLength(v int64) *WriteGetObjectResponseInput {
+ s.ContentLength = &v
+ return s
+}
+
+// SetContentRange sets the ContentRange field's value.
+func (s *WriteGetObjectResponseInput) SetContentRange(v string) *WriteGetObjectResponseInput {
+ s.ContentRange = &v
+ return s
+}
+
+// SetContentType sets the ContentType field's value.
+func (s *WriteGetObjectResponseInput) SetContentType(v string) *WriteGetObjectResponseInput {
+ s.ContentType = &v
+ return s
+}
+
+// SetDeleteMarker sets the DeleteMarker field's value.
+func (s *WriteGetObjectResponseInput) SetDeleteMarker(v bool) *WriteGetObjectResponseInput {
+ s.DeleteMarker = &v
+ return s
+}
+
+// SetETag sets the ETag field's value.
+func (s *WriteGetObjectResponseInput) SetETag(v string) *WriteGetObjectResponseInput {
+ s.ETag = &v
+ return s
+}
+
+// SetErrorCode sets the ErrorCode field's value.
+func (s *WriteGetObjectResponseInput) SetErrorCode(v string) *WriteGetObjectResponseInput {
+ s.ErrorCode = &v
+ return s
+}
+
+// SetErrorMessage sets the ErrorMessage field's value.
+func (s *WriteGetObjectResponseInput) SetErrorMessage(v string) *WriteGetObjectResponseInput {
+ s.ErrorMessage = &v
+ return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *WriteGetObjectResponseInput) SetExpiration(v string) *WriteGetObjectResponseInput {
+ s.Expiration = &v
+ return s
+}
+
+// SetExpires sets the Expires field's value.
+func (s *WriteGetObjectResponseInput) SetExpires(v time.Time) *WriteGetObjectResponseInput {
+ s.Expires = &v
+ return s
+}
+
+// SetLastModified sets the LastModified field's value.
+func (s *WriteGetObjectResponseInput) SetLastModified(v time.Time) *WriteGetObjectResponseInput {
+ s.LastModified = &v
+ return s
+}
+
+// SetMetadata sets the Metadata field's value.
+func (s *WriteGetObjectResponseInput) SetMetadata(v map[string]*string) *WriteGetObjectResponseInput {
+ s.Metadata = v
+ return s
+}
+
+// SetMissingMeta sets the MissingMeta field's value.
+func (s *WriteGetObjectResponseInput) SetMissingMeta(v int64) *WriteGetObjectResponseInput {
+ s.MissingMeta = &v
+ return s
+}
+
+// SetObjectLockLegalHoldStatus sets the ObjectLockLegalHoldStatus field's value.
+func (s *WriteGetObjectResponseInput) SetObjectLockLegalHoldStatus(v string) *WriteGetObjectResponseInput {
+ s.ObjectLockLegalHoldStatus = &v
+ return s
+}
+
+// SetObjectLockMode sets the ObjectLockMode field's value.
+func (s *WriteGetObjectResponseInput) SetObjectLockMode(v string) *WriteGetObjectResponseInput {
+ s.ObjectLockMode = &v
+ return s
+}
+
+// SetObjectLockRetainUntilDate sets the ObjectLockRetainUntilDate field's value.
+func (s *WriteGetObjectResponseInput) SetObjectLockRetainUntilDate(v time.Time) *WriteGetObjectResponseInput {
+ s.ObjectLockRetainUntilDate = &v
+ return s
+}
+
+// SetPartsCount sets the PartsCount field's value.
+func (s *WriteGetObjectResponseInput) SetPartsCount(v int64) *WriteGetObjectResponseInput {
+ s.PartsCount = &v
+ return s
+}
+
+// SetReplicationStatus sets the ReplicationStatus field's value.
+func (s *WriteGetObjectResponseInput) SetReplicationStatus(v string) *WriteGetObjectResponseInput {
+ s.ReplicationStatus = &v
+ return s
+}
+
+// SetRequestCharged sets the RequestCharged field's value.
+func (s *WriteGetObjectResponseInput) SetRequestCharged(v string) *WriteGetObjectResponseInput {
+ s.RequestCharged = &v
+ return s
+}
+
+// SetRequestRoute sets the RequestRoute field's value.
+func (s *WriteGetObjectResponseInput) SetRequestRoute(v string) *WriteGetObjectResponseInput {
+ s.RequestRoute = &v
+ return s
+}
+
+// SetRequestToken sets the RequestToken field's value.
+func (s *WriteGetObjectResponseInput) SetRequestToken(v string) *WriteGetObjectResponseInput {
+ s.RequestToken = &v
+ return s
+}
+
+// SetRestore sets the Restore field's value.
+func (s *WriteGetObjectResponseInput) SetRestore(v string) *WriteGetObjectResponseInput {
+ s.Restore = &v
+ return s
+}
+
+// SetSSECustomerAlgorithm sets the SSECustomerAlgorithm field's value.
+func (s *WriteGetObjectResponseInput) SetSSECustomerAlgorithm(v string) *WriteGetObjectResponseInput {
+ s.SSECustomerAlgorithm = &v
+ return s
+}
+
+// SetSSECustomerKeyMD5 sets the SSECustomerKeyMD5 field's value.
+func (s *WriteGetObjectResponseInput) SetSSECustomerKeyMD5(v string) *WriteGetObjectResponseInput {
+ s.SSECustomerKeyMD5 = &v
+ return s
+}
+
+// SetSSEKMSKeyId sets the SSEKMSKeyId field's value.
+func (s *WriteGetObjectResponseInput) SetSSEKMSKeyId(v string) *WriteGetObjectResponseInput {
+ s.SSEKMSKeyId = &v
+ return s
+}
+
+// SetServerSideEncryption sets the ServerSideEncryption field's value.
+func (s *WriteGetObjectResponseInput) SetServerSideEncryption(v string) *WriteGetObjectResponseInput {
+ s.ServerSideEncryption = &v
+ return s
+}
+
+// SetStatusCode sets the StatusCode field's value.
+func (s *WriteGetObjectResponseInput) SetStatusCode(v int64) *WriteGetObjectResponseInput {
+ s.StatusCode = &v
+ return s
+}
+
+// SetStorageClass sets the StorageClass field's value.
+func (s *WriteGetObjectResponseInput) SetStorageClass(v string) *WriteGetObjectResponseInput {
+ s.StorageClass = &v
+ return s
+}
+
+// SetTagCount sets the TagCount field's value.
+func (s *WriteGetObjectResponseInput) SetTagCount(v int64) *WriteGetObjectResponseInput {
+ s.TagCount = &v
+ return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *WriteGetObjectResponseInput) SetVersionId(v string) *WriteGetObjectResponseInput {
+ s.VersionId = &v
+ return s
+}
+
+func (s *WriteGetObjectResponseInput) hostLabels() map[string]string {
+ return map[string]string{
+ "RequestRoute": aws.StringValue(s.RequestRoute),
+ }
+}
+
+type WriteGetObjectResponseOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WriteGetObjectResponseOutput) GoString() string {
+ return s.String()
+}
+
+const (
+ // AnalyticsS3ExportFileFormatCsv is a AnalyticsS3ExportFileFormat enum value
+ AnalyticsS3ExportFileFormatCsv = "CSV"
+)
+
+// AnalyticsS3ExportFileFormat_Values returns all elements of the AnalyticsS3ExportFileFormat enum
+func AnalyticsS3ExportFileFormat_Values() []string {
+ return []string{
+ AnalyticsS3ExportFileFormatCsv,
+ }
+}
+
+const (
+ // ArchiveStatusArchiveAccess is a ArchiveStatus enum value
+ ArchiveStatusArchiveAccess = "ARCHIVE_ACCESS"
+
+ // ArchiveStatusDeepArchiveAccess is a ArchiveStatus enum value
+ ArchiveStatusDeepArchiveAccess = "DEEP_ARCHIVE_ACCESS"
+)
+
+// ArchiveStatus_Values returns all elements of the ArchiveStatus enum
+func ArchiveStatus_Values() []string {
+ return []string{
+ ArchiveStatusArchiveAccess,
+ ArchiveStatusDeepArchiveAccess,
+ }
+}
+
+const (
+ // BucketAccelerateStatusEnabled is a BucketAccelerateStatus enum value
+ BucketAccelerateStatusEnabled = "Enabled"
+
+ // BucketAccelerateStatusSuspended is a BucketAccelerateStatus enum value
+ BucketAccelerateStatusSuspended = "Suspended"
+)
+
+// BucketAccelerateStatus_Values returns all elements of the BucketAccelerateStatus enum
+func BucketAccelerateStatus_Values() []string {
+ return []string{
+ BucketAccelerateStatusEnabled,
+ BucketAccelerateStatusSuspended,
+ }
+}
+
+const (
+ // BucketCannedACLPrivate is a BucketCannedACL enum value
+ BucketCannedACLPrivate = "private"
+
+ // BucketCannedACLPublicRead is a BucketCannedACL enum value
+ BucketCannedACLPublicRead = "public-read"
+
+ // BucketCannedACLPublicReadWrite is a BucketCannedACL enum value
+ BucketCannedACLPublicReadWrite = "public-read-write"
+
+ // BucketCannedACLAuthenticatedRead is a BucketCannedACL enum value
+ BucketCannedACLAuthenticatedRead = "authenticated-read"
+)
+
+// BucketCannedACL_Values returns all elements of the BucketCannedACL enum
+func BucketCannedACL_Values() []string {
+ return []string{
+ BucketCannedACLPrivate,
+ BucketCannedACLPublicRead,
+ BucketCannedACLPublicReadWrite,
+ BucketCannedACLAuthenticatedRead,
+ }
+}
+
+const (
+ // BucketLocationConstraintAfSouth1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintAfSouth1 = "af-south-1"
+
+ // BucketLocationConstraintApEast1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApEast1 = "ap-east-1"
+
+ // BucketLocationConstraintApNortheast1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApNortheast1 = "ap-northeast-1"
+
+ // BucketLocationConstraintApNortheast2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApNortheast2 = "ap-northeast-2"
+
+ // BucketLocationConstraintApNortheast3 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApNortheast3 = "ap-northeast-3"
+
+ // BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApSouth1 = "ap-south-1"
+
+ // BucketLocationConstraintApSouth2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApSouth2 = "ap-south-2"
+
+ // BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApSoutheast1 = "ap-southeast-1"
+
+ // BucketLocationConstraintApSoutheast2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApSoutheast2 = "ap-southeast-2"
+
+ // BucketLocationConstraintApSoutheast3 is a BucketLocationConstraint enum value
+ BucketLocationConstraintApSoutheast3 = "ap-southeast-3"
+
+ // BucketLocationConstraintCaCentral1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintCaCentral1 = "ca-central-1"
+
+ // BucketLocationConstraintCnNorth1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintCnNorth1 = "cn-north-1"
+
+ // BucketLocationConstraintCnNorthwest1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintCnNorthwest1 = "cn-northwest-1"
+
+ // BucketLocationConstraintEu is a BucketLocationConstraint enum value
+ BucketLocationConstraintEu = "EU"
+
+ // BucketLocationConstraintEuCentral1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuCentral1 = "eu-central-1"
+
+ // BucketLocationConstraintEuNorth1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuNorth1 = "eu-north-1"
+
+ // BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuSouth1 = "eu-south-1"
+
+ // BucketLocationConstraintEuSouth2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuSouth2 = "eu-south-2"
+
+ // BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuWest1 = "eu-west-1"
+
+ // BucketLocationConstraintEuWest2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuWest2 = "eu-west-2"
+
+ // BucketLocationConstraintEuWest3 is a BucketLocationConstraint enum value
+ BucketLocationConstraintEuWest3 = "eu-west-3"
+
+ // BucketLocationConstraintMeSouth1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintMeSouth1 = "me-south-1"
+
+ // BucketLocationConstraintSaEast1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintSaEast1 = "sa-east-1"
+
+ // BucketLocationConstraintUsEast2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintUsEast2 = "us-east-2"
+
+ // BucketLocationConstraintUsGovEast1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintUsGovEast1 = "us-gov-east-1"
+
+ // BucketLocationConstraintUsGovWest1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintUsGovWest1 = "us-gov-west-1"
+
+ // BucketLocationConstraintUsWest1 is a BucketLocationConstraint enum value
+ BucketLocationConstraintUsWest1 = "us-west-1"
+
+ // BucketLocationConstraintUsWest2 is a BucketLocationConstraint enum value
+ BucketLocationConstraintUsWest2 = "us-west-2"
+)
+
+// BucketLocationConstraint_Values returns all elements of the BucketLocationConstraint enum
+func BucketLocationConstraint_Values() []string {
+ return []string{
+ BucketLocationConstraintAfSouth1,
+ BucketLocationConstraintApEast1,
+ BucketLocationConstraintApNortheast1,
+ BucketLocationConstraintApNortheast2,
+ BucketLocationConstraintApNortheast3,
+ BucketLocationConstraintApSouth1,
+ BucketLocationConstraintApSouth2,
+ BucketLocationConstraintApSoutheast1,
+ BucketLocationConstraintApSoutheast2,
+ BucketLocationConstraintApSoutheast3,
+ BucketLocationConstraintCaCentral1,
+ BucketLocationConstraintCnNorth1,
+ BucketLocationConstraintCnNorthwest1,
+ BucketLocationConstraintEu,
+ BucketLocationConstraintEuCentral1,
+ BucketLocationConstraintEuNorth1,
+ BucketLocationConstraintEuSouth1,
+ BucketLocationConstraintEuSouth2,
+ BucketLocationConstraintEuWest1,
+ BucketLocationConstraintEuWest2,
+ BucketLocationConstraintEuWest3,
+ BucketLocationConstraintMeSouth1,
+ BucketLocationConstraintSaEast1,
+ BucketLocationConstraintUsEast2,
+ BucketLocationConstraintUsGovEast1,
+ BucketLocationConstraintUsGovWest1,
+ BucketLocationConstraintUsWest1,
+ BucketLocationConstraintUsWest2,
+ }
+}
+
+const (
+ // BucketLogsPermissionFullControl is a BucketLogsPermission enum value
+ BucketLogsPermissionFullControl = "FULL_CONTROL"
+
+ // BucketLogsPermissionRead is a BucketLogsPermission enum value
+ BucketLogsPermissionRead = "READ"
+
+ // BucketLogsPermissionWrite is a BucketLogsPermission enum value
+ BucketLogsPermissionWrite = "WRITE"
+)
+
+// BucketLogsPermission_Values returns all elements of the BucketLogsPermission enum
+func BucketLogsPermission_Values() []string {
+ return []string{
+ BucketLogsPermissionFullControl,
+ BucketLogsPermissionRead,
+ BucketLogsPermissionWrite,
+ }
+}
+
+const (
+ // BucketTypeDirectory is a BucketType enum value
+ BucketTypeDirectory = "Directory"
+)
+
+// BucketType_Values returns all elements of the BucketType enum
+func BucketType_Values() []string {
+ return []string{
+ BucketTypeDirectory,
+ }
+}
+
+const (
+ // BucketVersioningStatusEnabled is a BucketVersioningStatus enum value
+ BucketVersioningStatusEnabled = "Enabled"
+
+ // BucketVersioningStatusSuspended is a BucketVersioningStatus enum value
+ BucketVersioningStatusSuspended = "Suspended"
+)
+
+// BucketVersioningStatus_Values returns all elements of the BucketVersioningStatus enum
+func BucketVersioningStatus_Values() []string {
+ return []string{
+ BucketVersioningStatusEnabled,
+ BucketVersioningStatusSuspended,
+ }
+}
+
+const (
+ // ChecksumAlgorithmCrc32 is a ChecksumAlgorithm enum value
+ ChecksumAlgorithmCrc32 = "CRC32"
+
+ // ChecksumAlgorithmCrc32c is a ChecksumAlgorithm enum value
+ ChecksumAlgorithmCrc32c = "CRC32C"
+
+ // ChecksumAlgorithmSha1 is a ChecksumAlgorithm enum value
+ ChecksumAlgorithmSha1 = "SHA1"
+
+ // ChecksumAlgorithmSha256 is a ChecksumAlgorithm enum value
+ ChecksumAlgorithmSha256 = "SHA256"
+)
+
+// ChecksumAlgorithm_Values returns all elements of the ChecksumAlgorithm enum
+func ChecksumAlgorithm_Values() []string {
+ return []string{
+ ChecksumAlgorithmCrc32,
+ ChecksumAlgorithmCrc32c,
+ ChecksumAlgorithmSha1,
+ ChecksumAlgorithmSha256,
+ }
+}
+
+const (
+ // ChecksumModeEnabled is a ChecksumMode enum value
+ ChecksumModeEnabled = "ENABLED"
+)
+
+// ChecksumMode_Values returns all elements of the ChecksumMode enum
+func ChecksumMode_Values() []string {
+ return []string{
+ ChecksumModeEnabled,
+ }
+}
+
+const (
+ // CompressionTypeNone is a CompressionType enum value
+ CompressionTypeNone = "NONE"
+
+ // CompressionTypeGzip is a CompressionType enum value
+ CompressionTypeGzip = "GZIP"
+
+ // CompressionTypeBzip2 is a CompressionType enum value
+ CompressionTypeBzip2 = "BZIP2"
+)
+
+// CompressionType_Values returns all elements of the CompressionType enum
+func CompressionType_Values() []string {
+ return []string{
+ CompressionTypeNone,
+ CompressionTypeGzip,
+ CompressionTypeBzip2,
+ }
+}
+
+const (
+ // DataRedundancySingleAvailabilityZone is a DataRedundancy enum value
+ DataRedundancySingleAvailabilityZone = "SingleAvailabilityZone"
+)
+
+// DataRedundancy_Values returns all elements of the DataRedundancy enum
+func DataRedundancy_Values() []string {
+ return []string{
+ DataRedundancySingleAvailabilityZone,
+ }
+}
+
+const (
+ // DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value
+ DeleteMarkerReplicationStatusEnabled = "Enabled"
+
+ // DeleteMarkerReplicationStatusDisabled is a DeleteMarkerReplicationStatus enum value
+ DeleteMarkerReplicationStatusDisabled = "Disabled"
+)
+
+// DeleteMarkerReplicationStatus_Values returns all elements of the DeleteMarkerReplicationStatus enum
+func DeleteMarkerReplicationStatus_Values() []string {
+ return []string{
+ DeleteMarkerReplicationStatusEnabled,
+ DeleteMarkerReplicationStatusDisabled,
+ }
+}
+
+// Requests Amazon S3 to encode the object keys in the response and specifies
+// the encoding method to use. An object key can contain any Unicode character;
+// however, the XML 1.0 parser cannot parse some characters, such as characters
+// with an ASCII value from 0 to 10. For characters that are not supported in
+// XML 1.0, you can add this parameter to request that Amazon S3 encode the
+// keys in the response.
+const (
+ // EncodingTypeUrl is a EncodingType enum value
+ EncodingTypeUrl = "url"
+)
+
+// EncodingType_Values returns all elements of the EncodingType enum
+func EncodingType_Values() []string {
+ return []string{
+ EncodingTypeUrl,
+ }
+}
+
+// The bucket event for which to send notifications.
+const (
+ // EventS3ReducedRedundancyLostObject is a Event enum value
+ EventS3ReducedRedundancyLostObject = "s3:ReducedRedundancyLostObject"
+
+ // EventS3ObjectCreated is a Event enum value
+ EventS3ObjectCreated = "s3:ObjectCreated:*"
+
+ // EventS3ObjectCreatedPut is a Event enum value
+ EventS3ObjectCreatedPut = "s3:ObjectCreated:Put"
+
+ // EventS3ObjectCreatedPost is a Event enum value
+ EventS3ObjectCreatedPost = "s3:ObjectCreated:Post"
+
+ // EventS3ObjectCreatedCopy is a Event enum value
+ EventS3ObjectCreatedCopy = "s3:ObjectCreated:Copy"
+
+ // EventS3ObjectCreatedCompleteMultipartUpload is a Event enum value
+ EventS3ObjectCreatedCompleteMultipartUpload = "s3:ObjectCreated:CompleteMultipartUpload"
+
+ // EventS3ObjectRemoved is a Event enum value
+ EventS3ObjectRemoved = "s3:ObjectRemoved:*"
+
+ // EventS3ObjectRemovedDelete is a Event enum value
+ EventS3ObjectRemovedDelete = "s3:ObjectRemoved:Delete"
+
+ // EventS3ObjectRemovedDeleteMarkerCreated is a Event enum value
+ EventS3ObjectRemovedDeleteMarkerCreated = "s3:ObjectRemoved:DeleteMarkerCreated"
+
+ // EventS3ObjectRestore is a Event enum value
+ EventS3ObjectRestore = "s3:ObjectRestore:*"
+
+ // EventS3ObjectRestorePost is a Event enum value
+ EventS3ObjectRestorePost = "s3:ObjectRestore:Post"
+
+ // EventS3ObjectRestoreCompleted is a Event enum value
+ EventS3ObjectRestoreCompleted = "s3:ObjectRestore:Completed"
+
+ // EventS3Replication is a Event enum value
+ EventS3Replication = "s3:Replication:*"
+
+ // EventS3ReplicationOperationFailedReplication is a Event enum value
+ EventS3ReplicationOperationFailedReplication = "s3:Replication:OperationFailedReplication"
+
+ // EventS3ReplicationOperationNotTracked is a Event enum value
+ EventS3ReplicationOperationNotTracked = "s3:Replication:OperationNotTracked"
+
+ // EventS3ReplicationOperationMissedThreshold is a Event enum value
+ EventS3ReplicationOperationMissedThreshold = "s3:Replication:OperationMissedThreshold"
+
+ // EventS3ReplicationOperationReplicatedAfterThreshold is a Event enum value
+ EventS3ReplicationOperationReplicatedAfterThreshold = "s3:Replication:OperationReplicatedAfterThreshold"
+
+ // EventS3ObjectRestoreDelete is a Event enum value
+ EventS3ObjectRestoreDelete = "s3:ObjectRestore:Delete"
+
+ // EventS3LifecycleTransition is a Event enum value
+ EventS3LifecycleTransition = "s3:LifecycleTransition"
+
+ // EventS3IntelligentTiering is a Event enum value
+ EventS3IntelligentTiering = "s3:IntelligentTiering"
+
+ // EventS3ObjectAclPut is a Event enum value
+ EventS3ObjectAclPut = "s3:ObjectAcl:Put"
+
+ // EventS3LifecycleExpiration is a Event enum value
+ EventS3LifecycleExpiration = "s3:LifecycleExpiration:*"
+
+ // EventS3LifecycleExpirationDelete is a Event enum value
+ EventS3LifecycleExpirationDelete = "s3:LifecycleExpiration:Delete"
+
+ // EventS3LifecycleExpirationDeleteMarkerCreated is a Event enum value
+ EventS3LifecycleExpirationDeleteMarkerCreated = "s3:LifecycleExpiration:DeleteMarkerCreated"
+
+ // EventS3ObjectTagging is a Event enum value
+ EventS3ObjectTagging = "s3:ObjectTagging:*"
+
+ // EventS3ObjectTaggingPut is a Event enum value
+ EventS3ObjectTaggingPut = "s3:ObjectTagging:Put"
+
+ // EventS3ObjectTaggingDelete is a Event enum value
+ EventS3ObjectTaggingDelete = "s3:ObjectTagging:Delete"
+)
+
+// Event_Values returns all elements of the Event enum
+func Event_Values() []string {
+ return []string{
+ EventS3ReducedRedundancyLostObject,
+ EventS3ObjectCreated,
+ EventS3ObjectCreatedPut,
+ EventS3ObjectCreatedPost,
+ EventS3ObjectCreatedCopy,
+ EventS3ObjectCreatedCompleteMultipartUpload,
+ EventS3ObjectRemoved,
+ EventS3ObjectRemovedDelete,
+ EventS3ObjectRemovedDeleteMarkerCreated,
+ EventS3ObjectRestore,
+ EventS3ObjectRestorePost,
+ EventS3ObjectRestoreCompleted,
+ EventS3Replication,
+ EventS3ReplicationOperationFailedReplication,
+ EventS3ReplicationOperationNotTracked,
+ EventS3ReplicationOperationMissedThreshold,
+ EventS3ReplicationOperationReplicatedAfterThreshold,
+ EventS3ObjectRestoreDelete,
+ EventS3LifecycleTransition,
+ EventS3IntelligentTiering,
+ EventS3ObjectAclPut,
+ EventS3LifecycleExpiration,
+ EventS3LifecycleExpirationDelete,
+ EventS3LifecycleExpirationDeleteMarkerCreated,
+ EventS3ObjectTagging,
+ EventS3ObjectTaggingPut,
+ EventS3ObjectTaggingDelete,
+ }
+}
+
+const (
+ // ExistingObjectReplicationStatusEnabled is a ExistingObjectReplicationStatus enum value
+ ExistingObjectReplicationStatusEnabled = "Enabled"
+
+ // ExistingObjectReplicationStatusDisabled is a ExistingObjectReplicationStatus enum value
+ ExistingObjectReplicationStatusDisabled = "Disabled"
+)
+
+// ExistingObjectReplicationStatus_Values returns all elements of the ExistingObjectReplicationStatus enum
+func ExistingObjectReplicationStatus_Values() []string {
+ return []string{
+ ExistingObjectReplicationStatusEnabled,
+ ExistingObjectReplicationStatusDisabled,
+ }
+}
+
+const (
+ // ExpirationStatusEnabled is a ExpirationStatus enum value
+ ExpirationStatusEnabled = "Enabled"
+
+ // ExpirationStatusDisabled is a ExpirationStatus enum value
+ ExpirationStatusDisabled = "Disabled"
+)
+
+// ExpirationStatus_Values returns all elements of the ExpirationStatus enum
+func ExpirationStatus_Values() []string {
+ return []string{
+ ExpirationStatusEnabled,
+ ExpirationStatusDisabled,
+ }
+}
+
+const (
+ // ExpressionTypeSql is a ExpressionType enum value
+ ExpressionTypeSql = "SQL"
+)
+
+// ExpressionType_Values returns all elements of the ExpressionType enum
+func ExpressionType_Values() []string {
+ return []string{
+ ExpressionTypeSql,
+ }
+}
+
+const (
+ // FileHeaderInfoUse is a FileHeaderInfo enum value
+ FileHeaderInfoUse = "USE"
+
+ // FileHeaderInfoIgnore is a FileHeaderInfo enum value
+ FileHeaderInfoIgnore = "IGNORE"
+
+ // FileHeaderInfoNone is a FileHeaderInfo enum value
+ FileHeaderInfoNone = "NONE"
+)
+
+// FileHeaderInfo_Values returns all elements of the FileHeaderInfo enum
+func FileHeaderInfo_Values() []string {
+ return []string{
+ FileHeaderInfoUse,
+ FileHeaderInfoIgnore,
+ FileHeaderInfoNone,
+ }
+}
+
+const (
+ // FilterRuleNamePrefix is a FilterRuleName enum value
+ FilterRuleNamePrefix = "prefix"
+
+ // FilterRuleNameSuffix is a FilterRuleName enum value
+ FilterRuleNameSuffix = "suffix"
+)
+
+// FilterRuleName_Values returns all elements of the FilterRuleName enum
+func FilterRuleName_Values() []string {
+ return []string{
+ FilterRuleNamePrefix,
+ FilterRuleNameSuffix,
+ }
+}
+
+const (
+ // IntelligentTieringAccessTierArchiveAccess is a IntelligentTieringAccessTier enum value
+ IntelligentTieringAccessTierArchiveAccess = "ARCHIVE_ACCESS"
+
+ // IntelligentTieringAccessTierDeepArchiveAccess is a IntelligentTieringAccessTier enum value
+ IntelligentTieringAccessTierDeepArchiveAccess = "DEEP_ARCHIVE_ACCESS"
+)
+
+// IntelligentTieringAccessTier_Values returns all elements of the IntelligentTieringAccessTier enum
+func IntelligentTieringAccessTier_Values() []string {
+ return []string{
+ IntelligentTieringAccessTierArchiveAccess,
+ IntelligentTieringAccessTierDeepArchiveAccess,
+ }
+}
+
+const (
+ // IntelligentTieringStatusEnabled is a IntelligentTieringStatus enum value
+ IntelligentTieringStatusEnabled = "Enabled"
+
+ // IntelligentTieringStatusDisabled is a IntelligentTieringStatus enum value
+ IntelligentTieringStatusDisabled = "Disabled"
+)
+
+// IntelligentTieringStatus_Values returns all elements of the IntelligentTieringStatus enum
+func IntelligentTieringStatus_Values() []string {
+ return []string{
+ IntelligentTieringStatusEnabled,
+ IntelligentTieringStatusDisabled,
+ }
+}
+
+const (
+ // InventoryFormatCsv is a InventoryFormat enum value
+ InventoryFormatCsv = "CSV"
+
+ // InventoryFormatOrc is a InventoryFormat enum value
+ InventoryFormatOrc = "ORC"
+
+ // InventoryFormatParquet is a InventoryFormat enum value
+ InventoryFormatParquet = "Parquet"
+)
+
+// InventoryFormat_Values returns all elements of the InventoryFormat enum
+func InventoryFormat_Values() []string {
+ return []string{
+ InventoryFormatCsv,
+ InventoryFormatOrc,
+ InventoryFormatParquet,
+ }
+}
+
+const (
+ // InventoryFrequencyDaily is a InventoryFrequency enum value
+ InventoryFrequencyDaily = "Daily"
+
+ // InventoryFrequencyWeekly is a InventoryFrequency enum value
+ InventoryFrequencyWeekly = "Weekly"
+)
+
+// InventoryFrequency_Values returns all elements of the InventoryFrequency enum
+func InventoryFrequency_Values() []string {
+ return []string{
+ InventoryFrequencyDaily,
+ InventoryFrequencyWeekly,
+ }
+}
+
+const (
+ // InventoryIncludedObjectVersionsAll is a InventoryIncludedObjectVersions enum value
+ InventoryIncludedObjectVersionsAll = "All"
+
+ // InventoryIncludedObjectVersionsCurrent is a InventoryIncludedObjectVersions enum value
+ InventoryIncludedObjectVersionsCurrent = "Current"
+)
+
+// InventoryIncludedObjectVersions_Values returns all elements of the InventoryIncludedObjectVersions enum
+func InventoryIncludedObjectVersions_Values() []string {
+ return []string{
+ InventoryIncludedObjectVersionsAll,
+ InventoryIncludedObjectVersionsCurrent,
+ }
+}
+
+const (
+ // InventoryOptionalFieldSize is a InventoryOptionalField enum value
+ InventoryOptionalFieldSize = "Size"
+
+ // InventoryOptionalFieldLastModifiedDate is a InventoryOptionalField enum value
+ InventoryOptionalFieldLastModifiedDate = "LastModifiedDate"
+
+ // InventoryOptionalFieldStorageClass is a InventoryOptionalField enum value
+ InventoryOptionalFieldStorageClass = "StorageClass"
+
+ // InventoryOptionalFieldEtag is a InventoryOptionalField enum value
+ InventoryOptionalFieldEtag = "ETag"
+
+ // InventoryOptionalFieldIsMultipartUploaded is a InventoryOptionalField enum value
+ InventoryOptionalFieldIsMultipartUploaded = "IsMultipartUploaded"
+
+ // InventoryOptionalFieldReplicationStatus is a InventoryOptionalField enum value
+ InventoryOptionalFieldReplicationStatus = "ReplicationStatus"
+
+ // InventoryOptionalFieldEncryptionStatus is a InventoryOptionalField enum value
+ InventoryOptionalFieldEncryptionStatus = "EncryptionStatus"
+
+ // InventoryOptionalFieldObjectLockRetainUntilDate is a InventoryOptionalField enum value
+ InventoryOptionalFieldObjectLockRetainUntilDate = "ObjectLockRetainUntilDate"
+
+ // InventoryOptionalFieldObjectLockMode is a InventoryOptionalField enum value
+ InventoryOptionalFieldObjectLockMode = "ObjectLockMode"
+
+ // InventoryOptionalFieldObjectLockLegalHoldStatus is a InventoryOptionalField enum value
+ InventoryOptionalFieldObjectLockLegalHoldStatus = "ObjectLockLegalHoldStatus"
+
+ // InventoryOptionalFieldIntelligentTieringAccessTier is a InventoryOptionalField enum value
+ InventoryOptionalFieldIntelligentTieringAccessTier = "IntelligentTieringAccessTier"
+
+ // InventoryOptionalFieldBucketKeyStatus is a InventoryOptionalField enum value
+ InventoryOptionalFieldBucketKeyStatus = "BucketKeyStatus"
+
+ // InventoryOptionalFieldChecksumAlgorithm is a InventoryOptionalField enum value
+ InventoryOptionalFieldChecksumAlgorithm = "ChecksumAlgorithm"
+
+ // InventoryOptionalFieldObjectAccessControlList is a InventoryOptionalField enum value
+ InventoryOptionalFieldObjectAccessControlList = "ObjectAccessControlList"
+
+ // InventoryOptionalFieldObjectOwner is a InventoryOptionalField enum value
+ InventoryOptionalFieldObjectOwner = "ObjectOwner"
+)
+
+// InventoryOptionalField_Values returns all elements of the InventoryOptionalField enum
+func InventoryOptionalField_Values() []string {
+ return []string{
+ InventoryOptionalFieldSize,
+ InventoryOptionalFieldLastModifiedDate,
+ InventoryOptionalFieldStorageClass,
+ InventoryOptionalFieldEtag,
+ InventoryOptionalFieldIsMultipartUploaded,
+ InventoryOptionalFieldReplicationStatus,
+ InventoryOptionalFieldEncryptionStatus,
+ InventoryOptionalFieldObjectLockRetainUntilDate,
+ InventoryOptionalFieldObjectLockMode,
+ InventoryOptionalFieldObjectLockLegalHoldStatus,
+ InventoryOptionalFieldIntelligentTieringAccessTier,
+ InventoryOptionalFieldBucketKeyStatus,
+ InventoryOptionalFieldChecksumAlgorithm,
+ InventoryOptionalFieldObjectAccessControlList,
+ InventoryOptionalFieldObjectOwner,
+ }
+}
+
+const (
+ // JSONTypeDocument is a JSONType enum value
+ JSONTypeDocument = "DOCUMENT"
+
+ // JSONTypeLines is a JSONType enum value
+ JSONTypeLines = "LINES"
+)
+
+// JSONType_Values returns all elements of the JSONType enum
+func JSONType_Values() []string {
+ return []string{
+ JSONTypeDocument,
+ JSONTypeLines,
+ }
+}
+
+const (
+ // LocationTypeAvailabilityZone is a LocationType enum value
+ LocationTypeAvailabilityZone = "AvailabilityZone"
+)
+
+// LocationType_Values returns all elements of the LocationType enum
+func LocationType_Values() []string {
+ return []string{
+ LocationTypeAvailabilityZone,
+ }
+}
+
+const (
+ // MFADeleteEnabled is a MFADelete enum value
+ MFADeleteEnabled = "Enabled"
+
+ // MFADeleteDisabled is a MFADelete enum value
+ MFADeleteDisabled = "Disabled"
+)
+
+// MFADelete_Values returns all elements of the MFADelete enum
+func MFADelete_Values() []string {
+ return []string{
+ MFADeleteEnabled,
+ MFADeleteDisabled,
+ }
+}
+
+const (
+ // MFADeleteStatusEnabled is a MFADeleteStatus enum value
+ MFADeleteStatusEnabled = "Enabled"
+
+ // MFADeleteStatusDisabled is a MFADeleteStatus enum value
+ MFADeleteStatusDisabled = "Disabled"
+)
+
+// MFADeleteStatus_Values returns all elements of the MFADeleteStatus enum
+func MFADeleteStatus_Values() []string {
+ return []string{
+ MFADeleteStatusEnabled,
+ MFADeleteStatusDisabled,
+ }
+}
+
+const (
+ // MetadataDirectiveCopy is a MetadataDirective enum value
+ MetadataDirectiveCopy = "COPY"
+
+ // MetadataDirectiveReplace is a MetadataDirective enum value
+ MetadataDirectiveReplace = "REPLACE"
+)
+
+// MetadataDirective_Values returns all elements of the MetadataDirective enum
+func MetadataDirective_Values() []string {
+ return []string{
+ MetadataDirectiveCopy,
+ MetadataDirectiveReplace,
+ }
+}
+
+const (
+ // MetricsStatusEnabled is a MetricsStatus enum value
+ MetricsStatusEnabled = "Enabled"
+
+ // MetricsStatusDisabled is a MetricsStatus enum value
+ MetricsStatusDisabled = "Disabled"
+)
+
+// MetricsStatus_Values returns all elements of the MetricsStatus enum
+func MetricsStatus_Values() []string {
+ return []string{
+ MetricsStatusEnabled,
+ MetricsStatusDisabled,
+ }
+}
+
+const (
+ // ObjectAttributesEtag is a ObjectAttributes enum value
+ ObjectAttributesEtag = "ETag"
+
+ // ObjectAttributesChecksum is a ObjectAttributes enum value
+ ObjectAttributesChecksum = "Checksum"
+
+ // ObjectAttributesObjectParts is a ObjectAttributes enum value
+ ObjectAttributesObjectParts = "ObjectParts"
+
+ // ObjectAttributesStorageClass is a ObjectAttributes enum value
+ ObjectAttributesStorageClass = "StorageClass"
+
+ // ObjectAttributesObjectSize is a ObjectAttributes enum value
+ ObjectAttributesObjectSize = "ObjectSize"
+)
+
+// ObjectAttributes_Values returns all elements of the ObjectAttributes enum
+func ObjectAttributes_Values() []string {
+ return []string{
+ ObjectAttributesEtag,
+ ObjectAttributesChecksum,
+ ObjectAttributesObjectParts,
+ ObjectAttributesStorageClass,
+ ObjectAttributesObjectSize,
+ }
+}
+
+const (
+ // ObjectCannedACLPrivate is a ObjectCannedACL enum value
+ ObjectCannedACLPrivate = "private"
+
+ // ObjectCannedACLPublicRead is a ObjectCannedACL enum value
+ ObjectCannedACLPublicRead = "public-read"
+
+ // ObjectCannedACLPublicReadWrite is a ObjectCannedACL enum value
+ ObjectCannedACLPublicReadWrite = "public-read-write"
+
+ // ObjectCannedACLAuthenticatedRead is a ObjectCannedACL enum value
+ ObjectCannedACLAuthenticatedRead = "authenticated-read"
+
+ // ObjectCannedACLAwsExecRead is a ObjectCannedACL enum value
+ ObjectCannedACLAwsExecRead = "aws-exec-read"
+
+ // ObjectCannedACLBucketOwnerRead is a ObjectCannedACL enum value
+ ObjectCannedACLBucketOwnerRead = "bucket-owner-read"
+
+ // ObjectCannedACLBucketOwnerFullControl is a ObjectCannedACL enum value
+ ObjectCannedACLBucketOwnerFullControl = "bucket-owner-full-control"
+)
+
+// ObjectCannedACL_Values returns all elements of the ObjectCannedACL enum
+func ObjectCannedACL_Values() []string {
+ return []string{
+ ObjectCannedACLPrivate,
+ ObjectCannedACLPublicRead,
+ ObjectCannedACLPublicReadWrite,
+ ObjectCannedACLAuthenticatedRead,
+ ObjectCannedACLAwsExecRead,
+ ObjectCannedACLBucketOwnerRead,
+ ObjectCannedACLBucketOwnerFullControl,
+ }
+}
+
+const (
+ // ObjectLockEnabledEnabled is a ObjectLockEnabled enum value
+ ObjectLockEnabledEnabled = "Enabled"
+)
+
+// ObjectLockEnabled_Values returns all elements of the ObjectLockEnabled enum
+func ObjectLockEnabled_Values() []string {
+ return []string{
+ ObjectLockEnabledEnabled,
+ }
+}
+
+const (
+ // ObjectLockLegalHoldStatusOn is a ObjectLockLegalHoldStatus enum value
+ ObjectLockLegalHoldStatusOn = "ON"
+
+ // ObjectLockLegalHoldStatusOff is a ObjectLockLegalHoldStatus enum value
+ ObjectLockLegalHoldStatusOff = "OFF"
+)
+
+// ObjectLockLegalHoldStatus_Values returns all elements of the ObjectLockLegalHoldStatus enum
+func ObjectLockLegalHoldStatus_Values() []string {
+ return []string{
+ ObjectLockLegalHoldStatusOn,
+ ObjectLockLegalHoldStatusOff,
+ }
+}
+
+const (
+ // ObjectLockModeGovernance is a ObjectLockMode enum value
+ ObjectLockModeGovernance = "GOVERNANCE"
+
+ // ObjectLockModeCompliance is a ObjectLockMode enum value
+ ObjectLockModeCompliance = "COMPLIANCE"
+)
+
+// ObjectLockMode_Values returns all elements of the ObjectLockMode enum
+func ObjectLockMode_Values() []string {
+ return []string{
+ ObjectLockModeGovernance,
+ ObjectLockModeCompliance,
+ }
+}
+
+const (
+ // ObjectLockRetentionModeGovernance is a ObjectLockRetentionMode enum value
+ ObjectLockRetentionModeGovernance = "GOVERNANCE"
+
+ // ObjectLockRetentionModeCompliance is a ObjectLockRetentionMode enum value
+ ObjectLockRetentionModeCompliance = "COMPLIANCE"
+)
+
+// ObjectLockRetentionMode_Values returns all elements of the ObjectLockRetentionMode enum
+func ObjectLockRetentionMode_Values() []string {
+ return []string{
+ ObjectLockRetentionModeGovernance,
+ ObjectLockRetentionModeCompliance,
+ }
+}
+
+// The container element for object ownership for a bucket's ownership controls.
+//
+// BucketOwnerPreferred - Objects uploaded to the bucket change ownership to
+// the bucket owner if the objects are uploaded with the bucket-owner-full-control
+// canned ACL.
+//
+// ObjectWriter - The uploading account will own the object if the object is
+// uploaded with the bucket-owner-full-control canned ACL.
+//
+// BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer
+// affect permissions. The bucket owner automatically owns and has full control
+// over every object in the bucket. The bucket only accepts PUT requests that
+// don't specify an ACL or specify bucket owner full control ACLs (such as the
+// predefined bucket-owner-full-control canned ACL or a custom ACL in XML format
+// that grants the same permissions).
+//
+// By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled.
+// We recommend keeping ACLs disabled, except in uncommon use cases where you
+// must control access for each object individually. For more information about
+// S3 Object Ownership, see Controlling ownership of objects and disabling ACLs
+// for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html)
+// in the Amazon S3 User Guide.
+//
+// This functionality is not supported for directory buckets. Directory buckets
+// use the bucket owner enforced setting for S3 Object Ownership.
+const (
+ // ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value
+ ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred"
+
+ // ObjectOwnershipObjectWriter is a ObjectOwnership enum value
+ ObjectOwnershipObjectWriter = "ObjectWriter"
+
+ // ObjectOwnershipBucketOwnerEnforced is a ObjectOwnership enum value
+ ObjectOwnershipBucketOwnerEnforced = "BucketOwnerEnforced"
+)
+
+// ObjectOwnership_Values returns all elements of the ObjectOwnership enum
+func ObjectOwnership_Values() []string {
+ return []string{
+ ObjectOwnershipBucketOwnerPreferred,
+ ObjectOwnershipObjectWriter,
+ ObjectOwnershipBucketOwnerEnforced,
+ }
+}
+
+const (
+ // ObjectStorageClassStandard is a ObjectStorageClass enum value
+ ObjectStorageClassStandard = "STANDARD"
+
+ // ObjectStorageClassReducedRedundancy is a ObjectStorageClass enum value
+ ObjectStorageClassReducedRedundancy = "REDUCED_REDUNDANCY"
+
+ // ObjectStorageClassGlacier is a ObjectStorageClass enum value
+ ObjectStorageClassGlacier = "GLACIER"
+
+ // ObjectStorageClassStandardIa is a ObjectStorageClass enum value
+ ObjectStorageClassStandardIa = "STANDARD_IA"
+
+ // ObjectStorageClassOnezoneIa is a ObjectStorageClass enum value
+ ObjectStorageClassOnezoneIa = "ONEZONE_IA"
+
+ // ObjectStorageClassIntelligentTiering is a ObjectStorageClass enum value
+ ObjectStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+ // ObjectStorageClassDeepArchive is a ObjectStorageClass enum value
+ ObjectStorageClassDeepArchive = "DEEP_ARCHIVE"
+
+ // ObjectStorageClassOutposts is a ObjectStorageClass enum value
+ ObjectStorageClassOutposts = "OUTPOSTS"
+
+ // ObjectStorageClassGlacierIr is a ObjectStorageClass enum value
+ ObjectStorageClassGlacierIr = "GLACIER_IR"
+
+ // ObjectStorageClassSnow is a ObjectStorageClass enum value
+ ObjectStorageClassSnow = "SNOW"
+
+ // ObjectStorageClassExpressOnezone is a ObjectStorageClass enum value
+ ObjectStorageClassExpressOnezone = "EXPRESS_ONEZONE"
+)
+
+// ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum
+func ObjectStorageClass_Values() []string {
+ return []string{
+ ObjectStorageClassStandard,
+ ObjectStorageClassReducedRedundancy,
+ ObjectStorageClassGlacier,
+ ObjectStorageClassStandardIa,
+ ObjectStorageClassOnezoneIa,
+ ObjectStorageClassIntelligentTiering,
+ ObjectStorageClassDeepArchive,
+ ObjectStorageClassOutposts,
+ ObjectStorageClassGlacierIr,
+ ObjectStorageClassSnow,
+ ObjectStorageClassExpressOnezone,
+ }
+}
+
+const (
+ // ObjectVersionStorageClassStandard is a ObjectVersionStorageClass enum value
+ ObjectVersionStorageClassStandard = "STANDARD"
+)
+
+// ObjectVersionStorageClass_Values returns all elements of the ObjectVersionStorageClass enum
+func ObjectVersionStorageClass_Values() []string {
+ return []string{
+ ObjectVersionStorageClassStandard,
+ }
+}
+
+const (
+ // OptionalObjectAttributesRestoreStatus is a OptionalObjectAttributes enum value
+ OptionalObjectAttributesRestoreStatus = "RestoreStatus"
+)
+
+// OptionalObjectAttributes_Values returns all elements of the OptionalObjectAttributes enum
+func OptionalObjectAttributes_Values() []string {
+ return []string{
+ OptionalObjectAttributesRestoreStatus,
+ }
+}
+
+const (
+ // OwnerOverrideDestination is a OwnerOverride enum value
+ OwnerOverrideDestination = "Destination"
+)
+
+// OwnerOverride_Values returns all elements of the OwnerOverride enum
+func OwnerOverride_Values() []string {
+ return []string{
+ OwnerOverrideDestination,
+ }
+}
+
+const (
+ // PartitionDateSourceEventTime is a PartitionDateSource enum value
+ PartitionDateSourceEventTime = "EventTime"
+
+ // PartitionDateSourceDeliveryTime is a PartitionDateSource enum value
+ PartitionDateSourceDeliveryTime = "DeliveryTime"
+)
+
+// PartitionDateSource_Values returns all elements of the PartitionDateSource enum
+func PartitionDateSource_Values() []string {
+ return []string{
+ PartitionDateSourceEventTime,
+ PartitionDateSourceDeliveryTime,
+ }
+}
+
+const (
+ // PayerRequester is a Payer enum value
+ PayerRequester = "Requester"
+
+ // PayerBucketOwner is a Payer enum value
+ PayerBucketOwner = "BucketOwner"
+)
+
+// Payer_Values returns all elements of the Payer enum
+func Payer_Values() []string {
+ return []string{
+ PayerRequester,
+ PayerBucketOwner,
+ }
+}
+
+const (
+ // PermissionFullControl is a Permission enum value
+ PermissionFullControl = "FULL_CONTROL"
+
+ // PermissionWrite is a Permission enum value
+ PermissionWrite = "WRITE"
+
+ // PermissionWriteAcp is a Permission enum value
+ PermissionWriteAcp = "WRITE_ACP"
+
+ // PermissionRead is a Permission enum value
+ PermissionRead = "READ"
+
+ // PermissionReadAcp is a Permission enum value
+ PermissionReadAcp = "READ_ACP"
+)
+
+// Permission_Values returns all elements of the Permission enum
+func Permission_Values() []string {
+ return []string{
+ PermissionFullControl,
+ PermissionWrite,
+ PermissionWriteAcp,
+ PermissionRead,
+ PermissionReadAcp,
+ }
+}
+
+const (
+ // ProtocolHttp is a Protocol enum value
+ ProtocolHttp = "http"
+
+ // ProtocolHttps is a Protocol enum value
+ ProtocolHttps = "https"
+)
+
+// Protocol_Values returns all elements of the Protocol enum
+func Protocol_Values() []string {
+ return []string{
+ ProtocolHttp,
+ ProtocolHttps,
+ }
+}
+
+const (
+ // QuoteFieldsAlways is a QuoteFields enum value
+ QuoteFieldsAlways = "ALWAYS"
+
+ // QuoteFieldsAsneeded is a QuoteFields enum value
+ QuoteFieldsAsneeded = "ASNEEDED"
+)
+
+// QuoteFields_Values returns all elements of the QuoteFields enum
+func QuoteFields_Values() []string {
+ return []string{
+ QuoteFieldsAlways,
+ QuoteFieldsAsneeded,
+ }
+}
+
+const (
+ // ReplicaModificationsStatusEnabled is a ReplicaModificationsStatus enum value
+ ReplicaModificationsStatusEnabled = "Enabled"
+
+ // ReplicaModificationsStatusDisabled is a ReplicaModificationsStatus enum value
+ ReplicaModificationsStatusDisabled = "Disabled"
+)
+
+// ReplicaModificationsStatus_Values returns all elements of the ReplicaModificationsStatus enum
+func ReplicaModificationsStatus_Values() []string {
+ return []string{
+ ReplicaModificationsStatusEnabled,
+ ReplicaModificationsStatusDisabled,
+ }
+}
+
+const (
+ // ReplicationRuleStatusEnabled is a ReplicationRuleStatus enum value
+ ReplicationRuleStatusEnabled = "Enabled"
+
+ // ReplicationRuleStatusDisabled is a ReplicationRuleStatus enum value
+ ReplicationRuleStatusDisabled = "Disabled"
+)
+
+// ReplicationRuleStatus_Values returns all elements of the ReplicationRuleStatus enum
+func ReplicationRuleStatus_Values() []string {
+ return []string{
+ ReplicationRuleStatusEnabled,
+ ReplicationRuleStatusDisabled,
+ }
+}
+
+const (
+ // ReplicationStatusComplete is a ReplicationStatus enum value
+ ReplicationStatusComplete = "COMPLETE"
+
+ // ReplicationStatusPending is a ReplicationStatus enum value
+ ReplicationStatusPending = "PENDING"
+
+ // ReplicationStatusFailed is a ReplicationStatus enum value
+ ReplicationStatusFailed = "FAILED"
+
+ // ReplicationStatusReplica is a ReplicationStatus enum value
+ ReplicationStatusReplica = "REPLICA"
+
+ // ReplicationStatusCompleted is a ReplicationStatus enum value
+ ReplicationStatusCompleted = "COMPLETED"
+)
+
+// ReplicationStatus_Values returns all elements of the ReplicationStatus enum
+func ReplicationStatus_Values() []string {
+ return []string{
+ ReplicationStatusComplete,
+ ReplicationStatusPending,
+ ReplicationStatusFailed,
+ ReplicationStatusReplica,
+ ReplicationStatusCompleted,
+ }
+}
+
+const (
+ // ReplicationTimeStatusEnabled is a ReplicationTimeStatus enum value
+ ReplicationTimeStatusEnabled = "Enabled"
+
+ // ReplicationTimeStatusDisabled is a ReplicationTimeStatus enum value
+ ReplicationTimeStatusDisabled = "Disabled"
+)
+
+// ReplicationTimeStatus_Values returns all elements of the ReplicationTimeStatus enum
+func ReplicationTimeStatus_Values() []string {
+ return []string{
+ ReplicationTimeStatusEnabled,
+ ReplicationTimeStatusDisabled,
+ }
+}
+
+// If present, indicates that the requester was successfully charged for the
+// request.
+//
+// This functionality is not supported for directory buckets.
+const (
+ // RequestChargedRequester is a RequestCharged enum value
+ RequestChargedRequester = "requester"
+)
+
+// RequestCharged_Values returns all elements of the RequestCharged enum
+func RequestCharged_Values() []string {
+ return []string{
+ RequestChargedRequester,
+ }
+}
+
+// Confirms that the requester knows that they will be charged for the request.
+// Bucket owners need not specify this parameter in their requests. If either
+// the source or destination S3 bucket has Requester Pays enabled, the requester
+// will pay for corresponding charges to copy the object. For information about
+// downloading objects from Requester Pays buckets, see Downloading Objects
+// in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html)
+// in the Amazon S3 User Guide.
+//
+// This functionality is not supported for directory buckets.
+const (
+ // RequestPayerRequester is a RequestPayer enum value
+ RequestPayerRequester = "requester"
+)
+
+// RequestPayer_Values returns all elements of the RequestPayer enum
+func RequestPayer_Values() []string {
+ return []string{
+ RequestPayerRequester,
+ }
+}
+
+const (
+ // RestoreRequestTypeSelect is a RestoreRequestType enum value
+ RestoreRequestTypeSelect = "SELECT"
+)
+
+// RestoreRequestType_Values returns all elements of the RestoreRequestType enum
+func RestoreRequestType_Values() []string {
+ return []string{
+ RestoreRequestTypeSelect,
+ }
+}
+
+const (
+ // ServerSideEncryptionAes256 is a ServerSideEncryption enum value
+ ServerSideEncryptionAes256 = "AES256"
+
+ // ServerSideEncryptionAwsKms is a ServerSideEncryption enum value
+ ServerSideEncryptionAwsKms = "aws:kms"
+
+ // ServerSideEncryptionAwsKmsDsse is a ServerSideEncryption enum value
+ ServerSideEncryptionAwsKmsDsse = "aws:kms:dsse"
+)
+
+// ServerSideEncryption_Values returns all elements of the ServerSideEncryption enum
+func ServerSideEncryption_Values() []string {
+ return []string{
+ ServerSideEncryptionAes256,
+ ServerSideEncryptionAwsKms,
+ ServerSideEncryptionAwsKmsDsse,
+ }
+}
+
+const (
+ // SessionModeReadOnly is a SessionMode enum value
+ SessionModeReadOnly = "ReadOnly"
+
+ // SessionModeReadWrite is a SessionMode enum value
+ SessionModeReadWrite = "ReadWrite"
+)
+
+// SessionMode_Values returns all elements of the SessionMode enum
+func SessionMode_Values() []string {
+ return []string{
+ SessionModeReadOnly,
+ SessionModeReadWrite,
+ }
+}
+
+const (
+ // SseKmsEncryptedObjectsStatusEnabled is a SseKmsEncryptedObjectsStatus enum value
+ SseKmsEncryptedObjectsStatusEnabled = "Enabled"
+
+ // SseKmsEncryptedObjectsStatusDisabled is a SseKmsEncryptedObjectsStatus enum value
+ SseKmsEncryptedObjectsStatusDisabled = "Disabled"
+)
+
+// SseKmsEncryptedObjectsStatus_Values returns all elements of the SseKmsEncryptedObjectsStatus enum
+func SseKmsEncryptedObjectsStatus_Values() []string {
+ return []string{
+ SseKmsEncryptedObjectsStatusEnabled,
+ SseKmsEncryptedObjectsStatusDisabled,
+ }
+}
+
+const (
+ // StorageClassStandard is a StorageClass enum value
+ StorageClassStandard = "STANDARD"
+
+ // StorageClassReducedRedundancy is a StorageClass enum value
+ StorageClassReducedRedundancy = "REDUCED_REDUNDANCY"
+
+ // StorageClassStandardIa is a StorageClass enum value
+ StorageClassStandardIa = "STANDARD_IA"
+
+ // StorageClassOnezoneIa is a StorageClass enum value
+ StorageClassOnezoneIa = "ONEZONE_IA"
+
+ // StorageClassIntelligentTiering is a StorageClass enum value
+ StorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+ // StorageClassGlacier is a StorageClass enum value
+ StorageClassGlacier = "GLACIER"
+
+ // StorageClassDeepArchive is a StorageClass enum value
+ StorageClassDeepArchive = "DEEP_ARCHIVE"
+
+ // StorageClassOutposts is a StorageClass enum value
+ StorageClassOutposts = "OUTPOSTS"
+
+ // StorageClassGlacierIr is a StorageClass enum value
+ StorageClassGlacierIr = "GLACIER_IR"
+
+ // StorageClassSnow is a StorageClass enum value
+ StorageClassSnow = "SNOW"
+
+ // StorageClassExpressOnezone is a StorageClass enum value
+ StorageClassExpressOnezone = "EXPRESS_ONEZONE"
+)
+
+// StorageClass_Values returns all elements of the StorageClass enum
+func StorageClass_Values() []string {
+ return []string{
+ StorageClassStandard,
+ StorageClassReducedRedundancy,
+ StorageClassStandardIa,
+ StorageClassOnezoneIa,
+ StorageClassIntelligentTiering,
+ StorageClassGlacier,
+ StorageClassDeepArchive,
+ StorageClassOutposts,
+ StorageClassGlacierIr,
+ StorageClassSnow,
+ StorageClassExpressOnezone,
+ }
+}
+
+const (
+ // StorageClassAnalysisSchemaVersionV1 is a StorageClassAnalysisSchemaVersion enum value
+ StorageClassAnalysisSchemaVersionV1 = "V_1"
+)
+
+// StorageClassAnalysisSchemaVersion_Values returns all elements of the StorageClassAnalysisSchemaVersion enum
+func StorageClassAnalysisSchemaVersion_Values() []string {
+ return []string{
+ StorageClassAnalysisSchemaVersionV1,
+ }
+}
+
+const (
+ // TaggingDirectiveCopy is a TaggingDirective enum value
+ TaggingDirectiveCopy = "COPY"
+
+ // TaggingDirectiveReplace is a TaggingDirective enum value
+ TaggingDirectiveReplace = "REPLACE"
+)
+
+// TaggingDirective_Values returns all elements of the TaggingDirective enum
+func TaggingDirective_Values() []string {
+ return []string{
+ TaggingDirectiveCopy,
+ TaggingDirectiveReplace,
+ }
+}
+
+const (
+ // TierStandard is a Tier enum value
+ TierStandard = "Standard"
+
+ // TierBulk is a Tier enum value
+ TierBulk = "Bulk"
+
+ // TierExpedited is a Tier enum value
+ TierExpedited = "Expedited"
+)
+
+// Tier_Values returns all elements of the Tier enum
+func Tier_Values() []string {
+ return []string{
+ TierStandard,
+ TierBulk,
+ TierExpedited,
+ }
+}
+
+const (
+ // TransitionStorageClassGlacier is a TransitionStorageClass enum value
+ TransitionStorageClassGlacier = "GLACIER"
+
+ // TransitionStorageClassStandardIa is a TransitionStorageClass enum value
+ TransitionStorageClassStandardIa = "STANDARD_IA"
+
+ // TransitionStorageClassOnezoneIa is a TransitionStorageClass enum value
+ TransitionStorageClassOnezoneIa = "ONEZONE_IA"
+
+ // TransitionStorageClassIntelligentTiering is a TransitionStorageClass enum value
+ TransitionStorageClassIntelligentTiering = "INTELLIGENT_TIERING"
+
+ // TransitionStorageClassDeepArchive is a TransitionStorageClass enum value
+ TransitionStorageClassDeepArchive = "DEEP_ARCHIVE"
+
+ // TransitionStorageClassGlacierIr is a TransitionStorageClass enum value
+ TransitionStorageClassGlacierIr = "GLACIER_IR"
+)
+
+// TransitionStorageClass_Values returns all elements of the TransitionStorageClass enum
+func TransitionStorageClass_Values() []string {
+ return []string{
+ TransitionStorageClassGlacier,
+ TransitionStorageClassStandardIa,
+ TransitionStorageClassOnezoneIa,
+ TransitionStorageClassIntelligentTiering,
+ TransitionStorageClassDeepArchive,
+ TransitionStorageClassGlacierIr,
+ }
+}
+
+const (
+ // TypeCanonicalUser is a Type enum value
+ TypeCanonicalUser = "CanonicalUser"
+
+ // TypeAmazonCustomerByEmail is a Type enum value
+ TypeAmazonCustomerByEmail = "AmazonCustomerByEmail"
+
+ // TypeGroup is a Type enum value
+ TypeGroup = "Group"
+)
+
+// Type_Values returns all elements of the Type enum
+func Type_Values() []string {
+ return []string{
+ TypeCanonicalUser,
+ TypeAmazonCustomerByEmail,
+ TypeGroup,
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
new file mode 100644
index 00000000000..407f06b6ede
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/body_hash.go
@@ -0,0 +1,202 @@
+package s3
+
+import (
+ "bytes"
+ "crypto/md5"
+ "crypto/sha256"
+ "encoding/base64"
+ "encoding/hex"
+ "fmt"
+ "hash"
+ "io"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+const (
+ contentMD5Header = "Content-Md5"
+ contentSha256Header = "X-Amz-Content-Sha256"
+ amzTeHeader = "X-Amz-Te"
+ amzTxEncodingHeader = "X-Amz-Transfer-Encoding"
+
+ appendMD5TxEncoding = "append-md5"
+)
+
+// computeBodyHashes will add Content MD5 and Content Sha256 hashes to the
+// request. If the body is not seekable or S3DisableContentMD5Validation set
+// this handler will be ignored.
+func computeBodyHashes(r *request.Request) {
+ if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
+ return
+ }
+ if r.IsPresigned() {
+ return
+ }
+ if r.Error != nil || !aws.IsReaderSeekable(r.Body) {
+ return
+ }
+
+ var md5Hash, sha256Hash hash.Hash
+ hashers := make([]io.Writer, 0, 2)
+
+ // Determine upfront which hashes can be set without overriding user
+ // provide header data.
+ if v := r.HTTPRequest.Header.Get(contentMD5Header); len(v) == 0 {
+ md5Hash = md5.New()
+ hashers = append(hashers, md5Hash)
+ }
+
+ if v := r.HTTPRequest.Header.Get(contentSha256Header); len(v) == 0 {
+ sha256Hash = sha256.New()
+ hashers = append(hashers, sha256Hash)
+ }
+
+ // Create the destination writer based on the hashes that are not already
+ // provided by the user.
+ var dst io.Writer
+ switch len(hashers) {
+ case 0:
+ return
+ case 1:
+ dst = hashers[0]
+ default:
+ dst = io.MultiWriter(hashers...)
+ }
+
+ if _, err := aws.CopySeekableBody(dst, r.Body); err != nil {
+ r.Error = awserr.New("BodyHashError", "failed to compute body hashes", err)
+ return
+ }
+
+ // For the hashes created, set the associated headers that the user did not
+ // already provide.
+ if md5Hash != nil {
+ sum := make([]byte, md5.Size)
+ encoded := make([]byte, md5Base64EncLen)
+
+ base64.StdEncoding.Encode(encoded, md5Hash.Sum(sum[0:0]))
+ r.HTTPRequest.Header[contentMD5Header] = []string{string(encoded)}
+ }
+
+ if sha256Hash != nil {
+ encoded := make([]byte, sha256HexEncLen)
+ sum := make([]byte, sha256.Size)
+
+ hex.Encode(encoded, sha256Hash.Sum(sum[0:0]))
+ r.HTTPRequest.Header[contentSha256Header] = []string{string(encoded)}
+ }
+}
+
+const (
+ md5Base64EncLen = (md5.Size + 2) / 3 * 4 // base64.StdEncoding.EncodedLen
+ sha256HexEncLen = sha256.Size * 2 // hex.EncodedLen
+)
+
+// Adds the x-amz-te: append_md5 header to the request. This requests the service
+// responds with a trailing MD5 checksum.
+//
+// Will not ask for append MD5 if disabled, the request is presigned or,
+// or the API operation does not support content MD5 validation.
+func askForTxEncodingAppendMD5(r *request.Request) {
+ if aws.BoolValue(r.Config.S3DisableContentMD5Validation) {
+ return
+ }
+ if r.IsPresigned() {
+ return
+ }
+ r.HTTPRequest.Header.Set(amzTeHeader, appendMD5TxEncoding)
+}
+
+func useMD5ValidationReader(r *request.Request) {
+ if r.Error != nil {
+ return
+ }
+
+ if v := r.HTTPResponse.Header.Get(amzTxEncodingHeader); v != appendMD5TxEncoding {
+ return
+ }
+
+ var bodyReader *io.ReadCloser
+ var contentLen int64
+ switch tv := r.Data.(type) {
+ case *GetObjectOutput:
+ bodyReader = &tv.Body
+ contentLen = aws.Int64Value(tv.ContentLength)
+ // Update ContentLength hiden the trailing MD5 checksum.
+ tv.ContentLength = aws.Int64(contentLen - md5.Size)
+ tv.ContentRange = aws.String(r.HTTPResponse.Header.Get("X-Amz-Content-Range"))
+ default:
+ r.Error = awserr.New("ChecksumValidationError",
+ fmt.Sprintf("%s: %s header received on unsupported API, %s",
+ amzTxEncodingHeader, appendMD5TxEncoding, r.Operation.Name,
+ ), nil)
+ return
+ }
+
+ if contentLen < md5.Size {
+ r.Error = awserr.New("ChecksumValidationError",
+ fmt.Sprintf("invalid Content-Length %d for %s %s",
+ contentLen, appendMD5TxEncoding, amzTxEncodingHeader,
+ ), nil)
+ return
+ }
+
+ // Wrap and swap the response body reader with the validation reader.
+ *bodyReader = newMD5ValidationReader(*bodyReader, contentLen-md5.Size)
+}
+
+type md5ValidationReader struct {
+ rawReader io.ReadCloser
+ payload io.Reader
+ hash hash.Hash
+
+ payloadLen int64
+ read int64
+}
+
+func newMD5ValidationReader(reader io.ReadCloser, payloadLen int64) *md5ValidationReader {
+ h := md5.New()
+ return &md5ValidationReader{
+ rawReader: reader,
+ payload: io.TeeReader(&io.LimitedReader{R: reader, N: payloadLen}, h),
+ hash: h,
+ payloadLen: payloadLen,
+ }
+}
+
+func (v *md5ValidationReader) Read(p []byte) (n int, err error) {
+ n, err = v.payload.Read(p)
+ if err != nil && err != io.EOF {
+ return n, err
+ }
+
+ v.read += int64(n)
+
+ if err == io.EOF {
+ if v.read != v.payloadLen {
+ return n, io.ErrUnexpectedEOF
+ }
+ expectSum := make([]byte, md5.Size)
+ actualSum := make([]byte, md5.Size)
+ if _, sumReadErr := io.ReadFull(v.rawReader, expectSum); sumReadErr != nil {
+ return n, sumReadErr
+ }
+ actualSum = v.hash.Sum(actualSum[0:0])
+ if !bytes.Equal(expectSum, actualSum) {
+ return n, awserr.New("InvalidChecksum",
+ fmt.Sprintf("expected MD5 checksum %s, got %s",
+ hex.EncodeToString(expectSum),
+ hex.EncodeToString(actualSum),
+ ),
+ nil)
+ }
+ }
+
+ return n, err
+}
+
+func (v *md5ValidationReader) Close() error {
+ return v.rawReader.Close()
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
new file mode 100644
index 00000000000..20828387ea2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/bucket_location.go
@@ -0,0 +1,107 @@
+package s3
+
+import (
+ "io/ioutil"
+ "regexp"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+var reBucketLocation = regexp.MustCompile(`>([^<>]+)<\/Location`)
+
+// NormalizeBucketLocation is a utility function which will update the
+// passed in value to always be a region ID. Generally this would be used
+// with GetBucketLocation API operation.
+//
+// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
+// for more information on the values that can be returned.
+func NormalizeBucketLocation(loc string) string {
+ switch loc {
+ case "":
+ loc = "us-east-1"
+ case "EU":
+ loc = "eu-west-1"
+ }
+
+ return loc
+}
+
+// NormalizeBucketLocationHandler is a request handler which will update the
+// GetBucketLocation's result LocationConstraint value to always be a region ID.
+//
+// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
+// for more information on the values that can be returned.
+//
+// req, result := svc.GetBucketLocationRequest(&s3.GetBucketLocationInput{
+// Bucket: aws.String(bucket),
+// })
+// req.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
+// err := req.Send()
+var NormalizeBucketLocationHandler = request.NamedHandler{
+ Name: "awssdk.s3.NormalizeBucketLocation",
+ Fn: func(req *request.Request) {
+ if req.Error != nil {
+ return
+ }
+
+ out := req.Data.(*GetBucketLocationOutput)
+ loc := NormalizeBucketLocation(aws.StringValue(out.LocationConstraint))
+ out.LocationConstraint = aws.String(loc)
+ },
+}
+
+// WithNormalizeBucketLocation is a request option which will update the
+// GetBucketLocation's result LocationConstraint value to always be a region ID.
+//
+// Replaces empty string with "us-east-1", and "EU" with "eu-west-1".
+//
+// See http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
+// for more information on the values that can be returned.
+//
+// result, err := svc.GetBucketLocationWithContext(ctx,
+// &s3.GetBucketLocationInput{
+// Bucket: aws.String(bucket),
+// },
+// s3.WithNormalizeBucketLocation,
+// )
+func WithNormalizeBucketLocation(r *request.Request) {
+ r.Handlers.Unmarshal.PushBackNamed(NormalizeBucketLocationHandler)
+}
+
+func buildGetBucketLocation(r *request.Request) {
+ if r.DataFilled() {
+ out := r.Data.(*GetBucketLocationOutput)
+ b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+ if err != nil {
+ r.Error = awserr.New(request.ErrCodeSerialization,
+ "failed reading response body", err)
+ return
+ }
+
+ match := reBucketLocation.FindSubmatch(b)
+ if len(match) > 1 {
+ loc := string(match[1])
+ out.LocationConstraint = aws.String(loc)
+ }
+ }
+}
+
+func populateLocationConstraint(r *request.Request) {
+ if r.ParamsFilled() && aws.StringValue(r.Config.Region) != "us-east-1" {
+ in := r.Params.(*CreateBucketInput)
+ if in.CreateBucketConfiguration == nil {
+ r.Params = awsutil.CopyOf(r.Params)
+ in = r.Params.(*CreateBucketInput)
+ in.CreateBucketConfiguration = &CreateBucketConfiguration{
+ LocationConstraint: r.Config.Region,
+ }
+ }
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
new file mode 100644
index 00000000000..229606b708a
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/customizations.go
@@ -0,0 +1,89 @@
+package s3
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/internal/s3shared/arn"
+ "github.com/aws/aws-sdk-go/internal/s3shared/s3err"
+)
+
+func init() {
+ initClient = defaultInitClientFn
+ initRequest = defaultInitRequestFn
+}
+
+func defaultInitClientFn(c *client.Client) {
+ if c.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateUnset {
+ if aws.BoolValue(c.Config.UseDualStack) {
+ c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateEnabled
+ } else {
+ c.Config.UseDualStackEndpoint = endpoints.DualStackEndpointStateDisabled
+ }
+ }
+
+ // Support building custom endpoints based on config
+ c.Handlers.Build.PushFront(endpointHandler)
+
+ // Require SSL when using SSE keys
+ c.Handlers.Validate.PushBack(validateSSERequiresSSL)
+ c.Handlers.Build.PushBack(computeSSEKeyMD5)
+ c.Handlers.Build.PushBack(computeCopySourceSSEKeyMD5)
+
+ // S3 uses custom error unmarshaling logic
+ c.Handlers.UnmarshalError.Clear()
+ c.Handlers.UnmarshalError.PushBack(unmarshalError)
+ c.Handlers.UnmarshalError.PushBackNamed(s3err.RequestFailureWrapperHandler())
+}
+
+func defaultInitRequestFn(r *request.Request) {
+ // Add request handlers for specific platforms.
+ // e.g. 100-continue support for PUT requests using Go 1.6
+ platformRequestHandlers(r)
+
+ switch r.Operation.Name {
+ case opGetBucketLocation:
+ // GetBucketLocation has custom parsing logic
+ r.Handlers.Unmarshal.PushFront(buildGetBucketLocation)
+ case opCreateBucket:
+ // Auto-populate LocationConstraint with current region
+ r.Handlers.Validate.PushFront(populateLocationConstraint)
+ case opCopyObject, opUploadPartCopy, opCompleteMultipartUpload:
+ r.Handlers.Unmarshal.PushFront(copyMultipartStatusOKUnmarshalError)
+ r.Handlers.Unmarshal.PushBackNamed(s3err.RequestFailureWrapperHandler())
+ case opPutObject, opUploadPart:
+ r.Handlers.Build.PushBack(computeBodyHashes)
+ // Disabled until #1837 root issue is resolved.
+ // case opGetObject:
+ // r.Handlers.Build.PushBack(askForTxEncodingAppendMD5)
+ // r.Handlers.Unmarshal.PushBack(useMD5ValidationReader)
+ case opWriteGetObjectResponse:
+ r.Handlers.Build.PushFront(buildWriteGetObjectResponseEndpoint)
+ }
+}
+
+// bucketGetter is an accessor interface to grab the "Bucket" field from
+// an S3 type.
+type bucketGetter interface {
+ getBucket() string
+}
+
+// sseCustomerKeyGetter is an accessor interface to grab the "SSECustomerKey"
+// field from an S3 type.
+type sseCustomerKeyGetter interface {
+ getSSECustomerKey() string
+}
+
+// copySourceSSECustomerKeyGetter is an accessor interface to grab the
+// "CopySourceSSECustomerKey" field from an S3 type.
+type copySourceSSECustomerKeyGetter interface {
+ getCopySourceSSECustomerKey() string
+}
+
+// endpointARNGetter is an accessor interface to grab the
+// the field corresponding to an endpoint ARN input.
+type endpointARNGetter interface {
+ getEndpointARN() (arn.Resource, error)
+ hasEndpointARN() bool
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
new file mode 100644
index 00000000000..c148f757ee1
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
@@ -0,0 +1,26 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package s3 provides the client and types for making API
+// requests to Amazon Simple Storage Service.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01 for more information on this service.
+//
+// See s3 package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/
+//
+// # Using the Client
+//
+// To contact Amazon Simple Storage Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Amazon Simple Storage Service client S3 for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#New
+package s3
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
new file mode 100644
index 00000000000..2e8244f8f64
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
@@ -0,0 +1,109 @@
+// Upload Managers
+//
+// The s3manager package's Uploader provides concurrent upload of content to S3
+// by taking advantage of S3's Multipart APIs. The Uploader also supports both
+// io.Reader for streaming uploads, and will also take advantage of io.ReadSeeker
+// for optimizations if the Body satisfies that type. Once the Uploader instance
+// is created you can call Upload concurrently from multiple goroutines safely.
+//
+// // The session the S3 Uploader will use
+// sess := session.Must(session.NewSession())
+//
+// // Create an uploader with the session and default options
+// uploader := s3manager.NewUploader(sess)
+//
+// f, err := os.Open(filename)
+// if err != nil {
+// return fmt.Errorf("failed to open file %q, %v", filename, err)
+// }
+//
+// // Upload the file to S3.
+// result, err := uploader.Upload(&s3manager.UploadInput{
+// Bucket: aws.String(myBucket),
+// Key: aws.String(myString),
+// Body: f,
+// })
+// if err != nil {
+// return fmt.Errorf("failed to upload file, %v", err)
+// }
+// fmt.Printf("file uploaded to, %s\n", aws.StringValue(result.Location))
+//
+// See the s3manager package's Uploader type documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Uploader
+//
+// # Download Manager
+//
+// The s3manager package's Downloader provides concurrently downloading of Objects
+// from S3. The Downloader will write S3 Object content with an io.WriterAt.
+// Once the Downloader instance is created you can call Download concurrently from
+// multiple goroutines safely.
+//
+// // The session the S3 Downloader will use
+// sess := session.Must(session.NewSession())
+//
+// // Create a downloader with the session and default options
+// downloader := s3manager.NewDownloader(sess)
+//
+// // Create a file to write the S3 Object contents to.
+// f, err := os.Create(filename)
+// if err != nil {
+// return fmt.Errorf("failed to create file %q, %v", filename, err)
+// }
+//
+// // Write the contents of S3 Object to the file
+// n, err := downloader.Download(f, &s3.GetObjectInput{
+// Bucket: aws.String(myBucket),
+// Key: aws.String(myString),
+// })
+// if err != nil {
+// return fmt.Errorf("failed to download file, %v", err)
+// }
+// fmt.Printf("file downloaded, %d bytes\n", n)
+//
+// See the s3manager package's Downloader type documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader
+//
+// # Automatic URI cleaning
+//
+// Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname)
+// requires setting DisableRestProtocolURICleaning to true in the aws.Config struct
+// used by the service client.
+//
+// svc := s3.New(sess, &aws.Config{
+// DisableRestProtocolURICleaning: aws.Bool(true),
+// })
+// out, err := svc.GetObject(&s3.GetObjectInput {
+// Bucket: aws.String("bucketname"),
+// Key: aws.String("//foo//bar//moo"),
+// })
+//
+// # Get Bucket Region
+//
+// GetBucketRegion will attempt to get the region for a bucket using a region
+// hint to determine which AWS partition to perform the query on. Use this utility
+// to determine the region a bucket is in.
+//
+// sess := session.Must(session.NewSession())
+//
+// bucket := "my-bucket"
+// region, err := s3manager.GetBucketRegion(ctx, sess, bucket, "us-west-2")
+// if err != nil {
+// if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NotFound" {
+// fmt.Fprintf(os.Stderr, "unable to find bucket %s's region not found\n", bucket)
+// }
+// return err
+// }
+// fmt.Printf("Bucket %s is in %s region\n", bucket, region)
+//
+// See the s3manager package's GetBucketRegion function documentation for more information
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#GetBucketRegion
+//
+// # S3 Crypto Client
+//
+// The s3crypto package provides the tools to upload and download encrypted
+// content from S3. The Encryption and Decryption clients can be used concurrently
+// once the client is created.
+//
+// See the s3crypto package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/
+package s3
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
new file mode 100644
index 00000000000..71b43869264
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
@@ -0,0 +1,298 @@
+package s3
+
+import (
+ "fmt"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
+ "net/url"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws"
+ awsarn "github.com/aws/aws-sdk-go/aws/arn"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/internal/s3shared"
+ "github.com/aws/aws-sdk-go/internal/s3shared/arn"
+)
+
+const (
+ s3Namespace = "s3"
+ s3AccessPointNamespace = "s3-accesspoint"
+ s3ObjectsLambdaNamespace = "s3-object-lambda"
+ s3OutpostsNamespace = "s3-outposts"
+)
+
+// Used by shapes with members decorated as endpoint ARN.
+func parseEndpointARN(v string) (arn.Resource, error) {
+ return arn.ParseResource(v, accessPointResourceParser)
+}
+
+func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
+ resParts := arn.SplitResource(a.Resource)
+ switch resParts[0] {
+ case "accesspoint":
+ switch a.Service {
+ case s3Namespace:
+ return arn.ParseAccessPointResource(a, resParts[1:])
+ case s3ObjectsLambdaNamespace:
+ return parseS3ObjectLambdaAccessPointResource(a, resParts)
+ default:
+ return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s or %s", s3Namespace, s3ObjectsLambdaNamespace)}
+ }
+ case "outpost":
+ if a.Service != "s3-outposts" {
+ return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
+ }
+ return parseOutpostAccessPointResource(a, resParts[1:])
+ default:
+ return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
+ }
+}
+
+// parseOutpostAccessPointResource attempts to parse the ARNs resource as an
+// outpost access-point resource.
+//
+// Supported Outpost AccessPoint ARN format:
+// - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
+// - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
+func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
+ // outpost accesspoint arn is only valid if service is s3-outposts
+ if a.Service != "s3-outposts" {
+ return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
+ }
+
+ if len(resParts) == 0 {
+ return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+ }
+
+ if len(resParts) < 3 {
+ return arn.OutpostAccessPointARN{}, arn.InvalidARNError{
+ ARN: a, Reason: "access-point resource not set in Outpost ARN",
+ }
+ }
+
+ resID := strings.TrimSpace(resParts[0])
+ if len(resID) == 0 {
+ return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+ }
+
+ var outpostAccessPointARN = arn.OutpostAccessPointARN{}
+ switch resParts[1] {
+ case "accesspoint":
+ accessPointARN, err := arn.ParseAccessPointResource(a, resParts[2:])
+ if err != nil {
+ return arn.OutpostAccessPointARN{}, err
+ }
+ // set access-point arn
+ outpostAccessPointARN.AccessPointARN = accessPointARN
+ default:
+ return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "access-point resource not set in Outpost ARN"}
+ }
+
+ // set outpost id
+ outpostAccessPointARN.OutpostID = resID
+ return outpostAccessPointARN, nil
+}
+
+func parseS3ObjectLambdaAccessPointResource(a awsarn.ARN, resParts []string) (arn.S3ObjectLambdaAccessPointARN, error) {
+ if a.Service != s3ObjectsLambdaNamespace {
+ return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s", s3ObjectsLambdaNamespace)}
+ }
+
+ accessPointARN, err := arn.ParseAccessPointResource(a, resParts[1:])
+ if err != nil {
+ return arn.S3ObjectLambdaAccessPointARN{}, err
+ }
+
+ if len(accessPointARN.Region) == 0 {
+ return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("%s region not set", s3ObjectsLambdaNamespace)}
+ }
+
+ return arn.S3ObjectLambdaAccessPointARN{
+ AccessPointARN: accessPointARN,
+ }, nil
+}
+
+func endpointHandler(req *request.Request) {
+ endpoint, ok := req.Params.(endpointARNGetter)
+ if !ok || !endpoint.hasEndpointARN() {
+ updateBucketEndpointFromParams(req)
+ return
+ }
+
+ resource, err := endpoint.getEndpointARN()
+ if err != nil {
+ req.Error = s3shared.NewInvalidARNError(nil, err)
+ return
+ }
+
+ resReq := s3shared.ResourceRequest{
+ Resource: resource,
+ Request: req,
+ }
+
+ if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() {
+ req.Error = s3shared.NewClientPartitionMismatchError(resource,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ return
+ }
+
+ if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
+ req.Error = s3shared.NewClientRegionMismatchError(resource,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ return
+ }
+
+ switch tv := resource.(type) {
+ case arn.AccessPointARN:
+ err = updateRequestAccessPointEndpoint(req, tv)
+ if err != nil {
+ req.Error = err
+ }
+ case arn.S3ObjectLambdaAccessPointARN:
+ err = updateRequestS3ObjectLambdaAccessPointEndpoint(req, tv)
+ if err != nil {
+ req.Error = err
+ }
+ case arn.OutpostAccessPointARN:
+ // outposts does not support FIPS regions
+ if req.Config.UseFIPSEndpoint == endpoints.FIPSEndpointStateEnabled {
+ req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID,
+ aws.StringValue(req.Config.Region), nil)
+ return
+ }
+
+ err = updateRequestOutpostAccessPointEndpoint(req, tv)
+ if err != nil {
+ req.Error = err
+ }
+ default:
+ req.Error = s3shared.NewInvalidARNError(resource, nil)
+ }
+}
+
+func updateBucketEndpointFromParams(r *request.Request) {
+ bucket, ok := bucketNameFromReqParams(r.Params)
+ if !ok {
+ // Ignore operation requests if the bucket name was not provided
+ // if this is an input validation error the validation handler
+ // will report it.
+ return
+ }
+ updateEndpointForS3Config(r, bucket)
+}
+
+func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
+ // Accelerate not supported
+ if aws.BoolValue(req.Config.S3UseAccelerate) {
+ return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ }
+
+ // Ignore the disable host prefix for access points
+ req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+ if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil {
+ return err
+ }
+
+ removeBucketFromPath(req.HTTPRequest.URL)
+
+ return nil
+}
+
+func updateRequestS3ObjectLambdaAccessPointEndpoint(req *request.Request, accessPoint arn.S3ObjectLambdaAccessPointARN) error {
+ // DualStack not supported
+ if isUseDualStackEndpoint(req) {
+ return s3shared.NewClientConfiguredForDualStackError(accessPoint,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ }
+
+ // Accelerate not supported
+ if aws.BoolValue(req.Config.S3UseAccelerate) {
+ return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ }
+
+ // Ignore the disable host prefix for access points
+ req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+ if err := s3ObjectLambdaAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
+ return err
+ }
+
+ removeBucketFromPath(req.HTTPRequest.URL)
+
+ return nil
+}
+
+func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint arn.OutpostAccessPointARN) error {
+ // Accelerate not supported
+ if aws.BoolValue(req.Config.S3UseAccelerate) {
+ return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ }
+
+ // Dualstack not supported
+ if isUseDualStackEndpoint(req) {
+ return s3shared.NewClientConfiguredForDualStackError(accessPoint,
+ req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+ }
+
+ // Ignore the disable host prefix for access points
+ req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+ if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
+ return err
+ }
+
+ removeBucketFromPath(req.HTTPRequest.URL)
+ return nil
+}
+
+func removeBucketFromPath(u *url.URL) {
+ u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
+ if u.Path == "" {
+ u.Path = "/"
+ }
+}
+
+func buildWriteGetObjectResponseEndpoint(req *request.Request) {
+ // DualStack not supported
+ if isUseDualStackEndpoint(req) {
+ req.Error = awserr.New("ConfigurationError", "client configured for dualstack but not supported for operation", nil)
+ return
+ }
+
+ // Accelerate not supported
+ if aws.BoolValue(req.Config.S3UseAccelerate) {
+ req.Error = awserr.New("ConfigurationError", "client configured for accelerate but not supported for operation", nil)
+ return
+ }
+
+ signingName := s3ObjectsLambdaNamespace
+ signingRegion := req.ClientInfo.SigningRegion
+
+ if !hasCustomEndpoint(req) {
+ endpoint, err := resolveRegionalEndpoint(req, aws.StringValue(req.Config.Region), req.ClientInfo.ResolvedRegion, EndpointsID)
+ if err != nil {
+ req.Error = awserr.New(request.ErrCodeSerialization, "failed to resolve endpoint", err)
+ return
+ }
+ signingRegion = endpoint.SigningRegion
+
+ if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+ req.Error = err
+ return
+ }
+ updateS3HostPrefixForS3ObjectLambda(req)
+ }
+
+ redirectSigner(req, signingName, signingRegion)
+}
+
+func isUseDualStackEndpoint(req *request.Request) bool {
+ if req.Config.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+ return req.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateEnabled
+ }
+ return aws.BoolValue(req.Config.UseDualStack)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
new file mode 100644
index 00000000000..7ae18ef5481
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
@@ -0,0 +1,239 @@
+package s3
+
+import (
+ "net/url"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/endpoints"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/internal/s3shared"
+ "github.com/aws/aws-sdk-go/internal/s3shared/arn"
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+ accessPointPrefixLabel = "accesspoint"
+ accountIDPrefixLabel = "accountID"
+ accessPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
+
+ outpostPrefixLabel = "outpost"
+ outpostAccessPointPrefixTemplate = accessPointPrefixTemplate + "{" + outpostPrefixLabel + "}."
+)
+
+// hasCustomEndpoint returns true if endpoint is a custom endpoint
+func hasCustomEndpoint(r *request.Request) bool {
+ return len(aws.StringValue(r.Config.Endpoint)) > 0
+}
+
+// accessPointEndpointBuilder represents the endpoint builder for access point arn
+type accessPointEndpointBuilder arn.AccessPointARN
+
+// build builds the endpoint for corresponding access point arn
+//
+// For building an endpoint from access point arn, format used is:
+// - Access point endpoint format : {accesspointName}-{accountId}.s3-accesspoint.{region}.{dnsSuffix}
+// - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com
+//
+// Access Point Endpoint requests are signed using "s3" as signing name.
+func (a accessPointEndpointBuilder) build(req *request.Request) error {
+ resolveService := arn.AccessPointARN(a).Service
+ resolveRegion := arn.AccessPointARN(a).Region
+
+ endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", resolveService)
+ if err != nil {
+ return s3shared.NewFailedToResolveEndpointError(arn.AccessPointARN(a),
+ req.ClientInfo.PartitionID, resolveRegion, err)
+ }
+
+ endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+ if !hasCustomEndpoint(req) {
+ if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+ return err
+ }
+
+ // dual stack provided by endpoint resolver
+ updateS3HostForS3AccessPoint(req)
+ }
+
+ protocol.HostPrefixBuilder{
+ Prefix: accessPointPrefixTemplate,
+ LabelsFn: a.hostPrefixLabelValues,
+ }.Build(req)
+
+ // signer redirection
+ redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
+
+ err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+ if err != nil {
+ return s3shared.NewInvalidARNError(arn.AccessPointARN(a), err)
+ }
+
+ return nil
+}
+
+func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+ return map[string]string{
+ accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
+ accountIDPrefixLabel: arn.AccessPointARN(a).AccountID,
+ }
+}
+
+// s3ObjectLambdaAccessPointEndpointBuilder represents the endpoint builder for an s3 object lambda access point arn
+type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN
+
+// build builds the endpoint for corresponding access point arn
+//
+// For building an endpoint from access point arn, format used is:
+// - Access point endpoint format : {accesspointName}-{accountId}.s3-object-lambda.{region}.{dnsSuffix}
+// - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com
+//
+// Access Point Endpoint requests are signed using "s3-object-lambda" as signing name.
+func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error {
+ resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region
+
+ endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", EndpointsID)
+ if err != nil {
+ return s3shared.NewFailedToResolveEndpointError(arn.S3ObjectLambdaAccessPointARN(a),
+ req.ClientInfo.PartitionID, resolveRegion, err)
+ }
+
+ endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+ endpoint.SigningName = s3ObjectsLambdaNamespace
+
+ if !hasCustomEndpoint(req) {
+ if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+ return err
+ }
+
+ updateS3HostPrefixForS3ObjectLambda(req)
+ }
+
+ protocol.HostPrefixBuilder{
+ Prefix: accessPointPrefixTemplate,
+ LabelsFn: a.hostPrefixLabelValues,
+ }.Build(req)
+
+ // signer redirection
+ redirectSigner(req, endpoint.SigningName, endpoint.SigningRegion)
+
+ err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+ if err != nil {
+ return s3shared.NewInvalidARNError(arn.S3ObjectLambdaAccessPointARN(a), err)
+ }
+
+ return nil
+}
+
+func (a s3ObjectLambdaAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+ return map[string]string{
+ accessPointPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccessPointName,
+ accountIDPrefixLabel: arn.S3ObjectLambdaAccessPointARN(a).AccountID,
+ }
+}
+
+// outpostAccessPointEndpointBuilder represents the Endpoint builder for outpost access point arn.
+type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN
+
+// build builds an endpoint corresponding to the outpost access point arn.
+//
+// For building an endpoint from outpost access point arn, format used is:
+// - Outpost access point endpoint format : {accesspointName}-{accountId}.{outpostId}.s3-outposts.{region}.{dnsSuffix}
+// - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com
+//
+// Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name.
+func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
+ resolveRegion := o.Region
+ resolveService := o.Service
+
+ endpointsID := resolveService
+ if resolveService == s3OutpostsNamespace {
+ endpointsID = "s3"
+ }
+
+ endpoint, err := resolveRegionalEndpoint(req, resolveRegion, "", endpointsID)
+ if err != nil {
+ return s3shared.NewFailedToResolveEndpointError(o,
+ req.ClientInfo.PartitionID, resolveRegion, err)
+ }
+
+ endpoint.URL = endpoints.AddScheme(endpoint.URL, aws.BoolValue(req.Config.DisableSSL))
+
+ if !hasCustomEndpoint(req) {
+ if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+ return err
+ }
+ updateHostPrefix(req, endpointsID, resolveService)
+ }
+
+ protocol.HostPrefixBuilder{
+ Prefix: outpostAccessPointPrefixTemplate,
+ LabelsFn: o.hostPrefixLabelValues,
+ }.Build(req)
+
+ // set the signing region, name to resolved names from ARN
+ redirectSigner(req, resolveService, resolveRegion)
+
+ err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
+ if err != nil {
+ return s3shared.NewInvalidARNError(o, err)
+ }
+
+ return nil
+}
+
+func (o outpostAccessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
+ return map[string]string{
+ accessPointPrefixLabel: o.AccessPointName,
+ accountIDPrefixLabel: o.AccountID,
+ outpostPrefixLabel: o.OutpostID,
+ }
+}
+
+func resolveRegionalEndpoint(r *request.Request, region, resolvedRegion, endpointsID string) (endpoints.ResolvedEndpoint, error) {
+ return r.Config.EndpointResolver.EndpointFor(endpointsID, region, func(opts *endpoints.Options) {
+ opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
+ opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
+ opts.UseDualStackEndpoint = r.Config.UseDualStackEndpoint
+ opts.UseFIPSEndpoint = r.Config.UseFIPSEndpoint
+ opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
+ opts.ResolvedRegion = resolvedRegion
+ opts.Logger = r.Config.Logger
+ opts.LogDeprecated = r.Config.LogLevel.Matches(aws.LogDebugWithDeprecated)
+ })
+}
+
+func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
+ r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
+ if err != nil {
+ return awserr.New(request.ErrCodeSerialization,
+ "failed to parse endpoint URL", err)
+ }
+
+ return nil
+}
+
+// redirectSigner sets signing name, signing region for a request
+func redirectSigner(req *request.Request, signingName string, signingRegion string) {
+ req.ClientInfo.SigningName = signingName
+ req.ClientInfo.SigningRegion = signingRegion
+}
+
+func updateS3HostForS3AccessPoint(req *request.Request) {
+ updateHostPrefix(req, "s3", s3AccessPointNamespace)
+}
+
+func updateS3HostPrefixForS3ObjectLambda(req *request.Request) {
+ updateHostPrefix(req, "s3", s3ObjectsLambdaNamespace)
+}
+
+func updateHostPrefix(req *request.Request, oldEndpointPrefix, newEndpointPrefix string) {
+ host := req.HTTPRequest.URL.Host
+ if strings.HasPrefix(host, oldEndpointPrefix) {
+ // replace service hostlabel oldEndpointPrefix to newEndpointPrefix
+ req.HTTPRequest.URL.Host = newEndpointPrefix + host[len(oldEndpointPrefix):]
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
new file mode 100644
index 00000000000..8a67333ab26
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go
@@ -0,0 +1,69 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+const (
+
+ // ErrCodeBucketAlreadyExists for service response error code
+ // "BucketAlreadyExists".
+ //
+ // The requested bucket name is not available. The bucket namespace is shared
+ // by all users of the system. Select a different name and try again.
+ ErrCodeBucketAlreadyExists = "BucketAlreadyExists"
+
+ // ErrCodeBucketAlreadyOwnedByYou for service response error code
+ // "BucketAlreadyOwnedByYou".
+ //
+ // The bucket you tried to create already exists, and you own it. Amazon S3
+ // returns this error in all Amazon Web Services Regions except in the North
+ // Virginia Region. For legacy compatibility, if you re-create an existing bucket
+ // that you already own in the North Virginia Region, Amazon S3 returns 200
+ // OK and resets the bucket access control lists (ACLs).
+ ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
+
+ // ErrCodeInvalidObjectState for service response error code
+ // "InvalidObjectState".
+ //
+ // Object is archived and inaccessible until restored.
+ //
+ // If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval
+ // storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering
+ // Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier,
+ // before you can retrieve the object you must first restore a copy using RestoreObject
+ // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html).
+ // Otherwise, this operation returns an InvalidObjectState error. For information
+ // about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html)
+ // in the Amazon S3 User Guide.
+ ErrCodeInvalidObjectState = "InvalidObjectState"
+
+ // ErrCodeNoSuchBucket for service response error code
+ // "NoSuchBucket".
+ //
+ // The specified bucket does not exist.
+ ErrCodeNoSuchBucket = "NoSuchBucket"
+
+ // ErrCodeNoSuchKey for service response error code
+ // "NoSuchKey".
+ //
+ // The specified key does not exist.
+ ErrCodeNoSuchKey = "NoSuchKey"
+
+ // ErrCodeNoSuchUpload for service response error code
+ // "NoSuchUpload".
+ //
+ // The specified multipart upload does not exist.
+ ErrCodeNoSuchUpload = "NoSuchUpload"
+
+ // ErrCodeObjectAlreadyInActiveTierError for service response error code
+ // "ObjectAlreadyInActiveTierError".
+ //
+ // This action is not allowed against this storage tier.
+ ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
+
+ // ErrCodeObjectNotInActiveTierError for service response error code
+ // "ObjectNotInActiveTierError".
+ //
+ // The source object of the COPY action is not in the active tier and is only
+ // stored in Amazon S3 Glacier.
+ ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
new file mode 100644
index 00000000000..81cdec1ae75
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/host_style_bucket.go
@@ -0,0 +1,136 @@
+package s3
+
+import (
+ "fmt"
+ "net/url"
+ "regexp"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// an operationBlacklist is a list of operation names that should a
+// request handler should not be executed with.
+type operationBlacklist []string
+
+// Continue will return true of the Request's operation name is not
+// in the blacklist. False otherwise.
+func (b operationBlacklist) Continue(r *request.Request) bool {
+ for i := 0; i < len(b); i++ {
+ if b[i] == r.Operation.Name {
+ return false
+ }
+ }
+ return true
+}
+
+var accelerateOpBlacklist = operationBlacklist{
+ opListBuckets, opCreateBucket, opDeleteBucket,
+}
+
+// Automatically add the bucket name to the endpoint domain
+// if possible. This style of bucket is valid for all bucket names which are
+// DNS compatible and do not contain "."
+func updateEndpointForS3Config(r *request.Request, bucketName string) {
+ forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle)
+ accelerate := aws.BoolValue(r.Config.S3UseAccelerate)
+
+ if accelerate && accelerateOpBlacklist.Continue(r) {
+ if forceHostStyle {
+ if r.Config.Logger != nil {
+ r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.")
+ }
+ }
+ updateEndpointForAccelerate(r, bucketName)
+ } else if !forceHostStyle && r.Operation.Name != opGetBucketLocation {
+ updateEndpointForHostStyle(r, bucketName)
+ }
+}
+
+func updateEndpointForHostStyle(r *request.Request, bucketName string) {
+ if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
+ // bucket name must be valid to put into the host
+ return
+ }
+
+ moveBucketToHost(r.HTTPRequest.URL, bucketName)
+}
+
+var (
+ accelElem = []byte("s3-accelerate.dualstack.")
+)
+
+func updateEndpointForAccelerate(r *request.Request, bucketName string) {
+ if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
+ r.Error = awserr.New("InvalidParameterException",
+ fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucketName),
+ nil)
+ return
+ }
+
+ parts := strings.Split(r.HTTPRequest.URL.Host, ".")
+ if len(parts) < 3 {
+ r.Error = awserr.New("InvalidParameterExecption",
+ fmt.Sprintf("unable to update endpoint host for S3 accelerate, hostname invalid, %s",
+ r.HTTPRequest.URL.Host), nil)
+ return
+ }
+
+ if parts[0] == "s3" || strings.HasPrefix(parts[0], "s3-") {
+ parts[0] = "s3-accelerate"
+ }
+ for i := 1; i+1 < len(parts); i++ {
+ if parts[i] == aws.StringValue(r.Config.Region) {
+ parts = append(parts[:i], parts[i+1:]...)
+ break
+ }
+ }
+
+ r.HTTPRequest.URL.Host = strings.Join(parts, ".")
+
+ moveBucketToHost(r.HTTPRequest.URL, bucketName)
+}
+
+// Attempts to retrieve the bucket name from the request input parameters.
+// If no bucket is found, or the field is empty "", false will be returned.
+func bucketNameFromReqParams(params interface{}) (string, bool) {
+ if iface, ok := params.(bucketGetter); ok {
+ b := iface.getBucket()
+ return b, len(b) > 0
+ }
+
+ return "", false
+}
+
+// hostCompatibleBucketName returns true if the request should
+// put the bucket in the host. This is false if S3ForcePathStyle is
+// explicitly set or if the bucket is not DNS compatible.
+func hostCompatibleBucketName(u *url.URL, bucket string) bool {
+ // Bucket might be DNS compatible but dots in the hostname will fail
+ // certificate validation, so do not use host-style.
+ if u.Scheme == "https" && strings.Contains(bucket, ".") {
+ return false
+ }
+
+ // if the bucket is DNS compatible
+ return dnsCompatibleBucketName(bucket)
+}
+
+var reDomain = regexp.MustCompile(`^[a-z0-9][a-z0-9\.\-]{1,61}[a-z0-9]$`)
+var reIPAddress = regexp.MustCompile(`^(\d+\.){3}\d+$`)
+
+// dnsCompatibleBucketName returns true if the bucket name is DNS compatible.
+// Buckets created outside of the classic region MUST be DNS compatible.
+func dnsCompatibleBucketName(bucket string) bool {
+ return reDomain.MatchString(bucket) &&
+ !reIPAddress.MatchString(bucket) &&
+ !strings.Contains(bucket, "..")
+}
+
+// moveBucketToHost moves the bucket name from the URI path to URL host.
+func moveBucketToHost(u *url.URL, bucket string) {
+ u.Host = bucket + "." + u.Host
+ removeBucketFromPath(u)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
new file mode 100644
index 00000000000..308b7d473e2
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers.go
@@ -0,0 +1,9 @@
+//go:build !go1.6
+// +build !go1.6
+
+package s3
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+func platformRequestHandlers(r *request.Request) {
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
new file mode 100644
index 00000000000..70feffab752
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/platform_handlers_go1.6.go
@@ -0,0 +1,29 @@
+//go:build go1.6
+// +build go1.6
+
+package s3
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+func platformRequestHandlers(r *request.Request) {
+ if r.Operation.HTTPMethod == "PUT" {
+ // 100-Continue should only be used on put requests.
+ r.Handlers.Sign.PushBack(add100Continue)
+ }
+}
+
+func add100Continue(r *request.Request) {
+ if aws.BoolValue(r.Config.S3Disable100Continue) {
+ return
+ }
+ if r.HTTPRequest.ContentLength < 1024*1024*2 {
+ // Ignore requests smaller than 2MB. This helps prevent delaying
+ // requests unnecessarily.
+ return
+ }
+
+ r.HTTPRequest.Header.Set("Expect", "100-continue")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/service.go b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
new file mode 100644
index 00000000000..3e75d0e9427
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
@@ -0,0 +1,108 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol/restxml"
+)
+
+// S3 provides the API operation methods for making requests to
+// Amazon Simple Storage Service. See this package's package overview docs
+// for details on the service.
+//
+// S3 methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type S3 struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "s3" // Name of service.
+ EndpointsID = ServiceName // ID to lookup a service endpoint with.
+ ServiceID = "S3" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the S3 client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a S3 client from just a session.
+// svc := s3.New(mySession)
+//
+// // Create a S3 client with additional configuration
+// svc := s3.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *S3 {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "s3"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *S3 {
+ svc := &S3{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2006-03-01",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.BuildNamedHandler(v4.SignRequestHandler.Name, func(s *v4.Signer) {
+ s.DisableURIPathEscaping = true
+ }))
+ svc.Handlers.Build.PushBackNamed(restxml.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler)
+
+ svc.Handlers.BuildStream.PushBackNamed(restxml.BuildHandler)
+ svc.Handlers.UnmarshalStream.PushBackNamed(restxml.UnmarshalHandler)
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a S3 operation and runs any
+// custom request initialization.
+func (c *S3) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
new file mode 100644
index 00000000000..57a0bd92ca3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/sse.go
@@ -0,0 +1,84 @@
+package s3
+
+import (
+ "crypto/md5"
+ "encoding/base64"
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+var errSSERequiresSSL = awserr.New("ConfigError", "cannot send SSE keys over HTTP.", nil)
+
+func validateSSERequiresSSL(r *request.Request) {
+ if r.HTTPRequest.URL.Scheme == "https" {
+ return
+ }
+
+ if iface, ok := r.Params.(sseCustomerKeyGetter); ok {
+ if len(iface.getSSECustomerKey()) > 0 {
+ r.Error = errSSERequiresSSL
+ return
+ }
+ }
+
+ if iface, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
+ if len(iface.getCopySourceSSECustomerKey()) > 0 {
+ r.Error = errSSERequiresSSL
+ return
+ }
+ }
+}
+
+const (
+ sseKeyHeader = "x-amz-server-side-encryption-customer-key"
+ sseKeyMD5Header = sseKeyHeader + "-md5"
+)
+
+func computeSSEKeyMD5(r *request.Request) {
+ var key string
+ if g, ok := r.Params.(sseCustomerKeyGetter); ok {
+ key = g.getSSECustomerKey()
+ }
+
+ computeKeyMD5(sseKeyHeader, sseKeyMD5Header, key, r.HTTPRequest)
+}
+
+const (
+ copySrcSSEKeyHeader = "x-amz-copy-source-server-side-encryption-customer-key"
+ copySrcSSEKeyMD5Header = copySrcSSEKeyHeader + "-md5"
+)
+
+func computeCopySourceSSEKeyMD5(r *request.Request) {
+ var key string
+ if g, ok := r.Params.(copySourceSSECustomerKeyGetter); ok {
+ key = g.getCopySourceSSECustomerKey()
+ }
+
+ computeKeyMD5(copySrcSSEKeyHeader, copySrcSSEKeyMD5Header, key, r.HTTPRequest)
+}
+
+func computeKeyMD5(keyHeader, keyMD5Header, key string, r *http.Request) {
+ if len(key) == 0 {
+ // Backwards compatiablity where user just set the header value instead
+ // of using the API parameter, or setting the header value for an
+ // operation without the parameters modeled.
+ key = r.Header.Get(keyHeader)
+ if len(key) == 0 {
+ return
+ }
+
+ // In backwards compatible, the header's value is not base64 encoded,
+ // and needs to be encoded and updated by the SDK's customizations.
+ b64Key := base64.StdEncoding.EncodeToString([]byte(key))
+ r.Header.Set(keyHeader, b64Key)
+ }
+
+ // Only update Key's MD5 if not already set.
+ if len(r.Header.Get(keyMD5Header)) == 0 {
+ sum := md5.Sum([]byte(key))
+ keyMD5 := base64.StdEncoding.EncodeToString(sum[:])
+ r.Header.Set(keyMD5Header, keyMD5)
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
new file mode 100644
index 00000000000..096adc091dd
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/statusok_error.go
@@ -0,0 +1,47 @@
+package s3
+
+import (
+ "bytes"
+ "io"
+ "io/ioutil"
+ "net/http"
+
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/internal/sdkio"
+)
+
+func copyMultipartStatusOKUnmarshalError(r *request.Request) {
+ b, err := ioutil.ReadAll(r.HTTPResponse.Body)
+ r.HTTPResponse.Body.Close()
+ if err != nil {
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(request.ErrCodeSerialization, "unable to read response body", err),
+ r.HTTPResponse.StatusCode,
+ r.RequestID,
+ )
+ // Note, some middleware later in the stack like restxml.Unmarshal expect a valid, non-closed Body
+ // even in case of an error, so we replace it with an empty Reader.
+ r.HTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(nil))
+ return
+ }
+
+ body := bytes.NewReader(b)
+ r.HTTPResponse.Body = ioutil.NopCloser(body)
+ defer body.Seek(0, sdkio.SeekStart)
+
+ unmarshalError(r)
+ if err, ok := r.Error.(awserr.Error); ok && err != nil {
+ if err.Code() == request.ErrCodeSerialization &&
+ err.OrigErr() != io.EOF {
+ r.Error = nil
+ return
+ }
+ // if empty payload
+ if err.OrigErr() == io.EOF {
+ r.HTTPResponse.StatusCode = http.StatusInternalServerError
+ } else {
+ r.HTTPResponse.StatusCode = http.StatusServiceUnavailable
+ }
+ }
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
new file mode 100644
index 00000000000..6eecf669107
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/unmarshal_error.go
@@ -0,0 +1,114 @@
+package s3
+
+import (
+ "bytes"
+ "encoding/xml"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "net/http"
+ "strings"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+)
+
+type xmlErrorResponse struct {
+ XMLName xml.Name `xml:"Error"`
+ Code string `xml:"Code"`
+ Message string `xml:"Message"`
+}
+
+func unmarshalError(r *request.Request) {
+ defer r.HTTPResponse.Body.Close()
+ defer io.Copy(ioutil.Discard, r.HTTPResponse.Body)
+
+ // Bucket exists in a different region, and request needs
+ // to be made to the correct region.
+ if r.HTTPResponse.StatusCode == http.StatusMovedPermanently {
+ msg := fmt.Sprintf(
+ "incorrect region, the bucket is not in '%s' region at endpoint '%s'",
+ aws.StringValue(r.Config.Region),
+ aws.StringValue(r.Config.Endpoint),
+ )
+ if v := r.HTTPResponse.Header.Get("x-amz-bucket-region"); len(v) != 0 {
+ msg += fmt.Sprintf(", bucket is in '%s' region", v)
+ }
+ r.Error = awserr.NewRequestFailure(
+ awserr.New("BucketRegionError", msg, nil),
+ r.HTTPResponse.StatusCode,
+ r.RequestID,
+ )
+ return
+ }
+
+ // Attempt to parse error from body if it is known
+ var errResp xmlErrorResponse
+ var err error
+ if r.HTTPResponse.StatusCode >= 200 && r.HTTPResponse.StatusCode < 300 {
+ err = s3unmarshalXMLError(&errResp, r.HTTPResponse.Body)
+ } else {
+ err = xmlutil.UnmarshalXMLError(&errResp, r.HTTPResponse.Body)
+ }
+
+ if err != nil {
+ var errorMsg string
+ if err == io.EOF {
+ errorMsg = "empty response payload"
+ } else {
+ errorMsg = "failed to unmarshal error message"
+ }
+
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(request.ErrCodeSerialization,
+ errorMsg, err),
+ r.HTTPResponse.StatusCode,
+ r.RequestID,
+ )
+ return
+ }
+
+ // Fallback to status code converted to message if still no error code
+ if len(errResp.Code) == 0 {
+ statusText := http.StatusText(r.HTTPResponse.StatusCode)
+ errResp.Code = strings.Replace(statusText, " ", "", -1)
+ errResp.Message = statusText
+ }
+
+ r.Error = awserr.NewRequestFailure(
+ awserr.New(errResp.Code, errResp.Message, err),
+ r.HTTPResponse.StatusCode,
+ r.RequestID,
+ )
+}
+
+// A RequestFailure provides access to the S3 Request ID and Host ID values
+// returned from API operation errors. Getting the error as a string will
+// return the formated error with the same information as awserr.RequestFailure,
+// while also adding the HostID value from the response.
+type RequestFailure interface {
+ awserr.RequestFailure
+
+ // Host ID is the S3 Host ID needed for debug, and contacting support
+ HostID() string
+}
+
+// s3unmarshalXMLError is s3 specific xml error unmarshaler
+// for 200 OK errors and response payloads.
+// This function differs from the xmlUtil.UnmarshalXMLError
+// func. It does not ignore the EOF error and passes it up.
+// Related to bug fix for `s3 200 OK response with empty payload`
+func s3unmarshalXMLError(v interface{}, stream io.Reader) error {
+ var errBuf bytes.Buffer
+ body := io.TeeReader(stream, &errBuf)
+
+ err := xml.NewDecoder(body).Decode(v)
+ if err != nil && err != io.EOF {
+ return awserr.NewUnmarshalError(err,
+ "failed to unmarshal error message", errBuf.Bytes())
+ }
+
+ return err
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
new file mode 100644
index 00000000000..2596c694b50
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/s3/waiters.go
@@ -0,0 +1,214 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package s3
+
+import (
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+// WaitUntilBucketExists uses the Amazon S3 API operation
+// HeadBucket to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilBucketExists(input *HeadBucketInput) error {
+ return c.WaitUntilBucketExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilBucketExistsWithContext is an extended version of WaitUntilBucketExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilBucketExistsWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.WaiterOption) error {
+ w := request.Waiter{
+ Name: "WaitUntilBucketExists",
+ MaxAttempts: 20,
+ Delay: request.ConstantWaiterDelay(5 * time.Second),
+ Acceptors: []request.WaiterAcceptor{
+ {
+ State: request.SuccessWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 200,
+ },
+ {
+ State: request.SuccessWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 301,
+ },
+ {
+ State: request.SuccessWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 403,
+ },
+ {
+ State: request.RetryWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 404,
+ },
+ },
+ Logger: c.Config.Logger,
+ NewRequest: func(opts []request.Option) (*request.Request, error) {
+ var inCpy *HeadBucketInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.HeadBucketRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+ w.ApplyOptions(opts...)
+
+ return w.WaitWithContext(ctx)
+}
+
+// WaitUntilBucketNotExists uses the Amazon S3 API operation
+// HeadBucket to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilBucketNotExists(input *HeadBucketInput) error {
+ return c.WaitUntilBucketNotExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilBucketNotExistsWithContext is an extended version of WaitUntilBucketNotExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilBucketNotExistsWithContext(ctx aws.Context, input *HeadBucketInput, opts ...request.WaiterOption) error {
+ w := request.Waiter{
+ Name: "WaitUntilBucketNotExists",
+ MaxAttempts: 20,
+ Delay: request.ConstantWaiterDelay(5 * time.Second),
+ Acceptors: []request.WaiterAcceptor{
+ {
+ State: request.SuccessWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 404,
+ },
+ },
+ Logger: c.Config.Logger,
+ NewRequest: func(opts []request.Option) (*request.Request, error) {
+ var inCpy *HeadBucketInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.HeadBucketRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+ w.ApplyOptions(opts...)
+
+ return w.WaitWithContext(ctx)
+}
+
+// WaitUntilObjectExists uses the Amazon S3 API operation
+// HeadObject to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilObjectExists(input *HeadObjectInput) error {
+ return c.WaitUntilObjectExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilObjectExistsWithContext is an extended version of WaitUntilObjectExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilObjectExistsWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.WaiterOption) error {
+ w := request.Waiter{
+ Name: "WaitUntilObjectExists",
+ MaxAttempts: 20,
+ Delay: request.ConstantWaiterDelay(5 * time.Second),
+ Acceptors: []request.WaiterAcceptor{
+ {
+ State: request.SuccessWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 200,
+ },
+ {
+ State: request.RetryWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 404,
+ },
+ },
+ Logger: c.Config.Logger,
+ NewRequest: func(opts []request.Option) (*request.Request, error) {
+ var inCpy *HeadObjectInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.HeadObjectRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+ w.ApplyOptions(opts...)
+
+ return w.WaitWithContext(ctx)
+}
+
+// WaitUntilObjectNotExists uses the Amazon S3 API operation
+// HeadObject to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *S3) WaitUntilObjectNotExists(input *HeadObjectInput) error {
+ return c.WaitUntilObjectNotExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilObjectNotExistsWithContext is an extended version of WaitUntilObjectNotExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *S3) WaitUntilObjectNotExistsWithContext(ctx aws.Context, input *HeadObjectInput, opts ...request.WaiterOption) error {
+ w := request.Waiter{
+ Name: "WaitUntilObjectNotExists",
+ MaxAttempts: 20,
+ Delay: request.ConstantWaiterDelay(5 * time.Second),
+ Acceptors: []request.WaiterAcceptor{
+ {
+ State: request.SuccessWaiterState,
+ Matcher: request.StatusWaiterMatch,
+ Expected: 404,
+ },
+ },
+ Logger: c.Config.Logger,
+ NewRequest: func(opts []request.Option) (*request.Request, error) {
+ var inCpy *HeadObjectInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.HeadObjectRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+ w.ApplyOptions(opts...)
+
+ return w.WaitWithContext(ctx)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/api.go b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
new file mode 100644
index 00000000000..b8f590f71d3
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
@@ -0,0 +1,1367 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sso
+
+import (
+ "fmt"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+const opGetRoleCredentials = "GetRoleCredentials"
+
+// GetRoleCredentialsRequest generates a "aws/request.Request" representing the
+// client's request for the GetRoleCredentials operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetRoleCredentials for more information on using the GetRoleCredentials
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetRoleCredentialsRequest method.
+// req, resp := client.GetRoleCredentialsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
+func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *request.Request, output *GetRoleCredentialsOutput) {
+ op := &request.Operation{
+ Name: opGetRoleCredentials,
+ HTTPMethod: "GET",
+ HTTPPath: "/federation/credentials",
+ }
+
+ if input == nil {
+ input = &GetRoleCredentialsInput{}
+ }
+
+ output = &GetRoleCredentialsOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// GetRoleCredentials API operation for AWS Single Sign-On.
+//
+// Returns the STS short-term credentials for a given role name that is assigned
+// to the user.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation GetRoleCredentials for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that a problem occurred with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - UnauthorizedException
+// Indicates that the request is not authorized. This can happen due to an invalid
+// access token in the request.
+//
+// - TooManyRequestsException
+// Indicates that the request is being made too frequently and is more than
+// what the server can handle.
+//
+// - ResourceNotFoundException
+// The specified resource doesn't exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
+func (c *SSO) GetRoleCredentials(input *GetRoleCredentialsInput) (*GetRoleCredentialsOutput, error) {
+ req, out := c.GetRoleCredentialsRequest(input)
+ return out, req.Send()
+}
+
+// GetRoleCredentialsWithContext is the same as GetRoleCredentials with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetRoleCredentials for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) GetRoleCredentialsWithContext(ctx aws.Context, input *GetRoleCredentialsInput, opts ...request.Option) (*GetRoleCredentialsOutput, error) {
+ req, out := c.GetRoleCredentialsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opListAccountRoles = "ListAccountRoles"
+
+// ListAccountRolesRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccountRoles operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListAccountRoles for more information on using the ListAccountRoles
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListAccountRolesRequest method.
+// req, resp := client.ListAccountRolesRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
+func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *request.Request, output *ListAccountRolesOutput) {
+ op := &request.Operation{
+ Name: opListAccountRoles,
+ HTTPMethod: "GET",
+ HTTPPath: "/assignment/roles",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListAccountRolesInput{}
+ }
+
+ output = &ListAccountRolesOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// ListAccountRoles API operation for AWS Single Sign-On.
+//
+// Lists all roles that are assigned to the user for a given AWS account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation ListAccountRoles for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that a problem occurred with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - UnauthorizedException
+// Indicates that the request is not authorized. This can happen due to an invalid
+// access token in the request.
+//
+// - TooManyRequestsException
+// Indicates that the request is being made too frequently and is more than
+// what the server can handle.
+//
+// - ResourceNotFoundException
+// The specified resource doesn't exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
+func (c *SSO) ListAccountRoles(input *ListAccountRolesInput) (*ListAccountRolesOutput, error) {
+ req, out := c.ListAccountRolesRequest(input)
+ return out, req.Send()
+}
+
+// ListAccountRolesWithContext is the same as ListAccountRoles with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListAccountRoles for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRolesInput, opts ...request.Option) (*ListAccountRolesOutput, error) {
+ req, out := c.ListAccountRolesRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListAccountRolesPages iterates over the pages of a ListAccountRoles operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListAccountRoles method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListAccountRoles operation.
+// pageNum := 0
+// err := client.ListAccountRolesPages(params,
+// func(page *sso.ListAccountRolesOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error {
+ return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListAccountRolesPagesWithContext same as ListAccountRolesPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountRolesPagesWithContext(ctx aws.Context, input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListAccountRolesInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListAccountRolesRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListAccountRolesOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListAccounts = "ListAccounts"
+
+// ListAccountsRequest generates a "aws/request.Request" representing the
+// client's request for the ListAccounts operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListAccounts for more information on using the ListAccounts
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListAccountsRequest method.
+// req, resp := client.ListAccountsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
+func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
+ op := &request.Operation{
+ Name: opListAccounts,
+ HTTPMethod: "GET",
+ HTTPPath: "/assignment/accounts",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListAccountsInput{}
+ }
+
+ output = &ListAccountsOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// ListAccounts API operation for AWS Single Sign-On.
+//
+// Lists all AWS accounts assigned to the user. These AWS accounts are assigned
+// by the administrator of the account. For more information, see Assign User
+// Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
+// in the IAM Identity Center User Guide. This operation returns a paginated
+// response.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation ListAccounts for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that a problem occurred with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - UnauthorizedException
+// Indicates that the request is not authorized. This can happen due to an invalid
+// access token in the request.
+//
+// - TooManyRequestsException
+// Indicates that the request is being made too frequently and is more than
+// what the server can handle.
+//
+// - ResourceNotFoundException
+// The specified resource doesn't exist.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
+func (c *SSO) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
+ req, out := c.ListAccountsRequest(input)
+ return out, req.Send()
+}
+
+// ListAccountsWithContext is the same as ListAccounts with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListAccounts for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
+ req, out := c.ListAccountsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListAccountsPages iterates over the pages of a ListAccounts operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListAccounts method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListAccounts operation.
+// pageNum := 0
+// err := client.ListAccountsPages(params,
+// func(page *sso.ListAccountsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
+ return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListAccountsPagesWithContext same as ListAccountsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListAccountsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListAccountsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opLogout = "Logout"
+
+// LogoutRequest generates a "aws/request.Request" representing the
+// client's request for the Logout operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See Logout for more information on using the Logout
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the LogoutRequest method.
+// req, resp := client.LogoutRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
+func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *LogoutOutput) {
+ op := &request.Operation{
+ Name: opLogout,
+ HTTPMethod: "POST",
+ HTTPPath: "/logout",
+ }
+
+ if input == nil {
+ input = &LogoutInput{}
+ }
+
+ output = &LogoutOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// Logout API operation for AWS Single Sign-On.
+//
+// Removes the locally stored SSO tokens from the client-side cache and sends
+// an API call to the IAM Identity Center service to invalidate the corresponding
+// server-side IAM Identity Center sign in session.
+//
+// If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
+// Identity Center sign in session is used to obtain an IAM session, as specified
+// in the corresponding IAM Identity Center permission set. More specifically,
+// IAM Identity Center assumes an IAM role in the target account on behalf of
+// the user, and the corresponding temporary AWS credentials are returned to
+// the client.
+//
+// After user logout, any existing IAM role sessions that were created by using
+// IAM Identity Center permission sets continue based on the duration configured
+// in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
+// in the IAM Identity Center User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Single Sign-On's
+// API operation Logout for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that a problem occurred with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - UnauthorizedException
+// Indicates that the request is not authorized. This can happen due to an invalid
+// access token in the request.
+//
+// - TooManyRequestsException
+// Indicates that the request is being made too frequently and is more than
+// what the server can handle.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/Logout
+func (c *SSO) Logout(input *LogoutInput) (*LogoutOutput, error) {
+ req, out := c.LogoutRequest(input)
+ return out, req.Send()
+}
+
+// LogoutWithContext is the same as Logout with the addition of
+// the ability to pass a context and additional request options.
+//
+// See Logout for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...request.Option) (*LogoutOutput, error) {
+ req, out := c.LogoutRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// Provides information about your AWS account.
+type AccountInfo struct {
+ _ struct{} `type:"structure"`
+
+ // The identifier of the AWS account that is assigned to the user.
+ AccountId *string `locationName:"accountId" type:"string"`
+
+ // The display name of the AWS account that is assigned to the user.
+ AccountName *string `locationName:"accountName" type:"string"`
+
+ // The email address of the AWS account that is assigned to the user.
+ EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountInfo) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccountInfo) GoString() string {
+ return s.String()
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *AccountInfo) SetAccountId(v string) *AccountInfo {
+ s.AccountId = &v
+ return s
+}
+
+// SetAccountName sets the AccountName field's value.
+func (s *AccountInfo) SetAccountName(v string) *AccountInfo {
+ s.AccountName = &v
+ return s
+}
+
+// SetEmailAddress sets the EmailAddress field's value.
+func (s *AccountInfo) SetEmailAddress(v string) *AccountInfo {
+ s.EmailAddress = &v
+ return s
+}
+
+type GetRoleCredentialsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The token issued by the CreateToken API call. For more information, see CreateToken
+ // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+ // in the IAM Identity Center OIDC API Reference Guide.
+ //
+ // AccessToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by GetRoleCredentialsInput's
+ // String and GoString methods.
+ //
+ // AccessToken is a required field
+ AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+
+ // The identifier for the AWS account that is assigned to the user.
+ //
+ // AccountId is a required field
+ AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
+
+ // The friendly name of the role that is assigned to the user.
+ //
+ // RoleName is a required field
+ RoleName *string `location:"querystring" locationName:"role_name" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetRoleCredentialsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetRoleCredentialsInput"}
+ if s.AccessToken == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+ }
+ if s.AccountId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccountId"))
+ }
+ if s.RoleName == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleName"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *GetRoleCredentialsInput) SetAccessToken(v string) *GetRoleCredentialsInput {
+ s.AccessToken = &v
+ return s
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *GetRoleCredentialsInput) SetAccountId(v string) *GetRoleCredentialsInput {
+ s.AccountId = &v
+ return s
+}
+
+// SetRoleName sets the RoleName field's value.
+func (s *GetRoleCredentialsInput) SetRoleName(v string) *GetRoleCredentialsInput {
+ s.RoleName = &v
+ return s
+}
+
+type GetRoleCredentialsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The credentials for the role that is assigned to the user.
+ RoleCredentials *RoleCredentials `locationName:"roleCredentials" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetRoleCredentialsOutput) GoString() string {
+ return s.String()
+}
+
+// SetRoleCredentials sets the RoleCredentials field's value.
+func (s *GetRoleCredentialsOutput) SetRoleCredentials(v *RoleCredentials) *GetRoleCredentialsOutput {
+ s.RoleCredentials = v
+ return s
+}
+
+// Indicates that a problem occurred with the input to the request. For example,
+// a required parameter might be missing or out of range.
+type InvalidRequestException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
+ return &InvalidRequestException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidRequestException) Code() string {
+ return "InvalidRequestException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidRequestException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidRequestException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidRequestException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidRequestException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidRequestException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type ListAccountRolesInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The token issued by the CreateToken API call. For more information, see CreateToken
+ // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+ // in the IAM Identity Center OIDC API Reference Guide.
+ //
+ // AccessToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by ListAccountRolesInput's
+ // String and GoString methods.
+ //
+ // AccessToken is a required field
+ AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+
+ // The identifier for the AWS account that is assigned to the user.
+ //
+ // AccountId is a required field
+ AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
+
+ // The number of items that clients can request per page.
+ MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`
+
+ // The page token from the previous response output when you request subsequent
+ // pages.
+ NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccountRolesInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAccountRolesInput"}
+ if s.AccessToken == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+ }
+ if s.AccountId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccountId"))
+ }
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *ListAccountRolesInput) SetAccessToken(v string) *ListAccountRolesInput {
+ s.AccessToken = &v
+ return s
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *ListAccountRolesInput) SetAccountId(v string) *ListAccountRolesInput {
+ s.AccountId = &v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccountRolesInput) SetMaxResults(v int64) *ListAccountRolesInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountRolesInput) SetNextToken(v string) *ListAccountRolesInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListAccountRolesOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The page token client that is used to retrieve the list of accounts.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // A paginated response with the list of roles and the next token if more results
+ // are available.
+ RoleList []*RoleInfo `locationName:"roleList" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountRolesOutput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountRolesOutput) SetNextToken(v string) *ListAccountRolesOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetRoleList sets the RoleList field's value.
+func (s *ListAccountRolesOutput) SetRoleList(v []*RoleInfo) *ListAccountRolesOutput {
+ s.RoleList = v
+ return s
+}
+
+type ListAccountsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The token issued by the CreateToken API call. For more information, see CreateToken
+ // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+ // in the IAM Identity Center OIDC API Reference Guide.
+ //
+ // AccessToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by ListAccountsInput's
+ // String and GoString methods.
+ //
+ // AccessToken is a required field
+ AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+
+ // This is the number of items clients can request per page.
+ MaxResults *int64 `location:"querystring" locationName:"max_result" min:"1" type:"integer"`
+
+ // (Optional) When requesting subsequent pages, this is the page token from
+ // the previous response output.
+ NextToken *string `location:"querystring" locationName:"next_token" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListAccountsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
+ if s.AccessToken == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+ }
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *ListAccountsInput) SetAccessToken(v string) *ListAccountsInput {
+ s.AccessToken = &v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListAccountsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A paginated response with the list of account information and the next token
+ // if more results are available.
+ AccountList []*AccountInfo `locationName:"accountList" type:"list"`
+
+ // The page token client that is used to retrieve the list of accounts.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListAccountsOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccountList sets the AccountList field's value.
+func (s *ListAccountsOutput) SetAccountList(v []*AccountInfo) *ListAccountsOutput {
+ s.AccountList = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
+ s.NextToken = &v
+ return s
+}
+
+type LogoutInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The token issued by the CreateToken API call. For more information, see CreateToken
+ // (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
+ // in the IAM Identity Center OIDC API Reference Guide.
+ //
+ // AccessToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by LogoutInput's
+ // String and GoString methods.
+ //
+ // AccessToken is a required field
+ AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *LogoutInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "LogoutInput"}
+ if s.AccessToken == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessToken"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *LogoutInput) SetAccessToken(v string) *LogoutInput {
+ s.AccessToken = &v
+ return s
+}
+
+type LogoutOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s LogoutOutput) GoString() string {
+ return s.String()
+}
+
+// The specified resource doesn't exist.
+type ResourceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+ return &ResourceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+ return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Provides information about the role credentials that are assigned to the
+// user.
+type RoleCredentials struct {
+ _ struct{} `type:"structure"`
+
+ // The identifier used for the temporary security credentials. For more information,
+ // see Using Temporary Security Credentials to Request Access to AWS Resources
+ // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+ // in the AWS IAM User Guide.
+ AccessKeyId *string `locationName:"accessKeyId" type:"string"`
+
+ // The date on which temporary security credentials expire.
+ Expiration *int64 `locationName:"expiration" type:"long"`
+
+ // The key that is used to sign the request. For more information, see Using
+ // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+ // in the AWS IAM User Guide.
+ //
+ // SecretAccessKey is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by RoleCredentials's
+ // String and GoString methods.
+ SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"`
+
+ // The token used for temporary credentials. For more information, see Using
+ // Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+ // in the AWS IAM User Guide.
+ //
+ // SessionToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by RoleCredentials's
+ // String and GoString methods.
+ SessionToken *string `locationName:"sessionToken" type:"string" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleCredentials) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleCredentials) GoString() string {
+ return s.String()
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *RoleCredentials) SetAccessKeyId(v string) *RoleCredentials {
+ s.AccessKeyId = &v
+ return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *RoleCredentials) SetExpiration(v int64) *RoleCredentials {
+ s.Expiration = &v
+ return s
+}
+
+// SetSecretAccessKey sets the SecretAccessKey field's value.
+func (s *RoleCredentials) SetSecretAccessKey(v string) *RoleCredentials {
+ s.SecretAccessKey = &v
+ return s
+}
+
+// SetSessionToken sets the SessionToken field's value.
+func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials {
+ s.SessionToken = &v
+ return s
+}
+
+// Provides information about the role that is assigned to the user.
+type RoleInfo struct {
+ _ struct{} `type:"structure"`
+
+ // The identifier of the AWS account assigned to the user.
+ AccountId *string `locationName:"accountId" type:"string"`
+
+ // The friendly name of the role that is assigned to the user.
+ RoleName *string `locationName:"roleName" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleInfo) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RoleInfo) GoString() string {
+ return s.String()
+}
+
+// SetAccountId sets the AccountId field's value.
+func (s *RoleInfo) SetAccountId(v string) *RoleInfo {
+ s.AccountId = &v
+ return s
+}
+
+// SetRoleName sets the RoleName field's value.
+func (s *RoleInfo) SetRoleName(v string) *RoleInfo {
+ s.RoleName = &v
+ return s
+}
+
+// Indicates that the request is being made too frequently and is more than
+// what the server can handle.
+type TooManyRequestsException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TooManyRequestsException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TooManyRequestsException) GoString() string {
+ return s.String()
+}
+
+func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
+ return &TooManyRequestsException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *TooManyRequestsException) Code() string {
+ return "TooManyRequestsException"
+}
+
+// Message returns the exception's message.
+func (s *TooManyRequestsException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *TooManyRequestsException) OrigErr() error {
+ return nil
+}
+
+func (s *TooManyRequestsException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *TooManyRequestsException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *TooManyRequestsException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that the request is not authorized. This can happen due to an invalid
+// access token in the request.
+type UnauthorizedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnauthorizedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnauthorizedException) GoString() string {
+ return s.String()
+}
+
+func newErrorUnauthorizedException(v protocol.ResponseMetadata) error {
+ return &UnauthorizedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *UnauthorizedException) Code() string {
+ return "UnauthorizedException"
+}
+
+// Message returns the exception's message.
+func (s *UnauthorizedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *UnauthorizedException) OrigErr() error {
+ return nil
+}
+
+func (s *UnauthorizedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *UnauthorizedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *UnauthorizedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
new file mode 100644
index 00000000000..15e61a32282
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
@@ -0,0 +1,45 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package sso provides the client and types for making API
+// requests to AWS Single Sign-On.
+//
+// AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a web
+// service that makes it easy for you to assign user access to IAM Identity
+// Center resources such as the AWS access portal. Users can get AWS account
+// applications and roles assigned to them and get federated into the application.
+//
+// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces
+// will continue to retain their original name for backward compatibility purposes.
+// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
+//
+// This reference guide describes the IAM Identity Center Portal operations
+// that you can call programatically and includes detailed information on data
+// types and errors.
+//
+// AWS provides SDKs that consist of libraries and sample code for various programming
+// languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs
+// provide a convenient way to create programmatic access to IAM Identity Center
+// and other AWS services. For more information about the AWS SDKs, including
+// how to download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.
+//
+// See sso package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/
+//
+// # Using the Client
+//
+// To contact AWS Single Sign-On with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Single Sign-On client SSO for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sso/#New
+package sso
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
new file mode 100644
index 00000000000..77a6792e352
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/errors.go
@@ -0,0 +1,44 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sso
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+ // ErrCodeInvalidRequestException for service response error code
+ // "InvalidRequestException".
+ //
+ // Indicates that a problem occurred with the input to the request. For example,
+ // a required parameter might be missing or out of range.
+ ErrCodeInvalidRequestException = "InvalidRequestException"
+
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFoundException".
+ //
+ // The specified resource doesn't exist.
+ ErrCodeResourceNotFoundException = "ResourceNotFoundException"
+
+ // ErrCodeTooManyRequestsException for service response error code
+ // "TooManyRequestsException".
+ //
+ // Indicates that the request is being made too frequently and is more than
+ // what the server can handle.
+ ErrCodeTooManyRequestsException = "TooManyRequestsException"
+
+ // ErrCodeUnauthorizedException for service response error code
+ // "UnauthorizedException".
+ //
+ // Indicates that the request is not authorized. This can happen due to an invalid
+ // access token in the request.
+ ErrCodeUnauthorizedException = "UnauthorizedException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+ "InvalidRequestException": newErrorInvalidRequestException,
+ "ResourceNotFoundException": newErrorResourceNotFoundException,
+ "TooManyRequestsException": newErrorTooManyRequestsException,
+ "UnauthorizedException": newErrorUnauthorizedException,
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/service.go b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
new file mode 100644
index 00000000000..7094cfe4130
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
@@ -0,0 +1,106 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sso
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+// SSO provides the API operation methods for making requests to
+// AWS Single Sign-On. See this package's package overview docs
+// for details on the service.
+//
+// SSO methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type SSO struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "SSO" // Name of service.
+ EndpointsID = "portal.sso" // ID to lookup a service endpoint with.
+ ServiceID = "SSO" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the SSO client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a SSO client from just a session.
+// svc := sso.New(mySession)
+//
+// // Create a SSO client with additional configuration
+// svc := sso.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSO {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "awsssoportal"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSO {
+ svc := &SSO{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2019-06-10",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(
+ protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+ )
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a SSO operation and runs any
+// custom request initialization.
+func (c *SSO) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
new file mode 100644
index 00000000000..818cab7cda9
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sso/ssoiface/interface.go
@@ -0,0 +1,86 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package ssoiface provides an interface to enable mocking the AWS Single Sign-On service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package ssoiface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/sso"
+)
+
+// SSOAPI provides an interface to enable mocking the
+// sso.SSO service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // AWS Single Sign-On.
+// func myFunc(svc ssoiface.SSOAPI) bool {
+// // Make svc.GetRoleCredentials request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := sso.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockSSOClient struct {
+// ssoiface.SSOAPI
+// }
+// func (m *mockSSOClient) GetRoleCredentials(input *sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockSSOClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type SSOAPI interface {
+ GetRoleCredentials(*sso.GetRoleCredentialsInput) (*sso.GetRoleCredentialsOutput, error)
+ GetRoleCredentialsWithContext(aws.Context, *sso.GetRoleCredentialsInput, ...request.Option) (*sso.GetRoleCredentialsOutput, error)
+ GetRoleCredentialsRequest(*sso.GetRoleCredentialsInput) (*request.Request, *sso.GetRoleCredentialsOutput)
+
+ ListAccountRoles(*sso.ListAccountRolesInput) (*sso.ListAccountRolesOutput, error)
+ ListAccountRolesWithContext(aws.Context, *sso.ListAccountRolesInput, ...request.Option) (*sso.ListAccountRolesOutput, error)
+ ListAccountRolesRequest(*sso.ListAccountRolesInput) (*request.Request, *sso.ListAccountRolesOutput)
+
+ ListAccountRolesPages(*sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool) error
+ ListAccountRolesPagesWithContext(aws.Context, *sso.ListAccountRolesInput, func(*sso.ListAccountRolesOutput, bool) bool, ...request.Option) error
+
+ ListAccounts(*sso.ListAccountsInput) (*sso.ListAccountsOutput, error)
+ ListAccountsWithContext(aws.Context, *sso.ListAccountsInput, ...request.Option) (*sso.ListAccountsOutput, error)
+ ListAccountsRequest(*sso.ListAccountsInput) (*request.Request, *sso.ListAccountsOutput)
+
+ ListAccountsPages(*sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool) error
+ ListAccountsPagesWithContext(aws.Context, *sso.ListAccountsInput, func(*sso.ListAccountsOutput, bool) bool, ...request.Option) error
+
+ Logout(*sso.LogoutInput) (*sso.LogoutOutput, error)
+ LogoutWithContext(aws.Context, *sso.LogoutInput, ...request.Option) (*sso.LogoutOutput, error)
+ LogoutRequest(*sso.LogoutInput) (*request.Request, *sso.LogoutOutput)
+}
+
+var _ SSOAPI = (*sso.SSO)(nil)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go
new file mode 100644
index 00000000000..04f6c811b63
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go
@@ -0,0 +1,2252 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package ssooidc
+
+import (
+ "fmt"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const opCreateToken = "CreateToken"
+
+// CreateTokenRequest generates a "aws/request.Request" representing the
+// client's request for the CreateToken operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateToken for more information on using the CreateToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateTokenRequest method.
+// req, resp := client.CreateTokenRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken
+func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Request, output *CreateTokenOutput) {
+ op := &request.Operation{
+ Name: opCreateToken,
+ HTTPMethod: "POST",
+ HTTPPath: "/token",
+ }
+
+ if input == nil {
+ input = &CreateTokenInput{}
+ }
+
+ output = &CreateTokenOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// CreateToken API operation for AWS SSO OIDC.
+//
+// Creates and returns access and refresh tokens for clients that are authenticated
+// using client secrets. The access token can be used to fetch short-term credentials
+// for the assigned AWS accounts or to access application APIs using bearer
+// authentication.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SSO OIDC's
+// API operation CreateToken for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that something is wrong with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - InvalidClientException
+// Indicates that the clientId or clientSecret in the request is invalid. For
+// example, this can occur when a client sends an incorrect clientId or an expired
+// clientSecret.
+//
+// - InvalidGrantException
+// Indicates that a request contains an invalid grant. This can occur if a client
+// makes a CreateToken request with an invalid grant type.
+//
+// - UnauthorizedClientException
+// Indicates that the client is not currently authorized to make the request.
+// This can happen when a clientId is not issued for a public client.
+//
+// - UnsupportedGrantTypeException
+// Indicates that the grant type in the request is not supported by the service.
+//
+// - InvalidScopeException
+// Indicates that the scope provided in the request is invalid.
+//
+// - AuthorizationPendingException
+// Indicates that a request to authorize a client with an access user session
+// token is pending.
+//
+// - SlowDownException
+// Indicates that the client is making the request too frequently and is more
+// than the service can handle.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action.
+//
+// - ExpiredTokenException
+// Indicates that the token issued by the service is expired and is no longer
+// valid.
+//
+// - InternalServerException
+// Indicates that an error from the service occurred while trying to process
+// a request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateToken
+func (c *SSOOIDC) CreateToken(input *CreateTokenInput) (*CreateTokenOutput, error) {
+ req, out := c.CreateTokenRequest(input)
+ return out, req.Send()
+}
+
+// CreateTokenWithContext is the same as CreateToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInput, opts ...request.Option) (*CreateTokenOutput, error) {
+ req, out := c.CreateTokenRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateTokenWithIAM = "CreateTokenWithIAM"
+
+// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the
+// client's request for the CreateTokenWithIAM operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateTokenWithIAMRequest method.
+// req, resp := client.CreateTokenWithIAMRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
+func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) {
+ op := &request.Operation{
+ Name: opCreateTokenWithIAM,
+ HTTPMethod: "POST",
+ HTTPPath: "/token?aws_iam=t",
+ }
+
+ if input == nil {
+ input = &CreateTokenWithIAMInput{}
+ }
+
+ output = &CreateTokenWithIAMOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateTokenWithIAM API operation for AWS SSO OIDC.
+//
+// Creates and returns access and refresh tokens for clients and applications
+// that are authenticated using IAM entities. The access token can be used to
+// fetch short-term credentials for the assigned AWS accounts or to access application
+// APIs using bearer authentication.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SSO OIDC's
+// API operation CreateTokenWithIAM for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that something is wrong with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - InvalidClientException
+// Indicates that the clientId or clientSecret in the request is invalid. For
+// example, this can occur when a client sends an incorrect clientId or an expired
+// clientSecret.
+//
+// - InvalidGrantException
+// Indicates that a request contains an invalid grant. This can occur if a client
+// makes a CreateToken request with an invalid grant type.
+//
+// - UnauthorizedClientException
+// Indicates that the client is not currently authorized to make the request.
+// This can happen when a clientId is not issued for a public client.
+//
+// - UnsupportedGrantTypeException
+// Indicates that the grant type in the request is not supported by the service.
+//
+// - InvalidScopeException
+// Indicates that the scope provided in the request is invalid.
+//
+// - AuthorizationPendingException
+// Indicates that a request to authorize a client with an access user session
+// token is pending.
+//
+// - SlowDownException
+// Indicates that the client is making the request too frequently and is more
+// than the service can handle.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action.
+//
+// - ExpiredTokenException
+// Indicates that the token issued by the service is expired and is no longer
+// valid.
+//
+// - InternalServerException
+// Indicates that an error from the service occurred while trying to process
+// a request.
+//
+// - InvalidRequestRegionException
+// Indicates that a token provided as input to the request was issued by and
+// is only usable by calling IAM Identity Center endpoints in another region.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM
+func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) {
+ req, out := c.CreateTokenWithIAMRequest(input)
+ return out, req.Send()
+}
+
+// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateTokenWithIAM for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) {
+ req, out := c.CreateTokenWithIAMRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opRegisterClient = "RegisterClient"
+
+// RegisterClientRequest generates a "aws/request.Request" representing the
+// client's request for the RegisterClient operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See RegisterClient for more information on using the RegisterClient
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the RegisterClientRequest method.
+// req, resp := client.RegisterClientRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient
+func (c *SSOOIDC) RegisterClientRequest(input *RegisterClientInput) (req *request.Request, output *RegisterClientOutput) {
+ op := &request.Operation{
+ Name: opRegisterClient,
+ HTTPMethod: "POST",
+ HTTPPath: "/client/register",
+ }
+
+ if input == nil {
+ input = &RegisterClientInput{}
+ }
+
+ output = &RegisterClientOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// RegisterClient API operation for AWS SSO OIDC.
+//
+// Registers a client with IAM Identity Center. This allows clients to initiate
+// device authorization. The output should be persisted for reuse through many
+// authentication requests.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SSO OIDC's
+// API operation RegisterClient for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that something is wrong with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - InvalidScopeException
+// Indicates that the scope provided in the request is invalid.
+//
+// - InvalidClientMetadataException
+// Indicates that the client information sent in the request during registration
+// is invalid.
+//
+// - InternalServerException
+// Indicates that an error from the service occurred while trying to process
+// a request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/RegisterClient
+func (c *SSOOIDC) RegisterClient(input *RegisterClientInput) (*RegisterClientOutput, error) {
+ req, out := c.RegisterClientRequest(input)
+ return out, req.Send()
+}
+
+// RegisterClientWithContext is the same as RegisterClient with the addition of
+// the ability to pass a context and additional request options.
+//
+// See RegisterClient for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSOOIDC) RegisterClientWithContext(ctx aws.Context, input *RegisterClientInput, opts ...request.Option) (*RegisterClientOutput, error) {
+ req, out := c.RegisterClientRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opStartDeviceAuthorization = "StartDeviceAuthorization"
+
+// StartDeviceAuthorizationRequest generates a "aws/request.Request" representing the
+// client's request for the StartDeviceAuthorization operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See StartDeviceAuthorization for more information on using the StartDeviceAuthorization
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the StartDeviceAuthorizationRequest method.
+// req, resp := client.StartDeviceAuthorizationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization
+func (c *SSOOIDC) StartDeviceAuthorizationRequest(input *StartDeviceAuthorizationInput) (req *request.Request, output *StartDeviceAuthorizationOutput) {
+ op := &request.Operation{
+ Name: opStartDeviceAuthorization,
+ HTTPMethod: "POST",
+ HTTPPath: "/device_authorization",
+ }
+
+ if input == nil {
+ input = &StartDeviceAuthorizationInput{}
+ }
+
+ output = &StartDeviceAuthorizationOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// StartDeviceAuthorization API operation for AWS SSO OIDC.
+//
+// Initiates device authorization by requesting a pair of verification codes
+// from the authorization service.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS SSO OIDC's
+// API operation StartDeviceAuthorization for usage and error information.
+//
+// Returned Error Types:
+//
+// - InvalidRequestException
+// Indicates that something is wrong with the input to the request. For example,
+// a required parameter might be missing or out of range.
+//
+// - InvalidClientException
+// Indicates that the clientId or clientSecret in the request is invalid. For
+// example, this can occur when a client sends an incorrect clientId or an expired
+// clientSecret.
+//
+// - UnauthorizedClientException
+// Indicates that the client is not currently authorized to make the request.
+// This can happen when a clientId is not issued for a public client.
+//
+// - SlowDownException
+// Indicates that the client is making the request too frequently and is more
+// than the service can handle.
+//
+// - InternalServerException
+// Indicates that an error from the service occurred while trying to process
+// a request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/StartDeviceAuthorization
+func (c *SSOOIDC) StartDeviceAuthorization(input *StartDeviceAuthorizationInput) (*StartDeviceAuthorizationOutput, error) {
+ req, out := c.StartDeviceAuthorizationRequest(input)
+ return out, req.Send()
+}
+
+// StartDeviceAuthorizationWithContext is the same as StartDeviceAuthorization with the addition of
+// the ability to pass a context and additional request options.
+//
+// See StartDeviceAuthorization for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *SSOOIDC) StartDeviceAuthorizationWithContext(ctx aws.Context, input *StartDeviceAuthorizationInput, opts ...request.Option) (*StartDeviceAuthorizationOutput, error) {
+ req, out := c.StartDeviceAuthorizationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// You do not have sufficient access to perform this action.
+type AccessDeniedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be access_denied.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) GoString() string {
+ return s.String()
+}
+
+func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
+ return &AccessDeniedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AccessDeniedException) Code() string {
+ return "AccessDeniedException"
+}
+
+// Message returns the exception's message.
+func (s *AccessDeniedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AccessDeniedException) OrigErr() error {
+ return nil
+}
+
+func (s *AccessDeniedException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AccessDeniedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AccessDeniedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that a request to authorize a client with an access user session
+// token is pending.
+type AuthorizationPendingException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be authorization_pending.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AuthorizationPendingException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AuthorizationPendingException) GoString() string {
+ return s.String()
+}
+
+func newErrorAuthorizationPendingException(v protocol.ResponseMetadata) error {
+ return &AuthorizationPendingException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AuthorizationPendingException) Code() string {
+ return "AuthorizationPendingException"
+}
+
+// Message returns the exception's message.
+func (s *AuthorizationPendingException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AuthorizationPendingException) OrigErr() error {
+ return nil
+}
+
+func (s *AuthorizationPendingException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AuthorizationPendingException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AuthorizationPendingException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type CreateTokenInput struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier string for the client or application. This value comes
+ // from the result of the RegisterClient API.
+ //
+ // ClientId is a required field
+ ClientId *string `locationName:"clientId" type:"string" required:"true"`
+
+ // A secret string generated for the client. This value should come from the
+ // persisted result of the RegisterClient API.
+ //
+ // ClientSecret is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenInput's
+ // String and GoString methods.
+ //
+ // ClientSecret is a required field
+ ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
+
+ // Used only when calling this API for the Authorization Code grant type. The
+ // short-term code is used to identify this authorization request. This grant
+ // type is currently unsupported for the CreateToken API.
+ Code *string `locationName:"code" type:"string"`
+
+ // Used only when calling this API for the Device Code grant type. This short-term
+ // code is used to identify this authorization request. This comes from the
+ // result of the StartDeviceAuthorization API.
+ DeviceCode *string `locationName:"deviceCode" type:"string"`
+
+ // Supports the following OAuth grant types: Device Code and Refresh Token.
+ // Specify either of the following values, depending on the grant type that
+ // you want:
+ //
+ // * Device Code - urn:ietf:params:oauth:grant-type:device_code
+ //
+ // * Refresh Token - refresh_token
+ //
+ // For information about how to obtain the device code, see the StartDeviceAuthorization
+ // topic.
+ //
+ // GrantType is a required field
+ GrantType *string `locationName:"grantType" type:"string" required:"true"`
+
+ // Used only when calling this API for the Authorization Code grant type. This
+ // value specifies the location of the client or application that has registered
+ // to receive the authorization code.
+ RedirectUri *string `locationName:"redirectUri" type:"string"`
+
+ // Used only when calling this API for the Refresh Token grant type. This token
+ // is used to refresh short-term tokens, such as the access token, that might
+ // expire.
+ //
+ // For more information about the features and limitations of the current IAM
+ // Identity Center OIDC implementation, see Considerations for Using this Guide
+ // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
+ //
+ // RefreshToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenInput's
+ // String and GoString methods.
+ RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
+
+ // The list of scopes for which authorization is requested. The access token
+ // that is issued is limited to the scopes that are granted. If this value is
+ // not specified, IAM Identity Center authorizes all scopes that are configured
+ // for the client during the call to RegisterClient.
+ Scope []*string `locationName:"scope" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateTokenInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateTokenInput"}
+ if s.ClientId == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientId"))
+ }
+ if s.ClientSecret == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientSecret"))
+ }
+ if s.GrantType == nil {
+ invalidParams.Add(request.NewErrParamRequired("GrantType"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientId sets the ClientId field's value.
+func (s *CreateTokenInput) SetClientId(v string) *CreateTokenInput {
+ s.ClientId = &v
+ return s
+}
+
+// SetClientSecret sets the ClientSecret field's value.
+func (s *CreateTokenInput) SetClientSecret(v string) *CreateTokenInput {
+ s.ClientSecret = &v
+ return s
+}
+
+// SetCode sets the Code field's value.
+func (s *CreateTokenInput) SetCode(v string) *CreateTokenInput {
+ s.Code = &v
+ return s
+}
+
+// SetDeviceCode sets the DeviceCode field's value.
+func (s *CreateTokenInput) SetDeviceCode(v string) *CreateTokenInput {
+ s.DeviceCode = &v
+ return s
+}
+
+// SetGrantType sets the GrantType field's value.
+func (s *CreateTokenInput) SetGrantType(v string) *CreateTokenInput {
+ s.GrantType = &v
+ return s
+}
+
+// SetRedirectUri sets the RedirectUri field's value.
+func (s *CreateTokenInput) SetRedirectUri(v string) *CreateTokenInput {
+ s.RedirectUri = &v
+ return s
+}
+
+// SetRefreshToken sets the RefreshToken field's value.
+func (s *CreateTokenInput) SetRefreshToken(v string) *CreateTokenInput {
+ s.RefreshToken = &v
+ return s
+}
+
+// SetScope sets the Scope field's value.
+func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput {
+ s.Scope = v
+ return s
+}
+
+type CreateTokenOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A bearer token to access AWS accounts and applications assigned to a user.
+ //
+ // AccessToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenOutput's
+ // String and GoString methods.
+ AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
+
+ // Indicates the time in seconds when an access token will expire.
+ ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
+
+ // The idToken is not implemented or supported. For more information about the
+ // features and limitations of the current IAM Identity Center OIDC implementation,
+ // see Considerations for Using this Guide in the IAM Identity Center OIDC API
+ // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
+ //
+ // A JSON Web Token (JWT) that identifies who is associated with the issued
+ // access token.
+ //
+ // IdToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenOutput's
+ // String and GoString methods.
+ IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
+
+ // A token that, if present, can be used to refresh a previously issued access
+ // token that might have expired.
+ //
+ // For more information about the features and limitations of the current IAM
+ // Identity Center OIDC implementation, see Considerations for Using this Guide
+ // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
+ //
+ // RefreshToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenOutput's
+ // String and GoString methods.
+ RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
+
+ // Used to notify the client that the returned token is an access token. The
+ // supported token type is Bearer.
+ TokenType *string `locationName:"tokenType" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *CreateTokenOutput) SetAccessToken(v string) *CreateTokenOutput {
+ s.AccessToken = &v
+ return s
+}
+
+// SetExpiresIn sets the ExpiresIn field's value.
+func (s *CreateTokenOutput) SetExpiresIn(v int64) *CreateTokenOutput {
+ s.ExpiresIn = &v
+ return s
+}
+
+// SetIdToken sets the IdToken field's value.
+func (s *CreateTokenOutput) SetIdToken(v string) *CreateTokenOutput {
+ s.IdToken = &v
+ return s
+}
+
+// SetRefreshToken sets the RefreshToken field's value.
+func (s *CreateTokenOutput) SetRefreshToken(v string) *CreateTokenOutput {
+ s.RefreshToken = &v
+ return s
+}
+
+// SetTokenType sets the TokenType field's value.
+func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput {
+ s.TokenType = &v
+ return s
+}
+
+type CreateTokenWithIAMInput struct {
+ _ struct{} `type:"structure"`
+
+ // Used only when calling this API for the JWT Bearer grant type. This value
+ // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize
+ // a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
+ //
+ // Assertion is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
+ // String and GoString methods.
+ Assertion *string `locationName:"assertion" type:"string" sensitive:"true"`
+
+ // The unique identifier string for the client or application. This value is
+ // an application ARN that has OAuth grants configured.
+ //
+ // ClientId is a required field
+ ClientId *string `locationName:"clientId" type:"string" required:"true"`
+
+ // Used only when calling this API for the Authorization Code grant type. This
+ // short-term code is used to identify this authorization request. The code
+ // is obtained through a redirect from IAM Identity Center to a redirect URI
+ // persisted in the Authorization Code GrantOptions for the application.
+ Code *string `locationName:"code" type:"string"`
+
+ // Supports the following OAuth grant types: Authorization Code, Refresh Token,
+ // JWT Bearer, and Token Exchange. Specify one of the following values, depending
+ // on the grant type that you want:
+ //
+ // * Authorization Code - authorization_code
+ //
+ // * Refresh Token - refresh_token
+ //
+ // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer
+ //
+ // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
+ //
+ // GrantType is a required field
+ GrantType *string `locationName:"grantType" type:"string" required:"true"`
+
+ // Used only when calling this API for the Authorization Code grant type. This
+ // value specifies the location of the client or application that has registered
+ // to receive the authorization code.
+ RedirectUri *string `locationName:"redirectUri" type:"string"`
+
+ // Used only when calling this API for the Refresh Token grant type. This token
+ // is used to refresh short-term tokens, such as the access token, that might
+ // expire.
+ //
+ // For more information about the features and limitations of the current IAM
+ // Identity Center OIDC implementation, see Considerations for Using this Guide
+ // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
+ //
+ // RefreshToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
+ // String and GoString methods.
+ RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
+
+ // Used only when calling this API for the Token Exchange grant type. This value
+ // specifies the type of token that the requester can receive. The following
+ // values are supported:
+ //
+ // * Access Token - urn:ietf:params:oauth:token-type:access_token
+ //
+ // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
+ RequestedTokenType *string `locationName:"requestedTokenType" type:"string"`
+
+ // The list of scopes for which authorization is requested. The access token
+ // that is issued is limited to the scopes that are granted. If the value is
+ // not specified, IAM Identity Center authorizes all scopes configured for the
+ // application, including the following default scopes: openid, aws, sts:identity_context.
+ Scope []*string `locationName:"scope" type:"list"`
+
+ // Used only when calling this API for the Token Exchange grant type. This value
+ // specifies the subject of the exchange. The value of the subject token must
+ // be an access token issued by IAM Identity Center to a different client or
+ // application. The access token must have authorized scopes that indicate the
+ // requested application as a target audience.
+ //
+ // SubjectToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's
+ // String and GoString methods.
+ SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"`
+
+ // Used only when calling this API for the Token Exchange grant type. This value
+ // specifies the type of token that is passed as the subject of the exchange.
+ // The following value is supported:
+ //
+ // * Access Token - urn:ietf:params:oauth:token-type:access_token
+ SubjectTokenType *string `locationName:"subjectTokenType" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenWithIAMInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenWithIAMInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateTokenWithIAMInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"}
+ if s.ClientId == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientId"))
+ }
+ if s.GrantType == nil {
+ invalidParams.Add(request.NewErrParamRequired("GrantType"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAssertion sets the Assertion field's value.
+func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput {
+ s.Assertion = &v
+ return s
+}
+
+// SetClientId sets the ClientId field's value.
+func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput {
+ s.ClientId = &v
+ return s
+}
+
+// SetCode sets the Code field's value.
+func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput {
+ s.Code = &v
+ return s
+}
+
+// SetGrantType sets the GrantType field's value.
+func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput {
+ s.GrantType = &v
+ return s
+}
+
+// SetRedirectUri sets the RedirectUri field's value.
+func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput {
+ s.RedirectUri = &v
+ return s
+}
+
+// SetRefreshToken sets the RefreshToken field's value.
+func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput {
+ s.RefreshToken = &v
+ return s
+}
+
+// SetRequestedTokenType sets the RequestedTokenType field's value.
+func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput {
+ s.RequestedTokenType = &v
+ return s
+}
+
+// SetScope sets the Scope field's value.
+func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput {
+ s.Scope = v
+ return s
+}
+
+// SetSubjectToken sets the SubjectToken field's value.
+func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput {
+ s.SubjectToken = &v
+ return s
+}
+
+// SetSubjectTokenType sets the SubjectTokenType field's value.
+func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput {
+ s.SubjectTokenType = &v
+ return s
+}
+
+type CreateTokenWithIAMOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A bearer token to access AWS accounts and applications assigned to a user.
+ //
+ // AccessToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
+ // String and GoString methods.
+ AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"`
+
+ // Indicates the time in seconds when an access token will expire.
+ ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
+
+ // A JSON Web Token (JWT) that identifies the user associated with the issued
+ // access token.
+ //
+ // IdToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
+ // String and GoString methods.
+ IdToken *string `locationName:"idToken" type:"string" sensitive:"true"`
+
+ // Indicates the type of tokens that are issued by IAM Identity Center. The
+ // following values are supported:
+ //
+ // * Access Token - urn:ietf:params:oauth:token-type:access_token
+ //
+ // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
+ IssuedTokenType *string `locationName:"issuedTokenType" type:"string"`
+
+ // A token that, if present, can be used to refresh a previously issued access
+ // token that might have expired.
+ //
+ // For more information about the features and limitations of the current IAM
+ // Identity Center OIDC implementation, see Considerations for Using this Guide
+ // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html).
+ //
+ // RefreshToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's
+ // String and GoString methods.
+ RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"`
+
+ // The list of scopes for which authorization is granted. The access token that
+ // is issued is limited to the scopes that are granted.
+ Scope []*string `locationName:"scope" type:"list"`
+
+ // Used to notify the requester that the returned token is an access token.
+ // The supported token type is Bearer.
+ TokenType *string `locationName:"tokenType" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenWithIAMOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateTokenWithIAMOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccessToken sets the AccessToken field's value.
+func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput {
+ s.AccessToken = &v
+ return s
+}
+
+// SetExpiresIn sets the ExpiresIn field's value.
+func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput {
+ s.ExpiresIn = &v
+ return s
+}
+
+// SetIdToken sets the IdToken field's value.
+func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput {
+ s.IdToken = &v
+ return s
+}
+
+// SetIssuedTokenType sets the IssuedTokenType field's value.
+func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput {
+ s.IssuedTokenType = &v
+ return s
+}
+
+// SetRefreshToken sets the RefreshToken field's value.
+func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput {
+ s.RefreshToken = &v
+ return s
+}
+
+// SetScope sets the Scope field's value.
+func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput {
+ s.Scope = v
+ return s
+}
+
+// SetTokenType sets the TokenType field's value.
+func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput {
+ s.TokenType = &v
+ return s
+}
+
+// Indicates that the token issued by the service is expired and is no longer
+// valid.
+type ExpiredTokenException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be expired_token.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ExpiredTokenException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ExpiredTokenException) GoString() string {
+ return s.String()
+}
+
+func newErrorExpiredTokenException(v protocol.ResponseMetadata) error {
+ return &ExpiredTokenException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ExpiredTokenException) Code() string {
+ return "ExpiredTokenException"
+}
+
+// Message returns the exception's message.
+func (s *ExpiredTokenException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ExpiredTokenException) OrigErr() error {
+ return nil
+}
+
+func (s *ExpiredTokenException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ExpiredTokenException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ExpiredTokenException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that an error from the service occurred while trying to process
+// a request.
+type InternalServerException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be server_error.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) GoString() string {
+ return s.String()
+}
+
+func newErrorInternalServerException(v protocol.ResponseMetadata) error {
+ return &InternalServerException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InternalServerException) Code() string {
+ return "InternalServerException"
+}
+
+// Message returns the exception's message.
+func (s *InternalServerException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InternalServerException) OrigErr() error {
+ return nil
+}
+
+func (s *InternalServerException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InternalServerException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InternalServerException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that the clientId or clientSecret in the request is invalid. For
+// example, this can occur when a client sends an incorrect clientId or an expired
+// clientSecret.
+type InvalidClientException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be invalid_client.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidClientException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidClientException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidClientException(v protocol.ResponseMetadata) error {
+ return &InvalidClientException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidClientException) Code() string {
+ return "InvalidClientException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidClientException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidClientException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidClientException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidClientException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidClientException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that the client information sent in the request during registration
+// is invalid.
+type InvalidClientMetadataException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be invalid_client_metadata.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidClientMetadataException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidClientMetadataException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidClientMetadataException(v protocol.ResponseMetadata) error {
+ return &InvalidClientMetadataException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidClientMetadataException) Code() string {
+ return "InvalidClientMetadataException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidClientMetadataException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidClientMetadataException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidClientMetadataException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidClientMetadataException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidClientMetadataException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that a request contains an invalid grant. This can occur if a client
+// makes a CreateToken request with an invalid grant type.
+type InvalidGrantException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be invalid_grant.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidGrantException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidGrantException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidGrantException(v protocol.ResponseMetadata) error {
+ return &InvalidGrantException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidGrantException) Code() string {
+ return "InvalidGrantException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidGrantException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidGrantException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidGrantException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidGrantException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidGrantException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that something is wrong with the input to the request. For example,
+// a required parameter might be missing or out of range.
+type InvalidRequestException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be invalid_request.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
+ return &InvalidRequestException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidRequestException) Code() string {
+ return "InvalidRequestException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidRequestException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidRequestException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidRequestException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidRequestException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidRequestException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that a token provided as input to the request was issued by and
+// is only usable by calling IAM Identity Center endpoints in another region.
+type InvalidRequestRegionException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Indicates the IAM Identity Center endpoint which the requester may call with
+ // this token.
+ Endpoint *string `locationName:"endpoint" type:"string"`
+
+ // Single error code. For this exception the value will be invalid_request.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+
+ // Indicates the region which the requester may call with this token.
+ Region *string `locationName:"region" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestRegionException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidRequestRegionException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error {
+ return &InvalidRequestRegionException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidRequestRegionException) Code() string {
+ return "InvalidRequestRegionException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidRequestRegionException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidRequestRegionException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidRequestRegionException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidRequestRegionException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidRequestRegionException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that the scope provided in the request is invalid.
+type InvalidScopeException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be invalid_scope.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidScopeException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InvalidScopeException) GoString() string {
+ return s.String()
+}
+
+func newErrorInvalidScopeException(v protocol.ResponseMetadata) error {
+ return &InvalidScopeException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InvalidScopeException) Code() string {
+ return "InvalidScopeException"
+}
+
+// Message returns the exception's message.
+func (s *InvalidScopeException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InvalidScopeException) OrigErr() error {
+ return nil
+}
+
+func (s *InvalidScopeException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InvalidScopeException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InvalidScopeException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type RegisterClientInput struct {
+ _ struct{} `type:"structure"`
+
+ // The friendly name of the client.
+ //
+ // ClientName is a required field
+ ClientName *string `locationName:"clientName" type:"string" required:"true"`
+
+ // The type of client. The service supports only public as a client type. Anything
+ // other than public will be rejected by the service.
+ //
+ // ClientType is a required field
+ ClientType *string `locationName:"clientType" type:"string" required:"true"`
+
+ // The list of scopes that are defined by the client. Upon authorization, this
+ // list is used to restrict permissions when granting an access token.
+ Scopes []*string `locationName:"scopes" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RegisterClientInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RegisterClientInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *RegisterClientInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "RegisterClientInput"}
+ if s.ClientName == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientName"))
+ }
+ if s.ClientType == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientType"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientName sets the ClientName field's value.
+func (s *RegisterClientInput) SetClientName(v string) *RegisterClientInput {
+ s.ClientName = &v
+ return s
+}
+
+// SetClientType sets the ClientType field's value.
+func (s *RegisterClientInput) SetClientType(v string) *RegisterClientInput {
+ s.ClientType = &v
+ return s
+}
+
+// SetScopes sets the Scopes field's value.
+func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput {
+ s.Scopes = v
+ return s
+}
+
+type RegisterClientOutput struct {
+ _ struct{} `type:"structure"`
+
+ // An endpoint that the client can use to request authorization.
+ AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"`
+
+ // The unique identifier string for each client. This client uses this identifier
+ // to get authenticated by the service in subsequent calls.
+ ClientId *string `locationName:"clientId" type:"string"`
+
+ // Indicates the time at which the clientId and clientSecret were issued.
+ ClientIdIssuedAt *int64 `locationName:"clientIdIssuedAt" type:"long"`
+
+ // A secret string generated for the client. The client will use this string
+ // to get authenticated by the service in subsequent calls.
+ //
+ // ClientSecret is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by RegisterClientOutput's
+ // String and GoString methods.
+ ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"`
+
+ // Indicates the time at which the clientId and clientSecret will become invalid.
+ ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"`
+
+ // An endpoint that the client can use to create tokens.
+ TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RegisterClientOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RegisterClientOutput) GoString() string {
+ return s.String()
+}
+
+// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value.
+func (s *RegisterClientOutput) SetAuthorizationEndpoint(v string) *RegisterClientOutput {
+ s.AuthorizationEndpoint = &v
+ return s
+}
+
+// SetClientId sets the ClientId field's value.
+func (s *RegisterClientOutput) SetClientId(v string) *RegisterClientOutput {
+ s.ClientId = &v
+ return s
+}
+
+// SetClientIdIssuedAt sets the ClientIdIssuedAt field's value.
+func (s *RegisterClientOutput) SetClientIdIssuedAt(v int64) *RegisterClientOutput {
+ s.ClientIdIssuedAt = &v
+ return s
+}
+
+// SetClientSecret sets the ClientSecret field's value.
+func (s *RegisterClientOutput) SetClientSecret(v string) *RegisterClientOutput {
+ s.ClientSecret = &v
+ return s
+}
+
+// SetClientSecretExpiresAt sets the ClientSecretExpiresAt field's value.
+func (s *RegisterClientOutput) SetClientSecretExpiresAt(v int64) *RegisterClientOutput {
+ s.ClientSecretExpiresAt = &v
+ return s
+}
+
+// SetTokenEndpoint sets the TokenEndpoint field's value.
+func (s *RegisterClientOutput) SetTokenEndpoint(v string) *RegisterClientOutput {
+ s.TokenEndpoint = &v
+ return s
+}
+
+// Indicates that the client is making the request too frequently and is more
+// than the service can handle.
+type SlowDownException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be slow_down.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SlowDownException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s SlowDownException) GoString() string {
+ return s.String()
+}
+
+func newErrorSlowDownException(v protocol.ResponseMetadata) error {
+ return &SlowDownException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *SlowDownException) Code() string {
+ return "SlowDownException"
+}
+
+// Message returns the exception's message.
+func (s *SlowDownException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *SlowDownException) OrigErr() error {
+ return nil
+}
+
+func (s *SlowDownException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *SlowDownException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *SlowDownException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type StartDeviceAuthorizationInput struct {
+ _ struct{} `type:"structure"`
+
+ // The unique identifier string for the client that is registered with IAM Identity
+ // Center. This value should come from the persisted result of the RegisterClient
+ // API operation.
+ //
+ // ClientId is a required field
+ ClientId *string `locationName:"clientId" type:"string" required:"true"`
+
+ // A secret string that is generated for the client. This value should come
+ // from the persisted result of the RegisterClient API operation.
+ //
+ // ClientSecret is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's
+ // String and GoString methods.
+ //
+ // ClientSecret is a required field
+ ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"`
+
+ // The URL for the Amazon Web Services access portal. For more information,
+ // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html)
+ // in the IAM Identity Center User Guide.
+ //
+ // StartUrl is a required field
+ StartUrl *string `locationName:"startUrl" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartDeviceAuthorizationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartDeviceAuthorizationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *StartDeviceAuthorizationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "StartDeviceAuthorizationInput"}
+ if s.ClientId == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientId"))
+ }
+ if s.ClientSecret == nil {
+ invalidParams.Add(request.NewErrParamRequired("ClientSecret"))
+ }
+ if s.StartUrl == nil {
+ invalidParams.Add(request.NewErrParamRequired("StartUrl"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientId sets the ClientId field's value.
+func (s *StartDeviceAuthorizationInput) SetClientId(v string) *StartDeviceAuthorizationInput {
+ s.ClientId = &v
+ return s
+}
+
+// SetClientSecret sets the ClientSecret field's value.
+func (s *StartDeviceAuthorizationInput) SetClientSecret(v string) *StartDeviceAuthorizationInput {
+ s.ClientSecret = &v
+ return s
+}
+
+// SetStartUrl sets the StartUrl field's value.
+func (s *StartDeviceAuthorizationInput) SetStartUrl(v string) *StartDeviceAuthorizationInput {
+ s.StartUrl = &v
+ return s
+}
+
+type StartDeviceAuthorizationOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The short-lived code that is used by the device when polling for a session
+ // token.
+ DeviceCode *string `locationName:"deviceCode" type:"string"`
+
+ // Indicates the number of seconds in which the verification code will become
+ // invalid.
+ ExpiresIn *int64 `locationName:"expiresIn" type:"integer"`
+
+ // Indicates the number of seconds the client must wait between attempts when
+ // polling for a session.
+ Interval *int64 `locationName:"interval" type:"integer"`
+
+ // A one-time user verification code. This is needed to authorize an in-use
+ // device.
+ UserCode *string `locationName:"userCode" type:"string"`
+
+ // The URI of the verification page that takes the userCode to authorize the
+ // device.
+ VerificationUri *string `locationName:"verificationUri" type:"string"`
+
+ // An alternate URL that the client can use to automatically launch a browser.
+ // This process skips the manual step in which the user visits the verification
+ // page and enters their code.
+ VerificationUriComplete *string `locationName:"verificationUriComplete" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartDeviceAuthorizationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s StartDeviceAuthorizationOutput) GoString() string {
+ return s.String()
+}
+
+// SetDeviceCode sets the DeviceCode field's value.
+func (s *StartDeviceAuthorizationOutput) SetDeviceCode(v string) *StartDeviceAuthorizationOutput {
+ s.DeviceCode = &v
+ return s
+}
+
+// SetExpiresIn sets the ExpiresIn field's value.
+func (s *StartDeviceAuthorizationOutput) SetExpiresIn(v int64) *StartDeviceAuthorizationOutput {
+ s.ExpiresIn = &v
+ return s
+}
+
+// SetInterval sets the Interval field's value.
+func (s *StartDeviceAuthorizationOutput) SetInterval(v int64) *StartDeviceAuthorizationOutput {
+ s.Interval = &v
+ return s
+}
+
+// SetUserCode sets the UserCode field's value.
+func (s *StartDeviceAuthorizationOutput) SetUserCode(v string) *StartDeviceAuthorizationOutput {
+ s.UserCode = &v
+ return s
+}
+
+// SetVerificationUri sets the VerificationUri field's value.
+func (s *StartDeviceAuthorizationOutput) SetVerificationUri(v string) *StartDeviceAuthorizationOutput {
+ s.VerificationUri = &v
+ return s
+}
+
+// SetVerificationUriComplete sets the VerificationUriComplete field's value.
+func (s *StartDeviceAuthorizationOutput) SetVerificationUriComplete(v string) *StartDeviceAuthorizationOutput {
+ s.VerificationUriComplete = &v
+ return s
+}
+
+// Indicates that the client is not currently authorized to make the request.
+// This can happen when a clientId is not issued for a public client.
+type UnauthorizedClientException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be unauthorized_client.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnauthorizedClientException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnauthorizedClientException) GoString() string {
+ return s.String()
+}
+
+func newErrorUnauthorizedClientException(v protocol.ResponseMetadata) error {
+ return &UnauthorizedClientException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *UnauthorizedClientException) Code() string {
+ return "UnauthorizedClientException"
+}
+
+// Message returns the exception's message.
+func (s *UnauthorizedClientException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *UnauthorizedClientException) OrigErr() error {
+ return nil
+}
+
+func (s *UnauthorizedClientException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *UnauthorizedClientException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *UnauthorizedClientException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Indicates that the grant type in the request is not supported by the service.
+type UnsupportedGrantTypeException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // Single error code. For this exception the value will be unsupported_grant_type.
+ Error_ *string `locationName:"error" type:"string"`
+
+ // Human-readable text providing additional information, used to assist the
+ // client developer in understanding the error that occurred.
+ Error_description *string `locationName:"error_description" type:"string"`
+
+ Message_ *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnsupportedGrantTypeException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnsupportedGrantTypeException) GoString() string {
+ return s.String()
+}
+
+func newErrorUnsupportedGrantTypeException(v protocol.ResponseMetadata) error {
+ return &UnsupportedGrantTypeException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *UnsupportedGrantTypeException) Code() string {
+ return "UnsupportedGrantTypeException"
+}
+
+// Message returns the exception's message.
+func (s *UnsupportedGrantTypeException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *UnsupportedGrantTypeException) OrigErr() error {
+ return nil
+}
+
+func (s *UnsupportedGrantTypeException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *UnsupportedGrantTypeException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *UnsupportedGrantTypeException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go
new file mode 100644
index 00000000000..083568c616f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go
@@ -0,0 +1,67 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package ssooidc provides the client and types for making API
+// requests to AWS SSO OIDC.
+//
+// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a
+// client (such as CLI or a native application) to register with IAM Identity
+// Center. The service also enables the client to fetch the user’s access
+// token upon successful authentication and authorization with IAM Identity
+// Center.
+//
+// IAM Identity Center uses the sso and identitystore API namespaces.
+//
+// # Considerations for Using This Guide
+//
+// Before you begin using this guide, we recommend that you first review the
+// following important information about how the IAM Identity Center OIDC service
+// works.
+//
+// - The IAM Identity Center OIDC service currently implements only the portions
+// of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628
+// (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single
+// sign-on authentication with the CLI.
+//
+// - With older versions of the CLI, the service only emits OIDC access tokens,
+// so to obtain a new token, users must explicitly re-authenticate. To access
+// the OIDC flow that supports token refresh and doesn’t require re-authentication,
+// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI
+// V2) with support for OIDC token refresh and configurable IAM Identity
+// Center session durations. For more information, see Configure Amazon Web
+// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html).
+//
+// - The access tokens provided by this service grant access to all Amazon
+// Web Services account entitlements assigned to an IAM Identity Center user,
+// not just a particular application.
+//
+// - The documentation in this guide does not describe the mechanism to convert
+// the access token into Amazon Web Services Auth (“sigv4”) credentials
+// for use with IAM-protected Amazon Web Services service endpoints. For
+// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html)
+// in the IAM Identity Center Portal API Reference Guide.
+//
+// For general information about IAM Identity Center, see What is IAM Identity
+// Center? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+// in the IAM Identity Center User Guide.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10 for more information on this service.
+//
+// See ssooidc package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/
+//
+// # Using the Client
+//
+// To contact AWS SSO OIDC with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS SSO OIDC client SSOOIDC for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/ssooidc/#New
+package ssooidc
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go
new file mode 100644
index 00000000000..e6242e4928d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go
@@ -0,0 +1,115 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package ssooidc
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+ // ErrCodeAccessDeniedException for service response error code
+ // "AccessDeniedException".
+ //
+ // You do not have sufficient access to perform this action.
+ ErrCodeAccessDeniedException = "AccessDeniedException"
+
+ // ErrCodeAuthorizationPendingException for service response error code
+ // "AuthorizationPendingException".
+ //
+ // Indicates that a request to authorize a client with an access user session
+ // token is pending.
+ ErrCodeAuthorizationPendingException = "AuthorizationPendingException"
+
+ // ErrCodeExpiredTokenException for service response error code
+ // "ExpiredTokenException".
+ //
+ // Indicates that the token issued by the service is expired and is no longer
+ // valid.
+ ErrCodeExpiredTokenException = "ExpiredTokenException"
+
+ // ErrCodeInternalServerException for service response error code
+ // "InternalServerException".
+ //
+ // Indicates that an error from the service occurred while trying to process
+ // a request.
+ ErrCodeInternalServerException = "InternalServerException"
+
+ // ErrCodeInvalidClientException for service response error code
+ // "InvalidClientException".
+ //
+ // Indicates that the clientId or clientSecret in the request is invalid. For
+ // example, this can occur when a client sends an incorrect clientId or an expired
+ // clientSecret.
+ ErrCodeInvalidClientException = "InvalidClientException"
+
+ // ErrCodeInvalidClientMetadataException for service response error code
+ // "InvalidClientMetadataException".
+ //
+ // Indicates that the client information sent in the request during registration
+ // is invalid.
+ ErrCodeInvalidClientMetadataException = "InvalidClientMetadataException"
+
+ // ErrCodeInvalidGrantException for service response error code
+ // "InvalidGrantException".
+ //
+ // Indicates that a request contains an invalid grant. This can occur if a client
+ // makes a CreateToken request with an invalid grant type.
+ ErrCodeInvalidGrantException = "InvalidGrantException"
+
+ // ErrCodeInvalidRequestException for service response error code
+ // "InvalidRequestException".
+ //
+ // Indicates that something is wrong with the input to the request. For example,
+ // a required parameter might be missing or out of range.
+ ErrCodeInvalidRequestException = "InvalidRequestException"
+
+ // ErrCodeInvalidRequestRegionException for service response error code
+ // "InvalidRequestRegionException".
+ //
+ // Indicates that a token provided as input to the request was issued by and
+ // is only usable by calling IAM Identity Center endpoints in another region.
+ ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException"
+
+ // ErrCodeInvalidScopeException for service response error code
+ // "InvalidScopeException".
+ //
+ // Indicates that the scope provided in the request is invalid.
+ ErrCodeInvalidScopeException = "InvalidScopeException"
+
+ // ErrCodeSlowDownException for service response error code
+ // "SlowDownException".
+ //
+ // Indicates that the client is making the request too frequently and is more
+ // than the service can handle.
+ ErrCodeSlowDownException = "SlowDownException"
+
+ // ErrCodeUnauthorizedClientException for service response error code
+ // "UnauthorizedClientException".
+ //
+ // Indicates that the client is not currently authorized to make the request.
+ // This can happen when a clientId is not issued for a public client.
+ ErrCodeUnauthorizedClientException = "UnauthorizedClientException"
+
+ // ErrCodeUnsupportedGrantTypeException for service response error code
+ // "UnsupportedGrantTypeException".
+ //
+ // Indicates that the grant type in the request is not supported by the service.
+ ErrCodeUnsupportedGrantTypeException = "UnsupportedGrantTypeException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+ "AccessDeniedException": newErrorAccessDeniedException,
+ "AuthorizationPendingException": newErrorAuthorizationPendingException,
+ "ExpiredTokenException": newErrorExpiredTokenException,
+ "InternalServerException": newErrorInternalServerException,
+ "InvalidClientException": newErrorInvalidClientException,
+ "InvalidClientMetadataException": newErrorInvalidClientMetadataException,
+ "InvalidGrantException": newErrorInvalidGrantException,
+ "InvalidRequestException": newErrorInvalidRequestException,
+ "InvalidRequestRegionException": newErrorInvalidRequestRegionException,
+ "InvalidScopeException": newErrorInvalidScopeException,
+ "SlowDownException": newErrorSlowDownException,
+ "UnauthorizedClientException": newErrorUnauthorizedClientException,
+ "UnsupportedGrantTypeException": newErrorUnsupportedGrantTypeException,
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go
new file mode 100644
index 00000000000..782bae3692d
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go
@@ -0,0 +1,106 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package ssooidc
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+// SSOOIDC provides the API operation methods for making requests to
+// AWS SSO OIDC. See this package's package overview docs
+// for details on the service.
+//
+// SSOOIDC methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type SSOOIDC struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "SSO OIDC" // Name of service.
+ EndpointsID = "oidc" // ID to lookup a service endpoint with.
+ ServiceID = "SSO OIDC" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the SSOOIDC client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a SSOOIDC client from just a session.
+// svc := ssooidc.New(mySession)
+//
+// // Create a SSOOIDC client with additional configuration
+// svc := ssooidc.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "sso-oauth"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *SSOOIDC {
+ svc := &SSOOIDC{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2019-06-10",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(
+ protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+ )
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a SSOOIDC operation and runs any
+// custom request initialization.
+func (c *SSOOIDC) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
new file mode 100644
index 00000000000..2c395f5f673
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@@ -0,0 +1,3553 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+import (
+ "fmt"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/credentials"
+ "github.com/aws/aws-sdk-go/aws/request"
+)
+
+const opAssumeRole = "AssumeRole"
+
+// AssumeRoleRequest generates a "aws/request.Request" representing the
+// client's request for the AssumeRole operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssumeRole for more information on using the AssumeRole
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the AssumeRoleRequest method.
+// req, resp := client.AssumeRoleRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
+func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, output *AssumeRoleOutput) {
+ op := &request.Operation{
+ Name: opAssumeRole,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &AssumeRoleInput{}
+ }
+
+ output = &AssumeRoleOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// AssumeRole API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials that you can use to access
+// Amazon Web Services resources. These temporary credentials consist of an
+// access key ID, a secret access key, and a security token. Typically, you
+// use AssumeRole within your account or for cross-account access. For a comparison
+// of AssumeRole with other API operations that produce temporary credentials,
+// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// # Permissions
+//
+// The temporary security credentials created by AssumeRole can be used to make
+// API calls to any Amazon Web Services service with the following exception:
+// You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
+// API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's identity-based
+// policy and the session policies. You can use the role's temporary credentials
+// in subsequent Amazon Web Services API calls to access resources in the account
+// that owns the role. You cannot use session policies to grant more permissions
+// than those allowed by the identity-based policy of the role that is being
+// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// When you create a role, you create two policies: a role trust policy that
+// specifies who can assume the role, and a permissions policy that specifies
+// what can be done with the role. You specify the trusted principal that is
+// allowed to assume the role in the role trust policy.
+//
+// To assume a role from a different account, your Amazon Web Services account
+// must be trusted by the role. The trust relationship is defined in the role's
+// trust policy when the role is created. That trust policy states which accounts
+// are allowed to delegate that access to users in the account.
+//
+// A user who wants to access a role in a different account must also have permissions
+// that are delegated from the account administrator. The administrator must
+// attach a policy that allows the user to call AssumeRole for the ARN of the
+// role in the other account.
+//
+// To allow a user to assume a role in the same account, you can do either of
+// the following:
+//
+// - Attach a policy to the user that allows the user to call AssumeRole
+// (as long as the role's trust policy trusts the account).
+//
+// - Add the user as a principal directly in the role's trust policy.
+//
+// You can do either because the role’s trust policy acts as an IAM resource-based
+// policy. When a resource-based policy grants access to a principal in the
+// same account, no additional identity-based policy is required. For more information
+// about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// in the IAM User Guide.
+//
+// # Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These tags are
+// called session tags. For more information about session tags, see Passing
+// Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// # Using MFA with AssumeRole
+//
+// (Optional) You can include multi-factor authentication (MFA) information
+// when you call AssumeRole. This is useful for cross-account scenarios to ensure
+// that the user that assumes the role has been authenticated with an Amazon
+// Web Services MFA device. In that scenario, the trust policy of the role being
+// assumed includes a condition that tests for MFA authentication. If the caller
+// does not include valid MFA information, the request to assume the role is
+// denied. The condition in a trust policy that tests for MFA authentication
+// might look like the following example.
+//
+// "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
+//
+// For more information, see Configuring MFA-Protected API Access (https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html)
+// in the IAM User Guide guide.
+//
+// To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode
+// parameters. The SerialNumber value identifies the user's hardware or virtual
+// MFA device. The TokenCode is the time-based one-time password (TOTP) that
+// the MFA device produces.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation AssumeRole for usage and error information.
+//
+// Returned Error Codes:
+//
+// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+// The request was rejected because the policy document was malformed. The error
+// message describes the specific error.
+//
+// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An Amazon Web Services conversion
+// compresses the session policy document, session policy ARNs, and session
+// tags into a packed binary format that has a separate limit. The error message
+// indicates by percentage how close the policies and tags are to the upper
+// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// - ErrCodeRegionDisabledException "RegionDisabledException"
+// STS is not activated in the requested region for the account that is being
+// asked to generate credentials. The account administrator must use the IAM
+// console to activate STS in that region. For more information, see Activating
+// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// - ErrCodeExpiredTokenException "ExpiredTokenException"
+// The web identity token that was passed is expired or is not valid. Get a
+// new identity token from the identity provider and then retry the request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
+func (c *STS) AssumeRole(input *AssumeRoleInput) (*AssumeRoleOutput, error) {
+ req, out := c.AssumeRoleRequest(input)
+ return out, req.Send()
+}
+
+// AssumeRoleWithContext is the same as AssumeRole with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRole for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithContext(ctx aws.Context, input *AssumeRoleInput, opts ...request.Option) (*AssumeRoleOutput, error) {
+ req, out := c.AssumeRoleRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
+
+// AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
+// client's request for the AssumeRoleWithSAML operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the AssumeRoleWithSAMLRequest method.
+// req, resp := client.AssumeRoleWithSAMLRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
+func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *request.Request, output *AssumeRoleWithSAMLOutput) {
+ op := &request.Operation{
+ Name: opAssumeRoleWithSAML,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &AssumeRoleWithSAMLInput{}
+ }
+
+ output = &AssumeRoleWithSAMLOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// AssumeRoleWithSAML API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials for users who have been authenticated
+// via a SAML authentication response. This operation provides a mechanism for
+// tying an enterprise identity store or directory to role-based Amazon Web
+// Services access without user-specific credentials or configuration. For a
+// comparison of AssumeRoleWithSAML with the other API operations that produce
+// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// The temporary security credentials returned by this operation consist of
+// an access key ID, a secret access key, and a security token. Applications
+// can use these temporary security credentials to sign calls to Amazon Web
+// Services services.
+//
+// # Session Duration
+//
+// By default, the temporary security credentials created by AssumeRoleWithSAML
+// last for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. Your role session lasts for the
+// duration that you specify, or until the time specified in the SAML authentication
+// response's SessionNotOnOrAfter value, whichever is shorter. You can provide
+// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
+// duration setting for the role. This setting can have a value from 1 hour
+// to 12 hours. To learn how to view the maximum value for your role, see View
+// the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
+//
+// Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining)
+// limits your CLI or Amazon Web Services API role session to a maximum of one
+// hour. When you use the AssumeRole API operation to assume a role, you can
+// specify the duration of your role session with the DurationSeconds parameter.
+// You can specify a parameter value of up to 43200 seconds (12 hours), depending
+// on the maximum session duration setting for your role. However, if you assume
+// a role using role chaining and provide a DurationSeconds parameter value
+// greater than one hour, the operation fails.
+//
+// # Permissions
+//
+// The temporary security credentials created by AssumeRoleWithSAML can be used
+// to make API calls to any Amazon Web Services service with the following exception:
+// you cannot call the STS GetFederationToken or GetSessionToken API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's identity-based
+// policy and the session policies. You can use the role's temporary credentials
+// in subsequent Amazon Web Services API calls to access resources in the account
+// that owns the role. You cannot use session policies to grant more permissions
+// than those allowed by the identity-based policy of the role that is being
+// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services
+// security credentials. The identity of the caller is validated by using keys
+// in the metadata document that is uploaded for the SAML provider entity for
+// your identity provider.
+//
+// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs.
+// The entry includes the value in the NameID element of the SAML assertion.
+// We recommend that you use a NameIDType that is not associated with any personally
+// identifiable information (PII). For example, you could instead use the persistent
+// identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
+//
+// # Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your SAML assertion
+// as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plaintext session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An Amazon Web Services conversion compresses the passed inline session policy,
+// managed policy ARNs, and session tags into a packed binary format that has
+// a separate limit. Your request can fail for this limit even if your plaintext
+// meets the other requirements. The PackedPolicySize response element indicates
+// by percentage how close the policies and tags for your request are to the
+// upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, session tags override the role's tags with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// # SAML Configuration
+//
+// Before your application can call AssumeRoleWithSAML, you must configure your
+// SAML identity provider (IdP) to issue the claims required by Amazon Web Services.
+// Additionally, you must use Identity and Access Management (IAM) to create
+// a SAML provider entity in your Amazon Web Services account that represents
+// your identity provider. You must also create an IAM role that specifies this
+// SAML provider in its trust policy.
+//
+// For more information, see the following resources:
+//
+// - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
+// in the IAM User Guide.
+//
+// - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
+// in the IAM User Guide.
+//
+// - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
+// in the IAM User Guide.
+//
+// - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
+// in the IAM User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation AssumeRoleWithSAML for usage and error information.
+//
+// Returned Error Codes:
+//
+// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+// The request was rejected because the policy document was malformed. The error
+// message describes the specific error.
+//
+// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An Amazon Web Services conversion
+// compresses the session policy document, session policy ARNs, and session
+// tags into a packed binary format that has a separate limit. The error message
+// indicates by percentage how close the policies and tags are to the upper
+// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
+// The identity provider (IdP) reported that authentication failed. This might
+// be because the claim is invalid.
+//
+// If this error is returned for the AssumeRoleWithWebIdentity operation, it
+// can also mean that the claim has expired or has been explicitly revoked.
+//
+// - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
+// The web identity token that was passed could not be validated by Amazon Web
+// Services. Get a new identity token from the identity provider and then retry
+// the request.
+//
+// - ErrCodeExpiredTokenException "ExpiredTokenException"
+// The web identity token that was passed is expired or is not valid. Get a
+// new identity token from the identity provider and then retry the request.
+//
+// - ErrCodeRegionDisabledException "RegionDisabledException"
+// STS is not activated in the requested region for the account that is being
+// asked to generate credentials. The account administrator must use the IAM
+// console to activate STS in that region. For more information, see Activating
+// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
+func (c *STS) AssumeRoleWithSAML(input *AssumeRoleWithSAMLInput) (*AssumeRoleWithSAMLOutput, error) {
+ req, out := c.AssumeRoleWithSAMLRequest(input)
+ return out, req.Send()
+}
+
+// AssumeRoleWithSAMLWithContext is the same as AssumeRoleWithSAML with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRoleWithSAML for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithSAMLWithContext(ctx aws.Context, input *AssumeRoleWithSAMLInput, opts ...request.Option) (*AssumeRoleWithSAMLOutput, error) {
+ req, out := c.AssumeRoleWithSAMLRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
+
+// AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
+// client's request for the AssumeRoleWithWebIdentity operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the AssumeRoleWithWebIdentityRequest method.
+// req, resp := client.AssumeRoleWithWebIdentityRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
+func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityInput) (req *request.Request, output *AssumeRoleWithWebIdentityOutput) {
+ op := &request.Operation{
+ Name: opAssumeRoleWithWebIdentity,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &AssumeRoleWithWebIdentityInput{}
+ }
+
+ output = &AssumeRoleWithWebIdentityOutput{}
+ req = c.newRequest(op, input, output)
+ req.Config.Credentials = credentials.AnonymousCredentials
+ return
+}
+
+// AssumeRoleWithWebIdentity API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials for users who have been authenticated
+// in a mobile or web application with a web identity provider. Example providers
+// include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID
+// Connect-compatible identity provider such as Google or Amazon Cognito federated
+// identities (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html).
+//
+// For mobile applications, we recommend that you use Amazon Cognito. You can
+// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide
+// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android
+// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify
+// a user. You can also supply the user with a consistent identity throughout
+// the lifetime of an application.
+//
+// To learn more about Amazon Cognito, see Amazon Cognito identity pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)
+// in Amazon Cognito Developer Guide.
+//
+// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web
+// Services security credentials. Therefore, you can distribute an application
+// (for example, on mobile devices) that requests temporary security credentials
+// without including long-term Amazon Web Services credentials in the application.
+// You also don't need to deploy server-based proxy services that use long-term
+// Amazon Web Services credentials. Instead, the identity of the caller is validated
+// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity
+// with the other API operations that produce temporary credentials, see Requesting
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// The temporary security credentials returned by this API consist of an access
+// key ID, a secret access key, and a security token. Applications can use these
+// temporary security credentials to sign calls to Amazon Web Services service
+// API operations.
+//
+// # Session Duration
+//
+// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
+// last for one hour. However, you can use the optional DurationSeconds parameter
+// to specify the duration of your session. You can provide a value from 900
+// seconds (15 minutes) up to the maximum session duration setting for the role.
+// This setting can have a value from 1 hour to 12 hours. To learn how to view
+// the maximum value for your role, see View the Maximum Session Duration Setting
+// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+// in the IAM User Guide. The maximum session duration limit applies when you
+// use the AssumeRole* API operations or the assume-role* CLI commands. However
+// the limit does not apply when you use those operations to create a console
+// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
+// in the IAM User Guide.
+//
+// # Permissions
+//
+// The temporary security credentials created by AssumeRoleWithWebIdentity can
+// be used to make API calls to any Amazon Web Services service with the following
+// exception: you cannot call the STS GetFederationToken or GetSessionToken
+// API operations.
+//
+// (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+// Passing policies to this operation returns new temporary credentials. The
+// resulting session's permissions are the intersection of the role's identity-based
+// policy and the session policies. You can use the role's temporary credentials
+// in subsequent Amazon Web Services API calls to access resources in the account
+// that owns the role. You cannot use session policies to grant more permissions
+// than those allowed by the identity-based policy of the role that is being
+// assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide.
+//
+// # Tags
+//
+// (Optional) You can configure your IdP to pass attributes into your web identity
+// token as session tags. Each session tag consists of a key name and an associated
+// value. For more information about session tags, see Passing Session Tags
+// in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can pass up to 50 session tags. The plaintext session tag keys can’t
+// exceed 128 characters and the values can’t exceed 256 characters. For these
+// and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// An Amazon Web Services conversion compresses the passed inline session policy,
+// managed policy ARNs, and session tags into a packed binary format that has
+// a separate limit. Your request can fail for this limit even if your plaintext
+// meets the other requirements. The PackedPolicySize response element indicates
+// by percentage how close the policies and tags for your request are to the
+// upper size limit.
+//
+// You can pass a session tag with the same key as a tag that is attached to
+// the role. When you do, the session tag overrides the role tag with the same
+// key.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// You can set the session tags as transitive. Transitive tags persist during
+// role chaining. For more information, see Chaining Roles with Session Tags
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+// in the IAM User Guide.
+//
+// # Identities
+//
+// Before your application can call AssumeRoleWithWebIdentity, you must have
+// an identity token from a supported identity provider and create a role that
+// the application can assume. The role that your application assumes must trust
+// the identity provider that is associated with the identity token. In other
+// words, the identity provider must be specified in the role's trust policy.
+//
+// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail
+// logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims)
+// of the provided web identity token. We recommend that you avoid using any
+// personally identifiable information (PII) in this field. For example, you
+// could instead use a GUID or a pairwise identifier, as suggested in the OIDC
+// specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes).
+//
+// For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
+// API, see the following resources:
+//
+// - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
+// and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
+//
+// - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
+// Walk through the process of authenticating through Login with Amazon,
+// Facebook, or Google, getting temporary security credentials, and then
+// using those credentials to make a request to Amazon Web Services.
+//
+// - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
+// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
+// These toolkits contain sample apps that show how to invoke the identity
+// providers. The toolkits then show how to use the information from these
+// providers to get and use temporary security credentials.
+//
+// - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
+// This article discusses web identity federation and shows an example of
+// how to use web identity federation to get access to content in Amazon
+// S3.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation AssumeRoleWithWebIdentity for usage and error information.
+//
+// Returned Error Codes:
+//
+// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+// The request was rejected because the policy document was malformed. The error
+// message describes the specific error.
+//
+// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An Amazon Web Services conversion
+// compresses the session policy document, session policy ARNs, and session
+// tags into a packed binary format that has a separate limit. The error message
+// indicates by percentage how close the policies and tags are to the upper
+// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
+// The identity provider (IdP) reported that authentication failed. This might
+// be because the claim is invalid.
+//
+// If this error is returned for the AssumeRoleWithWebIdentity operation, it
+// can also mean that the claim has expired or has been explicitly revoked.
+//
+// - ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
+// The request could not be fulfilled because the identity provider (IDP) that
+// was asked to verify the incoming identity token could not be reached. This
+// is often a transient error caused by network conditions. Retry the request
+// a limited number of times so that you don't exceed the request rate. If the
+// error persists, the identity provider might be down or not responding.
+//
+// - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
+// The web identity token that was passed could not be validated by Amazon Web
+// Services. Get a new identity token from the identity provider and then retry
+// the request.
+//
+// - ErrCodeExpiredTokenException "ExpiredTokenException"
+// The web identity token that was passed is expired or is not valid. Get a
+// new identity token from the identity provider and then retry the request.
+//
+// - ErrCodeRegionDisabledException "RegionDisabledException"
+// STS is not activated in the requested region for the account that is being
+// asked to generate credentials. The account administrator must use the IAM
+// console to activate STS in that region. For more information, see Activating
+// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
+func (c *STS) AssumeRoleWithWebIdentity(input *AssumeRoleWithWebIdentityInput) (*AssumeRoleWithWebIdentityOutput, error) {
+ req, out := c.AssumeRoleWithWebIdentityRequest(input)
+ return out, req.Send()
+}
+
+// AssumeRoleWithWebIdentityWithContext is the same as AssumeRoleWithWebIdentity with the addition of
+// the ability to pass a context and additional request options.
+//
+// See AssumeRoleWithWebIdentity for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) AssumeRoleWithWebIdentityWithContext(ctx aws.Context, input *AssumeRoleWithWebIdentityInput, opts ...request.Option) (*AssumeRoleWithWebIdentityOutput, error) {
+ req, out := c.AssumeRoleWithWebIdentityRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
+
+// DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
+// client's request for the DecodeAuthorizationMessage operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DecodeAuthorizationMessageRequest method.
+// req, resp := client.DecodeAuthorizationMessageRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
+func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessageInput) (req *request.Request, output *DecodeAuthorizationMessageOutput) {
+ op := &request.Operation{
+ Name: opDecodeAuthorizationMessage,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &DecodeAuthorizationMessageInput{}
+ }
+
+ output = &DecodeAuthorizationMessageOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// DecodeAuthorizationMessage API operation for AWS Security Token Service.
+//
+// Decodes additional information about the authorization status of a request
+// from an encoded message returned in response to an Amazon Web Services request.
+//
+// For example, if a user is not authorized to perform an operation that he
+// or she has requested, the request returns a Client.UnauthorizedOperation
+// response (an HTTP 403 response). Some Amazon Web Services operations additionally
+// return an encoded message that can provide details about this authorization
+// failure.
+//
+// Only certain Amazon Web Services operations return an encoded authorization
+// message. The documentation for an individual operation indicates whether
+// that operation returns an encoded message in addition to returning an HTTP
+// code.
+//
+// The message is encoded because the details of the authorization status can
+// contain privileged information that the user who requested the operation
+// should not see. To decode an authorization status message, a user must be
+// granted permissions through an IAM policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
+// to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage)
+// action.
+//
+// The decoded message includes the following type of information:
+//
+// - Whether the request was denied due to an explicit deny or due to the
+// absence of an explicit allow. For more information, see Determining Whether
+// a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
+// in the IAM User Guide.
+//
+// - The principal who made the request.
+//
+// - The requested action.
+//
+// - The requested resource.
+//
+// - The values of condition keys in the context of the user's request.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation DecodeAuthorizationMessage for usage and error information.
+//
+// Returned Error Codes:
+// - ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
+// The error returned if the message passed to DecodeAuthorizationMessage was
+// invalid. This can happen if the token contains invalid characters, such as
+// linebreaks.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
+func (c *STS) DecodeAuthorizationMessage(input *DecodeAuthorizationMessageInput) (*DecodeAuthorizationMessageOutput, error) {
+ req, out := c.DecodeAuthorizationMessageRequest(input)
+ return out, req.Send()
+}
+
+// DecodeAuthorizationMessageWithContext is the same as DecodeAuthorizationMessage with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DecodeAuthorizationMessage for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) DecodeAuthorizationMessageWithContext(ctx aws.Context, input *DecodeAuthorizationMessageInput, opts ...request.Option) (*DecodeAuthorizationMessageOutput, error) {
+ req, out := c.DecodeAuthorizationMessageRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetAccessKeyInfo = "GetAccessKeyInfo"
+
+// GetAccessKeyInfoRequest generates a "aws/request.Request" representing the
+// client's request for the GetAccessKeyInfo operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetAccessKeyInfo for more information on using the GetAccessKeyInfo
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetAccessKeyInfoRequest method.
+// req, resp := client.GetAccessKeyInfoRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *request.Request, output *GetAccessKeyInfoOutput) {
+ op := &request.Operation{
+ Name: opGetAccessKeyInfo,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetAccessKeyInfoInput{}
+ }
+
+ output = &GetAccessKeyInfoOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetAccessKeyInfo API operation for AWS Security Token Service.
+//
+// Returns the account identifier for the specified access key ID.
+//
+// Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE)
+// and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
+// For more information about access keys, see Managing Access Keys for IAM
+// Users (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+// in the IAM User Guide.
+//
+// When you pass an access key ID to this operation, it returns the ID of the
+// Amazon Web Services account to which the keys belong. Access key IDs beginning
+// with AKIA are long-term credentials for an IAM user or the Amazon Web Services
+// account root user. Access key IDs beginning with ASIA are temporary credentials
+// that are created using STS operations. If the account in the response belongs
+// to you, you can sign in as the root user and review your root user access
+// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html)
+// to learn which IAM user owns the keys. To learn who requested the temporary
+// credentials for an ASIA access key, view the STS events in your CloudTrail
+// logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html)
+// in the IAM User Guide.
+//
+// This operation does not indicate the state of the access key. The key might
+// be active, inactive, or deleted. Active keys might not have permissions to
+// perform an operation. Providing a deleted access key might return an error
+// that the key doesn't exist.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetAccessKeyInfo for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo
+func (c *STS) GetAccessKeyInfo(input *GetAccessKeyInfoInput) (*GetAccessKeyInfoOutput, error) {
+ req, out := c.GetAccessKeyInfoRequest(input)
+ return out, req.Send()
+}
+
+// GetAccessKeyInfoWithContext is the same as GetAccessKeyInfo with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetAccessKeyInfo for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetAccessKeyInfoWithContext(ctx aws.Context, input *GetAccessKeyInfoInput, opts ...request.Option) (*GetAccessKeyInfoOutput, error) {
+ req, out := c.GetAccessKeyInfoRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetCallerIdentity = "GetCallerIdentity"
+
+// GetCallerIdentityRequest generates a "aws/request.Request" representing the
+// client's request for the GetCallerIdentity operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetCallerIdentity for more information on using the GetCallerIdentity
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetCallerIdentityRequest method.
+// req, resp := client.GetCallerIdentityRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
+func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *request.Request, output *GetCallerIdentityOutput) {
+ op := &request.Operation{
+ Name: opGetCallerIdentity,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetCallerIdentityInput{}
+ }
+
+ output = &GetCallerIdentityOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetCallerIdentity API operation for AWS Security Token Service.
+//
+// Returns details about the IAM user or role whose credentials are used to
+// call the operation.
+//
+// No permissions are required to perform this operation. If an administrator
+// attaches a policy to your identity that explicitly denies access to the sts:GetCallerIdentity
+// action, you can still perform this operation. Permissions are not required
+// because the same information is returned when access is denied. To view an
+// example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
+// in the IAM User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetCallerIdentity for usage and error information.
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
+func (c *STS) GetCallerIdentity(input *GetCallerIdentityInput) (*GetCallerIdentityOutput, error) {
+ req, out := c.GetCallerIdentityRequest(input)
+ return out, req.Send()
+}
+
+// GetCallerIdentityWithContext is the same as GetCallerIdentity with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetCallerIdentity for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetCallerIdentityWithContext(ctx aws.Context, input *GetCallerIdentityInput, opts ...request.Option) (*GetCallerIdentityOutput, error) {
+ req, out := c.GetCallerIdentityRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetFederationToken = "GetFederationToken"
+
+// GetFederationTokenRequest generates a "aws/request.Request" representing the
+// client's request for the GetFederationToken operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetFederationToken for more information on using the GetFederationToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetFederationTokenRequest method.
+// req, resp := client.GetFederationTokenRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
+func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *request.Request, output *GetFederationTokenOutput) {
+ op := &request.Operation{
+ Name: opGetFederationToken,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetFederationTokenInput{}
+ }
+
+ output = &GetFederationTokenOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetFederationToken API operation for AWS Security Token Service.
+//
+// Returns a set of temporary security credentials (consisting of an access
+// key ID, a secret access key, and a security token) for a user. A typical
+// use is in a proxy application that gets temporary security credentials on
+// behalf of distributed applications inside a corporate network.
+//
+// You must call the GetFederationToken operation using the long-term security
+// credentials of an IAM user. As a result, this call is appropriate in contexts
+// where those credentials can be safeguarded, usually in a server-based application.
+// For a comparison of GetFederationToken with the other API operations that
+// produce temporary credentials, see Requesting Temporary Security Credentials
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// Although it is possible to call GetFederationToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user that
+// you create for the purpose of a proxy application, we do not recommend it.
+// For more information, see Safeguard your root user credentials and don't
+// use them for everyday tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide.
+//
+// You can create a mobile-based or browser-based app that can authenticate
+// users using a web identity provider like Login with Amazon, Facebook, Google,
+// or an OpenID Connect-compatible identity provider. In this case, we recommend
+// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
+// For more information, see Federation Through a Web-based Identity Provider
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide.
+//
+// # Session duration
+//
+// The temporary credentials are valid for the specified duration, from 900
+// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
+// session duration is 43,200 seconds (12 hours). Temporary credentials obtained
+// by using the root user credentials have a maximum duration of 3,600 seconds
+// (1 hour).
+//
+// # Permissions
+//
+// You can use the temporary credentials created by GetFederationToken in any
+// Amazon Web Services service with the following exceptions:
+//
+// - You cannot call any IAM operations using the CLI or the Amazon Web Services
+// API. This limitation does not apply to console sessions.
+//
+// - You cannot call any STS operations except GetCallerIdentity.
+//
+// You can use temporary credentials for single sign-on (SSO) to the console.
+//
+// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// to this operation. You can pass a single JSON policy document to use as an
+// inline session policy. You can also specify up to 10 managed policy Amazon
+// Resource Names (ARNs) to use as managed session policies. The plaintext that
+// you use for both inline and managed session policies can't exceed 2,048 characters.
+//
+// Though the session policy parameters are optional, if you do not pass a policy,
+// then the resulting federated user session has no permissions. When you pass
+// session policies, the session permissions are the intersection of the IAM
+// user policies and the session policies that you pass. This gives you a way
+// to further restrict the permissions for a federated user. You cannot use
+// session policies to grant more permissions than those that are defined in
+// the permissions policy of the IAM user. For more information, see Session
+// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+// in the IAM User Guide. For information about using GetFederationToken to
+// create temporary security credentials, see GetFederationToken—Federation
+// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken).
+//
+// You can use the credentials to access a resource that has a resource-based
+// policy. If that policy specifically references the federated user session
+// in the Principal element of the policy, the session has the permissions allowed
+// by the policy. These permissions are granted in addition to the permissions
+// granted by the session policies.
+//
+// # Tags
+//
+// (Optional) You can pass tag key-value pairs to your session. These are called
+// session tags. For more information about session tags, see Passing Session
+// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You can create a mobile-based or browser-based app that can authenticate
+// users using a web identity provider like Login with Amazon, Facebook, Google,
+// or an OpenID Connect-compatible identity provider. In this case, we recommend
+// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity.
+// For more information, see Federation Through a Web-based Identity Provider
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity)
+// in the IAM User Guide.
+//
+// An administrator must grant you the permissions necessary to pass session
+// tags. The administrator can also create granular permissions to allow you
+// to pass only specific session tags. For more information, see Tutorial: Using
+// Tags for Attribute-Based Access Control (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html)
+// in the IAM User Guide.
+//
+// Tag key–value pairs are not case sensitive, but case is preserved. This
+// means that you cannot have separate Department and department tag keys. Assume
+// that the user that you are federating has the Department=Marketing tag and
+// you pass the department=engineering session tag. Department and department
+// are not saved as separate tags, and the session tag passed in the request
+// takes precedence over the user tag.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetFederationToken for usage and error information.
+//
+// Returned Error Codes:
+//
+// - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+// The request was rejected because the policy document was malformed. The error
+// message describes the specific error.
+//
+// - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+// The request was rejected because the total packed size of the session policies
+// and session tags combined was too large. An Amazon Web Services conversion
+// compresses the session policy document, session policy ARNs, and session
+// tags into a packed binary format that has a separate limit. The error message
+// indicates by percentage how close the policies and tags are to the upper
+// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+//
+// You could receive this error even though you meet other defined session policy
+// and session tag limits. For more information, see IAM and STS Entity Character
+// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+// in the IAM User Guide.
+//
+// - ErrCodeRegionDisabledException "RegionDisabledException"
+// STS is not activated in the requested region for the account that is being
+// asked to generate credentials. The account administrator must use the IAM
+// console to activate STS in that region. For more information, see Activating
+// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
+func (c *STS) GetFederationToken(input *GetFederationTokenInput) (*GetFederationTokenOutput, error) {
+ req, out := c.GetFederationTokenRequest(input)
+ return out, req.Send()
+}
+
+// GetFederationTokenWithContext is the same as GetFederationToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetFederationToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetFederationTokenWithContext(ctx aws.Context, input *GetFederationTokenInput, opts ...request.Option) (*GetFederationTokenOutput, error) {
+ req, out := c.GetFederationTokenRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetSessionToken = "GetSessionToken"
+
+// GetSessionTokenRequest generates a "aws/request.Request" representing the
+// client's request for the GetSessionToken operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetSessionToken for more information on using the GetSessionToken
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetSessionTokenRequest method.
+// req, resp := client.GetSessionTokenRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
+func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.Request, output *GetSessionTokenOutput) {
+ op := &request.Operation{
+ Name: opGetSessionToken,
+ HTTPMethod: "POST",
+ HTTPPath: "/",
+ }
+
+ if input == nil {
+ input = &GetSessionTokenInput{}
+ }
+
+ output = &GetSessionTokenOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetSessionToken API operation for AWS Security Token Service.
+//
+// Returns a set of temporary credentials for an Amazon Web Services account
+// or IAM user. The credentials consist of an access key ID, a secret access
+// key, and a security token. Typically, you use GetSessionToken if you want
+// to use MFA to protect programmatic calls to specific Amazon Web Services
+// API operations like Amazon EC2 StopInstances.
+//
+// MFA-enabled IAM users must call GetSessionToken and submit an MFA code that
+// is associated with their MFA device. Using the temporary security credentials
+// that the call returns, IAM users can then make programmatic calls to API
+// operations that require MFA authentication. An incorrect MFA code causes
+// the API to return an access denied error. For a comparison of GetSessionToken
+// with the other API operations that produce temporary credentials, see Requesting
+// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
+// and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
+// in the IAM User Guide.
+//
+// No permissions are required for users to perform this operation. The purpose
+// of the sts:GetSessionToken operation is to authenticate the user using MFA.
+// You cannot use policies to control authentication operations. For more information,
+// see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
+// in the IAM User Guide.
+//
+// # Session Duration
+//
+// The GetSessionToken operation must be called by using the long-term Amazon
+// Web Services security credentials of an IAM user. Credentials that are created
+// by IAM users are valid for the duration that you specify. This duration can
+// range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
+// hours), with a default of 43,200 seconds (12 hours). Credentials based on
+// account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
+// (1 hour), with a default of 1 hour.
+//
+// # Permissions
+//
+// The temporary security credentials created by GetSessionToken can be used
+// to make API calls to any Amazon Web Services service with the following exceptions:
+//
+// - You cannot call any IAM API operations unless MFA authentication information
+// is included in the request.
+//
+// - You cannot call any STS API except AssumeRole or GetCallerIdentity.
+//
+// The credentials that GetSessionToken returns are based on permissions associated
+// with the IAM user whose credentials were used to call the operation. The
+// temporary credentials have the same permissions as the IAM user.
+//
+// Although it is possible to call GetSessionToken using the security credentials
+// of an Amazon Web Services account root user rather than an IAM user, we do
+// not recommend it. If GetSessionToken is called using root user credentials,
+// the temporary credentials have root user permissions. For more information,
+// see Safeguard your root user credentials and don't use them for everyday
+// tasks (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials)
+// in the IAM User Guide
+//
+// For more information about using GetSessionToken to create temporary credentials,
+// see Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
+// in the IAM User Guide.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for AWS Security Token Service's
+// API operation GetSessionToken for usage and error information.
+//
+// Returned Error Codes:
+// - ErrCodeRegionDisabledException "RegionDisabledException"
+// STS is not activated in the requested region for the account that is being
+// asked to generate credentials. The account administrator must use the IAM
+// console to activate STS in that region. For more information, see Activating
+// and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+// in the IAM User Guide.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
+func (c *STS) GetSessionToken(input *GetSessionTokenInput) (*GetSessionTokenOutput, error) {
+ req, out := c.GetSessionTokenRequest(input)
+ return out, req.Send()
+}
+
+// GetSessionTokenWithContext is the same as GetSessionToken with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetSessionToken for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionTokenInput, opts ...request.Option) (*GetSessionTokenOutput, error) {
+ req, out := c.GetSessionTokenRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+type AssumeRoleInput struct {
+ _ struct{} `type:"structure"`
+
+ // The duration, in seconds, of the role session. The value specified can range
+ // from 900 seconds (15 minutes) up to the maximum session duration set for
+ // the role. The maximum session duration setting can have a value from 1 hour
+ // to 12 hours. If you specify a value higher than this setting or the administrator
+ // setting (whichever is lower), the operation fails. For example, if you specify
+ // a session duration of 12 hours, but your administrator set the maximum session
+ // duration to 6 hours, your operation fails.
+ //
+ // Role chaining limits your Amazon Web Services CLI or Amazon Web Services
+ // API role session to a maximum of one hour. When you use the AssumeRole API
+ // operation to assume a role, you can specify the duration of your role session
+ // with the DurationSeconds parameter. You can specify a parameter value of
+ // up to 43200 seconds (12 hours), depending on the maximum session duration
+ // setting for your role. However, if you assume a role using role chaining
+ // and provide a DurationSeconds parameter value greater than one hour, the
+ // operation fails. To learn how to view the maximum value for your role, see
+ // View the Maximum Session Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+ // in the IAM User Guide.
+ //
+ // By default, the value is set to 3600 seconds.
+ //
+ // The DurationSeconds parameter is separate from the duration of a console
+ // session that you might request using the returned credentials. The request
+ // to the federation endpoint for a console sign-in token takes a SessionDuration
+ // parameter that specifies the maximum length of the console session. For more
+ // information, see Creating a URL that Enables Federated Users to Access the
+ // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+ // in the IAM User Guide.
+ DurationSeconds *int64 `min:"900" type:"integer"`
+
+ // A unique identifier that might be required when you assume a role in another
+ // account. If the administrator of the account to which the role belongs provided
+ // you with an external ID, then provide that value in the ExternalId parameter.
+ // This value can be any string, such as a passphrase or account number. A cross-account
+ // role is usually set up to trust everyone in an account. Therefore, the administrator
+ // of the trusting account might send an external ID to the administrator of
+ // the trusted account. That way, only someone with the ID can assume the role,
+ // rather than everyone in the account. For more information about the external
+ // ID, see How to Use an External ID When Granting Access to Your Amazon Web
+ // Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
+ // in the IAM User Guide.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@:/-
+ ExternalId *string `min:"2" type:"string"`
+
+ // An IAM policy in JSON format that you want to use as an inline session policy.
+ //
+ // This parameter is optional. Passing policies to this operation returns new
+ // temporary credentials. The resulting session's permissions are the intersection
+ // of the role's identity-based policy and the session policies. You can use
+ // the role's temporary credentials in subsequent Amazon Web Services API calls
+ // to access resources in the account that owns the role. You cannot use session
+ // policies to grant more permissions than those allowed by the identity-based
+ // policy of the role that is being assumed. For more information, see Session
+ // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ //
+ // The plaintext that you use for both inline and managed session policies can't
+ // exceed 2,048 characters. The JSON policy characters can be any ASCII character
+ // from the space character to the end of the valid character list (\u0020 through
+ // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+ // return (\u000D) characters.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ Policy *string `min:"1" type:"string"`
+
+ // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+ // to use as managed session policies. The policies must exist in the same account
+ // as the role.
+ //
+ // This parameter is optional. You can provide up to 10 managed policy ARNs.
+ // However, the plaintext that you use for both inline and managed session policies
+ // can't exceed 2,048 characters. For more information about ARNs, see Amazon
+ // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ //
+ // Passing policies to this operation returns new temporary credentials. The
+ // resulting session's permissions are the intersection of the role's identity-based
+ // policy and the session policies. You can use the role's temporary credentials
+ // in subsequent Amazon Web Services API calls to access resources in the account
+ // that owns the role. You cannot use session policies to grant more permissions
+ // than those allowed by the identity-based policy of the role that is being
+ // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ PolicyArns []*PolicyDescriptorType `type:"list"`
+
+ // A list of previously acquired trusted context assertions in the format of
+ // a JSON array. The trusted context assertion is signed and encrypted by Amazon
+ // Web Services STS.
+ //
+ // The following is an example of a ProvidedContext value that includes a single
+ // trusted context assertion and the ARN of the context provider from which
+ // the trusted context assertion was generated.
+ //
+ // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
+ ProvidedContexts []*ProvidedContext `type:"list"`
+
+ // The Amazon Resource Name (ARN) of the role to assume.
+ //
+ // RoleArn is a required field
+ RoleArn *string `min:"20" type:"string" required:"true"`
+
+ // An identifier for the assumed role session.
+ //
+ // Use the role session name to uniquely identify a session when the same role
+ // is assumed by different principals or for different reasons. In cross-account
+ // scenarios, the role session name is visible to, and can be logged by the
+ // account that owns the role. The role session name is also used in the ARN
+ // of the assumed role principal. This means that subsequent cross-account API
+ // requests that use the temporary security credentials will expose the role
+ // session name to the external account in their CloudTrail logs.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ //
+ // RoleSessionName is a required field
+ RoleSessionName *string `min:"2" type:"string" required:"true"`
+
+ // The identification number of the MFA device that is associated with the user
+ // who is making the AssumeRole call. Specify this value if the trust policy
+ // of the role being assumed includes a condition that requires MFA authentication.
+ // The value is either the serial number for a hardware device (such as GAHT12345678)
+ // or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ SerialNumber *string `min:"9" type:"string"`
+
+ // The source identity specified by the principal that is calling the AssumeRole
+ // operation.
+ //
+ // You can require users to specify a source identity when they assume a role.
+ // You do this by using the sts:SourceIdentity condition key in a role trust
+ // policy. You can use source identity information in CloudTrail logs to determine
+ // who took actions with a role. You can use the aws:SourceIdentity condition
+ // key to further control access to Amazon Web Services resources based on the
+ // value of source identity. For more information about using source identity,
+ // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+ // in the IAM User Guide.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-. You cannot
+ // use a value that begins with the text aws:. This prefix is reserved for Amazon
+ // Web Services internal use.
+ SourceIdentity *string `min:"2" type:"string"`
+
+ // A list of session tags that you want to pass. Each session tag consists of
+ // a key name and an associated value. For more information about session tags,
+ // see Tagging Amazon Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. You can pass up to 50 session tags. The plaintext
+ // session tag keys can’t exceed 128 characters, and the values can’t exceed
+ // 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ //
+ // You can pass a session tag with the same key as a tag that is already attached
+ // to the role. When you do, session tags override a role tag with the same
+ // key.
+ //
+ // Tag key–value pairs are not case sensitive, but case is preserved. This
+ // means that you cannot have separate Department and department tag keys. Assume
+ // that the role has the Department=Marketing tag and you pass the department=engineering
+ // session tag. Department and department are not saved as separate tags, and
+ // the session tag passed in the request takes precedence over the role tag.
+ //
+ // Additionally, if you used temporary credentials to perform this operation,
+ // the new session inherits any transitive session tags from the calling session.
+ // If you pass a session tag with the same key as an inherited tag, the operation
+ // fails. To view the inherited tags for a session, see the CloudTrail logs.
+ // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs)
+ // in the IAM User Guide.
+ Tags []*Tag `type:"list"`
+
+ // The value provided by the MFA device, if the trust policy of the role being
+ // assumed requires MFA. (In other words, if the policy includes a condition
+ // that tests for MFA). If the role being assumed requires MFA and if the TokenCode
+ // value is missing or expired, the AssumeRole call returns an "access denied"
+ // error.
+ //
+ // The format for this parameter, as described by its regex pattern, is a sequence
+ // of six numeric digits.
+ TokenCode *string `min:"6" type:"string"`
+
+ // A list of keys for session tags that you want to set as transitive. If you
+ // set a tag key as transitive, the corresponding key and value passes to subsequent
+ // sessions in a role chain. For more information, see Chaining Roles with Session
+ // Tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. When you set session tags as transitive, the
+ // session policy and session tags packed binary limit is not affected.
+ //
+ // If you choose not to specify a transitive tag key, then no tags are passed
+ // from this session to any subsequent sessions.
+ TransitiveTagKeys []*string `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssumeRoleInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AssumeRoleInput"}
+ if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+ invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+ }
+ if s.ExternalId != nil && len(*s.ExternalId) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("ExternalId", 2))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.RoleArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+ }
+ if s.RoleArn != nil && len(*s.RoleArn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
+ }
+ if s.RoleSessionName == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleSessionName"))
+ }
+ if s.RoleSessionName != nil && len(*s.RoleSessionName) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleSessionName", 2))
+ }
+ if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
+ invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
+ }
+ if s.SourceIdentity != nil && len(*s.SourceIdentity) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("SourceIdentity", 2))
+ }
+ if s.TokenCode != nil && len(*s.TokenCode) < 6 {
+ invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
+ }
+ if s.PolicyArns != nil {
+ for i, v := range s.PolicyArns {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+ if s.ProvidedContexts != nil {
+ for i, v := range s.ProvidedContexts {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ProvidedContexts", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *AssumeRoleInput) SetDurationSeconds(v int64) *AssumeRoleInput {
+ s.DurationSeconds = &v
+ return s
+}
+
+// SetExternalId sets the ExternalId field's value.
+func (s *AssumeRoleInput) SetExternalId(v string) *AssumeRoleInput {
+ s.ExternalId = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *AssumeRoleInput) SetPolicy(v string) *AssumeRoleInput {
+ s.Policy = &v
+ return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleInput {
+ s.PolicyArns = v
+ return s
+}
+
+// SetProvidedContexts sets the ProvidedContexts field's value.
+func (s *AssumeRoleInput) SetProvidedContexts(v []*ProvidedContext) *AssumeRoleInput {
+ s.ProvidedContexts = v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *AssumeRoleInput) SetRoleArn(v string) *AssumeRoleInput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetRoleSessionName sets the RoleSessionName field's value.
+func (s *AssumeRoleInput) SetRoleSessionName(v string) *AssumeRoleInput {
+ s.RoleSessionName = &v
+ return s
+}
+
+// SetSerialNumber sets the SerialNumber field's value.
+func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput {
+ s.SerialNumber = &v
+ return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleInput) SetSourceIdentity(v string) *AssumeRoleInput {
+ s.SourceIdentity = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput {
+ s.Tags = v
+ return s
+}
+
+// SetTokenCode sets the TokenCode field's value.
+func (s *AssumeRoleInput) SetTokenCode(v string) *AssumeRoleInput {
+ s.TokenCode = &v
+ return s
+}
+
+// SetTransitiveTagKeys sets the TransitiveTagKeys field's value.
+func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput {
+ s.TransitiveTagKeys = v
+ return s
+}
+
+// Contains the response to a successful AssumeRole request, including temporary
+// Amazon Web Services credentials that can be used to make Amazon Web Services
+// requests.
+type AssumeRoleOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
+ // that you can use to refer to the resulting temporary security credentials.
+ // For example, you can reference these credentials as a principal in a resource-based
+ // policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName
+ // that you specified when you called AssumeRole.
+ AssumedRoleUser *AssumedRoleUser `type:"structure"`
+
+ // The temporary security credentials, which include an access key ID, a secret
+ // access key, and a security (or session) token.
+ //
+ // The size of the security token that STS API operations return is not fixed.
+ // We strongly recommend that you make no assumptions about the maximum size.
+ Credentials *Credentials `type:"structure"`
+
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
+ PackedPolicySize *int64 `type:"integer"`
+
+ // The source identity specified by the principal that is calling the AssumeRole
+ // operation.
+ //
+ // You can require users to specify a source identity when they assume a role.
+ // You do this by using the sts:SourceIdentity condition key in a role trust
+ // policy. You can use source identity information in CloudTrail logs to determine
+ // who took actions with a role. You can use the aws:SourceIdentity condition
+ // key to further control access to Amazon Web Services resources based on the
+ // value of source identity. For more information about using source identity,
+ // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+ // in the IAM User Guide.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ SourceIdentity *string `min:"2" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleOutput) GoString() string {
+ return s.String()
+}
+
+// SetAssumedRoleUser sets the AssumedRoleUser field's value.
+func (s *AssumeRoleOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleOutput {
+ s.AssumedRoleUser = v
+ return s
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *AssumeRoleOutput) SetCredentials(v *Credentials) *AssumeRoleOutput {
+ s.Credentials = v
+ return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
+ s.PackedPolicySize = &v
+ return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleOutput) SetSourceIdentity(v string) *AssumeRoleOutput {
+ s.SourceIdentity = &v
+ return s
+}
+
+type AssumeRoleWithSAMLInput struct {
+ _ struct{} `type:"structure"`
+
+ // The duration, in seconds, of the role session. Your role session lasts for
+ // the duration that you specify for the DurationSeconds parameter, or until
+ // the time specified in the SAML authentication response's SessionNotOnOrAfter
+ // value, whichever is shorter. You can provide a DurationSeconds value from
+ // 900 seconds (15 minutes) up to the maximum session duration setting for the
+ // role. This setting can have a value from 1 hour to 12 hours. If you specify
+ // a value higher than this setting, the operation fails. For example, if you
+ // specify a session duration of 12 hours, but your administrator set the maximum
+ // session duration to 6 hours, your operation fails. To learn how to view the
+ // maximum value for your role, see View the Maximum Session Duration Setting
+ // for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+ // in the IAM User Guide.
+ //
+ // By default, the value is set to 3600 seconds.
+ //
+ // The DurationSeconds parameter is separate from the duration of a console
+ // session that you might request using the returned credentials. The request
+ // to the federation endpoint for a console sign-in token takes a SessionDuration
+ // parameter that specifies the maximum length of the console session. For more
+ // information, see Creating a URL that Enables Federated Users to Access the
+ // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+ // in the IAM User Guide.
+ DurationSeconds *int64 `min:"900" type:"integer"`
+
+ // An IAM policy in JSON format that you want to use as an inline session policy.
+ //
+ // This parameter is optional. Passing policies to this operation returns new
+ // temporary credentials. The resulting session's permissions are the intersection
+ // of the role's identity-based policy and the session policies. You can use
+ // the role's temporary credentials in subsequent Amazon Web Services API calls
+ // to access resources in the account that owns the role. You cannot use session
+ // policies to grant more permissions than those allowed by the identity-based
+ // policy of the role that is being assumed. For more information, see Session
+ // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ //
+ // The plaintext that you use for both inline and managed session policies can't
+ // exceed 2,048 characters. The JSON policy characters can be any ASCII character
+ // from the space character to the end of the valid character list (\u0020 through
+ // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+ // return (\u000D) characters.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ Policy *string `min:"1" type:"string"`
+
+ // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+ // to use as managed session policies. The policies must exist in the same account
+ // as the role.
+ //
+ // This parameter is optional. You can provide up to 10 managed policy ARNs.
+ // However, the plaintext that you use for both inline and managed session policies
+ // can't exceed 2,048 characters. For more information about ARNs, see Amazon
+ // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ //
+ // Passing policies to this operation returns new temporary credentials. The
+ // resulting session's permissions are the intersection of the role's identity-based
+ // policy and the session policies. You can use the role's temporary credentials
+ // in subsequent Amazon Web Services API calls to access resources in the account
+ // that owns the role. You cannot use session policies to grant more permissions
+ // than those allowed by the identity-based policy of the role that is being
+ // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ PolicyArns []*PolicyDescriptorType `type:"list"`
+
+ // The Amazon Resource Name (ARN) of the SAML provider in IAM that describes
+ // the IdP.
+ //
+ // PrincipalArn is a required field
+ PrincipalArn *string `min:"20" type:"string" required:"true"`
+
+ // The Amazon Resource Name (ARN) of the role that the caller is assuming.
+ //
+ // RoleArn is a required field
+ RoleArn *string `min:"20" type:"string" required:"true"`
+
+ // The base64 encoded SAML authentication response provided by the IdP.
+ //
+ // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html)
+ // in the IAM User Guide.
+ //
+ // SAMLAssertion is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by AssumeRoleWithSAMLInput's
+ // String and GoString methods.
+ //
+ // SAMLAssertion is a required field
+ SAMLAssertion *string `min:"4" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssumeRoleWithSAMLInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AssumeRoleWithSAMLInput"}
+ if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+ invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.PrincipalArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("PrincipalArn"))
+ }
+ if s.PrincipalArn != nil && len(*s.PrincipalArn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("PrincipalArn", 20))
+ }
+ if s.RoleArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+ }
+ if s.RoleArn != nil && len(*s.RoleArn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
+ }
+ if s.SAMLAssertion == nil {
+ invalidParams.Add(request.NewErrParamRequired("SAMLAssertion"))
+ }
+ if s.SAMLAssertion != nil && len(*s.SAMLAssertion) < 4 {
+ invalidParams.Add(request.NewErrParamMinLen("SAMLAssertion", 4))
+ }
+ if s.PolicyArns != nil {
+ for i, v := range s.PolicyArns {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *AssumeRoleWithSAMLInput) SetDurationSeconds(v int64) *AssumeRoleWithSAMLInput {
+ s.DurationSeconds = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *AssumeRoleWithSAMLInput) SetPolicy(v string) *AssumeRoleWithSAMLInput {
+ s.Policy = &v
+ return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleWithSAMLInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithSAMLInput {
+ s.PolicyArns = v
+ return s
+}
+
+// SetPrincipalArn sets the PrincipalArn field's value.
+func (s *AssumeRoleWithSAMLInput) SetPrincipalArn(v string) *AssumeRoleWithSAMLInput {
+ s.PrincipalArn = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *AssumeRoleWithSAMLInput) SetRoleArn(v string) *AssumeRoleWithSAMLInput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetSAMLAssertion sets the SAMLAssertion field's value.
+func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAMLInput {
+ s.SAMLAssertion = &v
+ return s
+}
+
+// Contains the response to a successful AssumeRoleWithSAML request, including
+// temporary Amazon Web Services credentials that can be used to make Amazon
+// Web Services requests.
+type AssumeRoleWithSAMLOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The identifiers for the temporary security credentials that the operation
+ // returns.
+ AssumedRoleUser *AssumedRoleUser `type:"structure"`
+
+ // The value of the Recipient attribute of the SubjectConfirmationData element
+ // of the SAML assertion.
+ Audience *string `type:"string"`
+
+ // The temporary security credentials, which include an access key ID, a secret
+ // access key, and a security (or session) token.
+ //
+ // The size of the security token that STS API operations return is not fixed.
+ // We strongly recommend that you make no assumptions about the maximum size.
+ Credentials *Credentials `type:"structure"`
+
+ // The value of the Issuer element of the SAML assertion.
+ Issuer *string `type:"string"`
+
+ // A hash value based on the concatenation of the following:
+ //
+ // * The Issuer response value.
+ //
+ // * The Amazon Web Services account ID.
+ //
+ // * The friendly name (the last part of the ARN) of the SAML provider in
+ // IAM.
+ //
+ // The combination of NameQualifier and Subject can be used to uniquely identify
+ // a user.
+ //
+ // The following pseudocode shows how the hash value is calculated:
+ //
+ // BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP"
+ // ) )
+ NameQualifier *string `type:"string"`
+
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
+ PackedPolicySize *int64 `type:"integer"`
+
+ // The value in the SourceIdentity attribute in the SAML assertion.
+ //
+ // You can require users to set a source identity value when they assume a role.
+ // You do this by using the sts:SourceIdentity condition key in a role trust
+ // policy. That way, actions that are taken with the role are associated with
+ // that user. After the source identity is set, the value cannot be changed.
+ // It is present in the request for all actions that are taken by the role and
+ // persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
+ // sessions. You can configure your SAML identity provider to use an attribute
+ // associated with your users, like user name or email, as the source identity
+ // when calling AssumeRoleWithSAML. You do this by adding an attribute to the
+ // SAML assertion. For more information about using source identity, see Monitor
+ // and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+ // in the IAM User Guide.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ SourceIdentity *string `min:"2" type:"string"`
+
+ // The value of the NameID element in the Subject element of the SAML assertion.
+ Subject *string `type:"string"`
+
+ // The format of the name ID, as defined by the Format attribute in the NameID
+ // element of the SAML assertion. Typical examples of the format are transient
+ // or persistent.
+ //
+ // If the format includes the prefix urn:oasis:names:tc:SAML:2.0:nameid-format,
+ // that prefix is removed. For example, urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ // is returned as transient. If the format includes any other prefix, the format
+ // is returned with no modifications.
+ SubjectType *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithSAMLOutput) GoString() string {
+ return s.String()
+}
+
+// SetAssumedRoleUser sets the AssumedRoleUser field's value.
+func (s *AssumeRoleWithSAMLOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleWithSAMLOutput {
+ s.AssumedRoleUser = v
+ return s
+}
+
+// SetAudience sets the Audience field's value.
+func (s *AssumeRoleWithSAMLOutput) SetAudience(v string) *AssumeRoleWithSAMLOutput {
+ s.Audience = &v
+ return s
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *AssumeRoleWithSAMLOutput) SetCredentials(v *Credentials) *AssumeRoleWithSAMLOutput {
+ s.Credentials = v
+ return s
+}
+
+// SetIssuer sets the Issuer field's value.
+func (s *AssumeRoleWithSAMLOutput) SetIssuer(v string) *AssumeRoleWithSAMLOutput {
+ s.Issuer = &v
+ return s
+}
+
+// SetNameQualifier sets the NameQualifier field's value.
+func (s *AssumeRoleWithSAMLOutput) SetNameQualifier(v string) *AssumeRoleWithSAMLOutput {
+ s.NameQualifier = &v
+ return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *AssumeRoleWithSAMLOutput) SetPackedPolicySize(v int64) *AssumeRoleWithSAMLOutput {
+ s.PackedPolicySize = &v
+ return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleWithSAMLOutput) SetSourceIdentity(v string) *AssumeRoleWithSAMLOutput {
+ s.SourceIdentity = &v
+ return s
+}
+
+// SetSubject sets the Subject field's value.
+func (s *AssumeRoleWithSAMLOutput) SetSubject(v string) *AssumeRoleWithSAMLOutput {
+ s.Subject = &v
+ return s
+}
+
+// SetSubjectType sets the SubjectType field's value.
+func (s *AssumeRoleWithSAMLOutput) SetSubjectType(v string) *AssumeRoleWithSAMLOutput {
+ s.SubjectType = &v
+ return s
+}
+
+type AssumeRoleWithWebIdentityInput struct {
+ _ struct{} `type:"structure"`
+
+ // The duration, in seconds, of the role session. The value can range from 900
+ // seconds (15 minutes) up to the maximum session duration setting for the role.
+ // This setting can have a value from 1 hour to 12 hours. If you specify a value
+ // higher than this setting, the operation fails. For example, if you specify
+ // a session duration of 12 hours, but your administrator set the maximum session
+ // duration to 6 hours, your operation fails. To learn how to view the maximum
+ // value for your role, see View the Maximum Session Duration Setting for a
+ // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
+ // in the IAM User Guide.
+ //
+ // By default, the value is set to 3600 seconds.
+ //
+ // The DurationSeconds parameter is separate from the duration of a console
+ // session that you might request using the returned credentials. The request
+ // to the federation endpoint for a console sign-in token takes a SessionDuration
+ // parameter that specifies the maximum length of the console session. For more
+ // information, see Creating a URL that Enables Federated Users to Access the
+ // Amazon Web Services Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
+ // in the IAM User Guide.
+ DurationSeconds *int64 `min:"900" type:"integer"`
+
+ // An IAM policy in JSON format that you want to use as an inline session policy.
+ //
+ // This parameter is optional. Passing policies to this operation returns new
+ // temporary credentials. The resulting session's permissions are the intersection
+ // of the role's identity-based policy and the session policies. You can use
+ // the role's temporary credentials in subsequent Amazon Web Services API calls
+ // to access resources in the account that owns the role. You cannot use session
+ // policies to grant more permissions than those allowed by the identity-based
+ // policy of the role that is being assumed. For more information, see Session
+ // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ //
+ // The plaintext that you use for both inline and managed session policies can't
+ // exceed 2,048 characters. The JSON policy characters can be any ASCII character
+ // from the space character to the end of the valid character list (\u0020 through
+ // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+ // return (\u000D) characters.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ Policy *string `min:"1" type:"string"`
+
+ // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+ // to use as managed session policies. The policies must exist in the same account
+ // as the role.
+ //
+ // This parameter is optional. You can provide up to 10 managed policy ARNs.
+ // However, the plaintext that you use for both inline and managed session policies
+ // can't exceed 2,048 characters. For more information about ARNs, see Amazon
+ // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ //
+ // Passing policies to this operation returns new temporary credentials. The
+ // resulting session's permissions are the intersection of the role's identity-based
+ // policy and the session policies. You can use the role's temporary credentials
+ // in subsequent Amazon Web Services API calls to access resources in the account
+ // that owns the role. You cannot use session policies to grant more permissions
+ // than those allowed by the identity-based policy of the role that is being
+ // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ PolicyArns []*PolicyDescriptorType `type:"list"`
+
+ // The fully qualified host component of the domain name of the OAuth 2.0 identity
+ // provider. Do not specify this value for an OpenID Connect identity provider.
+ //
+ // Currently www.amazon.com and graph.facebook.com are the only supported identity
+ // providers for OAuth 2.0 access tokens. Do not include URL schemes and port
+ // numbers.
+ //
+ // Do not specify this value for OpenID Connect ID tokens.
+ ProviderId *string `min:"4" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the role that the caller is assuming.
+ //
+ // RoleArn is a required field
+ RoleArn *string `min:"20" type:"string" required:"true"`
+
+ // An identifier for the assumed role session. Typically, you pass the name
+ // or identifier that is associated with the user who is using your application.
+ // That way, the temporary security credentials that your application will use
+ // are associated with that user. This session name is included as part of the
+ // ARN and assumed role ID in the AssumedRoleUser response element.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ //
+ // RoleSessionName is a required field
+ RoleSessionName *string `min:"2" type:"string" required:"true"`
+
+ // The OAuth 2.0 access token or OpenID Connect ID token that is provided by
+ // the identity provider. Your application must get this token by authenticating
+ // the user who is using your application with a web identity provider before
+ // the application makes an AssumeRoleWithWebIdentity call. Only tokens with
+ // RSA algorithms (RS256) are supported.
+ //
+ // WebIdentityToken is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by AssumeRoleWithWebIdentityInput's
+ // String and GoString methods.
+ //
+ // WebIdentityToken is a required field
+ WebIdentityToken *string `min:"4" type:"string" required:"true" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *AssumeRoleWithWebIdentityInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "AssumeRoleWithWebIdentityInput"}
+ if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+ invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.ProviderId != nil && len(*s.ProviderId) < 4 {
+ invalidParams.Add(request.NewErrParamMinLen("ProviderId", 4))
+ }
+ if s.RoleArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleArn"))
+ }
+ if s.RoleArn != nil && len(*s.RoleArn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleArn", 20))
+ }
+ if s.RoleSessionName == nil {
+ invalidParams.Add(request.NewErrParamRequired("RoleSessionName"))
+ }
+ if s.RoleSessionName != nil && len(*s.RoleSessionName) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("RoleSessionName", 2))
+ }
+ if s.WebIdentityToken == nil {
+ invalidParams.Add(request.NewErrParamRequired("WebIdentityToken"))
+ }
+ if s.WebIdentityToken != nil && len(*s.WebIdentityToken) < 4 {
+ invalidParams.Add(request.NewErrParamMinLen("WebIdentityToken", 4))
+ }
+ if s.PolicyArns != nil {
+ for i, v := range s.PolicyArns {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetDurationSeconds(v int64) *AssumeRoleWithWebIdentityInput {
+ s.DurationSeconds = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetPolicy(v string) *AssumeRoleWithWebIdentityInput {
+ s.Policy = &v
+ return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetPolicyArns(v []*PolicyDescriptorType) *AssumeRoleWithWebIdentityInput {
+ s.PolicyArns = v
+ return s
+}
+
+// SetProviderId sets the ProviderId field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetProviderId(v string) *AssumeRoleWithWebIdentityInput {
+ s.ProviderId = &v
+ return s
+}
+
+// SetRoleArn sets the RoleArn field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetRoleArn(v string) *AssumeRoleWithWebIdentityInput {
+ s.RoleArn = &v
+ return s
+}
+
+// SetRoleSessionName sets the RoleSessionName field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetRoleSessionName(v string) *AssumeRoleWithWebIdentityInput {
+ s.RoleSessionName = &v
+ return s
+}
+
+// SetWebIdentityToken sets the WebIdentityToken field's value.
+func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRoleWithWebIdentityInput {
+ s.WebIdentityToken = &v
+ return s
+}
+
+// Contains the response to a successful AssumeRoleWithWebIdentity request,
+// including temporary Amazon Web Services credentials that can be used to make
+// Amazon Web Services requests.
+type AssumeRoleWithWebIdentityOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
+ // that you can use to refer to the resulting temporary security credentials.
+ // For example, you can reference these credentials as a principal in a resource-based
+ // policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName
+ // that you specified when you called AssumeRole.
+ AssumedRoleUser *AssumedRoleUser `type:"structure"`
+
+ // The intended audience (also known as client ID) of the web identity token.
+ // This is traditionally the client identifier issued to the application that
+ // requested the web identity token.
+ Audience *string `type:"string"`
+
+ // The temporary security credentials, which include an access key ID, a secret
+ // access key, and a security token.
+ //
+ // The size of the security token that STS API operations return is not fixed.
+ // We strongly recommend that you make no assumptions about the maximum size.
+ Credentials *Credentials `type:"structure"`
+
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
+ PackedPolicySize *int64 `type:"integer"`
+
+ // The issuing authority of the web identity token presented. For OpenID Connect
+ // ID tokens, this contains the value of the iss field. For OAuth 2.0 access
+ // tokens, this contains the value of the ProviderId parameter that was passed
+ // in the AssumeRoleWithWebIdentity request.
+ Provider *string `type:"string"`
+
+ // The value of the source identity that is returned in the JSON web token (JWT)
+ // from the identity provider.
+ //
+ // You can require users to set a source identity value when they assume a role.
+ // You do this by using the sts:SourceIdentity condition key in a role trust
+ // policy. That way, actions that are taken with the role are associated with
+ // that user. After the source identity is set, the value cannot be changed.
+ // It is present in the request for all actions that are taken by the role and
+ // persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining)
+ // sessions. You can configure your identity provider to use an attribute associated
+ // with your users, like user name or email, as the source identity when calling
+ // AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web
+ // token. To learn more about OIDC tokens and claims, see Using Tokens with
+ // User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html)
+ // in the Amazon Cognito Developer Guide. For more information about using source
+ // identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html)
+ // in the IAM User Guide.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ SourceIdentity *string `min:"2" type:"string"`
+
+ // The unique user identifier that is returned by the identity provider. This
+ // identifier is associated with the WebIdentityToken that was submitted with
+ // the AssumeRoleWithWebIdentity call. The identifier is typically unique to
+ // the user and the application that acquired the WebIdentityToken (pairwise
+ // identifier). For OpenID Connect ID tokens, this field contains the value
+ // returned by the identity provider as the token's sub (Subject) claim.
+ SubjectFromWebIdentityToken *string `min:"6" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumeRoleWithWebIdentityOutput) GoString() string {
+ return s.String()
+}
+
+// SetAssumedRoleUser sets the AssumedRoleUser field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleWithWebIdentityOutput {
+ s.AssumedRoleUser = v
+ return s
+}
+
+// SetAudience sets the Audience field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetAudience(v string) *AssumeRoleWithWebIdentityOutput {
+ s.Audience = &v
+ return s
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetCredentials(v *Credentials) *AssumeRoleWithWebIdentityOutput {
+ s.Credentials = v
+ return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetPackedPolicySize(v int64) *AssumeRoleWithWebIdentityOutput {
+ s.PackedPolicySize = &v
+ return s
+}
+
+// SetProvider sets the Provider field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetProvider(v string) *AssumeRoleWithWebIdentityOutput {
+ s.Provider = &v
+ return s
+}
+
+// SetSourceIdentity sets the SourceIdentity field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetSourceIdentity(v string) *AssumeRoleWithWebIdentityOutput {
+ s.SourceIdentity = &v
+ return s
+}
+
+// SetSubjectFromWebIdentityToken sets the SubjectFromWebIdentityToken field's value.
+func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v string) *AssumeRoleWithWebIdentityOutput {
+ s.SubjectFromWebIdentityToken = &v
+ return s
+}
+
+// The identifiers for the temporary security credentials that the operation
+// returns.
+type AssumedRoleUser struct {
+ _ struct{} `type:"structure"`
+
+ // The ARN of the temporary security credentials that are returned from the
+ // AssumeRole action. For more information about ARNs and how to use them in
+ // policies, see IAM Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+ // in the IAM User Guide.
+ //
+ // Arn is a required field
+ Arn *string `min:"20" type:"string" required:"true"`
+
+ // A unique identifier that contains the role ID and the role session name of
+ // the role that is being assumed. The role ID is generated by Amazon Web Services
+ // when the role is created.
+ //
+ // AssumedRoleId is a required field
+ AssumedRoleId *string `min:"2" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumedRoleUser) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AssumedRoleUser) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *AssumedRoleUser) SetArn(v string) *AssumedRoleUser {
+ s.Arn = &v
+ return s
+}
+
+// SetAssumedRoleId sets the AssumedRoleId field's value.
+func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser {
+ s.AssumedRoleId = &v
+ return s
+}
+
+// Amazon Web Services credentials for API authentication.
+type Credentials struct {
+ _ struct{} `type:"structure"`
+
+ // The access key ID that identifies the temporary security credentials.
+ //
+ // AccessKeyId is a required field
+ AccessKeyId *string `min:"16" type:"string" required:"true"`
+
+ // The date on which the current credentials expire.
+ //
+ // Expiration is a required field
+ Expiration *time.Time `type:"timestamp" required:"true"`
+
+ // The secret access key that can be used to sign requests.
+ //
+ // SecretAccessKey is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by Credentials's
+ // String and GoString methods.
+ //
+ // SecretAccessKey is a required field
+ SecretAccessKey *string `type:"string" required:"true" sensitive:"true"`
+
+ // The token that users must pass to the service API to use the temporary credentials.
+ //
+ // SessionToken is a required field
+ SessionToken *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Credentials) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Credentials) GoString() string {
+ return s.String()
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *Credentials) SetAccessKeyId(v string) *Credentials {
+ s.AccessKeyId = &v
+ return s
+}
+
+// SetExpiration sets the Expiration field's value.
+func (s *Credentials) SetExpiration(v time.Time) *Credentials {
+ s.Expiration = &v
+ return s
+}
+
+// SetSecretAccessKey sets the SecretAccessKey field's value.
+func (s *Credentials) SetSecretAccessKey(v string) *Credentials {
+ s.SecretAccessKey = &v
+ return s
+}
+
+// SetSessionToken sets the SessionToken field's value.
+func (s *Credentials) SetSessionToken(v string) *Credentials {
+ s.SessionToken = &v
+ return s
+}
+
+type DecodeAuthorizationMessageInput struct {
+ _ struct{} `type:"structure"`
+
+ // The encoded message that was returned with the response.
+ //
+ // EncodedMessage is a required field
+ EncodedMessage *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DecodeAuthorizationMessageInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DecodeAuthorizationMessageInput"}
+ if s.EncodedMessage == nil {
+ invalidParams.Add(request.NewErrParamRequired("EncodedMessage"))
+ }
+ if s.EncodedMessage != nil && len(*s.EncodedMessage) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("EncodedMessage", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetEncodedMessage sets the EncodedMessage field's value.
+func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAuthorizationMessageInput {
+ s.EncodedMessage = &v
+ return s
+}
+
+// A document that contains additional information about the authorization status
+// of a request from an encoded message that is returned in response to an Amazon
+// Web Services request.
+type DecodeAuthorizationMessageOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The API returns a response with the decoded message.
+ DecodedMessage *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DecodeAuthorizationMessageOutput) GoString() string {
+ return s.String()
+}
+
+// SetDecodedMessage sets the DecodedMessage field's value.
+func (s *DecodeAuthorizationMessageOutput) SetDecodedMessage(v string) *DecodeAuthorizationMessageOutput {
+ s.DecodedMessage = &v
+ return s
+}
+
+// Identifiers for the federated user that is associated with the credentials.
+type FederatedUser struct {
+ _ struct{} `type:"structure"`
+
+ // The ARN that specifies the federated user that is associated with the credentials.
+ // For more information about ARNs and how to use them in policies, see IAM
+ // Identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html)
+ // in the IAM User Guide.
+ //
+ // Arn is a required field
+ Arn *string `min:"20" type:"string" required:"true"`
+
+ // The string that identifies the federated user associated with the credentials,
+ // similar to the unique ID of an IAM user.
+ //
+ // FederatedUserId is a required field
+ FederatedUserId *string `min:"2" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FederatedUser) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s FederatedUser) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *FederatedUser) SetArn(v string) *FederatedUser {
+ s.Arn = &v
+ return s
+}
+
+// SetFederatedUserId sets the FederatedUserId field's value.
+func (s *FederatedUser) SetFederatedUserId(v string) *FederatedUser {
+ s.FederatedUserId = &v
+ return s
+}
+
+type GetAccessKeyInfoInput struct {
+ _ struct{} `type:"structure"`
+
+ // The identifier of an access key.
+ //
+ // This parameter allows (through its regex pattern) a string of characters
+ // that can consist of any upper- or lowercase letter or digit.
+ //
+ // AccessKeyId is a required field
+ AccessKeyId *string `min:"16" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetAccessKeyInfoInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetAccessKeyInfoInput"}
+ if s.AccessKeyId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AccessKeyId"))
+ }
+ if s.AccessKeyId != nil && len(*s.AccessKeyId) < 16 {
+ invalidParams.Add(request.NewErrParamMinLen("AccessKeyId", 16))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAccessKeyId sets the AccessKeyId field's value.
+func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput {
+ s.AccessKeyId = &v
+ return s
+}
+
+type GetAccessKeyInfoOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The number used to identify the Amazon Web Services account.
+ Account *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetAccessKeyInfoOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *GetAccessKeyInfoOutput) SetAccount(v string) *GetAccessKeyInfoOutput {
+ s.Account = &v
+ return s
+}
+
+type GetCallerIdentityInput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityInput) GoString() string {
+ return s.String()
+}
+
+// Contains the response to a successful GetCallerIdentity request, including
+// information about the entity making the request.
+type GetCallerIdentityOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Web Services account ID number of the account that owns or contains
+ // the calling entity.
+ Account *string `type:"string"`
+
+ // The Amazon Web Services ARN associated with the calling entity.
+ Arn *string `min:"20" type:"string"`
+
+ // The unique identifier of the calling entity. The exact value depends on the
+ // type of entity that is making the call. The values returned are those listed
+ // in the aws:userid column in the Principal table (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
+ // found on the Policy Variables reference page in the IAM User Guide.
+ UserId *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetCallerIdentityOutput) GoString() string {
+ return s.String()
+}
+
+// SetAccount sets the Account field's value.
+func (s *GetCallerIdentityOutput) SetAccount(v string) *GetCallerIdentityOutput {
+ s.Account = &v
+ return s
+}
+
+// SetArn sets the Arn field's value.
+func (s *GetCallerIdentityOutput) SetArn(v string) *GetCallerIdentityOutput {
+ s.Arn = &v
+ return s
+}
+
+// SetUserId sets the UserId field's value.
+func (s *GetCallerIdentityOutput) SetUserId(v string) *GetCallerIdentityOutput {
+ s.UserId = &v
+ return s
+}
+
+type GetFederationTokenInput struct {
+ _ struct{} `type:"structure"`
+
+ // The duration, in seconds, that the session should last. Acceptable durations
+ // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds
+ // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained
+ // using root user credentials are restricted to a maximum of 3,600 seconds
+ // (one hour). If the specified duration is longer than one hour, the session
+ // obtained by using root user credentials defaults to one hour.
+ DurationSeconds *int64 `min:"900" type:"integer"`
+
+ // The name of the federated user. The name is used as an identifier for the
+ // temporary security credentials (such as Bob). For example, you can reference
+ // the federated user name in a resource-based policy, such as in an Amazon
+ // S3 bucket policy.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@-
+ //
+ // Name is a required field
+ Name *string `min:"2" type:"string" required:"true"`
+
+ // An IAM policy in JSON format that you want to use as an inline session policy.
+ //
+ // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // to this operation. You can pass a single JSON policy document to use as an
+ // inline session policy. You can also specify up to 10 managed policy Amazon
+ // Resource Names (ARNs) to use as managed session policies.
+ //
+ // This parameter is optional. However, if you do not pass any session policies,
+ // then the resulting federated user session has no permissions.
+ //
+ // When you pass session policies, the session permissions are the intersection
+ // of the IAM user policies and the session policies that you pass. This gives
+ // you a way to further restrict the permissions for a federated user. You cannot
+ // use session policies to grant more permissions than those that are defined
+ // in the permissions policy of the IAM user. For more information, see Session
+ // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ //
+ // The resulting credentials can be used to access a resource that has a resource-based
+ // policy. If that policy specifically references the federated user session
+ // in the Principal element of the policy, the session has the permissions allowed
+ // by the policy. These permissions are granted in addition to the permissions
+ // that are granted by the session policies.
+ //
+ // The plaintext that you use for both inline and managed session policies can't
+ // exceed 2,048 characters. The JSON policy characters can be any ASCII character
+ // from the space character to the end of the valid character list (\u0020 through
+ // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
+ // return (\u000D) characters.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ Policy *string `min:"1" type:"string"`
+
+ // The Amazon Resource Names (ARNs) of the IAM managed policies that you want
+ // to use as a managed session policy. The policies must exist in the same account
+ // as the IAM user that is requesting federated access.
+ //
+ // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // to this operation. You can pass a single JSON policy document to use as an
+ // inline session policy. You can also specify up to 10 managed policy Amazon
+ // Resource Names (ARNs) to use as managed session policies. The plaintext that
+ // you use for both inline and managed session policies can't exceed 2,048 characters.
+ // You can provide up to 10 managed policy ARNs. For more information about
+ // ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces
+ // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ //
+ // This parameter is optional. However, if you do not pass any session policies,
+ // then the resulting federated user session has no permissions.
+ //
+ // When you pass session policies, the session permissions are the intersection
+ // of the IAM user policies and the session policies that you pass. This gives
+ // you a way to further restrict the permissions for a federated user. You cannot
+ // use session policies to grant more permissions than those that are defined
+ // in the permissions policy of the IAM user. For more information, see Session
+ // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
+ // in the IAM User Guide.
+ //
+ // The resulting credentials can be used to access a resource that has a resource-based
+ // policy. If that policy specifically references the federated user session
+ // in the Principal element of the policy, the session has the permissions allowed
+ // by the policy. These permissions are granted in addition to the permissions
+ // that are granted by the session policies.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ PolicyArns []*PolicyDescriptorType `type:"list"`
+
+ // A list of session tags. Each session tag consists of a key name and an associated
+ // value. For more information about session tags, see Passing Session Tags
+ // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // This parameter is optional. You can pass up to 50 session tags. The plaintext
+ // session tag keys can’t exceed 128 characters and the values can’t exceed
+ // 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // An Amazon Web Services conversion compresses the passed inline session policy,
+ // managed policy ARNs, and session tags into a packed binary format that has
+ // a separate limit. Your request can fail for this limit even if your plaintext
+ // meets the other requirements. The PackedPolicySize response element indicates
+ // by percentage how close the policies and tags for your request are to the
+ // upper size limit.
+ //
+ // You can pass a session tag with the same key as a tag that is already attached
+ // to the user you are federating. When you do, session tags override a user
+ // tag with the same key.
+ //
+ // Tag key–value pairs are not case sensitive, but case is preserved. This
+ // means that you cannot have separate Department and department tag keys. Assume
+ // that the role has the Department=Marketing tag and you pass the department=engineering
+ // session tag. Department and department are not saved as separate tags, and
+ // the session tag passed in the request takes precedence over the role tag.
+ Tags []*Tag `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetFederationTokenInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetFederationTokenInput"}
+ if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+ invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+ }
+ if s.Name == nil {
+ invalidParams.Add(request.NewErrParamRequired("Name"))
+ }
+ if s.Name != nil && len(*s.Name) < 2 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 2))
+ }
+ if s.Policy != nil && len(*s.Policy) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
+ }
+ if s.PolicyArns != nil {
+ for i, v := range s.PolicyArns {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "PolicyArns", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+ if s.Tags != nil {
+ for i, v := range s.Tags {
+ if v == nil {
+ continue
+ }
+ if err := v.Validate(); err != nil {
+ invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
+ }
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *GetFederationTokenInput) SetDurationSeconds(v int64) *GetFederationTokenInput {
+ s.DurationSeconds = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *GetFederationTokenInput) SetName(v string) *GetFederationTokenInput {
+ s.Name = &v
+ return s
+}
+
+// SetPolicy sets the Policy field's value.
+func (s *GetFederationTokenInput) SetPolicy(v string) *GetFederationTokenInput {
+ s.Policy = &v
+ return s
+}
+
+// SetPolicyArns sets the PolicyArns field's value.
+func (s *GetFederationTokenInput) SetPolicyArns(v []*PolicyDescriptorType) *GetFederationTokenInput {
+ s.PolicyArns = v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput {
+ s.Tags = v
+ return s
+}
+
+// Contains the response to a successful GetFederationToken request, including
+// temporary Amazon Web Services credentials that can be used to make Amazon
+// Web Services requests.
+type GetFederationTokenOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The temporary security credentials, which include an access key ID, a secret
+ // access key, and a security (or session) token.
+ //
+ // The size of the security token that STS API operations return is not fixed.
+ // We strongly recommend that you make no assumptions about the maximum size.
+ Credentials *Credentials `type:"structure"`
+
+ // Identifiers for the federated user associated with the credentials (such
+ // as arn:aws:sts::123456789012:federated-user/Bob or 123456789012:Bob). You
+ // can use the federated user's ARN in your resource-based policies, such as
+ // an Amazon S3 bucket policy.
+ FederatedUser *FederatedUser `type:"structure"`
+
+ // A percentage value that indicates the packed size of the session policies
+ // and session tags combined passed in the request. The request fails if the
+ // packed size is greater than 100 percent, which means the policies and tags
+ // exceeded the allowed space.
+ PackedPolicySize *int64 `type:"integer"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFederationTokenOutput) GoString() string {
+ return s.String()
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *GetFederationTokenOutput) SetCredentials(v *Credentials) *GetFederationTokenOutput {
+ s.Credentials = v
+ return s
+}
+
+// SetFederatedUser sets the FederatedUser field's value.
+func (s *GetFederationTokenOutput) SetFederatedUser(v *FederatedUser) *GetFederationTokenOutput {
+ s.FederatedUser = v
+ return s
+}
+
+// SetPackedPolicySize sets the PackedPolicySize field's value.
+func (s *GetFederationTokenOutput) SetPackedPolicySize(v int64) *GetFederationTokenOutput {
+ s.PackedPolicySize = &v
+ return s
+}
+
+type GetSessionTokenInput struct {
+ _ struct{} `type:"structure"`
+
+ // The duration, in seconds, that the credentials should remain valid. Acceptable
+ // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
+ // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
+ // for Amazon Web Services account owners are restricted to a maximum of 3,600
+ // seconds (one hour). If the duration is longer than one hour, the session
+ // for Amazon Web Services account owners defaults to one hour.
+ DurationSeconds *int64 `min:"900" type:"integer"`
+
+ // The identification number of the MFA device that is associated with the IAM
+ // user who is making the GetSessionToken call. Specify this value if the IAM
+ // user has a policy that requires MFA authentication. The value is either the
+ // serial number for a hardware device (such as GAHT12345678) or an Amazon Resource
+ // Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
+ // You can find the device for an IAM user by going to the Amazon Web Services
+ // Management Console and viewing the user's security credentials.
+ //
+ // The regex used to validate this parameter is a string of characters consisting
+ // of upper- and lower-case alphanumeric characters with no spaces. You can
+ // also include underscores or any of the following characters: =,.@:/-
+ SerialNumber *string `min:"9" type:"string"`
+
+ // The value provided by the MFA device, if MFA is required. If any policy requires
+ // the IAM user to submit an MFA code, specify this value. If MFA authentication
+ // is required, the user must provide a code when requesting a set of temporary
+ // security credentials. A user who fails to provide the code receives an "access
+ // denied" response when requesting resources that require MFA authentication.
+ //
+ // The format for this parameter, as described by its regex pattern, is a sequence
+ // of six numeric digits.
+ TokenCode *string `min:"6" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetSessionTokenInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetSessionTokenInput"}
+ if s.DurationSeconds != nil && *s.DurationSeconds < 900 {
+ invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900))
+ }
+ if s.SerialNumber != nil && len(*s.SerialNumber) < 9 {
+ invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9))
+ }
+ if s.TokenCode != nil && len(*s.TokenCode) < 6 {
+ invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetDurationSeconds sets the DurationSeconds field's value.
+func (s *GetSessionTokenInput) SetDurationSeconds(v int64) *GetSessionTokenInput {
+ s.DurationSeconds = &v
+ return s
+}
+
+// SetSerialNumber sets the SerialNumber field's value.
+func (s *GetSessionTokenInput) SetSerialNumber(v string) *GetSessionTokenInput {
+ s.SerialNumber = &v
+ return s
+}
+
+// SetTokenCode sets the TokenCode field's value.
+func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput {
+ s.TokenCode = &v
+ return s
+}
+
+// Contains the response to a successful GetSessionToken request, including
+// temporary Amazon Web Services credentials that can be used to make Amazon
+// Web Services requests.
+type GetSessionTokenOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The temporary security credentials, which include an access key ID, a secret
+ // access key, and a security (or session) token.
+ //
+ // The size of the security token that STS API operations return is not fixed.
+ // We strongly recommend that you make no assumptions about the maximum size.
+ Credentials *Credentials `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetSessionTokenOutput) GoString() string {
+ return s.String()
+}
+
+// SetCredentials sets the Credentials field's value.
+func (s *GetSessionTokenOutput) SetCredentials(v *Credentials) *GetSessionTokenOutput {
+ s.Credentials = v
+ return s
+}
+
+// A reference to the IAM managed policy that is passed as a session policy
+// for a role session or a federated user session.
+type PolicyDescriptorType struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
+ // policy for the role. For more information about ARNs, see Amazon Resource
+ // Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
+ // in the Amazon Web Services General Reference.
+ Arn *string `locationName:"arn" min:"20" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PolicyDescriptorType) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s PolicyDescriptorType) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *PolicyDescriptorType) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "PolicyDescriptorType"}
+ if s.Arn != nil && len(*s.Arn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("Arn", 20))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetArn sets the Arn field's value.
+func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType {
+ s.Arn = &v
+ return s
+}
+
+// Contains information about the provided context. This includes the signed
+// and encrypted trusted context assertion and the context provider ARN from
+// which the trusted context assertion was generated.
+type ProvidedContext struct {
+ _ struct{} `type:"structure"`
+
+ // The signed and encrypted trusted context assertion generated by the context
+ // provider. The trusted context assertion is signed and encrypted by Amazon
+ // Web Services STS.
+ ContextAssertion *string `min:"4" type:"string"`
+
+ // The context provider ARN from which the trusted context assertion was generated.
+ ProviderArn *string `min:"20" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProvidedContext) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProvidedContext) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ProvidedContext) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ProvidedContext"}
+ if s.ContextAssertion != nil && len(*s.ContextAssertion) < 4 {
+ invalidParams.Add(request.NewErrParamMinLen("ContextAssertion", 4))
+ }
+ if s.ProviderArn != nil && len(*s.ProviderArn) < 20 {
+ invalidParams.Add(request.NewErrParamMinLen("ProviderArn", 20))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetContextAssertion sets the ContextAssertion field's value.
+func (s *ProvidedContext) SetContextAssertion(v string) *ProvidedContext {
+ s.ContextAssertion = &v
+ return s
+}
+
+// SetProviderArn sets the ProviderArn field's value.
+func (s *ProvidedContext) SetProviderArn(v string) *ProvidedContext {
+ s.ProviderArn = &v
+ return s
+}
+
+// You can pass custom key-value pair attributes when you assume a role or federate
+// a user. These are called session tags. You can then use the session tags
+// to control access to resources. For more information, see Tagging Amazon
+// Web Services STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+// in the IAM User Guide.
+type Tag struct {
+ _ struct{} `type:"structure"`
+
+ // The key for a session tag.
+ //
+ // You can pass up to 50 session tags. The plain text session tag keys can’t
+ // exceed 128 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // Key is a required field
+ Key *string `min:"1" type:"string" required:"true"`
+
+ // The value for a session tag.
+ //
+ // You can pass up to 50 session tags. The plain text session tag values can’t
+ // exceed 256 characters. For these and additional limits, see IAM and STS Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ //
+ // Value is a required field
+ Value *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Tag) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *Tag) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "Tag"}
+ if s.Key == nil {
+ invalidParams.Add(request.NewErrParamRequired("Key"))
+ }
+ if s.Key != nil && len(*s.Key) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Key", 1))
+ }
+ if s.Value == nil {
+ invalidParams.Add(request.NewErrParamRequired("Value"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetKey sets the Key field's value.
+func (s *Tag) SetKey(v string) *Tag {
+ s.Key = &v
+ return s
+}
+
+// SetValue sets the Value field's value.
+func (s *Tag) SetValue(v string) *Tag {
+ s.Value = &v
+ return s
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
new file mode 100644
index 00000000000..d5307fcaa0f
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/customizations.go
@@ -0,0 +1,11 @@
+package sts
+
+import "github.com/aws/aws-sdk-go/aws/request"
+
+func init() {
+ initRequest = customizeRequest
+}
+
+func customizeRequest(r *request.Request) {
+ r.RetryErrorCodes = append(r.RetryErrorCodes, ErrCodeIDPCommunicationErrorException)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
new file mode 100644
index 00000000000..ea1d9eb0ccf
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@@ -0,0 +1,31 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package sts provides the client and types for making API
+// requests to AWS Security Token Service.
+//
+// Security Token Service (STS) enables you to request temporary, limited-privilege
+// credentials for users. This guide provides descriptions of the STS API. For
+// more information about using this service, see Temporary Security Credentials
+// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service.
+//
+// See sts package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
+//
+// # Using the Client
+//
+// To contact AWS Security Token Service with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the AWS Security Token Service client STS for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#New
+package sts
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
new file mode 100644
index 00000000000..b680bbd5d70
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/errors.go
@@ -0,0 +1,84 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+const (
+
+ // ErrCodeExpiredTokenException for service response error code
+ // "ExpiredTokenException".
+ //
+ // The web identity token that was passed is expired or is not valid. Get a
+ // new identity token from the identity provider and then retry the request.
+ ErrCodeExpiredTokenException = "ExpiredTokenException"
+
+ // ErrCodeIDPCommunicationErrorException for service response error code
+ // "IDPCommunicationError".
+ //
+ // The request could not be fulfilled because the identity provider (IDP) that
+ // was asked to verify the incoming identity token could not be reached. This
+ // is often a transient error caused by network conditions. Retry the request
+ // a limited number of times so that you don't exceed the request rate. If the
+ // error persists, the identity provider might be down or not responding.
+ ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
+
+ // ErrCodeIDPRejectedClaimException for service response error code
+ // "IDPRejectedClaim".
+ //
+ // The identity provider (IdP) reported that authentication failed. This might
+ // be because the claim is invalid.
+ //
+ // If this error is returned for the AssumeRoleWithWebIdentity operation, it
+ // can also mean that the claim has expired or has been explicitly revoked.
+ ErrCodeIDPRejectedClaimException = "IDPRejectedClaim"
+
+ // ErrCodeInvalidAuthorizationMessageException for service response error code
+ // "InvalidAuthorizationMessageException".
+ //
+ // The error returned if the message passed to DecodeAuthorizationMessage was
+ // invalid. This can happen if the token contains invalid characters, such as
+ // linebreaks.
+ ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException"
+
+ // ErrCodeInvalidIdentityTokenException for service response error code
+ // "InvalidIdentityToken".
+ //
+ // The web identity token that was passed could not be validated by Amazon Web
+ // Services. Get a new identity token from the identity provider and then retry
+ // the request.
+ ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken"
+
+ // ErrCodeMalformedPolicyDocumentException for service response error code
+ // "MalformedPolicyDocument".
+ //
+ // The request was rejected because the policy document was malformed. The error
+ // message describes the specific error.
+ ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocument"
+
+ // ErrCodePackedPolicyTooLargeException for service response error code
+ // "PackedPolicyTooLarge".
+ //
+ // The request was rejected because the total packed size of the session policies
+ // and session tags combined was too large. An Amazon Web Services conversion
+ // compresses the session policy document, session policy ARNs, and session
+ // tags into a packed binary format that has a separate limit. The error message
+ // indicates by percentage how close the policies and tags are to the upper
+ // size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
+ // in the IAM User Guide.
+ //
+ // You could receive this error even though you meet other defined session policy
+ // and session tag limits. For more information, see IAM and STS Entity Character
+ // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
+ // in the IAM User Guide.
+ ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
+
+ // ErrCodeRegionDisabledException for service response error code
+ // "RegionDisabledException".
+ //
+ // STS is not activated in the requested region for the account that is being
+ // asked to generate credentials. The account administrator must use the IAM
+ // console to activate STS in that region. For more information, see Activating
+ // and Deactivating Amazon Web Services STS in an Amazon Web Services Region
+ // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
+ // in the IAM User Guide.
+ ErrCodeRegionDisabledException = "RegionDisabledException"
+)
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/service.go b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
new file mode 100644
index 00000000000..12327d05332
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
@@ -0,0 +1,104 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package sts
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol/query"
+)
+
+// STS provides the API operation methods for making requests to
+// AWS Security Token Service. See this package's package overview docs
+// for details on the service.
+//
+// STS methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type STS struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "sts" // Name of service.
+ EndpointsID = ServiceName // ID to lookup a service endpoint with.
+ ServiceID = "STS" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the STS client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a STS client from just a session.
+// svc := sts.New(mySession)
+//
+// // Create a STS client with additional configuration
+// svc := sts.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *STS {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = EndpointsID
+ // No Fallback
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *STS {
+ svc := &STS{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2011-06-15",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(query.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(query.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(query.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(query.UnmarshalErrorHandler)
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a STS operation and runs any
+// custom request initialization.
+func (c *STS) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
new file mode 100644
index 00000000000..bf06b2e7d08
--- /dev/null
+++ b/vendor/github.com/aws/aws-sdk-go/service/sts/stsiface/interface.go
@@ -0,0 +1,96 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package stsiface provides an interface to enable mocking the AWS Security Token Service service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package stsiface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/sts"
+)
+
+// STSAPI provides an interface to enable mocking the
+// sts.STS service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // AWS Security Token Service.
+// func myFunc(svc stsiface.STSAPI) bool {
+// // Make svc.AssumeRole request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := sts.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockSTSClient struct {
+// stsiface.STSAPI
+// }
+// func (m *mockSTSClient) AssumeRole(input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockSTSClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type STSAPI interface {
+ AssumeRole(*sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error)
+ AssumeRoleWithContext(aws.Context, *sts.AssumeRoleInput, ...request.Option) (*sts.AssumeRoleOutput, error)
+ AssumeRoleRequest(*sts.AssumeRoleInput) (*request.Request, *sts.AssumeRoleOutput)
+
+ AssumeRoleWithSAML(*sts.AssumeRoleWithSAMLInput) (*sts.AssumeRoleWithSAMLOutput, error)
+ AssumeRoleWithSAMLWithContext(aws.Context, *sts.AssumeRoleWithSAMLInput, ...request.Option) (*sts.AssumeRoleWithSAMLOutput, error)
+ AssumeRoleWithSAMLRequest(*sts.AssumeRoleWithSAMLInput) (*request.Request, *sts.AssumeRoleWithSAMLOutput)
+
+ AssumeRoleWithWebIdentity(*sts.AssumeRoleWithWebIdentityInput) (*sts.AssumeRoleWithWebIdentityOutput, error)
+ AssumeRoleWithWebIdentityWithContext(aws.Context, *sts.AssumeRoleWithWebIdentityInput, ...request.Option) (*sts.AssumeRoleWithWebIdentityOutput, error)
+ AssumeRoleWithWebIdentityRequest(*sts.AssumeRoleWithWebIdentityInput) (*request.Request, *sts.AssumeRoleWithWebIdentityOutput)
+
+ DecodeAuthorizationMessage(*sts.DecodeAuthorizationMessageInput) (*sts.DecodeAuthorizationMessageOutput, error)
+ DecodeAuthorizationMessageWithContext(aws.Context, *sts.DecodeAuthorizationMessageInput, ...request.Option) (*sts.DecodeAuthorizationMessageOutput, error)
+ DecodeAuthorizationMessageRequest(*sts.DecodeAuthorizationMessageInput) (*request.Request, *sts.DecodeAuthorizationMessageOutput)
+
+ GetAccessKeyInfo(*sts.GetAccessKeyInfoInput) (*sts.GetAccessKeyInfoOutput, error)
+ GetAccessKeyInfoWithContext(aws.Context, *sts.GetAccessKeyInfoInput, ...request.Option) (*sts.GetAccessKeyInfoOutput, error)
+ GetAccessKeyInfoRequest(*sts.GetAccessKeyInfoInput) (*request.Request, *sts.GetAccessKeyInfoOutput)
+
+ GetCallerIdentity(*sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
+ GetCallerIdentityWithContext(aws.Context, *sts.GetCallerIdentityInput, ...request.Option) (*sts.GetCallerIdentityOutput, error)
+ GetCallerIdentityRequest(*sts.GetCallerIdentityInput) (*request.Request, *sts.GetCallerIdentityOutput)
+
+ GetFederationToken(*sts.GetFederationTokenInput) (*sts.GetFederationTokenOutput, error)
+ GetFederationTokenWithContext(aws.Context, *sts.GetFederationTokenInput, ...request.Option) (*sts.GetFederationTokenOutput, error)
+ GetFederationTokenRequest(*sts.GetFederationTokenInput) (*request.Request, *sts.GetFederationTokenOutput)
+
+ GetSessionToken(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error)
+ GetSessionTokenWithContext(aws.Context, *sts.GetSessionTokenInput, ...request.Option) (*sts.GetSessionTokenOutput, error)
+ GetSessionTokenRequest(*sts.GetSessionTokenInput) (*request.Request, *sts.GetSessionTokenOutput)
+}
+
+var _ STSAPI = (*sts.STS)(nil)
diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md
index b8d6561a4e1..39ffae99938 100644
--- a/vendor/github.com/aws/smithy-go/CHANGELOG.md
+++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md
@@ -1,3 +1,7 @@
+# Release (2024-03-29)
+
+* No change notes available for this release.
+
# Release (2024-02-21)
## Module Highlights
diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go
index 341392e10f8..a6b22f353d3 100644
--- a/vendor/github.com/aws/smithy-go/go_module_metadata.go
+++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go
@@ -3,4 +3,4 @@
package smithy
// goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.20.1"
+const goModuleVersion = "1.20.2"
diff --git a/vendor/github.com/cenkalti/backoff/v4/.gitignore b/vendor/github.com/cenkalti/backoff/v4/.gitignore
new file mode 100644
index 00000000000..50d95c548b6
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/.gitignore
@@ -0,0 +1,25 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+
+# IDEs
+.idea/
diff --git a/vendor/github.com/cenkalti/backoff/v4/LICENSE b/vendor/github.com/cenkalti/backoff/v4/LICENSE
new file mode 100644
index 00000000000..89b81799655
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Cenk Altı
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/cenkalti/backoff/v4/README.md b/vendor/github.com/cenkalti/backoff/v4/README.md
new file mode 100644
index 00000000000..9433004a280
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/README.md
@@ -0,0 +1,30 @@
+# Exponential Backoff [![GoDoc][godoc image]][godoc] [![Coverage Status][coveralls image]][coveralls]
+
+This is a Go port of the exponential backoff algorithm from [Google's HTTP Client Library for Java][google-http-java-client].
+
+[Exponential backoff][exponential backoff wiki]
+is an algorithm that uses feedback to multiplicatively decrease the rate of some process,
+in order to gradually find an acceptable rate.
+The retries exponentially increase and stop increasing when a certain threshold is met.
+
+## Usage
+
+Import path is `github.com/cenkalti/backoff/v4`. Please note the version part at the end.
+
+Use https://pkg.go.dev/github.com/cenkalti/backoff/v4 to view the documentation.
+
+## Contributing
+
+* I would like to keep this library as small as possible.
+* Please don't send a PR without opening an issue and discussing it first.
+* If proposed change is not a common use case, I will probably not accept it.
+
+[godoc]: https://pkg.go.dev/github.com/cenkalti/backoff/v4
+[godoc image]: https://godoc.org/github.com/cenkalti/backoff?status.png
+[coveralls]: https://coveralls.io/github/cenkalti/backoff?branch=master
+[coveralls image]: https://coveralls.io/repos/github/cenkalti/backoff/badge.svg?branch=master
+
+[google-http-java-client]: https://github.com/google/google-http-java-client/blob/da1aa993e90285ec18579f1553339b00e19b3ab5/google-http-client/src/main/java/com/google/api/client/util/ExponentialBackOff.java
+[exponential backoff wiki]: http://en.wikipedia.org/wiki/Exponential_backoff
+
+[advanced example]: https://pkg.go.dev/github.com/cenkalti/backoff/v4?tab=doc#pkg-examples
diff --git a/vendor/github.com/cenkalti/backoff/v4/backoff.go b/vendor/github.com/cenkalti/backoff/v4/backoff.go
new file mode 100644
index 00000000000..3676ee405d8
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/backoff.go
@@ -0,0 +1,66 @@
+// Package backoff implements backoff algorithms for retrying operations.
+//
+// Use Retry function for retrying operations that may fail.
+// If Retry does not meet your needs,
+// copy/paste the function into your project and modify as you wish.
+//
+// There is also Ticker type similar to time.Ticker.
+// You can use it if you need to work with channels.
+//
+// See Examples section below for usage examples.
+package backoff
+
+import "time"
+
+// BackOff is a backoff policy for retrying an operation.
+type BackOff interface {
+ // NextBackOff returns the duration to wait before retrying the operation,
+ // or backoff. Stop to indicate that no more retries should be made.
+ //
+ // Example usage:
+ //
+ // duration := backoff.NextBackOff();
+ // if (duration == backoff.Stop) {
+ // // Do not retry operation.
+ // } else {
+ // // Sleep for duration and retry operation.
+ // }
+ //
+ NextBackOff() time.Duration
+
+ // Reset to initial state.
+ Reset()
+}
+
+// Stop indicates that no more retries should be made for use in NextBackOff().
+const Stop time.Duration = -1
+
+// ZeroBackOff is a fixed backoff policy whose backoff time is always zero,
+// meaning that the operation is retried immediately without waiting, indefinitely.
+type ZeroBackOff struct{}
+
+func (b *ZeroBackOff) Reset() {}
+
+func (b *ZeroBackOff) NextBackOff() time.Duration { return 0 }
+
+// StopBackOff is a fixed backoff policy that always returns backoff.Stop for
+// NextBackOff(), meaning that the operation should never be retried.
+type StopBackOff struct{}
+
+func (b *StopBackOff) Reset() {}
+
+func (b *StopBackOff) NextBackOff() time.Duration { return Stop }
+
+// ConstantBackOff is a backoff policy that always returns the same backoff delay.
+// This is in contrast to an exponential backoff policy,
+// which returns a delay that grows longer as you call NextBackOff() over and over again.
+type ConstantBackOff struct {
+ Interval time.Duration
+}
+
+func (b *ConstantBackOff) Reset() {}
+func (b *ConstantBackOff) NextBackOff() time.Duration { return b.Interval }
+
+func NewConstantBackOff(d time.Duration) *ConstantBackOff {
+ return &ConstantBackOff{Interval: d}
+}
diff --git a/vendor/github.com/cenkalti/backoff/v4/context.go b/vendor/github.com/cenkalti/backoff/v4/context.go
new file mode 100644
index 00000000000..48482330eb7
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/context.go
@@ -0,0 +1,62 @@
+package backoff
+
+import (
+ "context"
+ "time"
+)
+
+// BackOffContext is a backoff policy that stops retrying after the context
+// is canceled.
+type BackOffContext interface { // nolint: golint
+ BackOff
+ Context() context.Context
+}
+
+type backOffContext struct {
+ BackOff
+ ctx context.Context
+}
+
+// WithContext returns a BackOffContext with context ctx
+//
+// ctx must not be nil
+func WithContext(b BackOff, ctx context.Context) BackOffContext { // nolint: golint
+ if ctx == nil {
+ panic("nil context")
+ }
+
+ if b, ok := b.(*backOffContext); ok {
+ return &backOffContext{
+ BackOff: b.BackOff,
+ ctx: ctx,
+ }
+ }
+
+ return &backOffContext{
+ BackOff: b,
+ ctx: ctx,
+ }
+}
+
+func getContext(b BackOff) context.Context {
+ if cb, ok := b.(BackOffContext); ok {
+ return cb.Context()
+ }
+ if tb, ok := b.(*backOffTries); ok {
+ return getContext(tb.delegate)
+ }
+ return context.Background()
+}
+
+func (b *backOffContext) Context() context.Context {
+ return b.ctx
+}
+
+func (b *backOffContext) NextBackOff() time.Duration {
+ select {
+ case <-b.ctx.Done():
+ return Stop
+ default:
+ return b.BackOff.NextBackOff()
+ }
+}
diff --git a/vendor/github.com/cenkalti/backoff/v4/exponential.go b/vendor/github.com/cenkalti/backoff/v4/exponential.go
new file mode 100644
index 00000000000..aac99f196ad
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/exponential.go
@@ -0,0 +1,216 @@
+package backoff
+
+import (
+ "math/rand"
+ "time"
+)
+
+/*
+ExponentialBackOff is a backoff implementation that increases the backoff
+period for each retry attempt using a randomization function that grows exponentially.
+
+NextBackOff() is calculated using the following formula:
+
+ randomized interval =
+ RetryInterval * (random value in range [1 - RandomizationFactor, 1 + RandomizationFactor])
+
+In other words NextBackOff() will range between the randomization factor
+percentage below and above the retry interval.
+
+For example, given the following parameters:
+
+ RetryInterval = 2
+ RandomizationFactor = 0.5
+ Multiplier = 2
+
+the actual backoff period used in the next retry attempt will range between 1 and 3 seconds,
+multiplied by the exponential, that is, between 2 and 6 seconds.
+
+Note: MaxInterval caps the RetryInterval and not the randomized interval.
+
+If the time elapsed since an ExponentialBackOff instance is created goes past the
+MaxElapsedTime, then the method NextBackOff() starts returning backoff.Stop.
+
+The elapsed time can be reset by calling Reset().
+
+Example: Given the following default arguments, for 10 tries the sequence will be,
+and assuming we go over the MaxElapsedTime on the 10th try:
+
+ Request # RetryInterval (seconds) Randomized Interval (seconds)
+
+ 1 0.5 [0.25, 0.75]
+ 2 0.75 [0.375, 1.125]
+ 3 1.125 [0.562, 1.687]
+ 4 1.687 [0.8435, 2.53]
+ 5 2.53 [1.265, 3.795]
+ 6 3.795 [1.897, 5.692]
+ 7 5.692 [2.846, 8.538]
+ 8 8.538 [4.269, 12.807]
+ 9 12.807 [6.403, 19.210]
+ 10 19.210 backoff.Stop
+
+Note: Implementation is not thread-safe.
+*/
+type ExponentialBackOff struct {
+ InitialInterval time.Duration
+ RandomizationFactor float64
+ Multiplier float64
+ MaxInterval time.Duration
+ // After MaxElapsedTime the ExponentialBackOff returns Stop.
+ // It never stops if MaxElapsedTime == 0.
+ MaxElapsedTime time.Duration
+ Stop time.Duration
+ Clock Clock
+
+ currentInterval time.Duration
+ startTime time.Time
+}
+
+// Clock is an interface that returns current time for BackOff.
+type Clock interface {
+ Now() time.Time
+}
+
+// ExponentialBackOffOpts is a function type used to configure ExponentialBackOff options.
+type ExponentialBackOffOpts func(*ExponentialBackOff)
+
+// Default values for ExponentialBackOff.
+const (
+ DefaultInitialInterval = 500 * time.Millisecond
+ DefaultRandomizationFactor = 0.5
+ DefaultMultiplier = 1.5
+ DefaultMaxInterval = 60 * time.Second
+ DefaultMaxElapsedTime = 15 * time.Minute
+)
+
+// NewExponentialBackOff creates an instance of ExponentialBackOff using default values.
+func NewExponentialBackOff(opts ...ExponentialBackOffOpts) *ExponentialBackOff {
+ b := &ExponentialBackOff{
+ InitialInterval: DefaultInitialInterval,
+ RandomizationFactor: DefaultRandomizationFactor,
+ Multiplier: DefaultMultiplier,
+ MaxInterval: DefaultMaxInterval,
+ MaxElapsedTime: DefaultMaxElapsedTime,
+ Stop: Stop,
+ Clock: SystemClock,
+ }
+ for _, fn := range opts {
+ fn(b)
+ }
+ b.Reset()
+ return b
+}
+
+// WithInitialInterval sets the initial interval between retries.
+func WithInitialInterval(duration time.Duration) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.InitialInterval = duration
+ }
+}
+
+// WithRandomizationFactor sets the randomization factor to add jitter to intervals.
+func WithRandomizationFactor(randomizationFactor float64) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.RandomizationFactor = randomizationFactor
+ }
+}
+
+// WithMultiplier sets the multiplier for increasing the interval after each retry.
+func WithMultiplier(multiplier float64) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.Multiplier = multiplier
+ }
+}
+
+// WithMaxInterval sets the maximum interval between retries.
+func WithMaxInterval(duration time.Duration) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.MaxInterval = duration
+ }
+}
+
+// WithMaxElapsedTime sets the maximum total time for retries.
+func WithMaxElapsedTime(duration time.Duration) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.MaxElapsedTime = duration
+ }
+}
+
+// WithRetryStopDuration sets the duration after which retries should stop.
+func WithRetryStopDuration(duration time.Duration) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.Stop = duration
+ }
+}
+
+// WithClockProvider sets the clock used to measure time.
+func WithClockProvider(clock Clock) ExponentialBackOffOpts {
+ return func(ebo *ExponentialBackOff) {
+ ebo.Clock = clock
+ }
+}
+
+type systemClock struct{}
+
+func (t systemClock) Now() time.Time {
+ return time.Now()
+}
+
+// SystemClock implements Clock interface that uses time.Now().
+var SystemClock = systemClock{}
+
+// Reset the interval back to the initial retry interval and restarts the timer.
+// Reset must be called before using b.
+func (b *ExponentialBackOff) Reset() {
+ b.currentInterval = b.InitialInterval
+ b.startTime = b.Clock.Now()
+}
+
+// NextBackOff calculates the next backoff interval using the formula:
+// Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+func (b *ExponentialBackOff) NextBackOff() time.Duration {
+ // Make sure we have not gone over the maximum elapsed time.
+ elapsed := b.GetElapsedTime()
+ next := getRandomValueFromInterval(b.RandomizationFactor, rand.Float64(), b.currentInterval)
+ b.incrementCurrentInterval()
+ if b.MaxElapsedTime != 0 && elapsed+next > b.MaxElapsedTime {
+ return b.Stop
+ }
+ return next
+}
+
+// GetElapsedTime returns the elapsed time since an ExponentialBackOff instance
+// is created and is reset when Reset() is called.
+//
+// The elapsed time is computed using time.Now().UnixNano(). It is
+// safe to call even while the backoff policy is used by a running
+// ticker.
+func (b *ExponentialBackOff) GetElapsedTime() time.Duration {
+ return b.Clock.Now().Sub(b.startTime)
+}
+
+// Increments the current interval by multiplying it with the multiplier.
+func (b *ExponentialBackOff) incrementCurrentInterval() {
+ // Check for overflow, if overflow is detected set the current interval to the max interval.
+ if float64(b.currentInterval) >= float64(b.MaxInterval)/b.Multiplier {
+ b.currentInterval = b.MaxInterval
+ } else {
+ b.currentInterval = time.Duration(float64(b.currentInterval) * b.Multiplier)
+ }
+}
+
+// Returns a random value from the following interval:
+// [currentInterval - randomizationFactor * currentInterval, currentInterval + randomizationFactor * currentInterval].
+func getRandomValueFromInterval(randomizationFactor, random float64, currentInterval time.Duration) time.Duration {
+ if randomizationFactor == 0 {
+ return currentInterval // make sure no randomness is used when randomizationFactor is 0.
+ }
+ var delta = randomizationFactor * float64(currentInterval)
+ var minInterval = float64(currentInterval) - delta
+ var maxInterval = float64(currentInterval) + delta
+
+ // Get a random value from the range [minInterval, maxInterval].
+ // The formula used below has a +1 because if the minInterval is 1 and the maxInterval is 3 then
+ // we want a 33% chance for selecting either 1, 2 or 3.
+ return time.Duration(minInterval + (random * (maxInterval - minInterval + 1)))
+}
diff --git a/vendor/github.com/cenkalti/backoff/v4/retry.go b/vendor/github.com/cenkalti/backoff/v4/retry.go
new file mode 100644
index 00000000000..b9c0c51cd75
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/retry.go
@@ -0,0 +1,146 @@
+package backoff
+
+import (
+ "errors"
+ "time"
+)
+
+// An OperationWithData is executing by RetryWithData() or RetryNotifyWithData().
+// The operation will be retried using a backoff policy if it returns an error.
+type OperationWithData[T any] func() (T, error)
+
+// An Operation is executing by Retry() or RetryNotify().
+// The operation will be retried using a backoff policy if it returns an error.
+type Operation func() error
+
+func (o Operation) withEmptyData() OperationWithData[struct{}] {
+ return func() (struct{}, error) {
+ return struct{}{}, o()
+ }
+}
+
+// Notify is a notify-on-error function. It receives an operation error and
+// backoff delay if the operation failed (with an error).
+//
+// NOTE that if the backoff policy stated to stop retrying,
+// the notify function isn't called.
+type Notify func(error, time.Duration)
+
+// Retry the operation o until it does not return error or BackOff stops.
+// o is guaranteed to be run at least once.
+//
+// If o returns a *PermanentError, the operation is not retried, and the
+// wrapped error is returned.
+//
+// Retry sleeps the goroutine for the duration returned by BackOff after a
+// failed operation returns.
+func Retry(o Operation, b BackOff) error {
+ return RetryNotify(o, b, nil)
+}
+
+// RetryWithData is like Retry but returns data in the response too.
+func RetryWithData[T any](o OperationWithData[T], b BackOff) (T, error) {
+ return RetryNotifyWithData(o, b, nil)
+}
+
+// RetryNotify calls notify function with the error and wait duration
+// for each failed attempt before sleep.
+func RetryNotify(operation Operation, b BackOff, notify Notify) error {
+ return RetryNotifyWithTimer(operation, b, notify, nil)
+}
+
+// RetryNotifyWithData is like RetryNotify but returns data in the response too.
+func RetryNotifyWithData[T any](operation OperationWithData[T], b BackOff, notify Notify) (T, error) {
+ return doRetryNotify(operation, b, notify, nil)
+}
+
+// RetryNotifyWithTimer calls notify function with the error and wait duration using the given Timer
+// for each failed attempt before sleep.
+// A default timer that uses system timer is used when nil is passed.
+func RetryNotifyWithTimer(operation Operation, b BackOff, notify Notify, t Timer) error {
+ _, err := doRetryNotify(operation.withEmptyData(), b, notify, t)
+ return err
+}
+
+// RetryNotifyWithTimerAndData is like RetryNotifyWithTimer but returns data in the response too.
+func RetryNotifyWithTimerAndData[T any](operation OperationWithData[T], b BackOff, notify Notify, t Timer) (T, error) {
+ return doRetryNotify(operation, b, notify, t)
+}
+
+func doRetryNotify[T any](operation OperationWithData[T], b BackOff, notify Notify, t Timer) (T, error) {
+ var (
+ err error
+ next time.Duration
+ res T
+ )
+ if t == nil {
+ t = &defaultTimer{}
+ }
+
+ defer func() {
+ t.Stop()
+ }()
+
+ ctx := getContext(b)
+
+ b.Reset()
+ for {
+ res, err = operation()
+ if err == nil {
+ return res, nil
+ }
+
+ var permanent *PermanentError
+ if errors.As(err, &permanent) {
+ return res, permanent.Err
+ }
+
+ if next = b.NextBackOff(); next == Stop {
+ if cerr := ctx.Err(); cerr != nil {
+ return res, cerr
+ }
+
+ return res, err
+ }
+
+ if notify != nil {
+ notify(err, next)
+ }
+
+ t.Start(next)
+
+ select {
+ case <-ctx.Done():
+ return res, ctx.Err()
+ case <-t.C():
+ }
+ }
+}
+
+// PermanentError signals that the operation should not be retried.
+type PermanentError struct {
+ Err error
+}
+
+func (e *PermanentError) Error() string {
+ return e.Err.Error()
+}
+
+func (e *PermanentError) Unwrap() error {
+ return e.Err
+}
+
+func (e *PermanentError) Is(target error) bool {
+ _, ok := target.(*PermanentError)
+ return ok
+}
+
+// Permanent wraps the given err in a *PermanentError.
+func Permanent(err error) error {
+ if err == nil {
+ return nil
+ }
+ return &PermanentError{
+ Err: err,
+ }
+}
diff --git a/vendor/github.com/cenkalti/backoff/v4/ticker.go b/vendor/github.com/cenkalti/backoff/v4/ticker.go
new file mode 100644
index 00000000000..df9d68bce52
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/ticker.go
@@ -0,0 +1,97 @@
+package backoff
+
+import (
+ "context"
+ "sync"
+ "time"
+)
+
+// Ticker holds a channel that delivers `ticks' of a clock at times reported by a BackOff.
+//
+// Ticks will continue to arrive when the previous operation is still running,
+// so operations that take a while to fail could run in quick succession.
+type Ticker struct {
+ C <-chan time.Time
+ c chan time.Time
+ b BackOff
+ ctx context.Context
+ timer Timer
+ stop chan struct{}
+ stopOnce sync.Once
+}
+
+// NewTicker returns a new Ticker containing a channel that will send
+// the time at times specified by the BackOff argument. Ticker is
+// guaranteed to tick at least once. The channel is closed when Stop
+// method is called or BackOff stops. It is not safe to manipulate the
+// provided backoff policy (notably calling NextBackOff or Reset)
+// while the ticker is running.
+func NewTicker(b BackOff) *Ticker {
+ return NewTickerWithTimer(b, &defaultTimer{})
+}
+
+// NewTickerWithTimer returns a new Ticker with a custom timer.
+// A default timer that uses system timer is used when nil is passed.
+func NewTickerWithTimer(b BackOff, timer Timer) *Ticker {
+ if timer == nil {
+ timer = &defaultTimer{}
+ }
+ c := make(chan time.Time)
+ t := &Ticker{
+ C: c,
+ c: c,
+ b: b,
+ ctx: getContext(b),
+ timer: timer,
+ stop: make(chan struct{}),
+ }
+ t.b.Reset()
+ go t.run()
+ return t
+}
+
+// Stop turns off a ticker. After Stop, no more ticks will be sent.
+func (t *Ticker) Stop() {
+ t.stopOnce.Do(func() { close(t.stop) })
+}
+
+func (t *Ticker) run() {
+ c := t.c
+ defer close(c)
+
+ // Ticker is guaranteed to tick at least once.
+ afterC := t.send(time.Now())
+
+ for {
+ if afterC == nil {
+ return
+ }
+
+ select {
+ case tick := <-afterC:
+ afterC = t.send(tick)
+ case <-t.stop:
+ t.c = nil // Prevent future ticks from being sent to the channel.
+ return
+ case <-t.ctx.Done():
+ return
+ }
+ }
+}
+
+func (t *Ticker) send(tick time.Time) <-chan time.Time {
+ select {
+ case t.c <- tick:
+ case <-t.stop:
+ return nil
+ }
+
+ next := t.b.NextBackOff()
+ if next == Stop {
+ t.Stop()
+ return nil
+ }
+
+ t.timer.Start(next)
+ return t.timer.C()
+}
diff --git a/vendor/github.com/cenkalti/backoff/v4/timer.go b/vendor/github.com/cenkalti/backoff/v4/timer.go
new file mode 100644
index 00000000000..8120d0213c5
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/timer.go
@@ -0,0 +1,35 @@
+package backoff
+
+import "time"
+
+type Timer interface {
+ Start(duration time.Duration)
+ Stop()
+ C() <-chan time.Time
+}
+
+// defaultTimer implements Timer interface using time.Timer
+type defaultTimer struct {
+ timer *time.Timer
+}
+
+// C returns the timers channel which receives the current time when the timer fires.
+func (t *defaultTimer) C() <-chan time.Time {
+ return t.timer.C
+}
+
+// Start starts the timer to fire after the given duration
+func (t *defaultTimer) Start(duration time.Duration) {
+ if t.timer == nil {
+ t.timer = time.NewTimer(duration)
+ } else {
+ t.timer.Reset(duration)
+ }
+}
+
+// Stop is called when the timer is not used anymore and resources may be freed.
+func (t *defaultTimer) Stop() {
+ if t.timer != nil {
+ t.timer.Stop()
+ }
+}
diff --git a/vendor/github.com/cenkalti/backoff/v4/tries.go b/vendor/github.com/cenkalti/backoff/v4/tries.go
new file mode 100644
index 00000000000..28d58ca37c6
--- /dev/null
+++ b/vendor/github.com/cenkalti/backoff/v4/tries.go
@@ -0,0 +1,38 @@
+package backoff
+
+import "time"
+
+/*
+WithMaxRetries creates a wrapper around another BackOff, which will
+return Stop if NextBackOff() has been called too many times since
+the last time Reset() was called
+
+Note: Implementation is not thread-safe.
+*/
+func WithMaxRetries(b BackOff, max uint64) BackOff {
+ return &backOffTries{delegate: b, maxTries: max}
+}
+
+type backOffTries struct {
+ delegate BackOff
+ maxTries uint64
+ numTries uint64
+}
+
+func (b *backOffTries) NextBackOff() time.Duration {
+ if b.maxTries == 0 {
+ return Stop
+ }
+ if b.maxTries > 0 {
+ if b.maxTries <= b.numTries {
+ return Stop
+ }
+ b.numTries++
+ }
+ return b.delegate.NextBackOff()
+}
+
+func (b *backOffTries) Reset() {
+ b.numTries = 0
+ b.delegate.Reset()
+}
diff --git a/vendor/github.com/coreos/go-semver/LICENSE b/vendor/github.com/coreos/go-semver/LICENSE
new file mode 100644
index 00000000000..d6456956733
--- /dev/null
+++ b/vendor/github.com/coreos/go-semver/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/coreos/go-semver/NOTICE b/vendor/github.com/coreos/go-semver/NOTICE
new file mode 100644
index 00000000000..23a0ada2fbb
--- /dev/null
+++ b/vendor/github.com/coreos/go-semver/NOTICE
@@ -0,0 +1,5 @@
+CoreOS Project
+Copyright 2018 CoreOS, Inc
+
+This product includes software developed at CoreOS, Inc.
+(http://www.coreos.com/).
diff --git a/vendor/github.com/coreos/go-semver/semver/semver.go b/vendor/github.com/coreos/go-semver/semver/semver.go
new file mode 100644
index 00000000000..eb9fb7ff2d8
--- /dev/null
+++ b/vendor/github.com/coreos/go-semver/semver/semver.go
@@ -0,0 +1,296 @@
+// Copyright 2013-2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Semantic Versions http://semver.org
+package semver
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "regexp"
+ "strconv"
+ "strings"
+)
+
+type Version struct {
+ Major int64
+ Minor int64
+ Patch int64
+ PreRelease PreRelease
+ Metadata string
+}
+
+type PreRelease string
+
+func splitOff(input *string, delim string) (val string) {
+ parts := strings.SplitN(*input, delim, 2)
+
+ if len(parts) == 2 {
+ *input = parts[0]
+ val = parts[1]
+ }
+
+ return val
+}
+
+func New(version string) *Version {
+ return Must(NewVersion(version))
+}
+
+func NewVersion(version string) (*Version, error) {
+ v := Version{}
+
+ if err := v.Set(version); err != nil {
+ return nil, err
+ }
+
+ return &v, nil
+}
+
+// Must is a helper for wrapping NewVersion and will panic if err is not nil.
+func Must(v *Version, err error) *Version {
+ if err != nil {
+ panic(err)
+ }
+ return v
+}
+
+// Set parses and updates v from the given version string. Implements flag.Value
+func (v *Version) Set(version string) error {
+ metadata := splitOff(&version, "+")
+ preRelease := PreRelease(splitOff(&version, "-"))
+ dotParts := strings.SplitN(version, ".", 3)
+
+ if len(dotParts) != 3 {
+ return fmt.Errorf("%s is not in dotted-tri format", version)
+ }
+
+ if err := validateIdentifier(string(preRelease)); err != nil {
+ return fmt.Errorf("failed to validate pre-release: %v", err)
+ }
+
+ if err := validateIdentifier(metadata); err != nil {
+ return fmt.Errorf("failed to validate metadata: %v", err)
+ }
+
+ parsed := make([]int64, 3)
+
+ for i, v := range dotParts[:3] {
+ val, err := strconv.ParseInt(v, 10, 64)
+ parsed[i] = val
+ if err != nil {
+ return err
+ }
+ }
+
+ v.Metadata = metadata
+ v.PreRelease = preRelease
+ v.Major = parsed[0]
+ v.Minor = parsed[1]
+ v.Patch = parsed[2]
+ return nil
+}
+
+func (v Version) String() string {
+ var buffer bytes.Buffer
+
+ fmt.Fprintf(&buffer, "%d.%d.%d", v.Major, v.Minor, v.Patch)
+
+ if v.PreRelease != "" {
+ fmt.Fprintf(&buffer, "-%s", v.PreRelease)
+ }
+
+ if v.Metadata != "" {
+ fmt.Fprintf(&buffer, "+%s", v.Metadata)
+ }
+
+ return buffer.String()
+}
+
+func (v *Version) UnmarshalYAML(unmarshal func(interface{}) error) error {
+ var data string
+ if err := unmarshal(&data); err != nil {
+ return err
+ }
+ return v.Set(data)
+}
+
+func (v Version) MarshalJSON() ([]byte, error) {
+ return []byte(`"` + v.String() + `"`), nil
+}
+
+func (v *Version) UnmarshalJSON(data []byte) error {
+ l := len(data)
+ if l == 0 || string(data) == `""` {
+ return nil
+ }
+ if l < 2 || data[0] != '"' || data[l-1] != '"' {
+ return errors.New("invalid semver string")
+ }
+ return v.Set(string(data[1 : l-1]))
+}
+
+// Compare tests if v is less than, equal to, or greater than versionB,
+// returning -1, 0, or +1 respectively.
+func (v Version) Compare(versionB Version) int {
+ if cmp := recursiveCompare(v.Slice(), versionB.Slice()); cmp != 0 {
+ return cmp
+ }
+ return preReleaseCompare(v, versionB)
+}
+
+// Equal tests if v is equal to versionB.
+func (v Version) Equal(versionB Version) bool {
+ return v.Compare(versionB) == 0
+}
+
+// LessThan tests if v is less than versionB.
+func (v Version) LessThan(versionB Version) bool {
+ return v.Compare(versionB) < 0
+}
+
+// Slice converts the comparable parts of the semver into a slice of integers.
+func (v Version) Slice() []int64 {
+ return []int64{v.Major, v.Minor, v.Patch}
+}
+
+func (p PreRelease) Slice() []string {
+ preRelease := string(p)
+ return strings.Split(preRelease, ".")
+}
+
+func preReleaseCompare(versionA Version, versionB Version) int {
+ a := versionA.PreRelease
+ b := versionB.PreRelease
+
+ /* Handle the case where if two versions are otherwise equal it is the
+ * one without a PreRelease that is greater */
+ if len(a) == 0 && (len(b) > 0) {
+ return 1
+ } else if len(b) == 0 && (len(a) > 0) {
+ return -1
+ }
+
+ // If there is a prerelease, check and compare each part.
+ return recursivePreReleaseCompare(a.Slice(), b.Slice())
+}
+
+func recursiveCompare(versionA []int64, versionB []int64) int {
+ if len(versionA) == 0 {
+ return 0
+ }
+
+ a := versionA[0]
+ b := versionB[0]
+
+ if a > b {
+ return 1
+ } else if a < b {
+ return -1
+ }
+
+ return recursiveCompare(versionA[1:], versionB[1:])
+}
+
+func recursivePreReleaseCompare(versionA []string, versionB []string) int {
+ // A larger set of pre-release fields has a higher precedence than a smaller set,
+ // if all of the preceding identifiers are equal.
+ if len(versionA) == 0 {
+ if len(versionB) > 0 {
+ return -1
+ }
+ return 0
+ } else if len(versionB) == 0 {
+ // We're longer than versionB so return 1.
+ return 1
+ }
+
+ a := versionA[0]
+ b := versionB[0]
+
+ aInt := false
+ bInt := false
+
+ aI, err := strconv.Atoi(versionA[0])
+ if err == nil {
+ aInt = true
+ }
+
+ bI, err := strconv.Atoi(versionB[0])
+ if err == nil {
+ bInt = true
+ }
+
+ // Numeric identifiers always have lower precedence than non-numeric identifiers.
+ if aInt && !bInt {
+ return -1
+ } else if !aInt && bInt {
+ return 1
+ }
+
+ // Handle Integer Comparison
+ if aInt && bInt {
+ if aI > bI {
+ return 1
+ } else if aI < bI {
+ return -1
+ }
+ }
+
+ // Handle String Comparison
+ if a > b {
+ return 1
+ } else if a < b {
+ return -1
+ }
+
+ return recursivePreReleaseCompare(versionA[1:], versionB[1:])
+}
+
+// BumpMajor increments the Major field by 1 and resets all other fields to their default values
+func (v *Version) BumpMajor() {
+ v.Major += 1
+ v.Minor = 0
+ v.Patch = 0
+ v.PreRelease = PreRelease("")
+ v.Metadata = ""
+}
+
+// BumpMinor increments the Minor field by 1 and resets all other fields to their default values
+func (v *Version) BumpMinor() {
+ v.Minor += 1
+ v.Patch = 0
+ v.PreRelease = PreRelease("")
+ v.Metadata = ""
+}
+
+// BumpPatch increments the Patch field by 1 and resets all other fields to their default values
+func (v *Version) BumpPatch() {
+ v.Patch += 1
+ v.PreRelease = PreRelease("")
+ v.Metadata = ""
+}
+
+// validateIdentifier makes sure the provided identifier satisfies semver spec
+func validateIdentifier(id string) error {
+ if id != "" && !reIdentifier.MatchString(id) {
+ return fmt.Errorf("%s is not a valid semver identifier", id)
+ }
+ return nil
+}
+
+// reIdentifier is a regular expression used to check that pre-release and metadata
+// identifiers satisfy the spec requirements
+var reIdentifier = regexp.MustCompile(`^[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*$`)
diff --git a/vendor/github.com/coreos/go-semver/semver/sort.go b/vendor/github.com/coreos/go-semver/semver/sort.go
new file mode 100644
index 00000000000..e256b41a5dd
--- /dev/null
+++ b/vendor/github.com/coreos/go-semver/semver/sort.go
@@ -0,0 +1,38 @@
+// Copyright 2013-2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semver
+
+import (
+ "sort"
+)
+
+type Versions []*Version
+
+func (s Versions) Len() int {
+ return len(s)
+}
+
+func (s Versions) Swap(i, j int) {
+ s[i], s[j] = s[j], s[i]
+}
+
+func (s Versions) Less(i, j int) bool {
+ return s[i].LessThan(*s[j])
+}
+
+// Sort sorts the given slice of Version
+func Sort(versions []*Version) {
+ sort.Sort(Versions(versions))
+}
diff --git a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
index e8c65d0f672..9e790390b62 100644
--- a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
+++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
@@ -1,5 +1,13 @@
# Change history of go-restful
+
+## [v3.12.0] - 2024-03-11
+- add Flush method #529 (#538)
+- fix: Improper handling of empty POST requests (#543)
+
+## [v3.11.3] - 2024-01-09
+- better not have 2 tags on one commit
+
## [v3.11.1, v3.11.2] - 2024-01-09
- fix by restoring custom JSON handler functions (Mike Beaumont #540)
diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md
index 95a05a08944..7234604e47b 100644
--- a/vendor/github.com/emicklei/go-restful/v3/README.md
+++ b/vendor/github.com/emicklei/go-restful/v3/README.md
@@ -2,7 +2,6 @@ go-restful
==========
package for building REST-style Web Services using Google Go
-[](https://travis-ci.org/emicklei/go-restful)
[](https://goreportcard.com/report/github.com/emicklei/go-restful)
[](https://pkg.go.dev/github.com/emicklei/go-restful)
[](https://codecov.io/gh/emicklei/go-restful)
diff --git a/vendor/github.com/emicklei/go-restful/v3/compress.go b/vendor/github.com/emicklei/go-restful/v3/compress.go
index 1ff239f99fe..80adf55fdfe 100644
--- a/vendor/github.com/emicklei/go-restful/v3/compress.go
+++ b/vendor/github.com/emicklei/go-restful/v3/compress.go
@@ -49,6 +49,16 @@ func (c *CompressingResponseWriter) CloseNotify() <-chan bool {
return c.writer.(http.CloseNotifier).CloseNotify()
}
+// Flush is part of http.Flusher interface. Noop if the underlying writer doesn't support it.
+func (c *CompressingResponseWriter) Flush() {
+ flusher, ok := c.writer.(http.Flusher)
+ if !ok {
+ // writer doesn't support http.Flusher interface
+ return
+ }
+ flusher.Flush()
+}
+
// Close the underlying compressor
func (c *CompressingResponseWriter) Close() error {
if c.isCompressorClosed() {
diff --git a/vendor/github.com/emicklei/go-restful/v3/jsr311.go b/vendor/github.com/emicklei/go-restful/v3/jsr311.go
index 07a0c91e942..a9b3faaa81f 100644
--- a/vendor/github.com/emicklei/go-restful/v3/jsr311.go
+++ b/vendor/github.com/emicklei/go-restful/v3/jsr311.go
@@ -155,7 +155,7 @@ func (r RouterJSR311) detectRoute(routes []Route, httpRequest *http.Request) (*R
method, length := httpRequest.Method, httpRequest.Header.Get("Content-Length")
if (method == http.MethodPost ||
method == http.MethodPut ||
- method == http.MethodPatch) && length == "" {
+ method == http.MethodPatch) && (length == "" || length == "0") {
return nil, NewError(
http.StatusUnsupportedMediaType,
fmt.Sprintf("415: Unsupported Media Type\n\nAvailable representations: %s", strings.Join(available, ", ")),
diff --git a/vendor/github.com/go-git/go-git/v5/COMPATIBILITY.md b/vendor/github.com/go-git/go-git/v5/COMPATIBILITY.md
index c1f280d4d0b..ff0c22c8969 100644
--- a/vendor/github.com/go-git/go-git/v5/COMPATIBILITY.md
+++ b/vendor/github.com/go-git/go-git/v5/COMPATIBILITY.md
@@ -27,14 +27,14 @@ compatibility status with go-git.
## Branching and merging
-| Feature | Sub-feature | Status | Notes | Examples |
-| ----------- | ----------- | ------ | --------------------------------------- | ----------------------------------------------------------------------------------------------- |
-| `branch` | | ✅ | | - [branch](_examples/branch/main.go) |
-| `checkout` | | ✅ | Basic usages of checkout are supported. | - [checkout](_examples/checkout/main.go) |
-| `merge` | | ❌ | | |
-| `mergetool` | | ❌ | | |
-| `stash` | | ❌ | | |
-| `tag` | | ✅ | | - [tag](_examples/tag/main.go)
- [tag create and push](_examples/tag-create-push/main.go) |
+| Feature | Sub-feature | Status | Notes | Examples |
+| ----------- | ----------- | ------------ | --------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| `branch` | | ✅ | | - [branch](_examples/branch/main.go) |
+| `checkout` | | ✅ | Basic usages of checkout are supported. | - [checkout](_examples/checkout/main.go) |
+| `merge` | | ⚠️ (partial) | Fast-forward only | |
+| `mergetool` | | ❌ | | |
+| `stash` | | ❌ | | |
+| `tag` | | ✅ | | - [tag](_examples/tag/main.go)
- [tag create and push](_examples/tag-create-push/main.go) |
## Sharing and updating projects
diff --git a/vendor/github.com/go-git/go-git/v5/Makefile b/vendor/github.com/go-git/go-git/v5/Makefile
index 1e103967478..3d5b54f7e65 100644
--- a/vendor/github.com/go-git/go-git/v5/Makefile
+++ b/vendor/github.com/go-git/go-git/v5/Makefile
@@ -28,6 +28,7 @@ build-git:
test:
@echo "running against `git version`"; \
$(GOTEST) -race ./...
+ $(GOTEST) -v _examples/common_test.go _examples/common.go --examples
TEMP_REPO := $(shell mktemp)
test-sha256:
diff --git a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go
index 8902b7e3e45..d7776dad5e3 100644
--- a/vendor/github.com/go-git/go-git/v5/options.go
+++ b/vendor/github.com/go-git/go-git/v5/options.go
@@ -89,6 +89,25 @@ type CloneOptions struct {
Shared bool
}
+// MergeOptions describes how a merge should be performed.
+type MergeOptions struct {
+ // Strategy defines the merge strategy to be used.
+ Strategy MergeStrategy
+}
+
+// MergeStrategy represents the different types of merge strategies.
+type MergeStrategy int8
+
+const (
+ // FastForwardMerge represents a Git merge strategy where the current
+ // branch can be simply updated to point to the HEAD of the branch being
+ // merged. This is only possible if the history of the branch being merged
+ // is a linear descendant of the current branch, with no conflicting commits.
+ //
+ // This is the default option.
+ FastForwardMerge MergeStrategy = iota
+)
+
// Validate validates the fields and sets the default values.
func (o *CloneOptions) Validate() error {
if o.URL == "" {
@@ -166,7 +185,7 @@ const (
// AllTags fetch all tags from the remote (i.e., fetch remote tags
// refs/tags/* into local tags with the same name)
AllTags
- //NoTags fetch no tags from the remote at all
+ // NoTags fetch no tags from the remote at all
NoTags
)
@@ -198,6 +217,9 @@ type FetchOptions struct {
CABundle []byte
// ProxyOptions provides info required for connecting to a proxy.
ProxyOptions transport.ProxyOptions
+ // Prune specify that local refs that match given RefSpecs and that do
+ // not exist remotely will be removed.
+ Prune bool
}
// Validate validates the fields and sets the default values.
@@ -324,9 +346,9 @@ var (
// CheckoutOptions describes how a checkout operation should be performed.
type CheckoutOptions struct {
- // Hash is the hash of the commit to be checked out. If used, HEAD will be
- // in detached mode. If Create is not used, Branch and Hash are mutually
- // exclusive.
+ // Hash is the hash of a commit or tag to be checked out. If used, HEAD
+ // will be in detached mode. If Create is not used, Branch and Hash are
+ // mutually exclusive.
Hash plumbing.Hash
// Branch to be checked out, if Branch and Hash are empty is set to `master`.
Branch plumbing.ReferenceName
@@ -405,6 +427,11 @@ func (o *ResetOptions) Validate(r *Repository) error {
}
o.Commit = ref.Hash()
+ } else {
+ _, err := r.CommitObject(o.Commit)
+ if err != nil {
+ return fmt.Errorf("invalid reset option: %w", err)
+ }
}
return nil
@@ -474,6 +501,11 @@ type AddOptions struct {
// Glob adds all paths, matching pattern, to the index. If pattern matches a
// directory path, all directory contents are added to the index recursively.
Glob string
+ // SkipStatus adds the path with no status check. This option is relevant only
+ // when the `Path` option is specified and does not apply when the `All` option is used.
+ // Notice that when passing an ignored path it will be added anyway.
+ // When true it can speed up adding files to the worktree in very large repositories.
+ SkipStatus bool
}
// Validate validates the fields and sets the default values.
@@ -507,6 +539,10 @@ type CommitOptions struct {
// commit will not be signed. The private key must be present and already
// decrypted.
SignKey *openpgp.Entity
+ // Signer denotes a cryptographic signer to sign the commit with.
+ // A nil value here means the commit will not be signed.
+ // Takes precedence over SignKey.
+ Signer Signer
// Amend will create a new commit object and replace the commit that HEAD currently
// points to. Cannot be used with All nor Parents.
Amend bool
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/format/gitignore/dir.go b/vendor/github.com/go-git/go-git/v5/plumbing/format/gitignore/dir.go
index d8fb30c1664..aca5d0dbd23 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/format/gitignore/dir.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/format/gitignore/dir.go
@@ -116,7 +116,7 @@ func loadPatterns(fs billy.Filesystem, path string) (ps []Pattern, err error) {
return
}
-// LoadGlobalPatterns loads gitignore patterns from from the gitignore file
+// LoadGlobalPatterns loads gitignore patterns from the gitignore file
// declared in a user's ~/.gitconfig file. If the ~/.gitconfig file does not
// exist the function will return nil. If the core.excludesfile property
// is not declared, the function will return nil. If the file pointed to by
@@ -132,7 +132,7 @@ func LoadGlobalPatterns(fs billy.Filesystem) (ps []Pattern, err error) {
return loadPatterns(fs, fs.Join(home, gitconfigFile))
}
-// LoadSystemPatterns loads gitignore patterns from from the gitignore file
+// LoadSystemPatterns loads gitignore patterns from the gitignore file
// declared in a system's /etc/gitconfig file. If the /etc/gitconfig file does
// not exist the function will return nil. If the core.excludesfile property
// is not declared, the function will return nil. If the file pointed to by
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
index ceed5d01e70..3d096e18b80 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
@@ -27,7 +27,7 @@ const (
// the commit with the "mergetag" header.
headermergetag string = "mergetag"
- defaultUtf8CommitMesageEncoding MessageEncoding = "UTF-8"
+ defaultUtf8CommitMessageEncoding MessageEncoding = "UTF-8"
)
// Hash represents the hash of an object
@@ -189,7 +189,7 @@ func (c *Commit) Decode(o plumbing.EncodedObject) (err error) {
}
c.Hash = o.Hash()
- c.Encoding = defaultUtf8CommitMesageEncoding
+ c.Encoding = defaultUtf8CommitMessageEncoding
reader, err := o.Reader()
if err != nil {
@@ -335,7 +335,7 @@ func (c *Commit) encode(o plumbing.EncodedObject, includeSig bool) (err error) {
}
}
- if string(c.Encoding) != "" && c.Encoding != defaultUtf8CommitMesageEncoding {
+ if string(c.Encoding) != "" && c.Encoding != defaultUtf8CommitMessageEncoding {
if _, err = fmt.Fprintf(w, "\n%s %s", headerencoding, c.Encoding); err != nil {
return err
}
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_walker_path.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_walker_path.go
index aa0ca15fd0b..c1ec8ba7ae1 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_walker_path.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit_walker_path.go
@@ -57,6 +57,8 @@ func (c *commitPathIter) Next() (*Commit, error) {
}
func (c *commitPathIter) getNextFileCommit() (*Commit, error) {
+ var parentTree, currentTree *Tree
+
for {
// Parent-commit can be nil if the current-commit is the initial commit
parentCommit, parentCommitErr := c.sourceIter.Next()
@@ -68,13 +70,17 @@ func (c *commitPathIter) getNextFileCommit() (*Commit, error) {
parentCommit = nil
}
- // Fetch the trees of the current and parent commits
- currentTree, currTreeErr := c.currentCommit.Tree()
- if currTreeErr != nil {
- return nil, currTreeErr
+ if parentTree == nil {
+ var currTreeErr error
+ currentTree, currTreeErr = c.currentCommit.Tree()
+ if currTreeErr != nil {
+ return nil, currTreeErr
+ }
+ } else {
+ currentTree = parentTree
+ parentTree = nil
}
- var parentTree *Tree
if parentCommit != nil {
var parentTreeErr error
parentTree, parentTreeErr = parentCommit.Tree()
@@ -115,7 +121,8 @@ func (c *commitPathIter) hasFileChange(changes Changes, parent *Commit) bool {
// filename matches, now check if source iterator contains all commits (from all refs)
if c.checkParent {
- if parent != nil && isParentHash(parent.Hash, c.currentCommit) {
+ // Check if parent is beyond the initial commit
+ if parent == nil || isParentHash(parent.Hash, c.currentCommit) {
return true
}
continue
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/patch.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/patch.go
index dd8fef44783..3c61f626abb 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/patch.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/patch.go
@@ -6,7 +6,7 @@ import (
"errors"
"fmt"
"io"
- "math"
+ "strconv"
"strings"
"github.com/go-git/go-git/v5/plumbing"
@@ -234,69 +234,56 @@ func (fileStats FileStats) String() string {
return printStat(fileStats)
}
+// printStat prints the stats of changes in content of files.
+// Original implementation: https://github.com/git/git/blob/1a87c842ece327d03d08096395969aca5e0a6996/diff.c#L2615
+// Parts of the output:
+// |<+++/--->
+// example: " main.go | 10 +++++++--- "
func printStat(fileStats []FileStat) string {
- padLength := float64(len(" "))
- newlineLength := float64(len("\n"))
- separatorLength := float64(len("|"))
- // Soft line length limit. The text length calculation below excludes
- // length of the change number. Adding that would take it closer to 80,
- // but probably not more than 80, until it's a huge number.
- lineLength := 72.0
-
- // Get the longest filename and longest total change.
- var longestLength float64
- var longestTotalChange float64
- for _, fs := range fileStats {
- if int(longestLength) < len(fs.Name) {
- longestLength = float64(len(fs.Name))
- }
- totalChange := fs.Addition + fs.Deletion
- if int(longestTotalChange) < totalChange {
- longestTotalChange = float64(totalChange)
- }
- }
-
- // Parts of the output:
- // |<+++/--->
- // example: " main.go | 10 +++++++--- "
-
- //
- leftTextLength := padLength + longestLength + padLength
-
- // <+++++/----->
- // Excluding number length here.
- rightTextLength := padLength + padLength + newlineLength
+ maxGraphWidth := uint(53)
+ maxNameLen := 0
+ maxChangeLen := 0
- totalTextArea := leftTextLength + separatorLength + rightTextLength
- heightOfHistogram := lineLength - totalTextArea
+ scaleLinear := func(it, width, max uint) uint {
+ if it == 0 || max == 0 {
+ return 0
+ }
- // Scale the histogram.
- var scaleFactor float64
- if longestTotalChange > heightOfHistogram {
- // Scale down to heightOfHistogram.
- scaleFactor = longestTotalChange / heightOfHistogram
- } else {
- scaleFactor = 1.0
+ return 1 + (it * (width - 1) / max)
}
- finalOutput := ""
for _, fs := range fileStats {
- addn := float64(fs.Addition)
- deln := float64(fs.Deletion)
- addc := int(math.Floor(addn/scaleFactor))
- delc := int(math.Floor(deln/scaleFactor))
- if addc < 0 {
- addc = 0
+ if len(fs.Name) > maxNameLen {
+ maxNameLen = len(fs.Name)
}
- if delc < 0 {
- delc = 0
+
+ changes := strconv.Itoa(fs.Addition + fs.Deletion)
+ if len(changes) > maxChangeLen {
+ maxChangeLen = len(changes)
}
- adds := strings.Repeat("+", addc)
- dels := strings.Repeat("-", delc)
- finalOutput += fmt.Sprintf(" %s | %d %s%s\n", fs.Name, (fs.Addition + fs.Deletion), adds, dels)
}
- return finalOutput
+ result := ""
+ for _, fs := range fileStats {
+ add := uint(fs.Addition)
+ del := uint(fs.Deletion)
+ np := maxNameLen - len(fs.Name)
+ cp := maxChangeLen - len(strconv.Itoa(fs.Addition+fs.Deletion))
+
+ total := add + del
+ if total > maxGraphWidth {
+ add = scaleLinear(add, maxGraphWidth, total)
+ del = scaleLinear(del, maxGraphWidth, total)
+ }
+
+ adds := strings.Repeat("+", int(add))
+ dels := strings.Repeat("-", int(del))
+ namePad := strings.Repeat(" ", np)
+ changePad := strings.Repeat(" ", cp)
+
+ result += fmt.Sprintf(" %s%s | %s%d %s%s\n", fs.Name, namePad, changePad, total, adds, dels)
+ }
+ return result
}
func getFileStatsFromFilePatches(filePatches []fdiff.FilePatch) FileStats {
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go
index e9f7666b838..0fd0e51398f 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go
@@ -7,6 +7,7 @@ import (
"io"
"path"
"path/filepath"
+ "sort"
"strings"
"github.com/go-git/go-git/v5/plumbing"
@@ -27,6 +28,7 @@ var (
ErrFileNotFound = errors.New("file not found")
ErrDirectoryNotFound = errors.New("directory not found")
ErrEntryNotFound = errors.New("entry not found")
+ ErrEntriesNotSorted = errors.New("entries in tree are not sorted")
)
// Tree is basically like a directory - it references a bunch of other trees
@@ -270,6 +272,28 @@ func (t *Tree) Decode(o plumbing.EncodedObject) (err error) {
return nil
}
+type TreeEntrySorter []TreeEntry
+
+func (s TreeEntrySorter) Len() int {
+ return len(s)
+}
+
+func (s TreeEntrySorter) Less(i, j int) bool {
+ name1 := s[i].Name
+ name2 := s[j].Name
+ if s[i].Mode == filemode.Dir {
+ name1 += "/"
+ }
+ if s[j].Mode == filemode.Dir {
+ name2 += "/"
+ }
+ return name1 < name2
+}
+
+func (s TreeEntrySorter) Swap(i, j int) {
+ s[i], s[j] = s[j], s[i]
+}
+
// Encode transforms a Tree into a plumbing.EncodedObject.
func (t *Tree) Encode(o plumbing.EncodedObject) (err error) {
o.SetType(plumbing.TreeObject)
@@ -279,7 +303,15 @@ func (t *Tree) Encode(o plumbing.EncodedObject) (err error) {
}
defer ioutil.CheckClose(w, &err)
+
+ if !sort.IsSorted(TreeEntrySorter(t.Entries)) {
+ return ErrEntriesNotSorted
+ }
+
for _, entry := range t.Entries {
+ if strings.IndexByte(entry.Name, 0) != -1 {
+ return fmt.Errorf("malformed filename %q", entry.Name)
+ }
if _, err = fmt.Fprintf(w, "%o %s", entry.Mode, entry.Name); err != nil {
return err
}
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/object/treenoder.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/treenoder.go
index 6e7b334cbd1..2adb6452880 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/treenoder.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/treenoder.go
@@ -88,7 +88,9 @@ func (t *treeNoder) Children() ([]noder.Noder, error) {
}
}
- return transformChildren(parent)
+ var err error
+ t.children, err = transformChildren(parent)
+ return t.children, err
}
// Returns the children of a tree as treenoders.
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go
index 54126febf48..1c4ceee68d0 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go
@@ -91,9 +91,9 @@ func advertisedReferences(ctx context.Context, s *session, serviceName string) (
}
type client struct {
- c *http.Client
+ client *http.Client
transports *lru.Cache
- m sync.RWMutex
+ mutex sync.RWMutex
}
// ClientOptions holds user configurable options for the client.
@@ -147,7 +147,7 @@ func NewClientWithOptions(c *http.Client, opts *ClientOptions) transport.Transpo
}
}
cl := &client{
- c: c,
+ client: c,
}
if opts != nil {
@@ -234,10 +234,10 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (*
// if the client wasn't configured to have a cache for transports then just configure
// the transport and use it directly, otherwise try to use the cache.
if c.transports == nil {
- tr, ok := c.c.Transport.(*http.Transport)
+ tr, ok := c.client.Transport.(*http.Transport)
if !ok {
return nil, fmt.Errorf("expected underlying client transport to be of type: %s; got: %s",
- reflect.TypeOf(transport), reflect.TypeOf(c.c.Transport))
+ reflect.TypeOf(transport), reflect.TypeOf(c.client.Transport))
}
transport = tr.Clone()
@@ -258,7 +258,7 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (*
transport, found = c.fetchTransport(transportOpts)
if !found {
- transport = c.c.Transport.(*http.Transport).Clone()
+ transport = c.client.Transport.(*http.Transport).Clone()
configureTransport(transport, ep)
c.addTransport(transportOpts, transport)
}
@@ -266,12 +266,12 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (*
httpClient = &http.Client{
Transport: transport,
- CheckRedirect: c.c.CheckRedirect,
- Jar: c.c.Jar,
- Timeout: c.c.Timeout,
+ CheckRedirect: c.client.CheckRedirect,
+ Jar: c.client.Jar,
+ Timeout: c.client.Timeout,
}
} else {
- httpClient = c.c
+ httpClient = c.client
}
s := &session{
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go
index 052f3c8e284..c8db389204a 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go
@@ -14,21 +14,21 @@ type transportOptions struct {
}
func (c *client) addTransport(opts transportOptions, transport *http.Transport) {
- c.m.Lock()
+ c.mutex.Lock()
c.transports.Add(opts, transport)
- c.m.Unlock()
+ c.mutex.Unlock()
}
func (c *client) removeTransport(opts transportOptions) {
- c.m.Lock()
+ c.mutex.Lock()
c.transports.Remove(opts)
- c.m.Unlock()
+ c.mutex.Unlock()
}
func (c *client) fetchTransport(opts transportOptions) (*http.Transport, bool) {
- c.m.RLock()
+ c.mutex.RLock()
t, ok := c.transports.Get(opts)
- c.m.RUnlock()
+ c.mutex.RUnlock()
if !ok {
return nil, false
}
diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
index 46fda73fa41..05dea448f8f 100644
--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
+++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
@@ -49,7 +49,9 @@ type runner struct {
func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.AuthMethod) (common.Command, error) {
c := &command{command: cmd, endpoint: ep, config: r.config}
if auth != nil {
- c.setAuth(auth)
+ if err := c.setAuth(auth); err != nil {
+ return nil, err
+ }
}
if err := c.connect(); err != nil {
diff --git a/vendor/github.com/go-git/go-git/v5/remote.go b/vendor/github.com/go-git/go-git/v5/remote.go
index 0cb70bc0093..7cc0db9b7db 100644
--- a/vendor/github.com/go-git/go-git/v5/remote.go
+++ b/vendor/github.com/go-git/go-git/v5/remote.go
@@ -470,6 +470,14 @@ func (r *Remote) fetch(ctx context.Context, o *FetchOptions) (sto storer.Referen
}
}
+ var updatedPrune bool
+ if o.Prune {
+ updatedPrune, err = r.pruneRemotes(o.RefSpecs, localRefs, remoteRefs)
+ if err != nil {
+ return nil, err
+ }
+ }
+
updated, err := r.updateLocalReferenceStorage(o.RefSpecs, refs, remoteRefs, specToRefs, o.Tags, o.Force)
if err != nil {
return nil, err
@@ -482,7 +490,7 @@ func (r *Remote) fetch(ctx context.Context, o *FetchOptions) (sto storer.Referen
}
}
- if !updated {
+ if !updated && !updatedPrune {
return remoteRefs, NoErrAlreadyUpToDate
}
@@ -574,6 +582,27 @@ func (r *Remote) fetchPack(ctx context.Context, o *FetchOptions, s transport.Upl
return err
}
+func (r *Remote) pruneRemotes(specs []config.RefSpec, localRefs []*plumbing.Reference, remoteRefs memory.ReferenceStorage) (bool, error) {
+ var updatedPrune bool
+ for _, spec := range specs {
+ rev := spec.Reverse()
+ for _, ref := range localRefs {
+ if !rev.Match(ref.Name()) {
+ continue
+ }
+ _, err := remoteRefs.Reference(rev.Dst(ref.Name()))
+ if errors.Is(err, plumbing.ErrReferenceNotFound) {
+ updatedPrune = true
+ err := r.s.RemoveReference(ref.Name())
+ if err != nil {
+ return false, err
+ }
+ }
+ }
+ }
+ return updatedPrune, nil
+}
+
func (r *Remote) addReferencesToUpdate(
refspecs []config.RefSpec,
localRefs []*plumbing.Reference,
@@ -1099,7 +1128,7 @@ func isFastForward(s storer.EncodedObjectStorer, old, new plumbing.Hash, earlies
}
found := false
- // stop iterating at the earlist shallow commit, ignoring its parents
+ // stop iterating at the earliest shallow commit, ignoring its parents
// note: when pull depth is smaller than the number of new changes on the remote, this fails due to missing parents.
// as far as i can tell, without the commits in-between the shallow pull and the earliest shallow, there's no
// real way of telling whether it will be a fast-forward merge.
diff --git a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go
index 1524a691305..a57c7141f8d 100644
--- a/vendor/github.com/go-git/go-git/v5/repository.go
+++ b/vendor/github.com/go-git/go-git/v5/repository.go
@@ -51,19 +51,21 @@ var (
// ErrFetching is returned when the packfile could not be downloaded
ErrFetching = errors.New("unable to fetch packfile")
- ErrInvalidReference = errors.New("invalid reference, should be a tag or a branch")
- ErrRepositoryNotExists = errors.New("repository does not exist")
- ErrRepositoryIncomplete = errors.New("repository's commondir path does not exist")
- ErrRepositoryAlreadyExists = errors.New("repository already exists")
- ErrRemoteNotFound = errors.New("remote not found")
- ErrRemoteExists = errors.New("remote already exists")
- ErrAnonymousRemoteName = errors.New("anonymous remote name must be 'anonymous'")
- ErrWorktreeNotProvided = errors.New("worktree should be provided")
- ErrIsBareRepository = errors.New("worktree not available in a bare repository")
- ErrUnableToResolveCommit = errors.New("unable to resolve commit")
- ErrPackedObjectsNotSupported = errors.New("packed objects not supported")
- ErrSHA256NotSupported = errors.New("go-git was not compiled with SHA256 support")
- ErrAlternatePathNotSupported = errors.New("alternate path must use the file scheme")
+ ErrInvalidReference = errors.New("invalid reference, should be a tag or a branch")
+ ErrRepositoryNotExists = errors.New("repository does not exist")
+ ErrRepositoryIncomplete = errors.New("repository's commondir path does not exist")
+ ErrRepositoryAlreadyExists = errors.New("repository already exists")
+ ErrRemoteNotFound = errors.New("remote not found")
+ ErrRemoteExists = errors.New("remote already exists")
+ ErrAnonymousRemoteName = errors.New("anonymous remote name must be 'anonymous'")
+ ErrWorktreeNotProvided = errors.New("worktree should be provided")
+ ErrIsBareRepository = errors.New("worktree not available in a bare repository")
+ ErrUnableToResolveCommit = errors.New("unable to resolve commit")
+ ErrPackedObjectsNotSupported = errors.New("packed objects not supported")
+ ErrSHA256NotSupported = errors.New("go-git was not compiled with SHA256 support")
+ ErrAlternatePathNotSupported = errors.New("alternate path must use the file scheme")
+ ErrUnsupportedMergeStrategy = errors.New("unsupported merge strategy")
+ ErrFastForwardMergeNotPossible = errors.New("not possible to fast-forward merge changes")
)
// Repository represents a git repository
@@ -1769,8 +1771,43 @@ func (r *Repository) RepackObjects(cfg *RepackConfig) (err error) {
return nil
}
+// Merge merges the reference branch into the current branch.
+//
+// If the merge is not possible (or supported) returns an error without changing
+// the HEAD for the current branch. Possible errors include:
+// - The merge strategy is not supported.
+// - The specific strategy cannot be used (e.g. using FastForwardMerge when one is not possible).
+func (r *Repository) Merge(ref plumbing.Reference, opts MergeOptions) error {
+ if opts.Strategy != FastForwardMerge {
+ return ErrUnsupportedMergeStrategy
+ }
+
+ // Ignore error as not having a shallow list is optional here.
+ shallowList, _ := r.Storer.Shallow()
+ var earliestShallow *plumbing.Hash
+ if len(shallowList) > 0 {
+ earliestShallow = &shallowList[0]
+ }
+
+ head, err := r.Head()
+ if err != nil {
+ return err
+ }
+
+ ff, err := isFastForward(r.Storer, head.Hash(), ref.Hash(), earliestShallow)
+ if err != nil {
+ return err
+ }
+
+ if !ff {
+ return ErrFastForwardMergeNotPossible
+ }
+
+ return r.Storer.SetReference(plumbing.NewHashReference(head.Name(), ref.Hash()))
+}
+
// createNewObjectPack is a helper for RepackObjects taking care
-// of creating a new pack. It is used so the the PackfileWriter
+// of creating a new pack. It is used so the PackfileWriter
// deferred close has the right scope.
func (r *Repository) createNewObjectPack(cfg *RepackConfig) (h plumbing.Hash, err error) {
ow := newObjectWalker(r.Storer)
diff --git a/vendor/github.com/go-git/go-git/v5/signer.go b/vendor/github.com/go-git/go-git/v5/signer.go
new file mode 100644
index 00000000000..e3ef7ebd31d
--- /dev/null
+++ b/vendor/github.com/go-git/go-git/v5/signer.go
@@ -0,0 +1,33 @@
+package git
+
+import (
+ "io"
+
+ "github.com/go-git/go-git/v5/plumbing"
+)
+
+// signableObject is an object which can be signed.
+type signableObject interface {
+ EncodeWithoutSignature(o plumbing.EncodedObject) error
+}
+
+// Signer is an interface for signing git objects.
+// message is a reader containing the encoded object to be signed.
+// Implementors should return the encoded signature and an error if any.
+// See https://git-scm.com/docs/gitformat-signature for more information.
+type Signer interface {
+ Sign(message io.Reader) ([]byte, error)
+}
+
+func signObject(signer Signer, obj signableObject) ([]byte, error) {
+ encoded := &plumbing.MemoryObject{}
+ if err := obj.EncodeWithoutSignature(encoded); err != nil {
+ return nil, err
+ }
+ r, err := encoded.Reader()
+ if err != nil {
+ return nil, err
+ }
+
+ return signer.Sign(r)
+}
diff --git a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go
index 7bba0d03e31..33800627de7 100644
--- a/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go
+++ b/vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go
@@ -29,6 +29,8 @@ type node struct {
hash []byte
children []noder.Noder
isDir bool
+ mode os.FileMode
+ size int64
}
// NewRootNode returns the root node based on a given billy.Filesystem.
@@ -48,8 +50,15 @@ func NewRootNode(
// difftree algorithm will detect changes in the contents of files and also in
// their mode.
//
+// Please note that the hash is calculated on first invocation of Hash(),
+// meaning that it will not update when the underlying file changes
+// between invocations.
+//
// The hash of a directory is always a 24-bytes slice of zero values
func (n *node) Hash() []byte {
+ if n.hash == nil {
+ n.calculateHash()
+ }
return n.hash
}
@@ -121,81 +130,74 @@ func (n *node) calculateChildren() error {
func (n *node) newChildNode(file os.FileInfo) (*node, error) {
path := path.Join(n.path, file.Name())
- hash, err := n.calculateHash(path, file)
- if err != nil {
- return nil, err
- }
-
node := &node{
fs: n.fs,
submodules: n.submodules,
path: path,
- hash: hash,
isDir: file.IsDir(),
+ size: file.Size(),
+ mode: file.Mode(),
}
- if hash, isSubmodule := n.submodules[path]; isSubmodule {
- node.hash = append(hash[:], filemode.Submodule.Bytes()...)
+ if _, isSubmodule := n.submodules[path]; isSubmodule {
node.isDir = false
}
return node, nil
}
-func (n *node) calculateHash(path string, file os.FileInfo) ([]byte, error) {
- if file.IsDir() {
- return make([]byte, 24), nil
- }
-
- var hash plumbing.Hash
- var err error
- if file.Mode()&os.ModeSymlink != 0 {
- hash, err = n.doCalculateHashForSymlink(path, file)
- } else {
- hash, err = n.doCalculateHashForRegular(path, file)
+func (n *node) calculateHash() {
+ if n.isDir {
+ n.hash = make([]byte, 24)
+ return
}
-
+ mode, err := filemode.NewFromOSFileMode(n.mode)
if err != nil {
- return nil, err
+ n.hash = plumbing.ZeroHash[:]
+ return
}
-
- mode, err := filemode.NewFromOSFileMode(file.Mode())
- if err != nil {
- return nil, err
+ if submoduleHash, isSubmodule := n.submodules[n.path]; isSubmodule {
+ n.hash = append(submoduleHash[:], filemode.Submodule.Bytes()...)
+ return
}
-
- return append(hash[:], mode.Bytes()...), nil
+ var hash plumbing.Hash
+ if n.mode&os.ModeSymlink != 0 {
+ hash = n.doCalculateHashForSymlink()
+ } else {
+ hash = n.doCalculateHashForRegular()
+ }
+ n.hash = append(hash[:], mode.Bytes()...)
}
-func (n *node) doCalculateHashForRegular(path string, file os.FileInfo) (plumbing.Hash, error) {
- f, err := n.fs.Open(path)
+func (n *node) doCalculateHashForRegular() plumbing.Hash {
+ f, err := n.fs.Open(n.path)
if err != nil {
- return plumbing.ZeroHash, err
+ return plumbing.ZeroHash
}
defer f.Close()
- h := plumbing.NewHasher(plumbing.BlobObject, file.Size())
+ h := plumbing.NewHasher(plumbing.BlobObject, n.size)
if _, err := io.Copy(h, f); err != nil {
- return plumbing.ZeroHash, err
+ return plumbing.ZeroHash
}
- return h.Sum(), nil
+ return h.Sum()
}
-func (n *node) doCalculateHashForSymlink(path string, file os.FileInfo) (plumbing.Hash, error) {
- target, err := n.fs.Readlink(path)
+func (n *node) doCalculateHashForSymlink() plumbing.Hash {
+ target, err := n.fs.Readlink(n.path)
if err != nil {
- return plumbing.ZeroHash, err
+ return plumbing.ZeroHash
}
- h := plumbing.NewHasher(plumbing.BlobObject, file.Size())
+ h := plumbing.NewHasher(plumbing.BlobObject, n.size)
if _, err := h.Write([]byte(target)); err != nil {
- return plumbing.ZeroHash, err
+ return plumbing.ZeroHash
}
- return h.Sum(), nil
+ return h.Sum()
}
func (n *node) String() string {
diff --git a/vendor/github.com/go-git/go-git/v5/worktree.go b/vendor/github.com/go-git/go-git/v5/worktree.go
index ad525c1a494..ab11d42db83 100644
--- a/vendor/github.com/go-git/go-git/v5/worktree.go
+++ b/vendor/github.com/go-git/go-git/v5/worktree.go
@@ -227,20 +227,17 @@ func (w *Worktree) createBranch(opts *CheckoutOptions) error {
}
func (w *Worktree) getCommitFromCheckoutOptions(opts *CheckoutOptions) (plumbing.Hash, error) {
- if !opts.Hash.IsZero() {
- return opts.Hash, nil
- }
-
- b, err := w.r.Reference(opts.Branch, true)
- if err != nil {
- return plumbing.ZeroHash, err
- }
+ hash := opts.Hash
+ if hash.IsZero() {
+ b, err := w.r.Reference(opts.Branch, true)
+ if err != nil {
+ return plumbing.ZeroHash, err
+ }
- if !b.Name().IsTag() {
- return b.Hash(), nil
+ hash = b.Hash()
}
- o, err := w.r.Object(plumbing.AnyObject, b.Hash())
+ o, err := w.r.Object(plumbing.AnyObject, hash)
if err != nil {
return plumbing.ZeroHash, err
}
@@ -248,7 +245,7 @@ func (w *Worktree) getCommitFromCheckoutOptions(opts *CheckoutOptions) (plumbing
switch o := o.(type) {
case *object.Tag:
if o.TargetType != plumbing.CommitObject {
- return plumbing.ZeroHash, fmt.Errorf("unsupported tag object target %q", o.TargetType)
+ return plumbing.ZeroHash, fmt.Errorf("%w: tag target %q", object.ErrUnsupportedObject, o.TargetType)
}
return o.Target, nil
@@ -256,7 +253,7 @@ func (w *Worktree) getCommitFromCheckoutOptions(opts *CheckoutOptions) (plumbing
return o.Hash, nil
}
- return plumbing.ZeroHash, fmt.Errorf("unsupported tag target %q", o.Type())
+ return plumbing.ZeroHash, fmt.Errorf("%w: %q", object.ErrUnsupportedObject, o.Type())
}
func (w *Worktree) setHEADToCommit(commit plumbing.Hash) error {
@@ -431,6 +428,10 @@ var worktreeDeny = map[string]struct{}{
func validPath(paths ...string) error {
for _, p := range paths {
parts := strings.FieldsFunc(p, func(r rune) bool { return (r == '\\' || r == '/') })
+ if len(parts) == 0 {
+ return fmt.Errorf("invalid path: %q", p)
+ }
+
if _, denied := worktreeDeny[strings.ToLower(parts[0])]; denied {
return fmt.Errorf("invalid path prefix: %q", p)
}
diff --git a/vendor/github.com/go-git/go-git/v5/worktree_commit.go b/vendor/github.com/go-git/go-git/v5/worktree_commit.go
index eaa21c3f191..f62054bcb44 100644
--- a/vendor/github.com/go-git/go-git/v5/worktree_commit.go
+++ b/vendor/github.com/go-git/go-git/v5/worktree_commit.go
@@ -3,6 +3,7 @@ package git
import (
"bytes"
"errors"
+ "io"
"path"
"sort"
"strings"
@@ -14,6 +15,7 @@ import (
"github.com/go-git/go-git/v5/storage"
"github.com/ProtonMail/go-crypto/openpgp"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
"github.com/go-git/go-billy/v5"
)
@@ -43,29 +45,30 @@ func (w *Worktree) Commit(msg string, opts *CommitOptions) (plumbing.Hash, error
if err != nil {
return plumbing.ZeroHash, err
}
-
- t, err := w.r.getTreeFromCommitHash(head.Hash())
+ headCommit, err := w.r.CommitObject(head.Hash())
if err != nil {
return plumbing.ZeroHash, err
}
- treeHash = t.Hash
- opts.Parents = []plumbing.Hash{head.Hash()}
- } else {
- idx, err := w.r.Storer.Index()
- if err != nil {
- return plumbing.ZeroHash, err
+ opts.Parents = nil
+ if len(headCommit.ParentHashes) != 0 {
+ opts.Parents = []plumbing.Hash{headCommit.ParentHashes[0]}
}
+ }
- h := &buildTreeHelper{
- fs: w.Filesystem,
- s: w.r.Storer,
- }
+ idx, err := w.r.Storer.Index()
+ if err != nil {
+ return plumbing.ZeroHash, err
+ }
- treeHash, err = h.BuildTree(idx, opts)
- if err != nil {
- return plumbing.ZeroHash, err
- }
+ h := &buildTreeHelper{
+ fs: w.Filesystem,
+ s: w.r.Storer,
+ }
+
+ treeHash, err = h.BuildTree(idx, opts)
+ if err != nil {
+ return plumbing.ZeroHash, err
}
commit, err := w.buildCommitObject(msg, opts, treeHash)
@@ -125,12 +128,17 @@ func (w *Worktree) buildCommitObject(msg string, opts *CommitOptions, tree plumb
ParentHashes: opts.Parents,
}
- if opts.SignKey != nil {
- sig, err := w.buildCommitSignature(commit, opts.SignKey)
+ // Convert SignKey into a Signer if set. Existing Signer should take priority.
+ signer := opts.Signer
+ if signer == nil && opts.SignKey != nil {
+ signer = &gpgSigner{key: opts.SignKey}
+ }
+ if signer != nil {
+ sig, err := signObject(signer, commit)
if err != nil {
return plumbing.ZeroHash, err
}
- commit.PGPSignature = sig
+ commit.PGPSignature = string(sig)
}
obj := w.r.Storer.NewEncodedObject()
@@ -140,20 +148,17 @@ func (w *Worktree) buildCommitObject(msg string, opts *CommitOptions, tree plumb
return w.r.Storer.SetEncodedObject(obj)
}
-func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) {
- encoded := &plumbing.MemoryObject{}
- if err := commit.Encode(encoded); err != nil {
- return "", err
- }
- r, err := encoded.Reader()
- if err != nil {
- return "", err
- }
+type gpgSigner struct {
+ key *openpgp.Entity
+ cfg *packet.Config
+}
+
+func (s *gpgSigner) Sign(message io.Reader) ([]byte, error) {
var b bytes.Buffer
- if err := openpgp.ArmoredDetachSign(&b, signKey, r, nil); err != nil {
- return "", err
+ if err := openpgp.ArmoredDetachSign(&b, s.key, message, s.cfg); err != nil {
+ return nil, err
}
- return b.String(), nil
+ return b.Bytes(), nil
}
// buildTreeHelper converts a given index.Index file into multiple git objects
@@ -263,4 +268,4 @@ func (h *buildTreeHelper) copyTreeToStorageRecursive(parent string, t *object.Tr
return hash, nil
}
return h.s.SetEncodedObject(o)
-}
\ No newline at end of file
+}
diff --git a/vendor/github.com/go-git/go-git/v5/worktree_status.go b/vendor/github.com/go-git/go-git/v5/worktree_status.go
index 730108754b9..dd9b2439cfd 100644
--- a/vendor/github.com/go-git/go-git/v5/worktree_status.go
+++ b/vendor/github.com/go-git/go-git/v5/worktree_status.go
@@ -271,7 +271,7 @@ func diffTreeIsEquals(a, b noder.Hasher) bool {
// no error is returned. When path is a file, the blob.Hash is returned.
func (w *Worktree) Add(path string) (plumbing.Hash, error) {
// TODO(mcuadros): deprecate in favor of AddWithOption in v6.
- return w.doAdd(path, make([]gitignore.Pattern, 0))
+ return w.doAdd(path, make([]gitignore.Pattern, 0), false)
}
func (w *Worktree) doAddDirectory(idx *index.Index, s Status, directory string, ignorePattern []gitignore.Pattern) (added bool, err error) {
@@ -321,7 +321,7 @@ func (w *Worktree) AddWithOptions(opts *AddOptions) error {
}
if opts.All {
- _, err := w.doAdd(".", w.Excludes)
+ _, err := w.doAdd(".", w.Excludes, false)
return err
}
@@ -329,16 +329,11 @@ func (w *Worktree) AddWithOptions(opts *AddOptions) error {
return w.AddGlob(opts.Glob)
}
- _, err := w.Add(opts.Path)
+ _, err := w.doAdd(opts.Path, make([]gitignore.Pattern, 0), opts.SkipStatus)
return err
}
-func (w *Worktree) doAdd(path string, ignorePattern []gitignore.Pattern) (plumbing.Hash, error) {
- s, err := w.Status()
- if err != nil {
- return plumbing.ZeroHash, err
- }
-
+func (w *Worktree) doAdd(path string, ignorePattern []gitignore.Pattern, skipStatus bool) (plumbing.Hash, error) {
idx, err := w.r.Storer.Index()
if err != nil {
return plumbing.ZeroHash, err
@@ -348,6 +343,17 @@ func (w *Worktree) doAdd(path string, ignorePattern []gitignore.Pattern) (plumbi
var added bool
fi, err := w.Filesystem.Lstat(path)
+
+ // status is required for doAddDirectory
+ var s Status
+ var err2 error
+ if !skipStatus || fi == nil || fi.IsDir() {
+ s, err2 = w.Status()
+ if err2 != nil {
+ return plumbing.ZeroHash, err2
+ }
+ }
+
if err != nil || !fi.IsDir() {
added, h, err = w.doAddFile(idx, s, path, ignorePattern)
} else {
@@ -421,8 +427,9 @@ func (w *Worktree) AddGlob(pattern string) error {
// doAddFile create a new blob from path and update the index, added is true if
// the file added is different from the index.
+// if s status is nil will skip the status check and update the index anyway
func (w *Worktree) doAddFile(idx *index.Index, s Status, path string, ignorePattern []gitignore.Pattern) (added bool, h plumbing.Hash, err error) {
- if s.File(path).Worktree == Unmodified {
+ if s != nil && s.File(path).Worktree == Unmodified {
return false, h, nil
}
if len(ignorePattern) > 0 {
diff --git a/vendor/github.com/go-openapi/runtime/client/request.go b/vendor/github.com/go-openapi/runtime/client/request.go
index c238953f384..c4a891d0bc5 100644
--- a/vendor/github.com/go-openapi/runtime/client/request.go
+++ b/vendor/github.com/go-openapi/runtime/client/request.go
@@ -36,7 +36,7 @@ import (
)
// NewRequest creates a new swagger http client request
-func newRequest(method, pathPattern string, writer runtime.ClientRequestWriter) (*request, error) {
+func newRequest(method, pathPattern string, writer runtime.ClientRequestWriter) *request {
return &request{
pathPattern: pathPattern,
method: method,
@@ -45,7 +45,7 @@ func newRequest(method, pathPattern string, writer runtime.ClientRequestWriter)
query: make(url.Values),
timeout: DefaultTimeout,
getBody: getRequestBuffer,
- }, nil
+ }
}
// Request represents a swagger client request.
diff --git a/vendor/github.com/go-openapi/runtime/client/runtime.go b/vendor/github.com/go-openapi/runtime/client/runtime.go
index fdf97176bf8..5bd4d75d906 100644
--- a/vendor/github.com/go-openapi/runtime/client/runtime.go
+++ b/vendor/github.com/go-openapi/runtime/client/runtime.go
@@ -32,12 +32,13 @@ import (
"sync"
"time"
+ "github.com/go-openapi/strfmt"
+ "github.com/opentracing/opentracing-go"
+
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/logger"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/runtime/yamlpc"
- "github.com/go-openapi/strfmt"
- "github.com/opentracing/opentracing-go"
)
const (
@@ -379,14 +380,11 @@ func (r *Runtime) EnableConnectionReuse() {
func (r *Runtime) createHttpRequest(operation *runtime.ClientOperation) (*request, *http.Request, error) { //nolint:revive,stylecheck
params, _, auth := operation.Params, operation.Reader, operation.AuthInfo
- request, err := newRequest(operation.Method, operation.PathPattern, params)
- if err != nil {
- return nil, nil, err
- }
+ request := newRequest(operation.Method, operation.PathPattern, params)
var accept []string
accept = append(accept, operation.ProducesMediaTypes...)
- if err = request.SetHeaderParam(runtime.HeaderAccept, accept...); err != nil {
+ if err := request.SetHeaderParam(runtime.HeaderAccept, accept...); err != nil {
return nil, nil, err
}
diff --git a/vendor/github.com/go-openapi/runtime/csv.go b/vendor/github.com/go-openapi/runtime/csv.go
index b1640eaff9c..c9597bcd6e0 100644
--- a/vendor/github.com/go-openapi/runtime/csv.go
+++ b/vendor/github.com/go-openapi/runtime/csv.go
@@ -125,15 +125,10 @@ func CSVConsumer(opts ...CSVOpt) Consumer {
return err
}
- /*
- // with go1.20:
- v.Grow(len(csvWriter.records))
- v.SetCap(len(csvWriter.records)) // in case Grow was unnessary, trim down the capacity
- v.SetLen(len(csvWriter.records))
- reflect.Copy(v, reflect.ValueOf(csvWriter.records))
- */
- v.SetLen(0)
- v.Set(reflect.AppendSlice(v, reflect.ValueOf(csvWriter.records)))
+ v.Grow(len(csvWriter.records))
+ v.SetCap(len(csvWriter.records)) // in case Grow was unnessary, trim down the capacity
+ v.SetLen(len(csvWriter.records))
+ reflect.Copy(v, reflect.ValueOf(csvWriter.records))
return nil
diff --git a/vendor/github.com/go-openapi/swag/string_bytes.go b/vendor/github.com/go-openapi/swag/string_bytes.go
index c52d6bf7194..90745d5ca9f 100644
--- a/vendor/github.com/go-openapi/swag/string_bytes.go
+++ b/vendor/github.com/go-openapi/swag/string_bytes.go
@@ -2,21 +2,7 @@ package swag
import "unsafe"
-type internalString struct {
- Data unsafe.Pointer
- Len int
-}
-
// hackStringBytes returns the (unsafe) underlying bytes slice of a string.
-func hackStringBytes(str string) []byte {
- p := (*internalString)(unsafe.Pointer(&str)).Data
- return unsafe.Slice((*byte)(p), len(str))
-}
-
-/*
- * go1.20 version (for when go mod moves to a go1.20 requirement):
-
func hackStringBytes(str string) []byte {
return unsafe.Slice(unsafe.StringData(str), len(str))
}
-*/
diff --git a/vendor/github.com/gocql/gocql/conn.go b/vendor/github.com/gocql/gocql/conn.go
index 9a223f80a32..0f687aaa75e 100644
--- a/vendor/github.com/gocql/gocql/conn.go
+++ b/vendor/github.com/gocql/gocql/conn.go
@@ -208,7 +208,8 @@ type Conn struct {
timeouts int64
- logger StdLogger
+ logger StdLogger
+ tabletsRoutingV1 bool
}
// connect establishes a connection to a Cassandra node using session's connection config.
@@ -724,6 +725,9 @@ func (c *Conn) recv(ctx context.Context) error {
} else if head.stream == -1 {
// TODO: handle cassandra event frames, we shouldnt get any currently
framer := newFramerWithExts(c.compressor, c.version, c.cqlProtoExts)
+ c.mu.Lock()
+ c.tabletsRoutingV1 = framer.tabletsRoutingV1
+ c.mu.Unlock()
if err := framer.readFrame(c, &head); err != nil {
return err
}
@@ -733,6 +737,9 @@ func (c *Conn) recv(ctx context.Context) error {
// reserved stream that we dont use, probably due to a protocol error
// or a bug in Cassandra, this should be an error, parse it and return.
framer := newFramerWithExts(c.compressor, c.version, c.cqlProtoExts)
+ c.mu.Lock()
+ c.tabletsRoutingV1 = framer.tabletsRoutingV1
+ c.mu.Unlock()
if err := framer.readFrame(c, &head); err != nil {
return err
}
@@ -1069,6 +1076,9 @@ func (c *Conn) exec(ctx context.Context, req frameBuilder, tracer Tracer) (*fram
// resp is basically a waiting semaphore protecting the framer
framer := newFramerWithExts(c.compressor, c.version, c.cqlProtoExts)
+ c.mu.Lock()
+ c.tabletsRoutingV1 = framer.tabletsRoutingV1
+ c.mu.Unlock()
call := &callReq{
timeout: make(chan struct{}),
@@ -1453,6 +1463,63 @@ func (c *Conn) executeQuery(ctx context.Context, qry *Query) *Iter {
return &Iter{err: err}
}
+ if len(framer.customPayload) > 0 {
+ if tabletInfo, ok := framer.customPayload["tablets-routing-v1"]; ok {
+ var firstToken string
+ var lastToken string
+ var replicas [][]interface{}
+ tabletInfoValue := []interface{}{&firstToken, &lastToken, &replicas}
+ Unmarshal(TupleTypeInfo{
+ NativeType: NativeType{proto: c.version, typ: TypeTuple},
+ Elems: []TypeInfo{
+ NativeType{typ: TypeBigInt},
+ NativeType{typ: TypeBigInt},
+ CollectionType{
+ NativeType: NativeType{proto: c.version, typ: TypeList},
+ Elem: TupleTypeInfo{
+ NativeType: NativeType{proto: c.version, typ: TypeTuple},
+ Elems: []TypeInfo{
+ NativeType{proto: c.version, typ: TypeUUID},
+ NativeType{proto: c.version, typ: TypeInt},
+ }},
+ },
+ },
+ }, tabletInfo, tabletInfoValue)
+
+ tablet := TabletInfo{}
+ tablet.firstToken, err = strconv.ParseInt(firstToken, 10, 64)
+ if err != nil {
+ return &Iter{err: err}
+ }
+ tablet.lastToken, err = strconv.ParseInt(lastToken, 10, 64)
+ if err != nil {
+ return &Iter{err: err}
+ }
+
+ tabletReplicas := make([]ReplicaInfo, 0, len(replicas))
+ for _, replica := range replicas {
+ if len(replica) != 2 {
+ return &Iter{err: err}
+ }
+ if hostId, ok := replica[0].(UUID); ok {
+ if shardId, ok := replica[1].(int); ok {
+ repInfo := ReplicaInfo{hostId, shardId}
+ tabletReplicas = append(tabletReplicas, repInfo)
+ } else {
+ return &Iter{err: err}
+ }
+ } else {
+ return &Iter{err: err}
+ }
+ }
+ tablet.replicas = tabletReplicas
+ tablet.keyspaceName = qry.routingInfo.keyspace
+ tablet.tableName = qry.routingInfo.table
+
+ addTablet(c.session.hostSource, &tablet)
+ }
+ }
+
if len(framer.traceID) > 0 && qry.trace != nil {
qry.trace.Trace(framer.traceID)
}
diff --git a/vendor/github.com/gocql/gocql/connectionpool.go b/vendor/github.com/gocql/gocql/connectionpool.go
index d207fa0aaca..4e61f306298 100644
--- a/vendor/github.com/gocql/gocql/connectionpool.go
+++ b/vendor/github.com/gocql/gocql/connectionpool.go
@@ -26,6 +26,12 @@ type SetPartitioner interface {
SetPartitioner(partitioner string)
}
+// interface to implement to receive the tablets value
+// Experimental, this interface and use may change
+type SetTablets interface {
+ SetTablets(tablets []*TabletInfo)
+}
+
func setupTLSConfig(sslOpts *SslOptions) (*tls.Config, error) {
// Config.InsecureSkipVerify | EnableHostVerification | Result
// Config is nil | true | verify host
@@ -312,7 +318,7 @@ func newHostConnPool(session *Session, host *HostInfo, port, size int,
}
// Pick a connection from this connection pool for the given query.
-func (pool *hostConnPool) Pick(token token) *Conn {
+func (pool *hostConnPool) Pick(token token, keyspace string, table string) *Conn {
pool.mu.RLock()
defer pool.mu.RUnlock()
@@ -330,7 +336,7 @@ func (pool *hostConnPool) Pick(token token) *Conn {
}
}
- return pool.connPicker.Pick(token)
+ return pool.connPicker.Pick(token, keyspace, table)
}
// Size returns the number of connections currently active in the pool
diff --git a/vendor/github.com/gocql/gocql/connpicker.go b/vendor/github.com/gocql/gocql/connpicker.go
index 66adcdc8e94..af43d35c035 100644
--- a/vendor/github.com/gocql/gocql/connpicker.go
+++ b/vendor/github.com/gocql/gocql/connpicker.go
@@ -7,7 +7,7 @@ import (
)
type ConnPicker interface {
- Pick(token) *Conn
+ Pick(token, string, string) *Conn
Put(*Conn)
Remove(conn *Conn)
Size() (int, int)
@@ -65,7 +65,7 @@ func (p *defaultConnPicker) Size() (int, int) {
return size, p.size - size
}
-func (p *defaultConnPicker) Pick(token) *Conn {
+func (p *defaultConnPicker) Pick(token, string, string) *Conn {
pos := int(atomic.AddUint32(&p.pos, 1) - 1)
size := len(p.conns)
@@ -104,7 +104,7 @@ func (*defaultConnPicker) NextShard() (shardID, nrShards int) {
// to the point where we have first connection.
type nopConnPicker struct{}
-func (nopConnPicker) Pick(token) *Conn {
+func (nopConnPicker) Pick(token, string, string) *Conn {
return nil
}
diff --git a/vendor/github.com/gocql/gocql/docker-compose.yml b/vendor/github.com/gocql/gocql/docker-compose.yml
index 9e7490c7d5e..8090eb7e219 100644
--- a/vendor/github.com/gocql/gocql/docker-compose.yml
+++ b/vendor/github.com/gocql/gocql/docker-compose.yml
@@ -32,6 +32,60 @@ services:
interval: 5s
timeout: 5s
retries: 18
+ node_2:
+ image: scylladb/scylla-nightly
+ command: |
+ --experimental-features consistent-topology-changes
+ --experimental-features tablets
+ --smp 2
+ --memory 1G
+ --seeds 192.168.100.12
+ networks:
+ public:
+ ipv4_address: 192.168.100.12
+ healthcheck:
+ test: [ "CMD", "cqlsh", "192.168.100.12", "-e", "select * from system.local" ]
+ interval: 5s
+ timeout: 5s
+ retries: 18
+ node_3:
+ image: scylladb/scylla-nightly
+ command: |
+ --experimental-features consistent-topology-changes
+ --experimental-features tablets
+ --smp 2
+ --memory 1G
+ --seeds 192.168.100.12
+ networks:
+ public:
+ ipv4_address: 192.168.100.13
+ healthcheck:
+ test: [ "CMD", "cqlsh", "192.168.100.13", "-e", "select * from system.local" ]
+ interval: 5s
+ timeout: 5s
+ retries: 18
+ depends_on:
+ node_2:
+ condition: service_healthy
+ node_4:
+ image: scylladb/scylla-nightly
+ command: |
+ --experimental-features consistent-topology-changes
+ --experimental-features tablets
+ --smp 2
+ --memory 1G
+ --seeds 192.168.100.12
+ networks:
+ public:
+ ipv4_address: 192.168.100.14
+ healthcheck:
+ test: [ "CMD", "cqlsh", "192.168.100.14", "-e", "select * from system.local" ]
+ interval: 5s
+ timeout: 5s
+ retries: 18
+ depends_on:
+ node_3:
+ condition: service_healthy
networks:
public:
driver: bridge
diff --git a/vendor/github.com/gocql/gocql/frame.go b/vendor/github.com/gocql/gocql/frame.go
index caf00eb34e4..d7e6b8dc4a1 100644
--- a/vendor/github.com/gocql/gocql/frame.go
+++ b/vendor/github.com/gocql/gocql/frame.go
@@ -367,6 +367,7 @@ type framer struct {
flagLWT int
rateLimitingErrorCode int
+ tabletsRoutingV1 bool
}
func newFramer(compressor Compressor, version byte) *framer {
@@ -398,6 +399,8 @@ func newFramer(compressor Compressor, version byte) *framer {
f.header = nil
f.traceID = nil
+ f.tabletsRoutingV1 = false
+
return f
}
@@ -427,6 +430,17 @@ func newFramerWithExts(compressor Compressor, version byte, cqlProtoExts []cqlPr
f.rateLimitingErrorCode = castedExt.rateLimitErrorCode
}
+ if tabletsExt := findCQLProtoExtByName(cqlProtoExts, tabletsRoutingV1); tabletsExt != nil {
+ _, ok := tabletsExt.(*tabletsRoutingV1Ext)
+ if !ok {
+ Logger.Println(
+ fmt.Errorf("Failed to cast CQL protocol extension identified by name %s to type %T",
+ tabletsRoutingV1, tabletsRoutingV1Ext{}))
+ return f
+ }
+ f.tabletsRoutingV1 = true
+ }
+
return f
}
diff --git a/vendor/github.com/gocql/gocql/host_source.go b/vendor/github.com/gocql/gocql/host_source.go
index ae0de33b5f1..31132e38f0d 100644
--- a/vendor/github.com/gocql/gocql/host_source.go
+++ b/vendor/github.com/gocql/gocql/host_source.go
@@ -472,12 +472,151 @@ func (h *HostInfo) ScyllaShardAwarePortTLS() uint16 {
return h.scyllaShardAwarePortTLS
}
+// Experimental, this interface and use may change
+type ReplicaInfo struct {
+ hostId UUID
+ shardId int
+}
+
+// Experimental, this interface and use may change
+type TabletInfo struct {
+ mu sync.RWMutex
+ keyspaceName string
+ tableName string
+ firstToken int64
+ lastToken int64
+ replicas []ReplicaInfo
+}
+
+func (t *TabletInfo) KeyspaceName() string {
+ t.mu.RLock()
+ defer t.mu.RUnlock()
+ return t.keyspaceName
+}
+
+func (t *TabletInfo) FirstToken() int64 {
+ t.mu.RLock()
+ defer t.mu.RUnlock()
+ return t.firstToken
+}
+
+func (t *TabletInfo) LastToken() int64 {
+ t.mu.RLock()
+ defer t.mu.RUnlock()
+ return t.lastToken
+}
+
+func (t *TabletInfo) TableName() string {
+ t.mu.RLock()
+ defer t.mu.RUnlock()
+ return t.tableName
+}
+
+func (t *TabletInfo) Replicas() []ReplicaInfo {
+ t.mu.RLock()
+ defer t.mu.RUnlock()
+ return t.replicas
+}
+
+// Search for place in tablets table with specific Keyspace and Table name
+func findTablets(tablets []*TabletInfo, k string, t string) (int, int) {
+ l := -1
+ r := -1
+ for i, tablet := range tablets {
+ if tablet.KeyspaceName() == k && tablet.TableName() == t {
+ if l == -1 {
+ l = i
+ }
+ r = i
+ } else if l != -1 {
+ break
+ }
+ }
+
+ return l, r
+}
+
+func addTabletToTabletsList(tablets []*TabletInfo, tablet *TabletInfo) []*TabletInfo {
+ l, r := findTablets(tablets, tablet.keyspaceName, tablet.tableName)
+ if l == -1 && r == -1 {
+ l = 0
+ r = 0
+ } else {
+ r = r + 1
+ }
+
+ l1, r1 := l, r
+ l2, r2 := l1, r1
+
+ // find first overlaping range
+ for l1 < r1 {
+ mid := (l1 + r1) / 2
+ if tablets[mid].FirstToken() < tablet.FirstToken() {
+ l1 = mid + 1
+ } else {
+ r1 = mid
+ }
+ }
+ start := l1
+
+ if start > l && tablets[start-1].LastToken() > tablet.FirstToken() {
+ start = start - 1
+ }
+
+ // find last overlaping range
+ for l2 < r2 {
+ mid := (l2 + r2) / 2
+ if tablets[mid].LastToken() < tablet.LastToken() {
+ l2 = mid + 1
+ } else {
+ r2 = mid
+ }
+ }
+ end := l2
+ if end < r && tablets[end].FirstToken() >= tablet.LastToken() {
+ end = end - 1
+ }
+ if end == len(tablets) {
+ end = end - 1
+ }
+
+ updated_tablets := tablets
+ if start <= end {
+ // Delete elements from index start to end
+ updated_tablets = append(tablets[:start], tablets[end+1:]...)
+ }
+ // Insert tablet element at index start
+ updated_tablets2 := append(updated_tablets[:start], append([]*TabletInfo{tablet}, updated_tablets[start:]...)...)
+ return updated_tablets2
+}
+
+// Search for place in tablets table for token starting from index l to index r
+func findTabletForToken(tablets []*TabletInfo, token token, l int, r int) *TabletInfo {
+ for l < r {
+ var m int
+ if r*l > 0 {
+ m = l + (r-l)/2
+ } else {
+ m = (r + l) / 2
+ }
+ if int64Token(tablets[m].LastToken()).Less(token) {
+ l = m + 1
+ } else {
+ r = m
+ }
+ }
+
+ return tablets[l]
+}
+
// Polls system.peers at a specific interval to find new hosts
type ringDescriber struct {
session *Session
mu sync.Mutex
prevHosts []*HostInfo
prevPartitioner string
+ // Experimental, this interface and use may change
+ prevTablets []*TabletInfo
}
// Returns true if we are using system_schema.keyspaces instead of system.schema_keyspaces
@@ -835,6 +974,23 @@ func refreshRing(r *ringDescriber) error {
r.session.metadata.setPartitioner(partitioner)
r.session.policy.SetPartitioner(partitioner)
+
+ return nil
+}
+
+// Experimental, this interface and use may change
+func addTablet(r *ringDescriber, tablet *TabletInfo) error {
+ r.mu.Lock()
+ defer r.mu.Unlock()
+
+ tablets := r.session.getTablets()
+ tablets = addTabletToTabletsList(tablets, tablet)
+
+ r.session.ring.setTablets(tablets)
+ r.session.policy.SetTablets(tablets)
+
+ r.session.schemaDescriber.refreshTabletsSchema()
+
return nil
}
diff --git a/vendor/github.com/gocql/gocql/integration.sh b/vendor/github.com/gocql/gocql/integration.sh
index 5c29615e957..6598599d10e 100644
--- a/vendor/github.com/gocql/gocql/integration.sh
+++ b/vendor/github.com/gocql/gocql/integration.sh
@@ -28,10 +28,25 @@ function scylla_restart() {
scylla_restart
readonly clusterSize=1
+readonly multiNodeClusterSize=3
readonly scylla_liveset="192.168.100.11"
+readonly scylla_tablet_liveset="192.168.100.12"
readonly cversion="3.11.4"
readonly proto=4
readonly args="-gocql.timeout=60s -proto=${proto} -rf=${clusterSize} -clusterSize=${clusterSize} -autowait=2000ms -compressor=snappy -gocql.cversion=${cversion} -cluster=${scylla_liveset}"
-
-echo "==> Running $* tests with args: ${args}"
-go test -timeout=5m -race -tags="$*" ${args} ./...
+readonly tabletArgs="-gocql.timeout=60s -proto=${proto} -rf=1 -clusterSize=${multiNodeClusterSize} -autowait=2000ms -compressor=snappy -gocql.cversion=${cversion} -multiCluster=${scylla_tablet_liveset}"
+
+if [[ "$*" == *"tablet"* ]];
+then
+ echo "==> Running tablet tests with args: ${tabletArgs}"
+ go test -timeout=5m -race -tags="tablet" ${tabletArgs} ./...
+fi
+
+TAGS=$*
+TAGS=${TAGS//"tablet"/}
+
+if [ ! -z "$TAGS" ];
+then
+ echo "==> Running ${TAGS} tests with args: ${args}"
+ go test -timeout=5m -race -tags="$TAGS" ${args} ./...
+fi
diff --git a/vendor/github.com/gocql/gocql/metadata_scylla.go b/vendor/github.com/gocql/gocql/metadata_scylla.go
index 7efdeb9b414..c413d97c066 100644
--- a/vendor/github.com/gocql/gocql/metadata_scylla.go
+++ b/vendor/github.com/gocql/gocql/metadata_scylla.go
@@ -1,3 +1,4 @@
+//go:build !cassandra || scylla
// +build !cassandra scylla
// Copyright (c) 2015 The gocql Authors. All rights reserved.
@@ -132,6 +133,29 @@ type IndexMetadata struct {
Options map[string]string
}
+// TabletsMetadata holds metadata for tablet list
+// Experimental, this interface and use may change
+type TabletsMetadata struct {
+ Tablets []*TabletMetadata
+}
+
+// TabletMetadata holds metadata for single tablet
+// Experimental, this interface and use may change
+type TabletMetadata struct {
+ KeyspaceName string
+ TableName string
+ FirstToken int64
+ LastToken int64
+ Replicas []ReplicaMetadata
+}
+
+// TabletMetadata holds metadata for single replica
+// Experimental, this interface and use may change
+type ReplicaMetadata struct {
+ HostId UUID
+ ShardId int
+}
+
const (
IndexKindCustom = "CUSTOM"
)
@@ -215,20 +239,24 @@ func columnKindFromSchema(kind string) (ColumnKind, error) {
}
}
-// queries the cluster for schema information for a specific keyspace
+// queries the cluster for schema information for a specific keyspace and for tablets
type schemaDescriber struct {
session *Session
mu sync.Mutex
- cache map[string]*KeyspaceMetadata
+ cache map[string]*KeyspaceMetadata
+
+ // Experimental, this interface and use may change
+ tabletsCache *TabletsMetadata
}
// creates a session bound schema describer which will query and cache
-// keyspace metadata
+// keyspace metadata and tablets metadata
func newSchemaDescriber(session *Session) *schemaDescriber {
return &schemaDescriber{
- session: session,
- cache: map[string]*KeyspaceMetadata{},
+ session: session,
+ cache: map[string]*KeyspaceMetadata{},
+ tabletsCache: &TabletsMetadata{},
}
}
@@ -252,6 +280,36 @@ func (s *schemaDescriber) getSchema(keyspaceName string) (*KeyspaceMetadata, err
return metadata, nil
}
+// Experimental, this interface and use may change
+func (s *schemaDescriber) getTabletsSchema() *TabletsMetadata {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+
+ metadata := s.tabletsCache
+
+ return metadata
+}
+
+// Experimental, this interface and use may change
+func (s *schemaDescriber) refreshTabletsSchema() {
+ tablets := s.session.getTablets()
+ s.tabletsCache.Tablets = []*TabletMetadata{}
+
+ for _, tablet := range tablets {
+ t := &TabletMetadata{}
+ t.KeyspaceName = tablet.KeyspaceName()
+ t.TableName = tablet.TableName()
+ t.FirstToken = tablet.FirstToken()
+ t.LastToken = tablet.LastToken()
+ t.Replicas = []ReplicaMetadata{}
+ for _, replica := range tablet.Replicas() {
+ t.Replicas = append(t.Replicas, ReplicaMetadata{replica.hostId, replica.shardId})
+ }
+
+ s.tabletsCache.Tablets = append(s.tabletsCache.Tablets, t)
+ }
+}
+
// clears the already cached keyspace metadata
func (s *schemaDescriber) clearSchema(keyspaceName string) {
s.mu.Lock()
diff --git a/vendor/github.com/gocql/gocql/policies.go b/vendor/github.com/gocql/gocql/policies.go
index 6373a2c7c91..70ea00164a8 100644
--- a/vendor/github.com/gocql/gocql/policies.go
+++ b/vendor/github.com/gocql/gocql/policies.go
@@ -95,6 +95,34 @@ func (c *cowHostList) remove(ip net.IP) bool {
return true
}
+// cowTabletList implements a copy on write tablet list, its equivalent type is []*TabletInfo
+// Experimental, this interface and use may change
+type cowTabletList struct {
+ list atomic.Value
+ mu sync.Mutex
+}
+
+func (c *cowTabletList) get() []*TabletInfo {
+ l, ok := c.list.Load().(*[]*TabletInfo)
+ if !ok {
+ return nil
+ }
+ return *l
+}
+
+func (c *cowTabletList) set(tablets []*TabletInfo) {
+ c.mu.Lock()
+ defer c.mu.Unlock()
+
+ n := len(tablets)
+ l := make([]*TabletInfo, n)
+ for i := 0; i < n; i++ {
+ l[i] = tablets[i]
+ }
+
+ c.list.Store(&l)
+}
+
// RetryableQuery is an interface that represents a query or batch statement that
// exposes the correct functions for the retry policy logic to evaluate correctly.
type RetryableQuery interface {
@@ -279,6 +307,8 @@ type HostTierer interface {
type HostSelectionPolicy interface {
HostStateNotifier
SetPartitioner
+ // Experimental, this interface and use may change
+ SetTablets
KeyspaceChanged(KeyspaceUpdateEvent)
Init(*Session)
IsLocal(host *HostInfo) bool
@@ -331,6 +361,9 @@ func (r *roundRobinHostPolicy) KeyspaceChanged(KeyspaceUpdateEvent) {}
func (r *roundRobinHostPolicy) SetPartitioner(partitioner string) {}
func (r *roundRobinHostPolicy) Init(*Session) {}
+// Experimental, this interface and use may change
+func (r *roundRobinHostPolicy) SetTablets(tablets []*TabletInfo) {}
+
func (r *roundRobinHostPolicy) Pick(qry ExecutableQuery) NextHost {
nextStartOffset := atomic.AddUint64(&r.lastUsedHostIdx, 1)
return roundRobbin(int(nextStartOffset), r.hosts.get())
@@ -407,6 +440,9 @@ type tokenAwareHostPolicy struct {
metadata atomic.Value // *clusterMeta
logger StdLogger
+
+ // Experimental, this interface and use may change
+ tablets cowTabletList
}
func (t *tokenAwareHostPolicy) Init(s *Session) {
@@ -473,6 +509,14 @@ func (t *tokenAwareHostPolicy) SetPartitioner(partitioner string) {
}
}
+// Experimental, this interface and use may change
+func (t *tokenAwareHostPolicy) SetTablets(tablets []*TabletInfo) {
+ t.mu.Lock()
+ defer t.mu.Unlock()
+
+ t.tablets.set(tablets)
+}
+
func (t *tokenAwareHostPolicy) AddHost(host *HostInfo) {
t.mu.Lock()
if t.hosts.add(host) {
@@ -589,17 +633,58 @@ func (t *tokenAwareHostPolicy) Pick(qry ExecutableQuery) NextHost {
}
token := partitioner.Hash(routingKey)
- ht := meta.replicas[qry.Keyspace()].replicasFor(token)
var replicas []*HostInfo
- if ht == nil {
- host, _ := meta.tokenRing.GetHostForToken(token)
- replicas = []*HostInfo{host}
- } else {
- replicas = ht.hosts
+
+ if qry.GetSession() != nil && qry.GetSession().tabletsRoutingV1 {
+ t.tablets.mu.Lock()
+ tablets := t.tablets.get()
+
+ // Search for tablets with Keyspace and Table from the Query
+ l, r := findTablets(tablets, qry.Keyspace(), qry.Table())
+ if l != -1 {
+ tablet := findTabletForToken(tablets, token, l, r)
+
+ replicas = []*HostInfo{}
+ for _, replica := range tablet.Replicas() {
+ t.hosts.mu.Lock()
+ hosts := t.hosts.get()
+ for _, host := range hosts {
+ if host.hostId == replica.hostId.String() {
+ replicas = append(replicas, host)
+ break
+ }
+ }
+ t.hosts.mu.Unlock()
+ }
+ } else {
+ ht := meta.replicas[qry.Keyspace()].replicasFor(token)
+
+ if ht == nil {
+ host, _ := meta.tokenRing.GetHostForToken(token)
+ replicas = []*HostInfo{host}
+ } else {
+ replicas = ht.hosts
+ }
+ }
+
if t.shuffleReplicas && !qry.IsLWT() {
replicas = shuffleHosts(replicas)
}
+
+ t.tablets.mu.Unlock()
+ } else {
+ ht := meta.replicas[qry.Keyspace()].replicasFor(token)
+
+ if ht == nil {
+ host, _ := meta.tokenRing.GetHostForToken(token)
+ replicas = []*HostInfo{host}
+ } else {
+ replicas = ht.hosts
+ if t.shuffleReplicas && !qry.IsLWT() {
+ replicas = shuffleHosts(replicas)
+ }
+ }
}
var (
@@ -711,6 +796,9 @@ func (r *hostPoolHostPolicy) KeyspaceChanged(KeyspaceUpdateEvent) {}
func (r *hostPoolHostPolicy) SetPartitioner(string) {}
func (r *hostPoolHostPolicy) IsLocal(*HostInfo) bool { return true }
+// Experimental, this interface and use may change
+func (r *hostPoolHostPolicy) SetTablets(tablets []*TabletInfo) {}
+
func (r *hostPoolHostPolicy) SetHosts(hosts []*HostInfo) {
peers := make([]string, len(hosts))
hostMap := make(map[string]*HostInfo, len(hosts))
@@ -850,6 +938,9 @@ func (d *dcAwareRR) IsLocal(host *HostInfo) bool {
return host.DataCenter() == d.local
}
+// Experimental, this interface and use may change
+func (d *dcAwareRR) SetTablets(tablets []*TabletInfo) {}
+
func (d *dcAwareRR) AddHost(host *HostInfo) {
if d.IsLocal(host) {
d.localHosts.add(host)
@@ -943,6 +1034,9 @@ func (d *rackAwareRR) MaxHostTier() uint {
return 2
}
+// Experimental, this interface and use may change
+func (d *rackAwareRR) SetTablets(tablets []*TabletInfo) {}
+
func (d *rackAwareRR) HostTier(host *HostInfo) uint {
if host.DataCenter() == d.localDC {
if host.Rack() == d.localRack {
diff --git a/vendor/github.com/gocql/gocql/query_executor.go b/vendor/github.com/gocql/gocql/query_executor.go
index e4dbed9cdc8..f0d4e761f75 100644
--- a/vendor/github.com/gocql/gocql/query_executor.go
+++ b/vendor/github.com/gocql/gocql/query_executor.go
@@ -23,6 +23,8 @@ type ExecutableQuery interface {
withContext(context.Context) ExecutableQuery
RetryableQuery
+
+ GetSession() *Session
}
type queryExecutor struct {
@@ -123,7 +125,7 @@ func (q *queryExecutor) do(ctx context.Context, qry ExecutableQuery, hostIter Ne
continue
}
- conn := pool.Pick(selectedHost.Token())
+ conn := pool.Pick(selectedHost.Token(), qry.Keyspace(), qry.Table())
if conn == nil {
selectedHost = hostIter()
continue
diff --git a/vendor/github.com/gocql/gocql/ring.go b/vendor/github.com/gocql/gocql/ring.go
index 5b77370a160..86970a7669e 100644
--- a/vendor/github.com/gocql/gocql/ring.go
+++ b/vendor/github.com/gocql/gocql/ring.go
@@ -22,6 +22,9 @@ type ring struct {
hostList []*HostInfo
pos uint32
+ // Experimental, this interface and use may change
+ tabletList []*TabletInfo
+
// TODO: we should store the ring metadata here also.
}
@@ -141,3 +144,11 @@ func (c *clusterMetadata) setPartitioner(partitioner string) {
c.partitioner = partitioner
}
}
+
+// Experimental, this interface and use may change
+func (r *ring) setTablets(newTablets []*TabletInfo) {
+ r.mu.Lock()
+ defer r.mu.Unlock()
+
+ r.tabletList = newTablets
+}
diff --git a/vendor/github.com/gocql/gocql/scylla.go b/vendor/github.com/gocql/gocql/scylla.go
index 7790a26eeb1..7dece242a32 100644
--- a/vendor/github.com/gocql/gocql/scylla.go
+++ b/vendor/github.com/gocql/gocql/scylla.go
@@ -51,8 +51,38 @@ func findCQLProtoExtByName(exts []cqlProtocolExtension, name string) cqlProtocol
const (
lwtAddMetadataMarkKey = "SCYLLA_LWT_ADD_METADATA_MARK"
rateLimitError = "SCYLLA_RATE_LIMIT_ERROR"
+ tabletsRoutingV1 = "TABLETS_ROUTING_V1"
)
+// "tabletsRoutingV1" CQL Protocol Extension.
+// This extension, if enabled (properly negotiated), allows Scylla server
+// to send a tablet information in `custom_payload`.
+//
+// Implements cqlProtocolExtension interface.
+type tabletsRoutingV1Ext struct {
+}
+
+var _ cqlProtocolExtension = &tabletsRoutingV1Ext{}
+
+// Factory function to deserialize and create an `tabletsRoutingV1Ext` instance
+// from SUPPORTED message payload.
+func newTabletsRoutingV1Ext(supported map[string][]string) *tabletsRoutingV1Ext {
+ if _, found := supported[tabletsRoutingV1]; found {
+ return &tabletsRoutingV1Ext{}
+ }
+ return nil
+}
+
+func (ext *tabletsRoutingV1Ext) serialize() map[string]string {
+ return map[string]string{
+ tabletsRoutingV1: "",
+ }
+}
+
+func (ext *tabletsRoutingV1Ext) name() string {
+ return tabletsRoutingV1
+}
+
// "Rate limit" CQL Protocol Extension.
// This extension, if enabled (properly negotiated), allows Scylla server
// to send a special kind of error.
@@ -243,6 +273,11 @@ func parseCQLProtocolExtensions(supported map[string][]string) []cqlProtocolExte
exts = append(exts, rateLimitExt)
}
+ tabletsExt := newTabletsRoutingV1Ext(supported)
+ if tabletsExt != nil {
+ exts = append(exts, tabletsExt)
+ }
+
return exts
}
@@ -265,6 +300,7 @@ func isScyllaConn(conn *Conn) bool {
// in a round-robin fashion.
type scyllaConnPicker struct {
address string
+ hostId string
shardAwareAddress string
conns []*Conn
excessConns []*Conn
@@ -281,6 +317,7 @@ type scyllaConnPicker struct {
func newScyllaConnPicker(conn *Conn) *scyllaConnPicker {
addr := conn.Address()
+ hostId := conn.host.hostId
if conn.scyllaSupported.nrShards == 0 {
panic(fmt.Sprintf("scylla: %s not a sharded connection", addr))
@@ -305,6 +342,7 @@ func newScyllaConnPicker(conn *Conn) *scyllaConnPicker {
return &scyllaConnPicker{
address: addr,
+ hostId: hostId,
shardAwareAddress: shardAwareAddress,
nrShards: conn.scyllaSupported.nrShards,
msbIgnore: conn.scyllaSupported.msbIgnore,
@@ -315,7 +353,7 @@ func newScyllaConnPicker(conn *Conn) *scyllaConnPicker {
}
}
-func (p *scyllaConnPicker) Pick(t token) *Conn {
+func (p *scyllaConnPicker) Pick(t token, keyspace string, table string) *Conn {
if len(p.conns) == 0 {
return nil
}
@@ -330,7 +368,39 @@ func (p *scyllaConnPicker) Pick(t token) *Conn {
return nil
}
- idx := p.shardOf(mmt)
+ idx := -1
+
+ for _, conn := range p.conns {
+ if conn == nil {
+ continue
+ }
+
+ conn.mu.Lock()
+ if conn.tabletsRoutingV1 {
+ tablets := conn.session.getTablets()
+
+ // Search for tablets with Keyspace and Table from the Query
+ l, r := findTablets(tablets, keyspace, table)
+
+ if l != -1 {
+ tablet := findTabletForToken(tablets, mmt, l, r)
+
+ for _, replica := range tablet.replicas {
+ if replica.hostId.String() == p.hostId {
+ idx = replica.shardId
+ }
+ }
+ }
+ }
+ conn.mu.Unlock()
+
+ break
+ }
+
+ if idx == -1 {
+ idx = p.shardOf(mmt)
+ }
+
if c := p.conns[idx]; c != nil {
// We have this shard's connection
// so let's give it to the caller.
diff --git a/vendor/github.com/gocql/gocql/session.go b/vendor/github.com/gocql/gocql/session.go
index f3058669e3b..6bdfb88732b 100644
--- a/vendor/github.com/gocql/gocql/session.go
+++ b/vendor/github.com/gocql/gocql/session.go
@@ -83,6 +83,8 @@ type Session struct {
isInitialized bool
logger StdLogger
+
+ tabletsRoutingV1 bool
}
var queryPool = &sync.Pool{
@@ -227,6 +229,9 @@ func (s *Session) init() error {
if err := s.control.connect(hosts); err != nil {
return err
}
+ s.control.getConn().conn.mu.Lock()
+ s.tabletsRoutingV1 = s.control.getConn().conn.tabletsRoutingV1
+ s.control.getConn().conn.mu.Unlock()
if !s.cfg.DisableInitialHostLookup {
var partitioner string
@@ -243,6 +248,12 @@ func (s *Session) init() error {
}
hosts = filteredHosts
+
+ if s.tabletsRoutingV1 {
+ tablets := []*TabletInfo{}
+ s.ring.setTablets(tablets)
+ s.policy.SetTablets(tablets)
+ }
}
}
@@ -566,6 +577,19 @@ func (s *Session) KeyspaceMetadata(keyspace string) (*KeyspaceMetadata, error) {
return s.schemaDescriber.getSchema(keyspace)
}
+// TabletsMetadata returns the metadata about tablets
+// Experimental, this interface and use may change
+func (s *Session) TabletsMetadata() (*TabletsMetadata, error) {
+ // fail fast
+ if s.Closed() {
+ return nil, ErrSessionClosed
+ } else if !s.tabletsRoutingV1 {
+ return nil, ErrTabletsNotUsed
+ }
+
+ return s.schemaDescriber.getTabletsSchema(), nil
+}
+
func (s *Session) getConn() *Conn {
hosts := s.ring.allHosts()
for _, host := range hosts {
@@ -576,7 +600,7 @@ func (s *Session) getConn() *Conn {
pool, ok := s.pool.getPool(host)
if !ok {
continue
- } else if conn := pool.Pick(nil); conn != nil {
+ } else if conn := pool.Pick(nil, "", ""); conn != nil {
return conn
}
}
@@ -584,6 +608,14 @@ func (s *Session) getConn() *Conn {
return nil
}
+// Experimental, this interface and use may change
+func (s *Session) getTablets() []*TabletInfo {
+ s.ring.mu.Lock()
+ defer s.ring.mu.Unlock()
+
+ return s.ring.tabletList
+}
+
// returns routing key indexes and type info
func (s *Session) routingKeyInfo(ctx context.Context, stmt string) (*routingKeyInfo, error) {
s.routingKeyInfoCache.mu.Lock()
@@ -1183,6 +1215,10 @@ func (q *Query) Table() string {
return q.routingInfo.table
}
+func (q *Query) GetSession() *Session {
+ return q.session
+}
+
// GetRoutingKey gets the routing key to use for routing this query. If
// a routing key has not been explicitly set, then the routing key will
// be constructed if possible using the keyspace's schema and the query
@@ -1843,6 +1879,10 @@ func (b *Batch) Table() string {
return b.routingInfo.table
}
+func (b *Batch) GetSession() *Session {
+ return b.session
+}
+
// Attempts returns the number of attempts made to execute the batch.
func (b *Batch) Attempts() int {
return b.metrics.attempts()
@@ -2347,6 +2387,7 @@ var (
ErrNoKeyspace = errors.New("no keyspace provided")
ErrKeyspaceDoesNotExist = errors.New("keyspace does not exist")
ErrNoMetadata = errors.New("no metadata available")
+ ErrTabletsNotUsed = errors.New("tablets not used")
)
type ErrProtocol struct{ error }
diff --git a/vendor/github.com/golang-jwt/jwt/v4/.gitignore b/vendor/github.com/golang-jwt/jwt/v4/.gitignore
new file mode 100644
index 00000000000..09573e0169c
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/.gitignore
@@ -0,0 +1,4 @@
+.DS_Store
+bin
+.idea/
+
diff --git a/vendor/github.com/golang-jwt/jwt/v4/LICENSE b/vendor/github.com/golang-jwt/jwt/v4/LICENSE
new file mode 100644
index 00000000000..35dbc252041
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/LICENSE
@@ -0,0 +1,9 @@
+Copyright (c) 2012 Dave Grijalva
+Copyright (c) 2021 golang-jwt maintainers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md b/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md
new file mode 100644
index 00000000000..32966f59818
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md
@@ -0,0 +1,22 @@
+## Migration Guide (v4.0.0)
+
+Starting from [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0), the import path will be:
+
+ "github.com/golang-jwt/jwt/v4"
+
+The `/v4` version will be backwards compatible with existing `v3.x.y` tags in this repo, as well as
+`github.com/dgrijalva/jwt-go`. For most users this should be a drop-in replacement, if you're having
+troubles migrating, please open an issue.
+
+You can replace all occurrences of `github.com/dgrijalva/jwt-go` or `github.com/golang-jwt/jwt` with `github.com/golang-jwt/jwt/v4`, either manually or by using tools such as `sed` or `gofmt`.
+
+And then you'd typically run:
+
+```
+go get github.com/golang-jwt/jwt/v4
+go mod tidy
+```
+
+## Older releases (before v3.2.0)
+
+The original migration guide for older releases can be found at https://github.com/dgrijalva/jwt-go/blob/master/MIGRATION_GUIDE.md.
diff --git a/vendor/github.com/golang-jwt/jwt/v4/README.md b/vendor/github.com/golang-jwt/jwt/v4/README.md
new file mode 100644
index 00000000000..30f2f2a6f70
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/README.md
@@ -0,0 +1,138 @@
+# jwt-go
+
+[](https://github.com/golang-jwt/jwt/actions/workflows/build.yml)
+[](https://pkg.go.dev/github.com/golang-jwt/jwt/v4)
+
+A [go](http://www.golang.org) (or 'golang' for search engine friendliness) implementation of [JSON Web Tokens](https://datatracker.ietf.org/doc/html/rfc7519).
+
+Starting with [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0) this project adds Go module support, but maintains backwards compatibility with older `v3.x.y` tags and upstream `github.com/dgrijalva/jwt-go`.
+See the [`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information.
+
+> After the original author of the library suggested migrating the maintenance of `jwt-go`, a dedicated team of open source maintainers decided to clone the existing library into this repository. See [dgrijalva/jwt-go#462](https://github.com/dgrijalva/jwt-go/issues/462) for a detailed discussion on this topic.
+
+
+**SECURITY NOTICE:** Some older versions of Go have a security issue in the crypto/elliptic. Recommendation is to upgrade to at least 1.15 See issue [dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more detail.
+
+**SECURITY NOTICE:** It's important that you [validate the `alg` presented is what you expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/). This library attempts to make it easy to do the right thing by requiring key types match the expected alg, but you should take the extra step to verify it in your usage. See the examples provided.
+
+### Supported Go versions
+
+Our support of Go versions is aligned with Go's [version release policy](https://golang.org/doc/devel/release#policy).
+So we will support a major version of Go until there are two newer major releases.
+We no longer support building jwt-go with unsupported Go versions, as these contain security vulnerabilities
+which will not be fixed.
+
+## What the heck is a JWT?
+
+JWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens.
+
+In short, it's a signed JSON object that does something useful (for example, authentication). It's commonly used for `Bearer` tokens in Oauth 2. A token is made of three parts, separated by `.`'s. The first two parts are JSON objects, that have been [base64url](https://datatracker.ietf.org/doc/html/rfc4648) encoded. The last part is the signature, encoded the same way.
+
+The first part is called the header. It contains the necessary information for verifying the last part, the signature. For example, which encryption method was used for signing and what key was used.
+
+The part in the middle is the interesting bit. It's called the Claims and contains the actual stuff you care about. Refer to [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) for information about reserved keys and the proper way to add your own.
+
+## What's in the box?
+
+This library supports the parsing and verification as well as the generation and signing of JWTs. Current supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.
+
+## Installation Guidelines
+
+1. To install the jwt package, you first need to have [Go](https://go.dev/doc/install) installed, then you can use the command below to add `jwt-go` as a dependency in your Go program.
+
+```sh
+go get -u github.com/golang-jwt/jwt/v4
+```
+
+2. Import it in your code:
+
+```go
+import "github.com/golang-jwt/jwt/v4"
+```
+
+## Examples
+
+See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt/v4) for examples of usage:
+
+* [Simple example of parsing and validating a token](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#example-Parse-Hmac)
+* [Simple example of building and signing a token](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#example-New-Hmac)
+* [Directory of Examples](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#pkg-examples)
+
+## Extensions
+
+This library publishes all the necessary components for adding your own signing methods or key functions. Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod` or provide a `jwt.Keyfunc`.
+
+A common use case would be integrating with different 3rd party signature providers, like key management services from various cloud providers or Hardware Security Modules (HSMs) or to implement additional standards.
+
+| Extension | Purpose | Repo |
+| --------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
+| GCP | Integrates with multiple Google Cloud Platform signing tools (AppEngine, IAM API, Cloud KMS) | https://github.com/someone1/gcp-jwt-go |
+| AWS | Integrates with AWS Key Management Service, KMS | https://github.com/matelang/jwt-go-aws-kms |
+| JWKS | Provides support for JWKS ([RFC 7517](https://datatracker.ietf.org/doc/html/rfc7517)) as a `jwt.Keyfunc` | https://github.com/MicahParks/keyfunc |
+
+*Disclaimer*: Unless otherwise specified, these integrations are maintained by third parties and should not be considered as a primary offer by any of the mentioned cloud providers
+
+## Compliance
+
+This library was last reviewed to comply with [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) dated May 2015 with a few notable differences:
+
+* In order to protect against accidental use of [Unsecured JWTs](https://datatracker.ietf.org/doc/html/rfc7519#section-6), tokens using `alg=none` will only be accepted if the constant `jwt.UnsafeAllowNoneSignatureType` is provided as the key.
+
+## Project Status & Versioning
+
+This library is considered production ready. Feedback and feature requests are appreciated. The API should be considered stable. There should be very few backwards-incompatible changes outside of major version updates (and only with good reason).
+
+This project uses [Semantic Versioning 2.0.0](http://semver.org). Accepted pull requests will land on `main`. Periodically, versions will be tagged from `main`. You can find all the releases on [the project releases page](https://github.com/golang-jwt/jwt/releases).
+
+**BREAKING CHANGES:***
+A full list of breaking changes is available in `VERSION_HISTORY.md`. See `MIGRATION_GUIDE.md` for more information on updating your code.
+
+## Usage Tips
+
+### Signing vs Encryption
+
+A token is simply a JSON object that is signed by its author. this tells you exactly two things about the data:
+
+* The author of the token was in the possession of the signing secret
+* The data has not been modified since it was signed
+
+It's important to know that JWT does not provide encryption, which means anyone who has access to the token can read its contents. If you need to protect (encrypt) the data, there is a companion spec, `JWE`, that provides this functionality. The companion project https://github.com/golang-jwt/jwe aims at a (very) experimental implementation of the JWE standard.
+
+### Choosing a Signing Method
+
+There are several signing methods available, and you should probably take the time to learn about the various options before choosing one. The principal design decision is most likely going to be symmetric vs asymmetric.
+
+Symmetric signing methods, such as HSA, use only a single secret. This is probably the simplest signing method to use since any `[]byte` can be used as a valid secret. They are also slightly computationally faster to use, though this rarely is enough to matter. Symmetric signing methods work the best when both producers and consumers of tokens are trusted, or even the same system. Since the same secret is used to both sign and validate tokens, you can't easily distribute the key for validation.
+
+Asymmetric signing methods, such as RSA, use different keys for signing and verifying tokens. This makes it possible to produce tokens with a private key, and allow any consumer to access the public key for verification.
+
+### Signing Methods and Key Types
+
+Each signing method expects a different object type for its signing keys. See the package documentation for details. Here are the most common ones:
+
+* The [HMAC signing method](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#SigningMethodHMAC) (`HS256`,`HS384`,`HS512`) expect `[]byte` values for signing and validation
+* The [RSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#SigningMethodRSA) (`RS256`,`RS384`,`RS512`) expect `*rsa.PrivateKey` for signing and `*rsa.PublicKey` for validation
+* The [ECDSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#SigningMethodECDSA) (`ES256`,`ES384`,`ES512`) expect `*ecdsa.PrivateKey` for signing and `*ecdsa.PublicKey` for validation
+* The [EdDSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#SigningMethodEd25519) (`Ed25519`) expect `ed25519.PrivateKey` for signing and `ed25519.PublicKey` for validation
+
+### JWT and OAuth
+
+It's worth mentioning that OAuth and JWT are not the same thing. A JWT token is simply a signed JSON object. It can be used anywhere such a thing is useful. There is some confusion, though, as JWT is the most common type of bearer token used in OAuth2 authentication.
+
+Without going too far down the rabbit hole, here's a description of the interaction of these technologies:
+
+* OAuth is a protocol for allowing an identity provider to be separate from the service a user is logging in to. For example, whenever you use Facebook to log into a different service (Yelp, Spotify, etc), you are using OAuth.
+* OAuth defines several options for passing around authentication data. One popular method is called a "bearer token". A bearer token is simply a string that _should_ only be held by an authenticated user. Thus, simply presenting this token proves your identity. You can probably derive from here why a JWT might make a good bearer token.
+* Because bearer tokens are used for authentication, it's important they're kept secret. This is why transactions that use bearer tokens typically happen over SSL.
+
+### Troubleshooting
+
+This library uses descriptive error messages whenever possible. If you are not getting the expected result, have a look at the errors. The most common place people get stuck is providing the correct type of key to the parser. See the above section on signing methods and key types.
+
+## More
+
+Documentation can be found [on pkg.go.dev](https://pkg.go.dev/github.com/golang-jwt/jwt/v4).
+
+The command line utility included in this project (cmd/jwt) provides a straightforward example of token creation and parsing as well as a useful tool for debugging your own integration. You'll also find several implementation examples in the documentation.
+
+[golang-jwt](https://github.com/orgs/golang-jwt) incorporates a modified version of the JWT logo, which is distributed under the terms of the [MIT License](https://github.com/jsonwebtoken/jsonwebtoken.github.io/blob/master/LICENSE.txt).
diff --git a/vendor/github.com/golang-jwt/jwt/v4/SECURITY.md b/vendor/github.com/golang-jwt/jwt/v4/SECURITY.md
new file mode 100644
index 00000000000..b08402c3427
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+As of February 2022 (and until this document is updated), the latest version `v4` is supported.
+
+## Reporting a Vulnerability
+
+If you think you found a vulnerability, and even if you are not sure, please report it to jwt-go-security@googlegroups.com or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
+
+You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
+
+## Public Discussions
+
+Please avoid publicly discussing a potential security vulnerability.
+
+Let's take this offline and find a solution first, this limits the potential impact as much as possible.
+
+We appreciate your help!
diff --git a/vendor/github.com/golang-jwt/jwt/v4/VERSION_HISTORY.md b/vendor/github.com/golang-jwt/jwt/v4/VERSION_HISTORY.md
new file mode 100644
index 00000000000..afbfc4e408d
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/VERSION_HISTORY.md
@@ -0,0 +1,135 @@
+## `jwt-go` Version History
+
+#### 4.0.0
+
+* Introduces support for Go modules. The `v4` version will be backwards compatible with `v3.x.y`.
+
+#### 3.2.2
+
+* Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16 ([#28](https://github.com/golang-jwt/jwt/pull/28)).
+* Fixed a potential issue that could occur when the verification of `exp`, `iat` or `nbf` was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork ([#40](https://github.com/golang-jwt/jwt/pull/40)).
+* Added support for EdDSA / ED25519 ([#36](https://github.com/golang-jwt/jwt/pull/36)).
+* Optimized allocations ([#33](https://github.com/golang-jwt/jwt/pull/33)).
+
+#### 3.2.1
+
+* **Import Path Change**: See MIGRATION_GUIDE.md for tips on updating your code
+ * Changed the import path from `github.com/dgrijalva/jwt-go` to `github.com/golang-jwt/jwt`
+* Fixed type confusing issue between `string` and `[]string` in `VerifyAudience` ([#12](https://github.com/golang-jwt/jwt/pull/12)). This fixes CVE-2020-26160
+
+#### 3.2.0
+
+* Added method `ParseUnverified` to allow users to split up the tasks of parsing and validation
+* HMAC signing method returns `ErrInvalidKeyType` instead of `ErrInvalidKey` where appropriate
+* Added options to `request.ParseFromRequest`, which allows for an arbitrary list of modifiers to parsing behavior. Initial set include `WithClaims` and `WithParser`. Existing usage of this function will continue to work as before.
+* Deprecated `ParseFromRequestWithClaims` to simplify API in the future.
+
+#### 3.1.0
+
+* Improvements to `jwt` command line tool
+* Added `SkipClaimsValidation` option to `Parser`
+* Documentation updates
+
+#### 3.0.0
+
+* **Compatibility Breaking Changes**: See MIGRATION_GUIDE.md for tips on updating your code
+ * Dropped support for `[]byte` keys when using RSA signing methods. This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods.
+ * `ParseFromRequest` has been moved to `request` subpackage and usage has changed
+ * The `Claims` property on `Token` is now type `Claims` instead of `map[string]interface{}`. The default value is type `MapClaims`, which is an alias to `map[string]interface{}`. This makes it possible to use a custom type when decoding claims.
+* Other Additions and Changes
+ * Added `Claims` interface type to allow users to decode the claims into a custom type
+ * Added `ParseWithClaims`, which takes a third argument of type `Claims`. Use this function instead of `Parse` if you have a custom type you'd like to decode into.
+ * Dramatically improved the functionality and flexibility of `ParseFromRequest`, which is now in the `request` subpackage
+ * Added `ParseFromRequestWithClaims` which is the `FromRequest` equivalent of `ParseWithClaims`
+ * Added new interface type `Extractor`, which is used for extracting JWT strings from http requests. Used with `ParseFromRequest` and `ParseFromRequestWithClaims`.
+ * Added several new, more specific, validation errors to error type bitmask
+ * Moved examples from README to executable example files
+ * Signing method registry is now thread safe
+ * Added new property to `ValidationError`, which contains the raw error returned by calls made by parse/verify (such as those returned by keyfunc or json parser)
+
+#### 2.7.0
+
+This will likely be the last backwards compatible release before 3.0.0, excluding essential bug fixes.
+
+* Added new option `-show` to the `jwt` command that will just output the decoded token without verifying
+* Error text for expired tokens includes how long it's been expired
+* Fixed incorrect error returned from `ParseRSAPublicKeyFromPEM`
+* Documentation updates
+
+#### 2.6.0
+
+* Exposed inner error within ValidationError
+* Fixed validation errors when using UseJSONNumber flag
+* Added several unit tests
+
+#### 2.5.0
+
+* Added support for signing method none. You shouldn't use this. The API tries to make this clear.
+* Updated/fixed some documentation
+* Added more helpful error message when trying to parse tokens that begin with `BEARER `
+
+#### 2.4.0
+
+* Added new type, Parser, to allow for configuration of various parsing parameters
+ * You can now specify a list of valid signing methods. Anything outside this set will be rejected.
+ * You can now opt to use the `json.Number` type instead of `float64` when parsing token JSON
+* Added support for [Travis CI](https://travis-ci.org/dgrijalva/jwt-go)
+* Fixed some bugs with ECDSA parsing
+
+#### 2.3.0
+
+* Added support for ECDSA signing methods
+* Added support for RSA PSS signing methods (requires go v1.4)
+
+#### 2.2.0
+
+* Gracefully handle a `nil` `Keyfunc` being passed to `Parse`. Result will now be the parsed token and an error, instead of a panic.
+
+#### 2.1.0
+
+Backwards compatible API change that was missed in 2.0.0.
+
+* The `SignedString` method on `Token` now takes `interface{}` instead of `[]byte`
+
+#### 2.0.0
+
+There were two major reasons for breaking backwards compatibility with this update. The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations. There will likely be no required code changes to support this change.
+
+The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods. Not all keys used for all signing methods have a single standard on-disk representation. Requiring `[]byte` as the type for all keys proved too limiting. Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys. Backwards compatibilty has been maintained for passing `[]byte` to the RSA signing methods, but they will also accept `*rsa.PublicKey` and `*rsa.PrivateKey`.
+
+It is likely the only integration change required here will be to change `func(t *jwt.Token) ([]byte, error)` to `func(t *jwt.Token) (interface{}, error)` when calling `Parse`.
+
+* **Compatibility Breaking Changes**
+ * `SigningMethodHS256` is now `*SigningMethodHMAC` instead of `type struct`
+ * `SigningMethodRS256` is now `*SigningMethodRSA` instead of `type struct`
+ * `KeyFunc` now returns `interface{}` instead of `[]byte`
+ * `SigningMethod.Sign` now takes `interface{}` instead of `[]byte` for the key
+ * `SigningMethod.Verify` now takes `interface{}` instead of `[]byte` for the key
+* Renamed type `SigningMethodHS256` to `SigningMethodHMAC`. Specific sizes are now just instances of this type.
+ * Added public package global `SigningMethodHS256`
+ * Added public package global `SigningMethodHS384`
+ * Added public package global `SigningMethodHS512`
+* Renamed type `SigningMethodRS256` to `SigningMethodRSA`. Specific sizes are now just instances of this type.
+ * Added public package global `SigningMethodRS256`
+ * Added public package global `SigningMethodRS384`
+ * Added public package global `SigningMethodRS512`
+* Moved sample private key for HMAC tests from an inline value to a file on disk. Value is unchanged.
+* Refactored the RSA implementation to be easier to read
+* Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM`
+
+#### 1.0.2
+
+* Fixed bug in parsing public keys from certificates
+* Added more tests around the parsing of keys for RS256
+* Code refactoring in RS256 implementation. No functional changes
+
+#### 1.0.1
+
+* Fixed panic if RS256 signing method was passed an invalid key
+
+#### 1.0.0
+
+* First versioned release
+* API stabilized
+* Supports creating, signing, parsing, and validating JWT tokens
+* Supports RS256 and HS256 signing methods
diff --git a/vendor/github.com/golang-jwt/jwt/v4/claims.go b/vendor/github.com/golang-jwt/jwt/v4/claims.go
new file mode 100644
index 00000000000..364cec8773c
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/claims.go
@@ -0,0 +1,269 @@
+package jwt
+
+import (
+ "crypto/subtle"
+ "fmt"
+ "time"
+)
+
+// Claims must just have a Valid method that determines
+// if the token is invalid for any supported reason
+type Claims interface {
+ Valid() error
+}
+
+// RegisteredClaims are a structured version of the JWT Claims Set,
+// restricted to Registered Claim Names, as referenced at
+// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
+//
+// This type can be used on its own, but then additional private and
+// public claims embedded in the JWT will not be parsed. The typical usecase
+// therefore is to embedded this in a user-defined claim type.
+//
+// See examples for how to use this with your own claim types.
+type RegisteredClaims struct {
+ // the `iss` (Issuer) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
+ Issuer string `json:"iss,omitempty"`
+
+ // the `sub` (Subject) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
+ Subject string `json:"sub,omitempty"`
+
+ // the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
+ Audience ClaimStrings `json:"aud,omitempty"`
+
+ // the `exp` (Expiration Time) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
+ ExpiresAt *NumericDate `json:"exp,omitempty"`
+
+ // the `nbf` (Not Before) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
+ NotBefore *NumericDate `json:"nbf,omitempty"`
+
+ // the `iat` (Issued At) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
+ IssuedAt *NumericDate `json:"iat,omitempty"`
+
+ // the `jti` (JWT ID) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7
+ ID string `json:"jti,omitempty"`
+}
+
+// Valid validates time based claims "exp, iat, nbf".
+// There is no accounting for clock skew.
+// As well, if any of the above claims are not in the token, it will still
+// be considered a valid claim.
+func (c RegisteredClaims) Valid() error {
+ vErr := new(ValidationError)
+ now := TimeFunc()
+
+ // The claims below are optional, by default, so if they are set to the
+ // default value in Go, let's not fail the verification for them.
+ if !c.VerifyExpiresAt(now, false) {
+ delta := now.Sub(c.ExpiresAt.Time)
+ vErr.Inner = fmt.Errorf("%s by %s", ErrTokenExpired, delta)
+ vErr.Errors |= ValidationErrorExpired
+ }
+
+ if !c.VerifyIssuedAt(now, false) {
+ vErr.Inner = ErrTokenUsedBeforeIssued
+ vErr.Errors |= ValidationErrorIssuedAt
+ }
+
+ if !c.VerifyNotBefore(now, false) {
+ vErr.Inner = ErrTokenNotValidYet
+ vErr.Errors |= ValidationErrorNotValidYet
+ }
+
+ if vErr.valid() {
+ return nil
+ }
+
+ return vErr
+}
+
+// VerifyAudience compares the aud claim against cmp.
+// If required is false, this method will return true if the value matches or is unset
+func (c *RegisteredClaims) VerifyAudience(cmp string, req bool) bool {
+ return verifyAud(c.Audience, cmp, req)
+}
+
+// VerifyExpiresAt compares the exp claim against cmp (cmp < exp).
+// If req is false, it will return true, if exp is unset.
+func (c *RegisteredClaims) VerifyExpiresAt(cmp time.Time, req bool) bool {
+ if c.ExpiresAt == nil {
+ return verifyExp(nil, cmp, req)
+ }
+
+ return verifyExp(&c.ExpiresAt.Time, cmp, req)
+}
+
+// VerifyIssuedAt compares the iat claim against cmp (cmp >= iat).
+// If req is false, it will return true, if iat is unset.
+func (c *RegisteredClaims) VerifyIssuedAt(cmp time.Time, req bool) bool {
+ if c.IssuedAt == nil {
+ return verifyIat(nil, cmp, req)
+ }
+
+ return verifyIat(&c.IssuedAt.Time, cmp, req)
+}
+
+// VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf).
+// If req is false, it will return true, if nbf is unset.
+func (c *RegisteredClaims) VerifyNotBefore(cmp time.Time, req bool) bool {
+ if c.NotBefore == nil {
+ return verifyNbf(nil, cmp, req)
+ }
+
+ return verifyNbf(&c.NotBefore.Time, cmp, req)
+}
+
+// VerifyIssuer compares the iss claim against cmp.
+// If required is false, this method will return true if the value matches or is unset
+func (c *RegisteredClaims) VerifyIssuer(cmp string, req bool) bool {
+ return verifyIss(c.Issuer, cmp, req)
+}
+
+// StandardClaims are a structured version of the JWT Claims Set, as referenced at
+// https://datatracker.ietf.org/doc/html/rfc7519#section-4. They do not follow the
+// specification exactly, since they were based on an earlier draft of the
+// specification and not updated. The main difference is that they only
+// support integer-based date fields and singular audiences. This might lead to
+// incompatibilities with other JWT implementations. The use of this is discouraged, instead
+// the newer RegisteredClaims struct should be used.
+//
+// Deprecated: Use RegisteredClaims instead for a forward-compatible way to access registered claims in a struct.
+type StandardClaims struct {
+ Audience string `json:"aud,omitempty"`
+ ExpiresAt int64 `json:"exp,omitempty"`
+ Id string `json:"jti,omitempty"`
+ IssuedAt int64 `json:"iat,omitempty"`
+ Issuer string `json:"iss,omitempty"`
+ NotBefore int64 `json:"nbf,omitempty"`
+ Subject string `json:"sub,omitempty"`
+}
+
+// Valid validates time based claims "exp, iat, nbf". There is no accounting for clock skew.
+// As well, if any of the above claims are not in the token, it will still
+// be considered a valid claim.
+func (c StandardClaims) Valid() error {
+ vErr := new(ValidationError)
+ now := TimeFunc().Unix()
+
+ // The claims below are optional, by default, so if they are set to the
+ // default value in Go, let's not fail the verification for them.
+ if !c.VerifyExpiresAt(now, false) {
+ delta := time.Unix(now, 0).Sub(time.Unix(c.ExpiresAt, 0))
+ vErr.Inner = fmt.Errorf("%s by %s", ErrTokenExpired, delta)
+ vErr.Errors |= ValidationErrorExpired
+ }
+
+ if !c.VerifyIssuedAt(now, false) {
+ vErr.Inner = ErrTokenUsedBeforeIssued
+ vErr.Errors |= ValidationErrorIssuedAt
+ }
+
+ if !c.VerifyNotBefore(now, false) {
+ vErr.Inner = ErrTokenNotValidYet
+ vErr.Errors |= ValidationErrorNotValidYet
+ }
+
+ if vErr.valid() {
+ return nil
+ }
+
+ return vErr
+}
+
+// VerifyAudience compares the aud claim against cmp.
+// If required is false, this method will return true if the value matches or is unset
+func (c *StandardClaims) VerifyAudience(cmp string, req bool) bool {
+ return verifyAud([]string{c.Audience}, cmp, req)
+}
+
+// VerifyExpiresAt compares the exp claim against cmp (cmp < exp).
+// If req is false, it will return true, if exp is unset.
+func (c *StandardClaims) VerifyExpiresAt(cmp int64, req bool) bool {
+ if c.ExpiresAt == 0 {
+ return verifyExp(nil, time.Unix(cmp, 0), req)
+ }
+
+ t := time.Unix(c.ExpiresAt, 0)
+ return verifyExp(&t, time.Unix(cmp, 0), req)
+}
+
+// VerifyIssuedAt compares the iat claim against cmp (cmp >= iat).
+// If req is false, it will return true, if iat is unset.
+func (c *StandardClaims) VerifyIssuedAt(cmp int64, req bool) bool {
+ if c.IssuedAt == 0 {
+ return verifyIat(nil, time.Unix(cmp, 0), req)
+ }
+
+ t := time.Unix(c.IssuedAt, 0)
+ return verifyIat(&t, time.Unix(cmp, 0), req)
+}
+
+// VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf).
+// If req is false, it will return true, if nbf is unset.
+func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool {
+ if c.NotBefore == 0 {
+ return verifyNbf(nil, time.Unix(cmp, 0), req)
+ }
+
+ t := time.Unix(c.NotBefore, 0)
+ return verifyNbf(&t, time.Unix(cmp, 0), req)
+}
+
+// VerifyIssuer compares the iss claim against cmp.
+// If required is false, this method will return true if the value matches or is unset
+func (c *StandardClaims) VerifyIssuer(cmp string, req bool) bool {
+ return verifyIss(c.Issuer, cmp, req)
+}
+
+// ----- helpers
+
+func verifyAud(aud []string, cmp string, required bool) bool {
+ if len(aud) == 0 {
+ return !required
+ }
+ // use a var here to keep constant time compare when looping over a number of claims
+ result := false
+
+ var stringClaims string
+ for _, a := range aud {
+ if subtle.ConstantTimeCompare([]byte(a), []byte(cmp)) != 0 {
+ result = true
+ }
+ stringClaims = stringClaims + a
+ }
+
+ // case where "" is sent in one or many aud claims
+ if len(stringClaims) == 0 {
+ return !required
+ }
+
+ return result
+}
+
+func verifyExp(exp *time.Time, now time.Time, required bool) bool {
+ if exp == nil {
+ return !required
+ }
+ return now.Before(*exp)
+}
+
+func verifyIat(iat *time.Time, now time.Time, required bool) bool {
+ if iat == nil {
+ return !required
+ }
+ return now.After(*iat) || now.Equal(*iat)
+}
+
+func verifyNbf(nbf *time.Time, now time.Time, required bool) bool {
+ if nbf == nil {
+ return !required
+ }
+ return now.After(*nbf) || now.Equal(*nbf)
+}
+
+func verifyIss(iss string, cmp string, required bool) bool {
+ if iss == "" {
+ return !required
+ }
+ return subtle.ConstantTimeCompare([]byte(iss), []byte(cmp)) != 0
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/doc.go b/vendor/github.com/golang-jwt/jwt/v4/doc.go
new file mode 100644
index 00000000000..a86dc1a3b34
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/doc.go
@@ -0,0 +1,4 @@
+// Package jwt is a Go implementation of JSON Web Tokens: http://self-issued.info/docs/draft-jones-json-web-token.html
+//
+// See README.md for more info.
+package jwt
diff --git a/vendor/github.com/golang-jwt/jwt/v4/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v4/ecdsa.go
new file mode 100644
index 00000000000..eac023fc6c8
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/ecdsa.go
@@ -0,0 +1,142 @@
+package jwt
+
+import (
+ "crypto"
+ "crypto/ecdsa"
+ "crypto/rand"
+ "errors"
+ "math/big"
+)
+
+var (
+ // Sadly this is missing from crypto/ecdsa compared to crypto/rsa
+ ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
+)
+
+// SigningMethodECDSA implements the ECDSA family of signing methods.
+// Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
+type SigningMethodECDSA struct {
+ Name string
+ Hash crypto.Hash
+ KeySize int
+ CurveBits int
+}
+
+// Specific instances for EC256 and company
+var (
+ SigningMethodES256 *SigningMethodECDSA
+ SigningMethodES384 *SigningMethodECDSA
+ SigningMethodES512 *SigningMethodECDSA
+)
+
+func init() {
+ // ES256
+ SigningMethodES256 = &SigningMethodECDSA{"ES256", crypto.SHA256, 32, 256}
+ RegisterSigningMethod(SigningMethodES256.Alg(), func() SigningMethod {
+ return SigningMethodES256
+ })
+
+ // ES384
+ SigningMethodES384 = &SigningMethodECDSA{"ES384", crypto.SHA384, 48, 384}
+ RegisterSigningMethod(SigningMethodES384.Alg(), func() SigningMethod {
+ return SigningMethodES384
+ })
+
+ // ES512
+ SigningMethodES512 = &SigningMethodECDSA{"ES512", crypto.SHA512, 66, 521}
+ RegisterSigningMethod(SigningMethodES512.Alg(), func() SigningMethod {
+ return SigningMethodES512
+ })
+}
+
+func (m *SigningMethodECDSA) Alg() string {
+ return m.Name
+}
+
+// Verify implements token verification for the SigningMethod.
+// For this verify method, key must be an ecdsa.PublicKey struct
+func (m *SigningMethodECDSA) Verify(signingString, signature string, key interface{}) error {
+ var err error
+
+ // Decode the signature
+ var sig []byte
+ if sig, err = DecodeSegment(signature); err != nil {
+ return err
+ }
+
+ // Get the key
+ var ecdsaKey *ecdsa.PublicKey
+ switch k := key.(type) {
+ case *ecdsa.PublicKey:
+ ecdsaKey = k
+ default:
+ return ErrInvalidKeyType
+ }
+
+ if len(sig) != 2*m.KeySize {
+ return ErrECDSAVerification
+ }
+
+ r := big.NewInt(0).SetBytes(sig[:m.KeySize])
+ s := big.NewInt(0).SetBytes(sig[m.KeySize:])
+
+ // Create hasher
+ if !m.Hash.Available() {
+ return ErrHashUnavailable
+ }
+ hasher := m.Hash.New()
+ hasher.Write([]byte(signingString))
+
+ // Verify the signature
+ if verifystatus := ecdsa.Verify(ecdsaKey, hasher.Sum(nil), r, s); verifystatus {
+ return nil
+ }
+
+ return ErrECDSAVerification
+}
+
+// Sign implements token signing for the SigningMethod.
+// For this signing method, key must be an ecdsa.PrivateKey struct
+func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string, error) {
+ // Get the key
+ var ecdsaKey *ecdsa.PrivateKey
+ switch k := key.(type) {
+ case *ecdsa.PrivateKey:
+ ecdsaKey = k
+ default:
+ return "", ErrInvalidKeyType
+ }
+
+ // Create the hasher
+ if !m.Hash.Available() {
+ return "", ErrHashUnavailable
+ }
+
+ hasher := m.Hash.New()
+ hasher.Write([]byte(signingString))
+
+ // Sign the string and return r, s
+ if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {
+ curveBits := ecdsaKey.Curve.Params().BitSize
+
+ if m.CurveBits != curveBits {
+ return "", ErrInvalidKey
+ }
+
+ keyBytes := curveBits / 8
+ if curveBits%8 > 0 {
+ keyBytes += 1
+ }
+
+ // We serialize the outputs (r and s) into big-endian byte arrays
+ // padded with zeros on the left to make sure the sizes work out.
+ // Output must be 2*keyBytes long.
+ out := make([]byte, 2*keyBytes)
+ r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.
+ s.FillBytes(out[keyBytes:]) // s is assigned to the second half of output.
+
+ return EncodeSegment(out), nil
+ } else {
+ return "", err
+ }
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/ecdsa_utils.go b/vendor/github.com/golang-jwt/jwt/v4/ecdsa_utils.go
new file mode 100644
index 00000000000..5700636d35b
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/ecdsa_utils.go
@@ -0,0 +1,69 @@
+package jwt
+
+import (
+ "crypto/ecdsa"
+ "crypto/x509"
+ "encoding/pem"
+ "errors"
+)
+
+var (
+ ErrNotECPublicKey = errors.New("key is not a valid ECDSA public key")
+ ErrNotECPrivateKey = errors.New("key is not a valid ECDSA private key")
+)
+
+// ParseECPrivateKeyFromPEM parses a PEM encoded Elliptic Curve Private Key Structure
+func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ // Parse the key
+ var parsedKey interface{}
+ if parsedKey, err = x509.ParseECPrivateKey(block.Bytes); err != nil {
+ if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
+ return nil, err
+ }
+ }
+
+ var pkey *ecdsa.PrivateKey
+ var ok bool
+ if pkey, ok = parsedKey.(*ecdsa.PrivateKey); !ok {
+ return nil, ErrNotECPrivateKey
+ }
+
+ return pkey, nil
+}
+
+// ParseECPublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
+func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ // Parse the key
+ var parsedKey interface{}
+ if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
+ if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
+ parsedKey = cert.PublicKey
+ } else {
+ return nil, err
+ }
+ }
+
+ var pkey *ecdsa.PublicKey
+ var ok bool
+ if pkey, ok = parsedKey.(*ecdsa.PublicKey); !ok {
+ return nil, ErrNotECPublicKey
+ }
+
+ return pkey, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/ed25519.go b/vendor/github.com/golang-jwt/jwt/v4/ed25519.go
new file mode 100644
index 00000000000..07d3aacd631
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/ed25519.go
@@ -0,0 +1,85 @@
+package jwt
+
+import (
+ "errors"
+
+ "crypto"
+ "crypto/ed25519"
+ "crypto/rand"
+)
+
+var (
+ ErrEd25519Verification = errors.New("ed25519: verification error")
+)
+
+// SigningMethodEd25519 implements the EdDSA family.
+// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
+type SigningMethodEd25519 struct{}
+
+// Specific instance for EdDSA
+var (
+ SigningMethodEdDSA *SigningMethodEd25519
+)
+
+func init() {
+ SigningMethodEdDSA = &SigningMethodEd25519{}
+ RegisterSigningMethod(SigningMethodEdDSA.Alg(), func() SigningMethod {
+ return SigningMethodEdDSA
+ })
+}
+
+func (m *SigningMethodEd25519) Alg() string {
+ return "EdDSA"
+}
+
+// Verify implements token verification for the SigningMethod.
+// For this verify method, key must be an ed25519.PublicKey
+func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error {
+ var err error
+ var ed25519Key ed25519.PublicKey
+ var ok bool
+
+ if ed25519Key, ok = key.(ed25519.PublicKey); !ok {
+ return ErrInvalidKeyType
+ }
+
+ if len(ed25519Key) != ed25519.PublicKeySize {
+ return ErrInvalidKey
+ }
+
+ // Decode the signature
+ var sig []byte
+ if sig, err = DecodeSegment(signature); err != nil {
+ return err
+ }
+
+ // Verify the signature
+ if !ed25519.Verify(ed25519Key, []byte(signingString), sig) {
+ return ErrEd25519Verification
+ }
+
+ return nil
+}
+
+// Sign implements token signing for the SigningMethod.
+// For this signing method, key must be an ed25519.PrivateKey
+func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) {
+ var ed25519Key crypto.Signer
+ var ok bool
+
+ if ed25519Key, ok = key.(crypto.Signer); !ok {
+ return "", ErrInvalidKeyType
+ }
+
+ if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {
+ return "", ErrInvalidKey
+ }
+
+ // Sign the string and return the encoded result
+ // ed25519 performs a two-pass hash as part of its algorithm. Therefore, we need to pass a non-prehashed message into the Sign function, as indicated by crypto.Hash(0)
+ sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0))
+ if err != nil {
+ return "", err
+ }
+ return EncodeSegment(sig), nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/ed25519_utils.go b/vendor/github.com/golang-jwt/jwt/v4/ed25519_utils.go
new file mode 100644
index 00000000000..cdb5e68e876
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/ed25519_utils.go
@@ -0,0 +1,64 @@
+package jwt
+
+import (
+ "crypto"
+ "crypto/ed25519"
+ "crypto/x509"
+ "encoding/pem"
+ "errors"
+)
+
+var (
+ ErrNotEdPrivateKey = errors.New("key is not a valid Ed25519 private key")
+ ErrNotEdPublicKey = errors.New("key is not a valid Ed25519 public key")
+)
+
+// ParseEdPrivateKeyFromPEM parses a PEM-encoded Edwards curve private key
+func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ // Parse the key
+ var parsedKey interface{}
+ if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
+ return nil, err
+ }
+
+ var pkey ed25519.PrivateKey
+ var ok bool
+ if pkey, ok = parsedKey.(ed25519.PrivateKey); !ok {
+ return nil, ErrNotEdPrivateKey
+ }
+
+ return pkey, nil
+}
+
+// ParseEdPublicKeyFromPEM parses a PEM-encoded Edwards curve public key
+func ParseEdPublicKeyFromPEM(key []byte) (crypto.PublicKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ // Parse the key
+ var parsedKey interface{}
+ if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
+ return nil, err
+ }
+
+ var pkey ed25519.PublicKey
+ var ok bool
+ if pkey, ok = parsedKey.(ed25519.PublicKey); !ok {
+ return nil, ErrNotEdPublicKey
+ }
+
+ return pkey, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/errors.go b/vendor/github.com/golang-jwt/jwt/v4/errors.go
new file mode 100644
index 00000000000..10ac8835cc8
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/errors.go
@@ -0,0 +1,112 @@
+package jwt
+
+import (
+ "errors"
+)
+
+// Error constants
+var (
+ ErrInvalidKey = errors.New("key is invalid")
+ ErrInvalidKeyType = errors.New("key is of invalid type")
+ ErrHashUnavailable = errors.New("the requested hash function is unavailable")
+
+ ErrTokenMalformed = errors.New("token is malformed")
+ ErrTokenUnverifiable = errors.New("token is unverifiable")
+ ErrTokenSignatureInvalid = errors.New("token signature is invalid")
+
+ ErrTokenInvalidAudience = errors.New("token has invalid audience")
+ ErrTokenExpired = errors.New("token is expired")
+ ErrTokenUsedBeforeIssued = errors.New("token used before issued")
+ ErrTokenInvalidIssuer = errors.New("token has invalid issuer")
+ ErrTokenNotValidYet = errors.New("token is not valid yet")
+ ErrTokenInvalidId = errors.New("token has invalid id")
+ ErrTokenInvalidClaims = errors.New("token has invalid claims")
+)
+
+// The errors that might occur when parsing and validating a token
+const (
+ ValidationErrorMalformed uint32 = 1 << iota // Token is malformed
+ ValidationErrorUnverifiable // Token could not be verified because of signing problems
+ ValidationErrorSignatureInvalid // Signature validation failed
+
+ // Standard Claim validation errors
+ ValidationErrorAudience // AUD validation failed
+ ValidationErrorExpired // EXP validation failed
+ ValidationErrorIssuedAt // IAT validation failed
+ ValidationErrorIssuer // ISS validation failed
+ ValidationErrorNotValidYet // NBF validation failed
+ ValidationErrorId // JTI validation failed
+ ValidationErrorClaimsInvalid // Generic claims validation error
+)
+
+// NewValidationError is a helper for constructing a ValidationError with a string error message
+func NewValidationError(errorText string, errorFlags uint32) *ValidationError {
+ return &ValidationError{
+ text: errorText,
+ Errors: errorFlags,
+ }
+}
+
+// ValidationError represents an error from Parse if token is not valid
+type ValidationError struct {
+ Inner error // stores the error returned by external dependencies, i.e.: KeyFunc
+ Errors uint32 // bitfield. see ValidationError... constants
+ text string // errors that do not have a valid error just have text
+}
+
+// Error is the implementation of the err interface.
+func (e ValidationError) Error() string {
+ if e.Inner != nil {
+ return e.Inner.Error()
+ } else if e.text != "" {
+ return e.text
+ } else {
+ return "token is invalid"
+ }
+}
+
+// Unwrap gives errors.Is and errors.As access to the inner error.
+func (e *ValidationError) Unwrap() error {
+ return e.Inner
+}
+
+// No errors
+func (e *ValidationError) valid() bool {
+ return e.Errors == 0
+}
+
+// Is checks if this ValidationError is of the supplied error. We are first checking for the exact error message
+// by comparing the inner error message. If that fails, we compare using the error flags. This way we can use
+// custom error messages (mainly for backwards compatability) and still leverage errors.Is using the global error variables.
+func (e *ValidationError) Is(err error) bool {
+ // Check, if our inner error is a direct match
+ if errors.Is(errors.Unwrap(e), err) {
+ return true
+ }
+
+ // Otherwise, we need to match using our error flags
+ switch err {
+ case ErrTokenMalformed:
+ return e.Errors&ValidationErrorMalformed != 0
+ case ErrTokenUnverifiable:
+ return e.Errors&ValidationErrorUnverifiable != 0
+ case ErrTokenSignatureInvalid:
+ return e.Errors&ValidationErrorSignatureInvalid != 0
+ case ErrTokenInvalidAudience:
+ return e.Errors&ValidationErrorAudience != 0
+ case ErrTokenExpired:
+ return e.Errors&ValidationErrorExpired != 0
+ case ErrTokenUsedBeforeIssued:
+ return e.Errors&ValidationErrorIssuedAt != 0
+ case ErrTokenInvalidIssuer:
+ return e.Errors&ValidationErrorIssuer != 0
+ case ErrTokenNotValidYet:
+ return e.Errors&ValidationErrorNotValidYet != 0
+ case ErrTokenInvalidId:
+ return e.Errors&ValidationErrorId != 0
+ case ErrTokenInvalidClaims:
+ return e.Errors&ValidationErrorClaimsInvalid != 0
+ }
+
+ return false
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/hmac.go b/vendor/github.com/golang-jwt/jwt/v4/hmac.go
new file mode 100644
index 00000000000..011f68a2744
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/hmac.go
@@ -0,0 +1,95 @@
+package jwt
+
+import (
+ "crypto"
+ "crypto/hmac"
+ "errors"
+)
+
+// SigningMethodHMAC implements the HMAC-SHA family of signing methods.
+// Expects key type of []byte for both signing and validation
+type SigningMethodHMAC struct {
+ Name string
+ Hash crypto.Hash
+}
+
+// Specific instances for HS256 and company
+var (
+ SigningMethodHS256 *SigningMethodHMAC
+ SigningMethodHS384 *SigningMethodHMAC
+ SigningMethodHS512 *SigningMethodHMAC
+ ErrSignatureInvalid = errors.New("signature is invalid")
+)
+
+func init() {
+ // HS256
+ SigningMethodHS256 = &SigningMethodHMAC{"HS256", crypto.SHA256}
+ RegisterSigningMethod(SigningMethodHS256.Alg(), func() SigningMethod {
+ return SigningMethodHS256
+ })
+
+ // HS384
+ SigningMethodHS384 = &SigningMethodHMAC{"HS384", crypto.SHA384}
+ RegisterSigningMethod(SigningMethodHS384.Alg(), func() SigningMethod {
+ return SigningMethodHS384
+ })
+
+ // HS512
+ SigningMethodHS512 = &SigningMethodHMAC{"HS512", crypto.SHA512}
+ RegisterSigningMethod(SigningMethodHS512.Alg(), func() SigningMethod {
+ return SigningMethodHS512
+ })
+}
+
+func (m *SigningMethodHMAC) Alg() string {
+ return m.Name
+}
+
+// Verify implements token verification for the SigningMethod. Returns nil if the signature is valid.
+func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
+ // Verify the key is the right type
+ keyBytes, ok := key.([]byte)
+ if !ok {
+ return ErrInvalidKeyType
+ }
+
+ // Decode signature, for comparison
+ sig, err := DecodeSegment(signature)
+ if err != nil {
+ return err
+ }
+
+ // Can we use the specified hashing method?
+ if !m.Hash.Available() {
+ return ErrHashUnavailable
+ }
+
+ // This signing method is symmetric, so we validate the signature
+ // by reproducing the signature from the signing string and key, then
+ // comparing that against the provided signature.
+ hasher := hmac.New(m.Hash.New, keyBytes)
+ hasher.Write([]byte(signingString))
+ if !hmac.Equal(sig, hasher.Sum(nil)) {
+ return ErrSignatureInvalid
+ }
+
+ // No validation errors. Signature is good.
+ return nil
+}
+
+// Sign implements token signing for the SigningMethod.
+// Key must be []byte
+func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) (string, error) {
+ if keyBytes, ok := key.([]byte); ok {
+ if !m.Hash.Available() {
+ return "", ErrHashUnavailable
+ }
+
+ hasher := hmac.New(m.Hash.New, keyBytes)
+ hasher.Write([]byte(signingString))
+
+ return EncodeSegment(hasher.Sum(nil)), nil
+ }
+
+ return "", ErrInvalidKeyType
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/map_claims.go b/vendor/github.com/golang-jwt/jwt/v4/map_claims.go
new file mode 100644
index 00000000000..2700d64a0d0
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/map_claims.go
@@ -0,0 +1,151 @@
+package jwt
+
+import (
+ "encoding/json"
+ "errors"
+ "time"
+ // "fmt"
+)
+
+// MapClaims is a claims type that uses the map[string]interface{} for JSON decoding.
+// This is the default claims type if you don't supply one
+type MapClaims map[string]interface{}
+
+// VerifyAudience Compares the aud claim against cmp.
+// If required is false, this method will return true if the value matches or is unset
+func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
+ var aud []string
+ switch v := m["aud"].(type) {
+ case string:
+ aud = append(aud, v)
+ case []string:
+ aud = v
+ case []interface{}:
+ for _, a := range v {
+ vs, ok := a.(string)
+ if !ok {
+ return false
+ }
+ aud = append(aud, vs)
+ }
+ }
+ return verifyAud(aud, cmp, req)
+}
+
+// VerifyExpiresAt compares the exp claim against cmp (cmp <= exp).
+// If req is false, it will return true, if exp is unset.
+func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
+ cmpTime := time.Unix(cmp, 0)
+
+ v, ok := m["exp"]
+ if !ok {
+ return !req
+ }
+
+ switch exp := v.(type) {
+ case float64:
+ if exp == 0 {
+ return verifyExp(nil, cmpTime, req)
+ }
+
+ return verifyExp(&newNumericDateFromSeconds(exp).Time, cmpTime, req)
+ case json.Number:
+ v, _ := exp.Float64()
+
+ return verifyExp(&newNumericDateFromSeconds(v).Time, cmpTime, req)
+ }
+
+ return false
+}
+
+// VerifyIssuedAt compares the exp claim against cmp (cmp >= iat).
+// If req is false, it will return true, if iat is unset.
+func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
+ cmpTime := time.Unix(cmp, 0)
+
+ v, ok := m["iat"]
+ if !ok {
+ return !req
+ }
+
+ switch iat := v.(type) {
+ case float64:
+ if iat == 0 {
+ return verifyIat(nil, cmpTime, req)
+ }
+
+ return verifyIat(&newNumericDateFromSeconds(iat).Time, cmpTime, req)
+ case json.Number:
+ v, _ := iat.Float64()
+
+ return verifyIat(&newNumericDateFromSeconds(v).Time, cmpTime, req)
+ }
+
+ return false
+}
+
+// VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf).
+// If req is false, it will return true, if nbf is unset.
+func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
+ cmpTime := time.Unix(cmp, 0)
+
+ v, ok := m["nbf"]
+ if !ok {
+ return !req
+ }
+
+ switch nbf := v.(type) {
+ case float64:
+ if nbf == 0 {
+ return verifyNbf(nil, cmpTime, req)
+ }
+
+ return verifyNbf(&newNumericDateFromSeconds(nbf).Time, cmpTime, req)
+ case json.Number:
+ v, _ := nbf.Float64()
+
+ return verifyNbf(&newNumericDateFromSeconds(v).Time, cmpTime, req)
+ }
+
+ return false
+}
+
+// VerifyIssuer compares the iss claim against cmp.
+// If required is false, this method will return true if the value matches or is unset
+func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
+ iss, _ := m["iss"].(string)
+ return verifyIss(iss, cmp, req)
+}
+
+// Valid validates time based claims "exp, iat, nbf".
+// There is no accounting for clock skew.
+// As well, if any of the above claims are not in the token, it will still
+// be considered a valid claim.
+func (m MapClaims) Valid() error {
+ vErr := new(ValidationError)
+ now := TimeFunc().Unix()
+
+ if !m.VerifyExpiresAt(now, false) {
+ // TODO(oxisto): this should be replaced with ErrTokenExpired
+ vErr.Inner = errors.New("Token is expired")
+ vErr.Errors |= ValidationErrorExpired
+ }
+
+ if !m.VerifyIssuedAt(now, false) {
+ // TODO(oxisto): this should be replaced with ErrTokenUsedBeforeIssued
+ vErr.Inner = errors.New("Token used before issued")
+ vErr.Errors |= ValidationErrorIssuedAt
+ }
+
+ if !m.VerifyNotBefore(now, false) {
+ // TODO(oxisto): this should be replaced with ErrTokenNotValidYet
+ vErr.Inner = errors.New("Token is not valid yet")
+ vErr.Errors |= ValidationErrorNotValidYet
+ }
+
+ if vErr.valid() {
+ return nil
+ }
+
+ return vErr
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/none.go b/vendor/github.com/golang-jwt/jwt/v4/none.go
new file mode 100644
index 00000000000..f19835d2078
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/none.go
@@ -0,0 +1,52 @@
+package jwt
+
+// SigningMethodNone implements the none signing method. This is required by the spec
+// but you probably should never use it.
+var SigningMethodNone *signingMethodNone
+
+const UnsafeAllowNoneSignatureType unsafeNoneMagicConstant = "none signing method allowed"
+
+var NoneSignatureTypeDisallowedError error
+
+type signingMethodNone struct{}
+type unsafeNoneMagicConstant string
+
+func init() {
+ SigningMethodNone = &signingMethodNone{}
+ NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid)
+
+ RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
+ return SigningMethodNone
+ })
+}
+
+func (m *signingMethodNone) Alg() string {
+ return "none"
+}
+
+// Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
+func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) {
+ // Key must be UnsafeAllowNoneSignatureType to prevent accidentally
+ // accepting 'none' signing method
+ if _, ok := key.(unsafeNoneMagicConstant); !ok {
+ return NoneSignatureTypeDisallowedError
+ }
+ // If signing method is none, signature must be an empty string
+ if signature != "" {
+ return NewValidationError(
+ "'none' signing method with non-empty signature",
+ ValidationErrorSignatureInvalid,
+ )
+ }
+
+ // Accept 'none' signing method.
+ return nil
+}
+
+// Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
+func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) {
+ if _, ok := key.(unsafeNoneMagicConstant); ok {
+ return "", nil
+ }
+ return "", NoneSignatureTypeDisallowedError
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
new file mode 100644
index 00000000000..c0a6f692791
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
@@ -0,0 +1,177 @@
+package jwt
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "strings"
+)
+
+type Parser struct {
+ // If populated, only these methods will be considered valid.
+ //
+ // Deprecated: In future releases, this field will not be exported anymore and should be set with an option to NewParser instead.
+ ValidMethods []string
+
+ // Use JSON Number format in JSON decoder.
+ //
+ // Deprecated: In future releases, this field will not be exported anymore and should be set with an option to NewParser instead.
+ UseJSONNumber bool
+
+ // Skip claims validation during token parsing.
+ //
+ // Deprecated: In future releases, this field will not be exported anymore and should be set with an option to NewParser instead.
+ SkipClaimsValidation bool
+}
+
+// NewParser creates a new Parser with the specified options
+func NewParser(options ...ParserOption) *Parser {
+ p := &Parser{}
+
+ // loop through our parsing options and apply them
+ for _, option := range options {
+ option(p)
+ }
+
+ return p
+}
+
+// Parse parses, validates, verifies the signature and returns the parsed token.
+// keyFunc will receive the parsed token and should return the key for validating.
+func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+ return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+}
+
+// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
+// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
+// than the default MapClaims implementation of Claims.
+//
+// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
+func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+ token, parts, err := p.ParseUnverified(tokenString, claims)
+ if err != nil {
+ return token, err
+ }
+
+ // Verify signing method is in the required set
+ if p.ValidMethods != nil {
+ var signingMethodValid = false
+ var alg = token.Method.Alg()
+ for _, m := range p.ValidMethods {
+ if m == alg {
+ signingMethodValid = true
+ break
+ }
+ }
+ if !signingMethodValid {
+ // signing method is not in the listed set
+ return token, NewValidationError(fmt.Sprintf("signing method %v is invalid", alg), ValidationErrorSignatureInvalid)
+ }
+ }
+
+ // Lookup key
+ var key interface{}
+ if keyFunc == nil {
+ // keyFunc was not provided. short circuiting validation
+ return token, NewValidationError("no Keyfunc was provided.", ValidationErrorUnverifiable)
+ }
+ if key, err = keyFunc(token); err != nil {
+ // keyFunc returned an error
+ if ve, ok := err.(*ValidationError); ok {
+ return token, ve
+ }
+ return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
+ }
+
+ vErr := &ValidationError{}
+
+ // Validate Claims
+ if !p.SkipClaimsValidation {
+ if err := token.Claims.Valid(); err != nil {
+
+ // If the Claims Valid returned an error, check if it is a validation error,
+ // If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
+ if e, ok := err.(*ValidationError); !ok {
+ vErr = &ValidationError{Inner: err, Errors: ValidationErrorClaimsInvalid}
+ } else {
+ vErr = e
+ }
+ }
+ }
+
+ // Perform validation
+ token.Signature = parts[2]
+ if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
+ vErr.Inner = err
+ vErr.Errors |= ValidationErrorSignatureInvalid
+ }
+
+ if vErr.valid() {
+ token.Valid = true
+ return token, nil
+ }
+
+ return token, vErr
+}
+
+// ParseUnverified parses the token but doesn't validate the signature.
+//
+// WARNING: Don't use this method unless you know what you're doing.
+//
+// It's only ever useful in cases where you know the signature is valid (because it has
+// been checked previously in the stack) and you want to extract values from it.
+func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
+ parts = strings.Split(tokenString, ".")
+ if len(parts) != 3 {
+ return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
+ }
+
+ token = &Token{Raw: tokenString}
+
+ // parse Header
+ var headerBytes []byte
+ if headerBytes, err = DecodeSegment(parts[0]); err != nil {
+ if strings.HasPrefix(strings.ToLower(tokenString), "bearer ") {
+ return token, parts, NewValidationError("tokenstring should not contain 'bearer '", ValidationErrorMalformed)
+ }
+ return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
+ }
+ if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
+ return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
+ }
+
+ // parse Claims
+ var claimBytes []byte
+ token.Claims = claims
+
+ if claimBytes, err = DecodeSegment(parts[1]); err != nil {
+ return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
+ }
+ dec := json.NewDecoder(bytes.NewBuffer(claimBytes))
+ if p.UseJSONNumber {
+ dec.UseNumber()
+ }
+ // JSON Decode. Special case for map type to avoid weird pointer behavior
+ if c, ok := token.Claims.(MapClaims); ok {
+ err = dec.Decode(&c)
+ } else {
+ err = dec.Decode(&claims)
+ }
+ // Handle decode error
+ if err != nil {
+ return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
+ }
+
+ // Lookup signature method
+ if method, ok := token.Header["alg"].(string); ok {
+ if token.Method = GetSigningMethod(method); token.Method == nil {
+ return token, parts, NewValidationError("signing method (alg) is unavailable.", ValidationErrorUnverifiable)
+ }
+ } else {
+ return token, parts, NewValidationError("signing method (alg) is unspecified.", ValidationErrorUnverifiable)
+ }
+
+ return token, parts, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser_option.go b/vendor/github.com/golang-jwt/jwt/v4/parser_option.go
new file mode 100644
index 00000000000..6ea6f9527de
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/parser_option.go
@@ -0,0 +1,29 @@
+package jwt
+
+// ParserOption is used to implement functional-style options that modify the behavior of the parser. To add
+// new options, just create a function (ideally beginning with With or Without) that returns an anonymous function that
+// takes a *Parser type as input and manipulates its configuration accordingly.
+type ParserOption func(*Parser)
+
+// WithValidMethods is an option to supply algorithm methods that the parser will check. Only those methods will be considered valid.
+// It is heavily encouraged to use this option in order to prevent attacks such as https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/.
+func WithValidMethods(methods []string) ParserOption {
+ return func(p *Parser) {
+ p.ValidMethods = methods
+ }
+}
+
+// WithJSONNumber is an option to configure the underlying JSON parser with UseNumber
+func WithJSONNumber() ParserOption {
+ return func(p *Parser) {
+ p.UseJSONNumber = true
+ }
+}
+
+// WithoutClaimsValidation is an option to disable claims validation. This option should only be used if you exactly know
+// what you are doing.
+func WithoutClaimsValidation() ParserOption {
+ return func(p *Parser) {
+ p.SkipClaimsValidation = true
+ }
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/rsa.go b/vendor/github.com/golang-jwt/jwt/v4/rsa.go
new file mode 100644
index 00000000000..b910b19c0b5
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/rsa.go
@@ -0,0 +1,101 @@
+package jwt
+
+import (
+ "crypto"
+ "crypto/rand"
+ "crypto/rsa"
+)
+
+// SigningMethodRSA implements the RSA family of signing methods.
+// Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
+type SigningMethodRSA struct {
+ Name string
+ Hash crypto.Hash
+}
+
+// Specific instances for RS256 and company
+var (
+ SigningMethodRS256 *SigningMethodRSA
+ SigningMethodRS384 *SigningMethodRSA
+ SigningMethodRS512 *SigningMethodRSA
+)
+
+func init() {
+ // RS256
+ SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}
+ RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
+ return SigningMethodRS256
+ })
+
+ // RS384
+ SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}
+ RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
+ return SigningMethodRS384
+ })
+
+ // RS512
+ SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}
+ RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
+ return SigningMethodRS512
+ })
+}
+
+func (m *SigningMethodRSA) Alg() string {
+ return m.Name
+}
+
+// Verify implements token verification for the SigningMethod
+// For this signing method, must be an *rsa.PublicKey structure.
+func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
+ var err error
+
+ // Decode the signature
+ var sig []byte
+ if sig, err = DecodeSegment(signature); err != nil {
+ return err
+ }
+
+ var rsaKey *rsa.PublicKey
+ var ok bool
+
+ if rsaKey, ok = key.(*rsa.PublicKey); !ok {
+ return ErrInvalidKeyType
+ }
+
+ // Create hasher
+ if !m.Hash.Available() {
+ return ErrHashUnavailable
+ }
+ hasher := m.Hash.New()
+ hasher.Write([]byte(signingString))
+
+ // Verify the signature
+ return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
+}
+
+// Sign implements token signing for the SigningMethod
+// For this signing method, must be an *rsa.PrivateKey structure.
+func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
+ var rsaKey *rsa.PrivateKey
+ var ok bool
+
+ // Validate type of key
+ if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
+ return "", ErrInvalidKey
+ }
+
+ // Create the hasher
+ if !m.Hash.Available() {
+ return "", ErrHashUnavailable
+ }
+
+ hasher := m.Hash.New()
+ hasher.Write([]byte(signingString))
+
+ // Sign the string and return the encoded bytes
+ if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
+ return EncodeSegment(sigBytes), nil
+ } else {
+ return "", err
+ }
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/rsa_pss.go b/vendor/github.com/golang-jwt/jwt/v4/rsa_pss.go
new file mode 100644
index 00000000000..4fd6f9e610b
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/rsa_pss.go
@@ -0,0 +1,143 @@
+//go:build go1.4
+// +build go1.4
+
+package jwt
+
+import (
+ "crypto"
+ "crypto/rand"
+ "crypto/rsa"
+)
+
+// SigningMethodRSAPSS implements the RSAPSS family of signing methods signing methods
+type SigningMethodRSAPSS struct {
+ *SigningMethodRSA
+ Options *rsa.PSSOptions
+ // VerifyOptions is optional. If set overrides Options for rsa.VerifyPPS.
+ // Used to accept tokens signed with rsa.PSSSaltLengthAuto, what doesn't follow
+ // https://tools.ietf.org/html/rfc7518#section-3.5 but was used previously.
+ // See https://github.com/dgrijalva/jwt-go/issues/285#issuecomment-437451244 for details.
+ VerifyOptions *rsa.PSSOptions
+}
+
+// Specific instances for RS/PS and company.
+var (
+ SigningMethodPS256 *SigningMethodRSAPSS
+ SigningMethodPS384 *SigningMethodRSAPSS
+ SigningMethodPS512 *SigningMethodRSAPSS
+)
+
+func init() {
+ // PS256
+ SigningMethodPS256 = &SigningMethodRSAPSS{
+ SigningMethodRSA: &SigningMethodRSA{
+ Name: "PS256",
+ Hash: crypto.SHA256,
+ },
+ Options: &rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthEqualsHash,
+ },
+ VerifyOptions: &rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthAuto,
+ },
+ }
+ RegisterSigningMethod(SigningMethodPS256.Alg(), func() SigningMethod {
+ return SigningMethodPS256
+ })
+
+ // PS384
+ SigningMethodPS384 = &SigningMethodRSAPSS{
+ SigningMethodRSA: &SigningMethodRSA{
+ Name: "PS384",
+ Hash: crypto.SHA384,
+ },
+ Options: &rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthEqualsHash,
+ },
+ VerifyOptions: &rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthAuto,
+ },
+ }
+ RegisterSigningMethod(SigningMethodPS384.Alg(), func() SigningMethod {
+ return SigningMethodPS384
+ })
+
+ // PS512
+ SigningMethodPS512 = &SigningMethodRSAPSS{
+ SigningMethodRSA: &SigningMethodRSA{
+ Name: "PS512",
+ Hash: crypto.SHA512,
+ },
+ Options: &rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthEqualsHash,
+ },
+ VerifyOptions: &rsa.PSSOptions{
+ SaltLength: rsa.PSSSaltLengthAuto,
+ },
+ }
+ RegisterSigningMethod(SigningMethodPS512.Alg(), func() SigningMethod {
+ return SigningMethodPS512
+ })
+}
+
+// Verify implements token verification for the SigningMethod.
+// For this verify method, key must be an rsa.PublicKey struct
+func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interface{}) error {
+ var err error
+
+ // Decode the signature
+ var sig []byte
+ if sig, err = DecodeSegment(signature); err != nil {
+ return err
+ }
+
+ var rsaKey *rsa.PublicKey
+ switch k := key.(type) {
+ case *rsa.PublicKey:
+ rsaKey = k
+ default:
+ return ErrInvalidKey
+ }
+
+ // Create hasher
+ if !m.Hash.Available() {
+ return ErrHashUnavailable
+ }
+ hasher := m.Hash.New()
+ hasher.Write([]byte(signingString))
+
+ opts := m.Options
+ if m.VerifyOptions != nil {
+ opts = m.VerifyOptions
+ }
+
+ return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, opts)
+}
+
+// Sign implements token signing for the SigningMethod.
+// For this signing method, key must be an rsa.PrivateKey struct
+func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) (string, error) {
+ var rsaKey *rsa.PrivateKey
+
+ switch k := key.(type) {
+ case *rsa.PrivateKey:
+ rsaKey = k
+ default:
+ return "", ErrInvalidKeyType
+ }
+
+ // Create the hasher
+ if !m.Hash.Available() {
+ return "", ErrHashUnavailable
+ }
+
+ hasher := m.Hash.New()
+ hasher.Write([]byte(signingString))
+
+ // Sign the string and return the encoded bytes
+ if sigBytes, err := rsa.SignPSS(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil), m.Options); err == nil {
+ return EncodeSegment(sigBytes), nil
+ } else {
+ return "", err
+ }
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go b/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go
new file mode 100644
index 00000000000..1966c450bf8
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go
@@ -0,0 +1,105 @@
+package jwt
+
+import (
+ "crypto/rsa"
+ "crypto/x509"
+ "encoding/pem"
+ "errors"
+)
+
+var (
+ ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
+ ErrNotRSAPrivateKey = errors.New("key is not a valid RSA private key")
+ ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key")
+)
+
+// ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key
+func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ var parsedKey interface{}
+ if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {
+ if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
+ return nil, err
+ }
+ }
+
+ var pkey *rsa.PrivateKey
+ var ok bool
+ if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
+ return nil, ErrNotRSAPrivateKey
+ }
+
+ return pkey, nil
+}
+
+// ParseRSAPrivateKeyFromPEMWithPassword parses a PEM encoded PKCS1 or PKCS8 private key protected with password
+//
+// Deprecated: This function is deprecated and should not be used anymore. It uses the deprecated x509.DecryptPEMBlock
+// function, which was deprecated since RFC 1423 is regarded insecure by design. Unfortunately, there is no alternative
+// in the Go standard library for now. See https://github.com/golang/go/issues/8860.
+func ParseRSAPrivateKeyFromPEMWithPassword(key []byte, password string) (*rsa.PrivateKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ var parsedKey interface{}
+
+ var blockDecrypted []byte
+ if blockDecrypted, err = x509.DecryptPEMBlock(block, []byte(password)); err != nil {
+ return nil, err
+ }
+
+ if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {
+ if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {
+ return nil, err
+ }
+ }
+
+ var pkey *rsa.PrivateKey
+ var ok bool
+ if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
+ return nil, ErrNotRSAPrivateKey
+ }
+
+ return pkey, nil
+}
+
+// ParseRSAPublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
+func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error) {
+ var err error
+
+ // Parse PEM block
+ var block *pem.Block
+ if block, _ = pem.Decode(key); block == nil {
+ return nil, ErrKeyMustBePEMEncoded
+ }
+
+ // Parse the key
+ var parsedKey interface{}
+ if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
+ if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
+ parsedKey = cert.PublicKey
+ } else {
+ return nil, err
+ }
+ }
+
+ var pkey *rsa.PublicKey
+ var ok bool
+ if pkey, ok = parsedKey.(*rsa.PublicKey); !ok {
+ return nil, ErrNotRSAPublicKey
+ }
+
+ return pkey, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/signing_method.go b/vendor/github.com/golang-jwt/jwt/v4/signing_method.go
new file mode 100644
index 00000000000..241ae9c60d0
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/signing_method.go
@@ -0,0 +1,46 @@
+package jwt
+
+import (
+ "sync"
+)
+
+var signingMethods = map[string]func() SigningMethod{}
+var signingMethodLock = new(sync.RWMutex)
+
+// SigningMethod can be used add new methods for signing or verifying tokens.
+type SigningMethod interface {
+ Verify(signingString, signature string, key interface{}) error // Returns nil if signature is valid
+ Sign(signingString string, key interface{}) (string, error) // Returns encoded signature or error
+ Alg() string // returns the alg identifier for this method (example: 'HS256')
+}
+
+// RegisterSigningMethod registers the "alg" name and a factory function for signing method.
+// This is typically done during init() in the method's implementation
+func RegisterSigningMethod(alg string, f func() SigningMethod) {
+ signingMethodLock.Lock()
+ defer signingMethodLock.Unlock()
+
+ signingMethods[alg] = f
+}
+
+// GetSigningMethod retrieves a signing method from an "alg" string
+func GetSigningMethod(alg string) (method SigningMethod) {
+ signingMethodLock.RLock()
+ defer signingMethodLock.RUnlock()
+
+ if methodF, ok := signingMethods[alg]; ok {
+ method = methodF()
+ }
+ return
+}
+
+// GetAlgorithms returns a list of registered "alg" names
+func GetAlgorithms() (algs []string) {
+ signingMethodLock.RLock()
+ defer signingMethodLock.RUnlock()
+
+ for alg := range signingMethods {
+ algs = append(algs, alg)
+ }
+ return
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/staticcheck.conf b/vendor/github.com/golang-jwt/jwt/v4/staticcheck.conf
new file mode 100644
index 00000000000..53745d51d7c
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/staticcheck.conf
@@ -0,0 +1 @@
+checks = ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1023"]
diff --git a/vendor/github.com/golang-jwt/jwt/v4/token.go b/vendor/github.com/golang-jwt/jwt/v4/token.go
new file mode 100644
index 00000000000..786b275ce03
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/token.go
@@ -0,0 +1,143 @@
+package jwt
+
+import (
+ "encoding/base64"
+ "encoding/json"
+ "strings"
+ "time"
+)
+
+// DecodePaddingAllowed will switch the codec used for decoding JWTs respectively. Note that the JWS RFC7515
+// states that the tokens will utilize a Base64url encoding with no padding. Unfortunately, some implementations
+// of JWT are producing non-standard tokens, and thus require support for decoding. Note that this is a global
+// variable, and updating it will change the behavior on a package level, and is also NOT go-routine safe.
+// To use the non-recommended decoding, set this boolean to `true` prior to using this package.
+var DecodePaddingAllowed bool
+
+// DecodeStrict will switch the codec used for decoding JWTs into strict mode.
+// In this mode, the decoder requires that trailing padding bits are zero, as described in RFC 4648 section 3.5.
+// Note that this is a global variable, and updating it will change the behavior on a package level, and is also NOT go-routine safe.
+// To use strict decoding, set this boolean to `true` prior to using this package.
+var DecodeStrict bool
+
+// TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time).
+// You can override it to use another time value. This is useful for testing or if your
+// server uses a different time zone than your tokens.
+var TimeFunc = time.Now
+
+// Keyfunc will be used by the Parse methods as a callback function to supply
+// the key for verification. The function receives the parsed,
+// but unverified Token. This allows you to use properties in the
+// Header of the token (such as `kid`) to identify which key to use.
+type Keyfunc func(*Token) (interface{}, error)
+
+// Token represents a JWT Token. Different fields will be used depending on whether you're
+// creating or parsing/verifying a token.
+type Token struct {
+ Raw string // The raw token. Populated when you Parse a token
+ Method SigningMethod // The signing method used or to be used
+ Header map[string]interface{} // The first segment of the token
+ Claims Claims // The second segment of the token
+ Signature string // The third segment of the token. Populated when you Parse a token
+ Valid bool // Is the token valid? Populated when you Parse/Verify a token
+}
+
+// New creates a new Token with the specified signing method and an empty map of claims.
+func New(method SigningMethod) *Token {
+ return NewWithClaims(method, MapClaims{})
+}
+
+// NewWithClaims creates a new Token with the specified signing method and claims.
+func NewWithClaims(method SigningMethod, claims Claims) *Token {
+ return &Token{
+ Header: map[string]interface{}{
+ "typ": "JWT",
+ "alg": method.Alg(),
+ },
+ Claims: claims,
+ Method: method,
+ }
+}
+
+// SignedString creates and returns a complete, signed JWT.
+// The token is signed using the SigningMethod specified in the token.
+func (t *Token) SignedString(key interface{}) (string, error) {
+ var sig, sstr string
+ var err error
+ if sstr, err = t.SigningString(); err != nil {
+ return "", err
+ }
+ if sig, err = t.Method.Sign(sstr, key); err != nil {
+ return "", err
+ }
+ return strings.Join([]string{sstr, sig}, "."), nil
+}
+
+// SigningString generates the signing string. This is the
+// most expensive part of the whole deal. Unless you
+// need this for something special, just go straight for
+// the SignedString.
+func (t *Token) SigningString() (string, error) {
+ var err error
+ var jsonValue []byte
+
+ if jsonValue, err = json.Marshal(t.Header); err != nil {
+ return "", err
+ }
+ header := EncodeSegment(jsonValue)
+
+ if jsonValue, err = json.Marshal(t.Claims); err != nil {
+ return "", err
+ }
+ claim := EncodeSegment(jsonValue)
+
+ return strings.Join([]string{header, claim}, "."), nil
+}
+
+// Parse parses, validates, verifies the signature and returns the parsed token.
+// keyFunc will receive the parsed token and should return the cryptographic key
+// for verifying the signature.
+// The caller is strongly encouraged to set the WithValidMethods option to
+// validate the 'alg' claim in the token matches the expected algorithm.
+// For more details about the importance of validating the 'alg' claim,
+// see https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
+func Parse(tokenString string, keyFunc Keyfunc, options ...ParserOption) (*Token, error) {
+ return NewParser(options...).Parse(tokenString, keyFunc)
+}
+
+// ParseWithClaims is a shortcut for NewParser().ParseWithClaims().
+//
+// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
+func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc, options ...ParserOption) (*Token, error) {
+ return NewParser(options...).ParseWithClaims(tokenString, claims, keyFunc)
+}
+
+// EncodeSegment encodes a JWT specific base64url encoding with padding stripped
+//
+// Deprecated: In a future release, we will demote this function to a non-exported function, since it
+// should only be used internally
+func EncodeSegment(seg []byte) string {
+ return base64.RawURLEncoding.EncodeToString(seg)
+}
+
+// DecodeSegment decodes a JWT specific base64url encoding with padding stripped
+//
+// Deprecated: In a future release, we will demote this function to a non-exported function, since it
+// should only be used internally
+func DecodeSegment(seg string) ([]byte, error) {
+ encoding := base64.RawURLEncoding
+
+ if DecodePaddingAllowed {
+ if l := len(seg) % 4; l > 0 {
+ seg += strings.Repeat("=", 4-l)
+ }
+ encoding = base64.URLEncoding
+ }
+
+ if DecodeStrict {
+ encoding = encoding.Strict()
+ }
+ return encoding.DecodeString(seg)
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v4/types.go b/vendor/github.com/golang-jwt/jwt/v4/types.go
new file mode 100644
index 00000000000..ac8e140eb11
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v4/types.go
@@ -0,0 +1,145 @@
+package jwt
+
+import (
+ "encoding/json"
+ "fmt"
+ "math"
+ "reflect"
+ "strconv"
+ "time"
+)
+
+// TimePrecision sets the precision of times and dates within this library.
+// This has an influence on the precision of times when comparing expiry or
+// other related time fields. Furthermore, it is also the precision of times
+// when serializing.
+//
+// For backwards compatibility the default precision is set to seconds, so that
+// no fractional timestamps are generated.
+var TimePrecision = time.Second
+
+// MarshalSingleStringAsArray modifies the behaviour of the ClaimStrings type, especially
+// its MarshalJSON function.
+//
+// If it is set to true (the default), it will always serialize the type as an
+// array of strings, even if it just contains one element, defaulting to the behaviour
+// of the underlying []string. If it is set to false, it will serialize to a single
+// string, if it contains one element. Otherwise, it will serialize to an array of strings.
+var MarshalSingleStringAsArray = true
+
+// NumericDate represents a JSON numeric date value, as referenced at
+// https://datatracker.ietf.org/doc/html/rfc7519#section-2.
+type NumericDate struct {
+ time.Time
+}
+
+// NewNumericDate constructs a new *NumericDate from a standard library time.Time struct.
+// It will truncate the timestamp according to the precision specified in TimePrecision.
+func NewNumericDate(t time.Time) *NumericDate {
+ return &NumericDate{t.Truncate(TimePrecision)}
+}
+
+// newNumericDateFromSeconds creates a new *NumericDate out of a float64 representing a
+// UNIX epoch with the float fraction representing non-integer seconds.
+func newNumericDateFromSeconds(f float64) *NumericDate {
+ round, frac := math.Modf(f)
+ return NewNumericDate(time.Unix(int64(round), int64(frac*1e9)))
+}
+
+// MarshalJSON is an implementation of the json.RawMessage interface and serializes the UNIX epoch
+// represented in NumericDate to a byte array, using the precision specified in TimePrecision.
+func (date NumericDate) MarshalJSON() (b []byte, err error) {
+ var prec int
+ if TimePrecision < time.Second {
+ prec = int(math.Log10(float64(time.Second) / float64(TimePrecision)))
+ }
+ truncatedDate := date.Truncate(TimePrecision)
+
+ // For very large timestamps, UnixNano would overflow an int64, but this
+ // function requires nanosecond level precision, so we have to use the
+ // following technique to get round the issue:
+ // 1. Take the normal unix timestamp to form the whole number part of the
+ // output,
+ // 2. Take the result of the Nanosecond function, which retuns the offset
+ // within the second of the particular unix time instance, to form the
+ // decimal part of the output
+ // 3. Concatenate them to produce the final result
+ seconds := strconv.FormatInt(truncatedDate.Unix(), 10)
+ nanosecondsOffset := strconv.FormatFloat(float64(truncatedDate.Nanosecond())/float64(time.Second), 'f', prec, 64)
+
+ output := append([]byte(seconds), []byte(nanosecondsOffset)[1:]...)
+
+ return output, nil
+}
+
+// UnmarshalJSON is an implementation of the json.RawMessage interface and deserializses a
+// NumericDate from a JSON representation, i.e. a json.Number. This number represents an UNIX epoch
+// with either integer or non-integer seconds.
+func (date *NumericDate) UnmarshalJSON(b []byte) (err error) {
+ var (
+ number json.Number
+ f float64
+ )
+
+ if err = json.Unmarshal(b, &number); err != nil {
+ return fmt.Errorf("could not parse NumericData: %w", err)
+ }
+
+ if f, err = number.Float64(); err != nil {
+ return fmt.Errorf("could not convert json number value to float: %w", err)
+ }
+
+ n := newNumericDateFromSeconds(f)
+ *date = *n
+
+ return nil
+}
+
+// ClaimStrings is basically just a slice of strings, but it can be either serialized from a string array or just a string.
+// This type is necessary, since the "aud" claim can either be a single string or an array.
+type ClaimStrings []string
+
+func (s *ClaimStrings) UnmarshalJSON(data []byte) (err error) {
+ var value interface{}
+
+ if err = json.Unmarshal(data, &value); err != nil {
+ return err
+ }
+
+ var aud []string
+
+ switch v := value.(type) {
+ case string:
+ aud = append(aud, v)
+ case []string:
+ aud = ClaimStrings(v)
+ case []interface{}:
+ for _, vv := range v {
+ vs, ok := vv.(string)
+ if !ok {
+ return &json.UnsupportedTypeError{Type: reflect.TypeOf(vv)}
+ }
+ aud = append(aud, vs)
+ }
+ case nil:
+ return nil
+ default:
+ return &json.UnsupportedTypeError{Type: reflect.TypeOf(v)}
+ }
+
+ *s = aud
+
+ return
+}
+
+func (s ClaimStrings) MarshalJSON() (b []byte, err error) {
+ // This handles a special case in the JWT RFC. If the string array, e.g. used by the "aud" field,
+ // only contains one element, it MAY be serialized as a single string. This may or may not be
+ // desired based on the ecosystem of other JWT library used, so we make it configurable by the
+ // variable MarshalSingleStringAsArray.
+ if len(s) == 1 && !MarshalSingleStringAsArray {
+ return json.Marshal(s[0])
+ }
+
+ return json.Marshal([]string(s))
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
new file mode 100644
index 00000000000..feb372228b4
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+ "v2": "2.12.3"
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
new file mode 100644
index 00000000000..0d019d97fd3
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md
@@ -0,0 +1,128 @@
+# Changelog
+
+## [2.12.3](https://github.com/googleapis/gax-go/compare/v2.12.2...v2.12.3) (2024-03-14)
+
+
+### Bug Fixes
+
+* bump protobuf dep to v1.33 ([#333](https://github.com/googleapis/gax-go/issues/333)) ([2892b22](https://github.com/googleapis/gax-go/commit/2892b22c1ae8a70dec3448d82e634643fe6c1be2))
+
+## [2.12.2](https://github.com/googleapis/gax-go/compare/v2.12.1...v2.12.2) (2024-02-23)
+
+
+### Bug Fixes
+
+* **v2/callctx:** fix SetHeader race by cloning header map ([#326](https://github.com/googleapis/gax-go/issues/326)) ([534311f](https://github.com/googleapis/gax-go/commit/534311f0f163d101f30657736c0e6f860e9c39dc))
+
+## [2.12.1](https://github.com/googleapis/gax-go/compare/v2.12.0...v2.12.1) (2024-02-13)
+
+
+### Bug Fixes
+
+* add XGoogFieldMaskHeader constant ([#321](https://github.com/googleapis/gax-go/issues/321)) ([666ee08](https://github.com/googleapis/gax-go/commit/666ee08931041b7fed56bed7132649785b2d3dfe))
+
+## [2.12.0](https://github.com/googleapis/gax-go/compare/v2.11.0...v2.12.0) (2023-06-26)
+
+
+### Features
+
+* **v2/callctx:** add new callctx package ([#291](https://github.com/googleapis/gax-go/issues/291)) ([11503ed](https://github.com/googleapis/gax-go/commit/11503ed98df4ae1bbdedf91ff64d47e63f187d68))
+* **v2:** add BuildHeaders and InsertMetadataIntoOutgoingContext to header ([#290](https://github.com/googleapis/gax-go/issues/290)) ([6a4b89f](https://github.com/googleapis/gax-go/commit/6a4b89f5551a40262e7c3caf2e1bdc7321b76ea1))
+
+## [2.11.0](https://github.com/googleapis/gax-go/compare/v2.10.0...v2.11.0) (2023-06-13)
+
+
+### Features
+
+* **v2:** add GoVersion package variable ([#283](https://github.com/googleapis/gax-go/issues/283)) ([26553cc](https://github.com/googleapis/gax-go/commit/26553ccadb4016b189881f52e6c253b68bb3e3d5))
+
+
+### Bug Fixes
+
+* **v2:** handle space in non-devel go version ([#288](https://github.com/googleapis/gax-go/issues/288)) ([fd7bca0](https://github.com/googleapis/gax-go/commit/fd7bca029a1c5e63def8f0a5fd1ec3f725d92f75))
+
+## [2.10.0](https://github.com/googleapis/gax-go/compare/v2.9.1...v2.10.0) (2023-05-30)
+
+
+### Features
+
+* update dependencies ([#280](https://github.com/googleapis/gax-go/issues/280)) ([4514281](https://github.com/googleapis/gax-go/commit/4514281058590f3637c36bfd49baa65c4d3cfb21))
+
+## [2.9.1](https://github.com/googleapis/gax-go/compare/v2.9.0...v2.9.1) (2023-05-23)
+
+
+### Bug Fixes
+
+* **v2:** drop cloud lro test dep ([#276](https://github.com/googleapis/gax-go/issues/276)) ([c67eeba](https://github.com/googleapis/gax-go/commit/c67eeba0f10a3294b1d93c1b8fbe40211a55ae5f)), refs [#270](https://github.com/googleapis/gax-go/issues/270)
+
+## [2.9.0](https://github.com/googleapis/gax-go/compare/v2.8.0...v2.9.0) (2023-05-22)
+
+
+### Features
+
+* **apierror:** add method to return HTTP status code conditionally ([#274](https://github.com/googleapis/gax-go/issues/274)) ([5874431](https://github.com/googleapis/gax-go/commit/587443169acd10f7f86d1989dc8aaf189e645e98)), refs [#229](https://github.com/googleapis/gax-go/issues/229)
+
+
+### Documentation
+
+* add ref to usage with clients ([#272](https://github.com/googleapis/gax-go/issues/272)) ([ea4d72d](https://github.com/googleapis/gax-go/commit/ea4d72d514beba4de450868b5fb028601a29164e)), refs [#228](https://github.com/googleapis/gax-go/issues/228)
+
+## [2.8.0](https://github.com/googleapis/gax-go/compare/v2.7.1...v2.8.0) (2023-03-15)
+
+
+### Features
+
+* **v2:** add WithTimeout option ([#259](https://github.com/googleapis/gax-go/issues/259)) ([9a8da43](https://github.com/googleapis/gax-go/commit/9a8da43693002448b1e8758023699387481866d1))
+
+## [2.7.1](https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1) (2023-03-06)
+
+
+### Bug Fixes
+
+* **v2/apierror:** return Unknown GRPCStatus when err source is HTTP ([#260](https://github.com/googleapis/gax-go/issues/260)) ([043b734](https://github.com/googleapis/gax-go/commit/043b73437a240a91229207fb3ee52a9935a36f23)), refs [#254](https://github.com/googleapis/gax-go/issues/254)
+
+## [2.7.0](https://github.com/googleapis/gax-go/compare/v2.6.0...v2.7.0) (2022-11-02)
+
+
+### Features
+
+* update google.golang.org/api to latest ([#240](https://github.com/googleapis/gax-go/issues/240)) ([f690a02](https://github.com/googleapis/gax-go/commit/f690a02c806a2903bdee943ede3a58e3a331ebd6))
+* **v2/apierror:** add apierror.FromWrappingError ([#238](https://github.com/googleapis/gax-go/issues/238)) ([9dbd96d](https://github.com/googleapis/gax-go/commit/9dbd96d59b9d54ceb7c025513aa8c1a9d727382f))
+
+## [2.6.0](https://github.com/googleapis/gax-go/compare/v2.5.1...v2.6.0) (2022-10-13)
+
+
+### Features
+
+* **v2:** copy DetermineContentType functionality ([#230](https://github.com/googleapis/gax-go/issues/230)) ([2c52a70](https://github.com/googleapis/gax-go/commit/2c52a70bae965397f740ed27d46aabe89ff249b3))
+
+## [2.5.1](https://github.com/googleapis/gax-go/compare/v2.5.0...v2.5.1) (2022-08-04)
+
+
+### Bug Fixes
+
+* **v2:** resolve bad genproto pseudoversion in go.mod ([#218](https://github.com/googleapis/gax-go/issues/218)) ([1379b27](https://github.com/googleapis/gax-go/commit/1379b27e9846d959f7e1163b9ef298b3c92c8d23))
+
+## [2.5.0](https://github.com/googleapis/gax-go/compare/v2.4.0...v2.5.0) (2022-08-04)
+
+
+### Features
+
+* add ExtractProtoMessage to apierror ([#213](https://github.com/googleapis/gax-go/issues/213)) ([a6ce70c](https://github.com/googleapis/gax-go/commit/a6ce70c725c890533a9de6272d3b5ba2e336d6bb))
+
+## [2.4.0](https://github.com/googleapis/gax-go/compare/v2.3.0...v2.4.0) (2022-05-09)
+
+
+### Features
+
+* **v2:** add OnHTTPCodes CallOption ([#188](https://github.com/googleapis/gax-go/issues/188)) ([ba7c534](https://github.com/googleapis/gax-go/commit/ba7c5348363ab6c33e1cee3c03c0be68a46ca07c))
+
+
+### Bug Fixes
+
+* **v2/apierror:** use errors.As in FromError ([#189](https://github.com/googleapis/gax-go/issues/189)) ([f30f05b](https://github.com/googleapis/gax-go/commit/f30f05be583828f4c09cca4091333ea88ff8d79e))
+
+
+### Miscellaneous Chores
+
+* **v2:** bump release-please processing ([#192](https://github.com/googleapis/gax-go/issues/192)) ([56172f9](https://github.com/googleapis/gax-go/commit/56172f971d1141d7687edaac053ad3470af76719))
diff --git a/vendor/github.com/googleapis/gax-go/v2/LICENSE b/vendor/github.com/googleapis/gax-go/v2/LICENSE
new file mode 100644
index 00000000000..6d16b6578a2
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/LICENSE
@@ -0,0 +1,27 @@
+Copyright 2016, Google Inc.
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
new file mode 100644
index 00000000000..d785a065cab
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/apierror.go
@@ -0,0 +1,361 @@
+// Copyright 2021, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package apierror implements a wrapper error for parsing error details from
+// API calls. Both HTTP & gRPC status errors are supported.
+//
+// For examples of how to use [APIError] with client libraries please reference
+// [Inspecting errors](https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors)
+// in the client library documentation.
+package apierror
+
+import (
+ "errors"
+ "fmt"
+ "strings"
+
+ jsonerror "github.com/googleapis/gax-go/v2/apierror/internal/proto"
+ "google.golang.org/api/googleapi"
+ "google.golang.org/genproto/googleapis/rpc/errdetails"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+ "google.golang.org/protobuf/encoding/protojson"
+ "google.golang.org/protobuf/proto"
+)
+
+// ErrDetails holds the google/rpc/error_details.proto messages.
+type ErrDetails struct {
+ ErrorInfo *errdetails.ErrorInfo
+ BadRequest *errdetails.BadRequest
+ PreconditionFailure *errdetails.PreconditionFailure
+ QuotaFailure *errdetails.QuotaFailure
+ RetryInfo *errdetails.RetryInfo
+ ResourceInfo *errdetails.ResourceInfo
+ RequestInfo *errdetails.RequestInfo
+ DebugInfo *errdetails.DebugInfo
+ Help *errdetails.Help
+ LocalizedMessage *errdetails.LocalizedMessage
+
+ // Unknown stores unidentifiable error details.
+ Unknown []interface{}
+}
+
+// ErrMessageNotFound is used to signal ExtractProtoMessage found no matching messages.
+var ErrMessageNotFound = errors.New("message not found")
+
+// ExtractProtoMessage provides a mechanism for extracting protobuf messages from the
+// Unknown error details. If ExtractProtoMessage finds an unknown message of the same type,
+// the content of the message is copied to the provided message.
+//
+// ExtractProtoMessage will return ErrMessageNotFound if there are no message matching the
+// protocol buffer type of the provided message.
+func (e ErrDetails) ExtractProtoMessage(v proto.Message) error {
+ if v == nil {
+ return ErrMessageNotFound
+ }
+ for _, elem := range e.Unknown {
+ if elemProto, ok := elem.(proto.Message); ok {
+ if v.ProtoReflect().Type() == elemProto.ProtoReflect().Type() {
+ proto.Merge(v, elemProto)
+ return nil
+ }
+ }
+ }
+ return ErrMessageNotFound
+}
+
+func (e ErrDetails) String() string {
+ var d strings.Builder
+ if e.ErrorInfo != nil {
+ d.WriteString(fmt.Sprintf("error details: name = ErrorInfo reason = %s domain = %s metadata = %s\n",
+ e.ErrorInfo.GetReason(), e.ErrorInfo.GetDomain(), e.ErrorInfo.GetMetadata()))
+ }
+
+ if e.BadRequest != nil {
+ v := e.BadRequest.GetFieldViolations()
+ var f []string
+ var desc []string
+ for _, x := range v {
+ f = append(f, x.GetField())
+ desc = append(desc, x.GetDescription())
+ }
+ d.WriteString(fmt.Sprintf("error details: name = BadRequest field = %s desc = %s\n",
+ strings.Join(f, " "), strings.Join(desc, " ")))
+ }
+
+ if e.PreconditionFailure != nil {
+ v := e.PreconditionFailure.GetViolations()
+ var t []string
+ var s []string
+ var desc []string
+ for _, x := range v {
+ t = append(t, x.GetType())
+ s = append(s, x.GetSubject())
+ desc = append(desc, x.GetDescription())
+ }
+ d.WriteString(fmt.Sprintf("error details: name = PreconditionFailure type = %s subj = %s desc = %s\n", strings.Join(t, " "),
+ strings.Join(s, " "), strings.Join(desc, " ")))
+ }
+
+ if e.QuotaFailure != nil {
+ v := e.QuotaFailure.GetViolations()
+ var s []string
+ var desc []string
+ for _, x := range v {
+ s = append(s, x.GetSubject())
+ desc = append(desc, x.GetDescription())
+ }
+ d.WriteString(fmt.Sprintf("error details: name = QuotaFailure subj = %s desc = %s\n",
+ strings.Join(s, " "), strings.Join(desc, " ")))
+ }
+
+ if e.RequestInfo != nil {
+ d.WriteString(fmt.Sprintf("error details: name = RequestInfo id = %s data = %s\n",
+ e.RequestInfo.GetRequestId(), e.RequestInfo.GetServingData()))
+ }
+
+ if e.ResourceInfo != nil {
+ d.WriteString(fmt.Sprintf("error details: name = ResourceInfo type = %s resourcename = %s owner = %s desc = %s\n",
+ e.ResourceInfo.GetResourceType(), e.ResourceInfo.GetResourceName(),
+ e.ResourceInfo.GetOwner(), e.ResourceInfo.GetDescription()))
+
+ }
+ if e.RetryInfo != nil {
+ d.WriteString(fmt.Sprintf("error details: retry in %s\n", e.RetryInfo.GetRetryDelay().AsDuration()))
+
+ }
+ if e.Unknown != nil {
+ var s []string
+ for _, x := range e.Unknown {
+ s = append(s, fmt.Sprintf("%v", x))
+ }
+ d.WriteString(fmt.Sprintf("error details: name = Unknown desc = %s\n", strings.Join(s, " ")))
+ }
+
+ if e.DebugInfo != nil {
+ d.WriteString(fmt.Sprintf("error details: name = DebugInfo detail = %s stack = %s\n", e.DebugInfo.GetDetail(),
+ strings.Join(e.DebugInfo.GetStackEntries(), " ")))
+ }
+ if e.Help != nil {
+ var desc []string
+ var url []string
+ for _, x := range e.Help.Links {
+ desc = append(desc, x.GetDescription())
+ url = append(url, x.GetUrl())
+ }
+ d.WriteString(fmt.Sprintf("error details: name = Help desc = %s url = %s\n",
+ strings.Join(desc, " "), strings.Join(url, " ")))
+ }
+ if e.LocalizedMessage != nil {
+ d.WriteString(fmt.Sprintf("error details: name = LocalizedMessage locale = %s msg = %s\n",
+ e.LocalizedMessage.GetLocale(), e.LocalizedMessage.GetMessage()))
+ }
+
+ return d.String()
+}
+
+// APIError wraps either a gRPC Status error or a HTTP googleapi.Error. It
+// implements error and Status interfaces.
+type APIError struct {
+ err error
+ status *status.Status
+ httpErr *googleapi.Error
+ details ErrDetails
+}
+
+// Details presents the error details of the APIError.
+func (a *APIError) Details() ErrDetails {
+ return a.details
+}
+
+// Unwrap extracts the original error.
+func (a *APIError) Unwrap() error {
+ return a.err
+}
+
+// Error returns a readable representation of the APIError.
+func (a *APIError) Error() string {
+ var msg string
+ if a.httpErr != nil {
+ // Truncate the googleapi.Error message because it dumps the Details in
+ // an ugly way.
+ msg = fmt.Sprintf("googleapi: Error %d: %s", a.httpErr.Code, a.httpErr.Message)
+ } else if a.status != nil {
+ msg = a.err.Error()
+ }
+ return strings.TrimSpace(fmt.Sprintf("%s\n%s", msg, a.details))
+}
+
+// GRPCStatus extracts the underlying gRPC Status error.
+// This method is necessary to fulfill the interface
+// described in https://pkg.go.dev/google.golang.org/grpc/status#FromError.
+func (a *APIError) GRPCStatus() *status.Status {
+ return a.status
+}
+
+// Reason returns the reason in an ErrorInfo.
+// If ErrorInfo is nil, it returns an empty string.
+func (a *APIError) Reason() string {
+ return a.details.ErrorInfo.GetReason()
+}
+
+// Domain returns the domain in an ErrorInfo.
+// If ErrorInfo is nil, it returns an empty string.
+func (a *APIError) Domain() string {
+ return a.details.ErrorInfo.GetDomain()
+}
+
+// Metadata returns the metadata in an ErrorInfo.
+// If ErrorInfo is nil, it returns nil.
+func (a *APIError) Metadata() map[string]string {
+ return a.details.ErrorInfo.GetMetadata()
+
+}
+
+// setDetailsFromError parses a Status error or a googleapi.Error
+// and sets status and details or httpErr and details, respectively.
+// It returns false if neither Status nor googleapi.Error can be parsed.
+// When err is a googleapi.Error, the status of the returned error will
+// be set to an Unknown error, rather than nil, since a nil code is
+// interpreted as OK in the gRPC status package.
+func (a *APIError) setDetailsFromError(err error) bool {
+ st, isStatus := status.FromError(err)
+ var herr *googleapi.Error
+ isHTTPErr := errors.As(err, &herr)
+
+ switch {
+ case isStatus:
+ a.status = st
+ a.details = parseDetails(st.Details())
+ case isHTTPErr:
+ a.httpErr = herr
+ a.details = parseHTTPDetails(herr)
+ a.status = status.New(codes.Unknown, herr.Message)
+ default:
+ return false
+ }
+ return true
+}
+
+// FromError parses a Status error or a googleapi.Error and builds an
+// APIError, wrapping the provided error in the new APIError. It
+// returns false if neither Status nor googleapi.Error can be parsed.
+func FromError(err error) (*APIError, bool) {
+ return ParseError(err, true)
+}
+
+// ParseError parses a Status error or a googleapi.Error and builds an
+// APIError. If wrap is true, it wraps the error in the new APIError.
+// It returns false if neither Status nor googleapi.Error can be parsed.
+func ParseError(err error, wrap bool) (*APIError, bool) {
+ if err == nil {
+ return nil, false
+ }
+ ae := APIError{}
+ if wrap {
+ ae = APIError{err: err}
+ }
+ if !ae.setDetailsFromError(err) {
+ return nil, false
+ }
+ return &ae, true
+}
+
+// parseDetails accepts a slice of interface{} that should be backed by some
+// sort of proto.Message that can be cast to the google/rpc/error_details.proto
+// types.
+//
+// This is for internal use only.
+func parseDetails(details []interface{}) ErrDetails {
+ var ed ErrDetails
+ for _, d := range details {
+ switch d := d.(type) {
+ case *errdetails.ErrorInfo:
+ ed.ErrorInfo = d
+ case *errdetails.BadRequest:
+ ed.BadRequest = d
+ case *errdetails.PreconditionFailure:
+ ed.PreconditionFailure = d
+ case *errdetails.QuotaFailure:
+ ed.QuotaFailure = d
+ case *errdetails.RetryInfo:
+ ed.RetryInfo = d
+ case *errdetails.ResourceInfo:
+ ed.ResourceInfo = d
+ case *errdetails.RequestInfo:
+ ed.RequestInfo = d
+ case *errdetails.DebugInfo:
+ ed.DebugInfo = d
+ case *errdetails.Help:
+ ed.Help = d
+ case *errdetails.LocalizedMessage:
+ ed.LocalizedMessage = d
+ default:
+ ed.Unknown = append(ed.Unknown, d)
+ }
+ }
+
+ return ed
+}
+
+// parseHTTPDetails will convert the given googleapi.Error into the protobuf
+// representation then parse the Any values that contain the error details.
+//
+// This is for internal use only.
+func parseHTTPDetails(gae *googleapi.Error) ErrDetails {
+ e := &jsonerror.Error{}
+ if err := protojson.Unmarshal([]byte(gae.Body), e); err != nil {
+ // If the error body does not conform to the error schema, ignore it
+ // altogther. See https://cloud.google.com/apis/design/errors#http_mapping.
+ return ErrDetails{}
+ }
+
+ // Coerce the Any messages into proto.Message then parse the details.
+ details := []interface{}{}
+ for _, any := range e.GetError().GetDetails() {
+ m, err := any.UnmarshalNew()
+ if err != nil {
+ // Ignore malformed Any values.
+ continue
+ }
+ details = append(details, m)
+ }
+
+ return parseDetails(details)
+}
+
+// HTTPCode returns the underlying HTTP response status code. This method returns
+// `-1` if the underlying error is a [google.golang.org/grpc/status.Status]. To
+// check gRPC error codes use [google.golang.org/grpc/status.Code].
+func (a *APIError) HTTPCode() int {
+ if a.httpErr == nil {
+ return -1
+ }
+ return a.httpErr.Code
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
new file mode 100644
index 00000000000..9ff0caea946
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/README.md
@@ -0,0 +1,30 @@
+# HTTP JSON Error Schema
+
+The `error.proto` represents the HTTP-JSON schema used by Google APIs to convey
+error payloads as described by https://cloud.google.com/apis/design/errors#http_mapping.
+This package is for internal parsing logic only and should not be used in any
+other context.
+
+## Regeneration
+
+To regenerate the protobuf Go code you will need the following:
+
+* A local copy of [googleapis], the absolute path to which should be exported to
+the environment variable `GOOGLEAPIS`
+* The protobuf compiler [protoc]
+* The Go [protobuf plugin]
+* The [goimports] tool
+
+From this directory run the following command:
+```sh
+protoc -I $GOOGLEAPIS -I. --go_out=. --go_opt=module=github.com/googleapis/gax-go/v2/apierror/internal/proto error.proto
+goimports -w .
+```
+
+Note: the `module` plugin option ensures the generated code is placed in this
+directory, and not in several nested directories defined by `go_package` option.
+
+[googleapis]: https://github.com/googleapis/googleapis
+[protoc]: https://github.com/protocolbuffers/protobuf#protocol-compiler-installation
+[protobuf plugin]: https://developers.google.com/protocol-buffers/docs/reference/go-generated
+[goimports]: https://pkg.go.dev/golang.org/x/tools/cmd/goimports
\ No newline at end of file
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
new file mode 100644
index 00000000000..e4b03f161d8
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.pb.go
@@ -0,0 +1,256 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.28.0
+// protoc v3.17.3
+// source: custom_error.proto
+
+package jsonerror
+
+import (
+ reflect "reflect"
+ sync "sync"
+
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Error code for `CustomError`.
+type CustomError_CustomErrorCode int32
+
+const (
+ // Default error.
+ CustomError_CUSTOM_ERROR_CODE_UNSPECIFIED CustomError_CustomErrorCode = 0
+ // Too many foo.
+ CustomError_TOO_MANY_FOO CustomError_CustomErrorCode = 1
+ // Not enough foo.
+ CustomError_NOT_ENOUGH_FOO CustomError_CustomErrorCode = 2
+ // Catastrophic error.
+ CustomError_UNIVERSE_WAS_DESTROYED CustomError_CustomErrorCode = 3
+)
+
+// Enum value maps for CustomError_CustomErrorCode.
+var (
+ CustomError_CustomErrorCode_name = map[int32]string{
+ 0: "CUSTOM_ERROR_CODE_UNSPECIFIED",
+ 1: "TOO_MANY_FOO",
+ 2: "NOT_ENOUGH_FOO",
+ 3: "UNIVERSE_WAS_DESTROYED",
+ }
+ CustomError_CustomErrorCode_value = map[string]int32{
+ "CUSTOM_ERROR_CODE_UNSPECIFIED": 0,
+ "TOO_MANY_FOO": 1,
+ "NOT_ENOUGH_FOO": 2,
+ "UNIVERSE_WAS_DESTROYED": 3,
+ }
+)
+
+func (x CustomError_CustomErrorCode) Enum() *CustomError_CustomErrorCode {
+ p := new(CustomError_CustomErrorCode)
+ *p = x
+ return p
+}
+
+func (x CustomError_CustomErrorCode) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (CustomError_CustomErrorCode) Descriptor() protoreflect.EnumDescriptor {
+ return file_custom_error_proto_enumTypes[0].Descriptor()
+}
+
+func (CustomError_CustomErrorCode) Type() protoreflect.EnumType {
+ return &file_custom_error_proto_enumTypes[0]
+}
+
+func (x CustomError_CustomErrorCode) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use CustomError_CustomErrorCode.Descriptor instead.
+func (CustomError_CustomErrorCode) EnumDescriptor() ([]byte, []int) {
+ return file_custom_error_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// CustomError is an example of a custom error message which may be included
+// in an rpc status. It is not meant to reflect a standard error.
+type CustomError struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Error code specific to the custom API being invoked.
+ Code CustomError_CustomErrorCode `protobuf:"varint,1,opt,name=code,proto3,enum=error.CustomError_CustomErrorCode" json:"code,omitempty"`
+ // Name of the failed entity.
+ Entity string `protobuf:"bytes,2,opt,name=entity,proto3" json:"entity,omitempty"`
+ // Message that describes the error.
+ ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+}
+
+func (x *CustomError) Reset() {
+ *x = CustomError{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_custom_error_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CustomError) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CustomError) ProtoMessage() {}
+
+func (x *CustomError) ProtoReflect() protoreflect.Message {
+ mi := &file_custom_error_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CustomError.ProtoReflect.Descriptor instead.
+func (*CustomError) Descriptor() ([]byte, []int) {
+ return file_custom_error_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *CustomError) GetCode() CustomError_CustomErrorCode {
+ if x != nil {
+ return x.Code
+ }
+ return CustomError_CUSTOM_ERROR_CODE_UNSPECIFIED
+}
+
+func (x *CustomError) GetEntity() string {
+ if x != nil {
+ return x.Entity
+ }
+ return ""
+}
+
+func (x *CustomError) GetErrorMessage() string {
+ if x != nil {
+ return x.ErrorMessage
+ }
+ return ""
+}
+
+var File_custom_error_proto protoreflect.FileDescriptor
+
+var file_custom_error_proto_rawDesc = []byte{
+ 0x0a, 0x12, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0xfa, 0x01, 0x0a, 0x0b,
+ 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x36, 0x0a, 0x04, 0x63,
+ 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x65, 0x72, 0x72, 0x6f,
+ 0x72, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x43, 0x75,
+ 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x63,
+ 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x23, 0x0a, 0x0d, 0x65,
+ 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+ 0x22, 0x76, 0x0a, 0x0f, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x43,
+ 0x6f, 0x64, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x43, 0x55, 0x53, 0x54, 0x4f, 0x4d, 0x5f, 0x45, 0x52,
+ 0x52, 0x4f, 0x52, 0x5f, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
+ 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x4f, 0x4f, 0x5f, 0x4d, 0x41,
+ 0x4e, 0x59, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x4e, 0x4f, 0x54, 0x5f,
+ 0x45, 0x4e, 0x4f, 0x55, 0x47, 0x48, 0x5f, 0x46, 0x4f, 0x4f, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16,
+ 0x55, 0x4e, 0x49, 0x56, 0x45, 0x52, 0x53, 0x45, 0x5f, 0x57, 0x41, 0x53, 0x5f, 0x44, 0x45, 0x53,
+ 0x54, 0x52, 0x4f, 0x59, 0x45, 0x44, 0x10, 0x03, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68,
+ 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69,
+ 0x73, 0x2f, 0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65,
+ 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72,
+ 0x6f, 0x74, 0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+ file_custom_error_proto_rawDescOnce sync.Once
+ file_custom_error_proto_rawDescData = file_custom_error_proto_rawDesc
+)
+
+func file_custom_error_proto_rawDescGZIP() []byte {
+ file_custom_error_proto_rawDescOnce.Do(func() {
+ file_custom_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_custom_error_proto_rawDescData)
+ })
+ return file_custom_error_proto_rawDescData
+}
+
+var file_custom_error_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_custom_error_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_custom_error_proto_goTypes = []interface{}{
+ (CustomError_CustomErrorCode)(0), // 0: error.CustomError.CustomErrorCode
+ (*CustomError)(nil), // 1: error.CustomError
+}
+var file_custom_error_proto_depIdxs = []int32{
+ 0, // 0: error.CustomError.code:type_name -> error.CustomError.CustomErrorCode
+ 1, // [1:1] is the sub-list for method output_type
+ 1, // [1:1] is the sub-list for method input_type
+ 1, // [1:1] is the sub-list for extension type_name
+ 1, // [1:1] is the sub-list for extension extendee
+ 0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_custom_error_proto_init() }
+func file_custom_error_proto_init() {
+ if File_custom_error_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_custom_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CustomError); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_custom_error_proto_rawDesc,
+ NumEnums: 1,
+ NumMessages: 1,
+ NumExtensions: 0,
+ NumServices: 0,
+ },
+ GoTypes: file_custom_error_proto_goTypes,
+ DependencyIndexes: file_custom_error_proto_depIdxs,
+ EnumInfos: file_custom_error_proto_enumTypes,
+ MessageInfos: file_custom_error_proto_msgTypes,
+ }.Build()
+ File_custom_error_proto = out.File
+ file_custom_error_proto_rawDesc = nil
+ file_custom_error_proto_goTypes = nil
+ file_custom_error_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
new file mode 100644
index 00000000000..21678ae65c9
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/custom_error.proto
@@ -0,0 +1,50 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package error;
+
+option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
+
+
+// CustomError is an example of a custom error message which may be included
+// in an rpc status. It is not meant to reflect a standard error.
+message CustomError {
+
+ // Error code for `CustomError`.
+ enum CustomErrorCode {
+ // Default error.
+ CUSTOM_ERROR_CODE_UNSPECIFIED = 0;
+
+ // Too many foo.
+ TOO_MANY_FOO = 1;
+
+ // Not enough foo.
+ NOT_ENOUGH_FOO = 2;
+
+ // Catastrophic error.
+ UNIVERSE_WAS_DESTROYED = 3;
+
+ }
+
+ // Error code specific to the custom API being invoked.
+ CustomErrorCode code = 1;
+
+ // Name of the failed entity.
+ string entity = 2;
+
+ // Message that describes the error.
+ string error_message = 3;
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
new file mode 100644
index 00000000000..7dd9b83739a
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.pb.go
@@ -0,0 +1,280 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.28.0
+// protoc v3.15.8
+// source: apierror/internal/proto/error.proto
+
+package jsonerror
+
+import (
+ reflect "reflect"
+ sync "sync"
+
+ code "google.golang.org/genproto/googleapis/rpc/code"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ anypb "google.golang.org/protobuf/types/known/anypb"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The error format v2 for Google JSON REST APIs.
+// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
+//
+// NOTE: This schema is not used for other wire protocols.
+type Error struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // The actual error payload. The nested message structure is for backward
+ // compatibility with Google API client libraries. It also makes the error
+ // more readable to developers.
+ Error *Error_Status `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
+}
+
+func (x *Error) Reset() {
+ *x = Error{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Error) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Error) ProtoMessage() {}
+
+func (x *Error) ProtoReflect() protoreflect.Message {
+ mi := &file_apierror_internal_proto_error_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Error.ProtoReflect.Descriptor instead.
+func (*Error) Descriptor() ([]byte, []int) {
+ return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Error) GetError() *Error_Status {
+ if x != nil {
+ return x.Error
+ }
+ return nil
+}
+
+// This message has the same semantics as `google.rpc.Status`. It uses HTTP
+// status code instead of gRPC status code. It has an extra field `status`
+// for backward compatibility with Google API Client Libraries.
+type Error_Status struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // The HTTP status code that corresponds to `google.rpc.Status.code`.
+ Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
+ // This corresponds to `google.rpc.Status.message`.
+ Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+ // This is the enum version for `google.rpc.Status.code`.
+ Status code.Code `protobuf:"varint,4,opt,name=status,proto3,enum=google.rpc.Code" json:"status,omitempty"`
+ // This corresponds to `google.rpc.Status.details`.
+ Details []*anypb.Any `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty"`
+}
+
+func (x *Error_Status) Reset() {
+ *x = Error_Status{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Error_Status) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Error_Status) ProtoMessage() {}
+
+func (x *Error_Status) ProtoReflect() protoreflect.Message {
+ mi := &file_apierror_internal_proto_error_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Error_Status.ProtoReflect.Descriptor instead.
+func (*Error_Status) Descriptor() ([]byte, []int) {
+ return file_apierror_internal_proto_error_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *Error_Status) GetCode() int32 {
+ if x != nil {
+ return x.Code
+ }
+ return 0
+}
+
+func (x *Error_Status) GetMessage() string {
+ if x != nil {
+ return x.Message
+ }
+ return ""
+}
+
+func (x *Error_Status) GetStatus() code.Code {
+ if x != nil {
+ return x.Status
+ }
+ return code.Code(0)
+}
+
+func (x *Error_Status) GetDetails() []*anypb.Any {
+ if x != nil {
+ return x.Details
+ }
+ return nil
+}
+
+var File_apierror_internal_proto_error_proto protoreflect.FileDescriptor
+
+var file_apierror_internal_proto_error_proto_rawDesc = []byte{
+ 0x0a, 0x23, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
+ 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
+ 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x1a, 0x19, 0x67, 0x6f,
+ 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e,
+ 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f,
+ 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5,
+ 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x29, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
+ 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x2e,
+ 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x05, 0x65, 0x72,
+ 0x72, 0x6f, 0x72, 0x1a, 0x90, 0x01, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12,
+ 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f,
+ 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x28, 0x0a, 0x06,
+ 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x10, 0x2e, 0x67,
+ 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x43, 0x6f, 0x64, 0x65, 0x52, 0x06,
+ 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c,
+ 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x07, 0x64,
+ 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f,
+ 0x67, 0x61, 0x78, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x65, 0x72, 0x72,
+ 0x6f, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x3b, 0x6a, 0x73, 0x6f, 0x6e, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f,
+ 0x74, 0x6f, 0x33,
+}
+
+var (
+ file_apierror_internal_proto_error_proto_rawDescOnce sync.Once
+ file_apierror_internal_proto_error_proto_rawDescData = file_apierror_internal_proto_error_proto_rawDesc
+)
+
+func file_apierror_internal_proto_error_proto_rawDescGZIP() []byte {
+ file_apierror_internal_proto_error_proto_rawDescOnce.Do(func() {
+ file_apierror_internal_proto_error_proto_rawDescData = protoimpl.X.CompressGZIP(file_apierror_internal_proto_error_proto_rawDescData)
+ })
+ return file_apierror_internal_proto_error_proto_rawDescData
+}
+
+var file_apierror_internal_proto_error_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_apierror_internal_proto_error_proto_goTypes = []interface{}{
+ (*Error)(nil), // 0: error.Error
+ (*Error_Status)(nil), // 1: error.Error.Status
+ (code.Code)(0), // 2: google.rpc.Code
+ (*anypb.Any)(nil), // 3: google.protobuf.Any
+}
+var file_apierror_internal_proto_error_proto_depIdxs = []int32{
+ 1, // 0: error.Error.error:type_name -> error.Error.Status
+ 2, // 1: error.Error.Status.status:type_name -> google.rpc.Code
+ 3, // 2: error.Error.Status.details:type_name -> google.protobuf.Any
+ 3, // [3:3] is the sub-list for method output_type
+ 3, // [3:3] is the sub-list for method input_type
+ 3, // [3:3] is the sub-list for extension type_name
+ 3, // [3:3] is the sub-list for extension extendee
+ 0, // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_apierror_internal_proto_error_proto_init() }
+func file_apierror_internal_proto_error_proto_init() {
+ if File_apierror_internal_proto_error_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_apierror_internal_proto_error_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Error); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_apierror_internal_proto_error_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Error_Status); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_apierror_internal_proto_error_proto_rawDesc,
+ NumEnums: 0,
+ NumMessages: 2,
+ NumExtensions: 0,
+ NumServices: 0,
+ },
+ GoTypes: file_apierror_internal_proto_error_proto_goTypes,
+ DependencyIndexes: file_apierror_internal_proto_error_proto_depIdxs,
+ MessageInfos: file_apierror_internal_proto_error_proto_msgTypes,
+ }.Build()
+ File_apierror_internal_proto_error_proto = out.File
+ file_apierror_internal_proto_error_proto_rawDesc = nil
+ file_apierror_internal_proto_error_proto_goTypes = nil
+ file_apierror_internal_proto_error_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
new file mode 100644
index 00000000000..4b9b13ce111
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/apierror/internal/proto/error.proto
@@ -0,0 +1,46 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package error;
+
+import "google/protobuf/any.proto";
+import "google/rpc/code.proto";
+
+option go_package = "github.com/googleapis/gax-go/v2/apierror/internal/proto;jsonerror";
+
+// The error format v2 for Google JSON REST APIs.
+// Copied from https://cloud.google.com/apis/design/errors#http_mapping.
+//
+// NOTE: This schema is not used for other wire protocols.
+message Error {
+ // This message has the same semantics as `google.rpc.Status`. It uses HTTP
+ // status code instead of gRPC status code. It has an extra field `status`
+ // for backward compatibility with Google API Client Libraries.
+ message Status {
+ // The HTTP status code that corresponds to `google.rpc.Status.code`.
+ int32 code = 1;
+ // This corresponds to `google.rpc.Status.message`.
+ string message = 2;
+ // This is the enum version for `google.rpc.Status.code`.
+ google.rpc.Code status = 4;
+ // This corresponds to `google.rpc.Status.details`.
+ repeated google.protobuf.Any details = 5;
+ }
+ // The actual error payload. The nested message structure is for backward
+ // compatibility with Google API client libraries. It also makes the error
+ // more readable to developers.
+ Status error = 1;
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/call_option.go b/vendor/github.com/googleapis/gax-go/v2/call_option.go
new file mode 100644
index 00000000000..c52e03f6436
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/call_option.go
@@ -0,0 +1,265 @@
+// Copyright 2016, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+ "errors"
+ "math/rand"
+ "time"
+
+ "google.golang.org/api/googleapi"
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+)
+
+// CallOption is an option used by Invoke to control behaviors of RPC calls.
+// CallOption works by modifying relevant fields of CallSettings.
+type CallOption interface {
+ // Resolve applies the option by modifying cs.
+ Resolve(cs *CallSettings)
+}
+
+// Retryer is used by Invoke to determine retry behavior.
+type Retryer interface {
+ // Retry reports whether a request should be retried and how long to pause before retrying
+ // if the previous attempt returned with err. Invoke never calls Retry with nil error.
+ Retry(err error) (pause time.Duration, shouldRetry bool)
+}
+
+type retryerOption func() Retryer
+
+func (o retryerOption) Resolve(s *CallSettings) {
+ s.Retry = o
+}
+
+// WithRetry sets CallSettings.Retry to fn.
+func WithRetry(fn func() Retryer) CallOption {
+ return retryerOption(fn)
+}
+
+// OnErrorFunc returns a Retryer that retries if and only if the previous attempt
+// returns an error that satisfies shouldRetry.
+//
+// Pause times between retries are specified by bo. bo is only used for its
+// parameters; each Retryer has its own copy.
+func OnErrorFunc(bo Backoff, shouldRetry func(err error) bool) Retryer {
+ return &errorRetryer{
+ shouldRetry: shouldRetry,
+ backoff: bo,
+ }
+}
+
+type errorRetryer struct {
+ backoff Backoff
+ shouldRetry func(err error) bool
+}
+
+func (r *errorRetryer) Retry(err error) (time.Duration, bool) {
+ if r.shouldRetry(err) {
+ return r.backoff.Pause(), true
+ }
+
+ return 0, false
+}
+
+// OnCodes returns a Retryer that retries if and only if
+// the previous attempt returns a GRPC error whose error code is stored in cc.
+// Pause times between retries are specified by bo.
+//
+// bo is only used for its parameters; each Retryer has its own copy.
+func OnCodes(cc []codes.Code, bo Backoff) Retryer {
+ return &boRetryer{
+ backoff: bo,
+ codes: append([]codes.Code(nil), cc...),
+ }
+}
+
+type boRetryer struct {
+ backoff Backoff
+ codes []codes.Code
+}
+
+func (r *boRetryer) Retry(err error) (time.Duration, bool) {
+ st, ok := status.FromError(err)
+ if !ok {
+ return 0, false
+ }
+ c := st.Code()
+ for _, rc := range r.codes {
+ if c == rc {
+ return r.backoff.Pause(), true
+ }
+ }
+ return 0, false
+}
+
+// OnHTTPCodes returns a Retryer that retries if and only if
+// the previous attempt returns a googleapi.Error whose status code is stored in
+// cc. Pause times between retries are specified by bo.
+//
+// bo is only used for its parameters; each Retryer has its own copy.
+func OnHTTPCodes(bo Backoff, cc ...int) Retryer {
+ codes := make(map[int]bool, len(cc))
+ for _, c := range cc {
+ codes[c] = true
+ }
+
+ return &httpRetryer{
+ backoff: bo,
+ codes: codes,
+ }
+}
+
+type httpRetryer struct {
+ backoff Backoff
+ codes map[int]bool
+}
+
+func (r *httpRetryer) Retry(err error) (time.Duration, bool) {
+ var gerr *googleapi.Error
+ if !errors.As(err, &gerr) {
+ return 0, false
+ }
+
+ if r.codes[gerr.Code] {
+ return r.backoff.Pause(), true
+ }
+
+ return 0, false
+}
+
+// Backoff implements exponential backoff. The wait time between retries is a
+// random value between 0 and the "retry period" - the time between retries. The
+// retry period starts at Initial and increases by the factor of Multiplier
+// every retry, but is capped at Max.
+//
+// Note: MaxNumRetries / RPCDeadline is specifically not provided. These should
+// be built on top of Backoff.
+type Backoff struct {
+ // Initial is the initial value of the retry period, defaults to 1 second.
+ Initial time.Duration
+
+ // Max is the maximum value of the retry period, defaults to 30 seconds.
+ Max time.Duration
+
+ // Multiplier is the factor by which the retry period increases.
+ // It should be greater than 1 and defaults to 2.
+ Multiplier float64
+
+ // cur is the current retry period.
+ cur time.Duration
+}
+
+// Pause returns the next time.Duration that the caller should use to backoff.
+func (bo *Backoff) Pause() time.Duration {
+ if bo.Initial == 0 {
+ bo.Initial = time.Second
+ }
+ if bo.cur == 0 {
+ bo.cur = bo.Initial
+ }
+ if bo.Max == 0 {
+ bo.Max = 30 * time.Second
+ }
+ if bo.Multiplier < 1 {
+ bo.Multiplier = 2
+ }
+ // Select a duration between 1ns and the current max. It might seem
+ // counterintuitive to have so much jitter, but
+ // https://www.awsarchitectureblog.com/2015/03/backoff.html argues that
+ // that is the best strategy.
+ d := time.Duration(1 + rand.Int63n(int64(bo.cur)))
+ bo.cur = time.Duration(float64(bo.cur) * bo.Multiplier)
+ if bo.cur > bo.Max {
+ bo.cur = bo.Max
+ }
+ return d
+}
+
+type grpcOpt []grpc.CallOption
+
+func (o grpcOpt) Resolve(s *CallSettings) {
+ s.GRPC = o
+}
+
+type pathOpt struct {
+ p string
+}
+
+func (p pathOpt) Resolve(s *CallSettings) {
+ s.Path = p.p
+}
+
+type timeoutOpt struct {
+ t time.Duration
+}
+
+func (t timeoutOpt) Resolve(s *CallSettings) {
+ s.timeout = t.t
+}
+
+// WithPath applies a Path override to the HTTP-based APICall.
+//
+// This is for internal use only.
+func WithPath(p string) CallOption {
+ return &pathOpt{p: p}
+}
+
+// WithGRPCOptions allows passing gRPC call options during client creation.
+func WithGRPCOptions(opt ...grpc.CallOption) CallOption {
+ return grpcOpt(append([]grpc.CallOption(nil), opt...))
+}
+
+// WithTimeout is a convenience option for setting a context.WithTimeout on the
+// singular context.Context used for **all** APICall attempts. Calculated from
+// the start of the first APICall attempt.
+// If the context.Context provided to Invoke already has a Deadline set, that
+// will always be respected over the deadline calculated using this option.
+func WithTimeout(t time.Duration) CallOption {
+ return &timeoutOpt{t: t}
+}
+
+// CallSettings allow fine-grained control over how calls are made.
+type CallSettings struct {
+ // Retry returns a Retryer to be used to control retry logic of a method call.
+ // If Retry is nil or the returned Retryer is nil, the call will not be retried.
+ Retry func() Retryer
+
+ // CallOptions to be forwarded to GRPC.
+ GRPC []grpc.CallOption
+
+ // Path is an HTTP override for an APICall.
+ Path string
+
+ // Timeout defines the amount of time that Invoke has to complete.
+ // Unexported so it cannot be changed by the code in an APICall.
+ timeout time.Duration
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go b/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go
new file mode 100644
index 00000000000..f5af5c990f9
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/callctx/callctx.go
@@ -0,0 +1,100 @@
+// Copyright 2023, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package callctx provides helpers for storing and retrieving values out of
+// [context.Context]. These values are used by our client libraries in various
+// ways across the stack.
+package callctx
+
+import (
+ "context"
+ "fmt"
+)
+
+const (
+ // XGoogFieldMaskHeader is the canonical header key for the [System Parameter]
+ // that specifies the response read mask. The value(s) for this header
+ // must adhere to format described in [fieldmaskpb].
+ //
+ // [System Parameter]: https://cloud.google.com/apis/docs/system-parameters
+ // [fieldmaskpb]: https://google.golang.org/protobuf/types/known/fieldmaskpb
+ XGoogFieldMaskHeader = "x-goog-fieldmask"
+
+ headerKey = contextKey("header")
+)
+
+// contextKey is a private type used to store/retrieve context values.
+type contextKey string
+
+// HeadersFromContext retrieves headers set from [SetHeaders]. These headers
+// can then be cast to http.Header or metadata.MD to send along on requests.
+func HeadersFromContext(ctx context.Context) map[string][]string {
+ m, ok := ctx.Value(headerKey).(map[string][]string)
+ if !ok {
+ return nil
+ }
+ return m
+}
+
+// SetHeaders stores key value pairs in the returned context that can later
+// be retrieved by [HeadersFromContext]. Values stored in this manner will
+// automatically be retrieved by client libraries and sent as outgoing headers
+// on all requests. keyvals should have a corresponding value for every key
+// provided. If there is an odd number of keyvals this method will panic.
+func SetHeaders(ctx context.Context, keyvals ...string) context.Context {
+ if len(keyvals)%2 != 0 {
+ panic(fmt.Sprintf("callctx: an even number of key value pairs must be provided, got %d", len(keyvals)))
+ }
+ h, ok := ctx.Value(headerKey).(map[string][]string)
+ if !ok {
+ h = make(map[string][]string)
+ } else {
+ h = cloneHeaders(h)
+ }
+
+ for i := 0; i < len(keyvals); i = i + 2 {
+ h[keyvals[i]] = append(h[keyvals[i]], keyvals[i+1])
+ }
+ return context.WithValue(ctx, headerKey, h)
+}
+
+// cloneHeaders makes a new key-value map while reusing the value slices.
+// As such, new values should be appended to the value slice, and modifying
+// indexed values is not thread safe.
+//
+// TODO: Replace this with maps.Clone when Go 1.21 is the minimum version.
+func cloneHeaders(h map[string][]string) map[string][]string {
+ c := make(map[string][]string, len(h))
+ for k, v := range h {
+ vc := make([]string, len(v))
+ copy(vc, v)
+ c[k] = vc
+ }
+ return c
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/content_type.go b/vendor/github.com/googleapis/gax-go/v2/content_type.go
new file mode 100644
index 00000000000..1b53d0a3ac1
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/content_type.go
@@ -0,0 +1,112 @@
+// Copyright 2022, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+ "io"
+ "io/ioutil"
+ "net/http"
+)
+
+const sniffBuffSize = 512
+
+func newContentSniffer(r io.Reader) *contentSniffer {
+ return &contentSniffer{r: r}
+}
+
+// contentSniffer wraps a Reader, and reports the content type determined by sniffing up to 512 bytes from the Reader.
+type contentSniffer struct {
+ r io.Reader
+ start []byte // buffer for the sniffed bytes.
+ err error // set to any error encountered while reading bytes to be sniffed.
+
+ ctype string // set on first sniff.
+ sniffed bool // set to true on first sniff.
+}
+
+func (cs *contentSniffer) Read(p []byte) (n int, err error) {
+ // Ensure that the content type is sniffed before any data is consumed from Reader.
+ _, _ = cs.ContentType()
+
+ if len(cs.start) > 0 {
+ n := copy(p, cs.start)
+ cs.start = cs.start[n:]
+ return n, nil
+ }
+
+ // We may have read some bytes into start while sniffing, even if the read ended in an error.
+ // We should first return those bytes, then the error.
+ if cs.err != nil {
+ return 0, cs.err
+ }
+
+ // Now we have handled all bytes that were buffered while sniffing. Now just delegate to the underlying reader.
+ return cs.r.Read(p)
+}
+
+// ContentType returns the sniffed content type, and whether the content type was successfully sniffed.
+func (cs *contentSniffer) ContentType() (string, bool) {
+ if cs.sniffed {
+ return cs.ctype, cs.ctype != ""
+ }
+ cs.sniffed = true
+ // If ReadAll hits EOF, it returns err==nil.
+ cs.start, cs.err = ioutil.ReadAll(io.LimitReader(cs.r, sniffBuffSize))
+
+ // Don't try to detect the content type based on possibly incomplete data.
+ if cs.err != nil {
+ return "", false
+ }
+
+ cs.ctype = http.DetectContentType(cs.start)
+ return cs.ctype, true
+}
+
+// DetermineContentType determines the content type of the supplied reader.
+// The content of media will be sniffed to determine the content type.
+// After calling DetectContentType the caller must not perform further reads on
+// media, but rather read from the Reader that is returned.
+func DetermineContentType(media io.Reader) (io.Reader, string) {
+ // For backwards compatibility, allow clients to set content
+ // type by providing a ContentTyper for media.
+ // Note: This is an anonymous interface definition copied from googleapi.ContentTyper.
+ if typer, ok := media.(interface {
+ ContentType() string
+ }); ok {
+ return media, typer.ContentType()
+ }
+
+ sniffer := newContentSniffer(media)
+ if ctype, ok := sniffer.ContentType(); ok {
+ return sniffer, ctype
+ }
+ // If content type could not be sniffed, reads from sniffer will eventually fail with an error.
+ return sniffer, ""
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/gax.go b/vendor/github.com/googleapis/gax-go/v2/gax.go
new file mode 100644
index 00000000000..36cdfa33e35
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/gax.go
@@ -0,0 +1,41 @@
+// Copyright 2016, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Package gax contains a set of modules which aid the development of APIs
+// for clients and servers based on gRPC and Google API conventions.
+//
+// Application code will rarely need to use this library directly.
+// However, code generated automatically from API definition files can use it
+// to simplify code generation and to provide more convenient and idiomatic API surfaces.
+package gax
+
+import "github.com/googleapis/gax-go/v2/internal"
+
+// Version specifies the gax-go version being used.
+const Version = internal.Version
diff --git a/vendor/github.com/googleapis/gax-go/v2/header.go b/vendor/github.com/googleapis/gax-go/v2/header.go
new file mode 100644
index 00000000000..3e53729e5fc
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/header.go
@@ -0,0 +1,173 @@
+// Copyright 2018, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+ "bytes"
+ "context"
+ "fmt"
+ "net/http"
+ "runtime"
+ "strings"
+ "unicode"
+
+ "github.com/googleapis/gax-go/v2/callctx"
+ "google.golang.org/grpc/metadata"
+)
+
+var (
+ // GoVersion is a header-safe representation of the current runtime
+ // environment's Go version. This is for GAX consumers that need to
+ // report the Go runtime version in API calls.
+ GoVersion string
+ // version is a package internal global variable for testing purposes.
+ version = runtime.Version
+)
+
+// versionUnknown is only used when the runtime version cannot be determined.
+const versionUnknown = "UNKNOWN"
+
+func init() {
+ GoVersion = goVersion()
+}
+
+// goVersion returns a Go runtime version derived from the runtime environment
+// that is modified to be suitable for reporting in a header, meaning it has no
+// whitespace. If it is unable to determine the Go runtime version, it returns
+// versionUnknown.
+func goVersion() string {
+ const develPrefix = "devel +"
+
+ s := version()
+ if strings.HasPrefix(s, develPrefix) {
+ s = s[len(develPrefix):]
+ if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+ s = s[:p]
+ }
+ return s
+ } else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+ s = s[:p]
+ }
+
+ notSemverRune := func(r rune) bool {
+ return !strings.ContainsRune("0123456789.", r)
+ }
+
+ if strings.HasPrefix(s, "go1") {
+ s = s[2:]
+ var prerelease string
+ if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+ s, prerelease = s[:p], s[p:]
+ }
+ if strings.HasSuffix(s, ".") {
+ s += "0"
+ } else if strings.Count(s, ".") < 2 {
+ s += ".0"
+ }
+ if prerelease != "" {
+ // Some release candidates already have a dash in them.
+ if !strings.HasPrefix(prerelease, "-") {
+ prerelease = "-" + prerelease
+ }
+ s += prerelease
+ }
+ return s
+ }
+ return "UNKNOWN"
+}
+
+// XGoogHeader is for use by the Google Cloud Libraries only. See package
+// [github.com/googleapis/gax-go/v2/callctx] for help setting/retrieving
+// request/response headers.
+//
+// XGoogHeader formats key-value pairs.
+// The resulting string is suitable for x-goog-api-client header.
+func XGoogHeader(keyval ...string) string {
+ if len(keyval) == 0 {
+ return ""
+ }
+ if len(keyval)%2 != 0 {
+ panic("gax.Header: odd argument count")
+ }
+ var buf bytes.Buffer
+ for i := 0; i < len(keyval); i += 2 {
+ buf.WriteByte(' ')
+ buf.WriteString(keyval[i])
+ buf.WriteByte('/')
+ buf.WriteString(keyval[i+1])
+ }
+ return buf.String()[1:]
+}
+
+// InsertMetadataIntoOutgoingContext is for use by the Google Cloud Libraries
+// only. See package [github.com/googleapis/gax-go/v2/callctx] for help
+// setting/retrieving request/response headers.
+//
+// InsertMetadataIntoOutgoingContext returns a new context that merges the
+// provided keyvals metadata pairs with any existing metadata/headers in the
+// provided context. keyvals should have a corresponding value for every key
+// provided. If there is an odd number of keyvals this method will panic.
+// Existing values for keys will not be overwritten, instead provided values
+// will be appended to the list of existing values.
+func InsertMetadataIntoOutgoingContext(ctx context.Context, keyvals ...string) context.Context {
+ return metadata.NewOutgoingContext(ctx, insertMetadata(ctx, keyvals...))
+}
+
+// BuildHeaders is for use by the Google Cloud Libraries only. See package
+// [github.com/googleapis/gax-go/v2/callctx] for help setting/retrieving
+// request/response headers.
+//
+// BuildHeaders returns a new http.Header that merges the provided
+// keyvals header pairs with any existing metadata/headers in the provided
+// context. keyvals should have a corresponding value for every key provided.
+// If there is an odd number of keyvals this method will panic.
+// Existing values for keys will not be overwritten, instead provided values
+// will be appended to the list of existing values.
+func BuildHeaders(ctx context.Context, keyvals ...string) http.Header {
+ return http.Header(insertMetadata(ctx, keyvals...))
+}
+
+func insertMetadata(ctx context.Context, keyvals ...string) metadata.MD {
+ if len(keyvals)%2 != 0 {
+ panic(fmt.Sprintf("gax: an even number of key value pairs must be provided, got %d", len(keyvals)))
+ }
+ out, ok := metadata.FromOutgoingContext(ctx)
+ if !ok {
+ out = metadata.MD(make(map[string][]string))
+ }
+ headers := callctx.HeadersFromContext(ctx)
+ for k, v := range headers {
+ out[k] = append(out[k], v...)
+ }
+ for i := 0; i < len(keyvals); i = i + 2 {
+ out[keyvals[i]] = append(out[keyvals[i]], keyvals[i+1])
+ }
+ return out
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/internal/version.go b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
new file mode 100644
index 00000000000..90348f303df
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/internal/version.go
@@ -0,0 +1,33 @@
+// Copyright 2022, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package internal
+
+// Version is the current tagged release of the library.
+const Version = "2.12.3"
diff --git a/vendor/github.com/googleapis/gax-go/v2/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go
new file mode 100644
index 00000000000..721d1af5517
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/invoke.go
@@ -0,0 +1,114 @@
+// Copyright 2016, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+ "context"
+ "strings"
+ "time"
+
+ "github.com/googleapis/gax-go/v2/apierror"
+)
+
+// APICall is a user defined call stub.
+type APICall func(context.Context, CallSettings) error
+
+// Invoke calls the given APICall, performing retries as specified by opts, if
+// any.
+func Invoke(ctx context.Context, call APICall, opts ...CallOption) error {
+ var settings CallSettings
+ for _, opt := range opts {
+ opt.Resolve(&settings)
+ }
+ return invoke(ctx, call, settings, Sleep)
+}
+
+// Sleep is similar to time.Sleep, but it can be interrupted by ctx.Done() closing.
+// If interrupted, Sleep returns ctx.Err().
+func Sleep(ctx context.Context, d time.Duration) error {
+ t := time.NewTimer(d)
+ select {
+ case <-ctx.Done():
+ t.Stop()
+ return ctx.Err()
+ case <-t.C:
+ return nil
+ }
+}
+
+type sleeper func(ctx context.Context, d time.Duration) error
+
+// invoke implements Invoke, taking an additional sleeper argument for testing.
+func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper) error {
+ var retryer Retryer
+
+ // Only use the value provided via WithTimeout if the context doesn't
+ // already have a deadline. This is important for backwards compatibility if
+ // the user already set a deadline on the context given to Invoke.
+ if _, ok := ctx.Deadline(); !ok && settings.timeout != 0 {
+ c, cc := context.WithTimeout(ctx, settings.timeout)
+ defer cc()
+ ctx = c
+ }
+
+ for {
+ err := call(ctx, settings)
+ if err == nil {
+ return nil
+ }
+ // Never retry permanent certificate errors. (e.x. if ca-certificates
+ // are not installed). We should only make very few, targeted
+ // exceptions: many (other) status=Unavailable should be retried, such
+ // as if there's a network hiccup, or the internet goes out for a
+ // minute. This is also why here we are doing string parsing instead of
+ // simply making Unavailable a non-retried code elsewhere.
+ if strings.Contains(err.Error(), "x509: certificate signed by unknown authority") {
+ return err
+ }
+ if apierr, ok := apierror.FromError(err); ok {
+ err = apierr
+ }
+ if settings.Retry == nil {
+ return err
+ }
+ if retryer == nil {
+ if r := settings.Retry(); r != nil {
+ retryer = r
+ } else {
+ return err
+ }
+ }
+ if d, ok := retryer.Retry(err); !ok {
+ return err
+ } else if err = sp(ctx, d); err != nil {
+ return err
+ }
+ }
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go b/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
new file mode 100644
index 00000000000..cc4486eb9e5
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/proto_json_stream.go
@@ -0,0 +1,126 @@
+// Copyright 2022, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package gax
+
+import (
+ "encoding/json"
+ "errors"
+ "io"
+
+ "google.golang.org/protobuf/encoding/protojson"
+ "google.golang.org/protobuf/proto"
+ "google.golang.org/protobuf/reflect/protoreflect"
+)
+
+var (
+ arrayOpen = json.Delim('[')
+ arrayClose = json.Delim(']')
+ errBadOpening = errors.New("unexpected opening token, expected '['")
+)
+
+// ProtoJSONStream represents a wrapper for consuming a stream of protobuf
+// messages encoded using protobuf-JSON format. More information on this format
+// can be found at https://developers.google.com/protocol-buffers/docs/proto3#json.
+// The stream must appear as a comma-delimited, JSON array of obbjects with
+// opening and closing square braces.
+//
+// This is for internal use only.
+type ProtoJSONStream struct {
+ first, closed bool
+ reader io.ReadCloser
+ stream *json.Decoder
+ typ protoreflect.MessageType
+}
+
+// NewProtoJSONStreamReader accepts a stream of bytes via an io.ReadCloser that are
+// protobuf-JSON encoded protobuf messages of the given type. The ProtoJSONStream
+// must be closed when done.
+//
+// This is for internal use only.
+func NewProtoJSONStreamReader(rc io.ReadCloser, typ protoreflect.MessageType) *ProtoJSONStream {
+ return &ProtoJSONStream{
+ first: true,
+ reader: rc,
+ stream: json.NewDecoder(rc),
+ typ: typ,
+ }
+}
+
+// Recv decodes the next protobuf message in the stream or returns io.EOF if
+// the stream is done. It is not safe to call Recv on the same stream from
+// different goroutines, just like it is not safe to do so with a single gRPC
+// stream. Type-cast the protobuf message returned to the type provided at
+// ProtoJSONStream creation.
+// Calls to Recv after calling Close will produce io.EOF.
+func (s *ProtoJSONStream) Recv() (proto.Message, error) {
+ if s.closed {
+ return nil, io.EOF
+ }
+ if s.first {
+ s.first = false
+
+ // Consume the opening '[' so Decode gets one object at a time.
+ if t, err := s.stream.Token(); err != nil {
+ return nil, err
+ } else if t != arrayOpen {
+ return nil, errBadOpening
+ }
+ }
+
+ // Capture the next block of data for the item (a JSON object) in the stream.
+ var raw json.RawMessage
+ if err := s.stream.Decode(&raw); err != nil {
+ e := err
+ // To avoid checking the first token of each stream, just attempt to
+ // Decode the next blob and if that fails, double check if it is just
+ // the closing token ']'. If it is the closing, return io.EOF. If it
+ // isn't, return the original error.
+ if t, _ := s.stream.Token(); t == arrayClose {
+ e = io.EOF
+ }
+ return nil, e
+ }
+
+ // Initialize a new instance of the protobuf message to unmarshal the
+ // raw data into.
+ m := s.typ.New().Interface()
+ err := protojson.Unmarshal(raw, m)
+
+ return m, err
+}
+
+// Close closes the stream so that resources are cleaned up.
+func (s *ProtoJSONStream) Close() error {
+ // Dereference the *json.Decoder so that the memory is gc'd.
+ s.stream = nil
+ s.closed = true
+
+ return s.reader.Close()
+}
diff --git a/vendor/github.com/googleapis/gax-go/v2/release-please-config.json b/vendor/github.com/googleapis/gax-go/v2/release-please-config.json
new file mode 100644
index 00000000000..61ee266a159
--- /dev/null
+++ b/vendor/github.com/googleapis/gax-go/v2/release-please-config.json
@@ -0,0 +1,10 @@
+{
+ "release-type": "go-yoshi",
+ "separate-pull-requests": true,
+ "include-component-in-tag": false,
+ "packages": {
+ "v2": {
+ "component": "v2"
+ }
+ }
+}
diff --git a/vendor/github.com/jzelinskie/whirlpool/.travis.yml b/vendor/github.com/jzelinskie/whirlpool/.travis.yml
new file mode 100644
index 00000000000..d7001e85544
--- /dev/null
+++ b/vendor/github.com/jzelinskie/whirlpool/.travis.yml
@@ -0,0 +1,4 @@
+arch:
+ - ppc64le
+ - amd64
+language: go
diff --git a/vendor/github.com/jzelinskie/whirlpool/LICENSE b/vendor/github.com/jzelinskie/whirlpool/LICENSE
new file mode 100644
index 00000000000..b9329c258a1
--- /dev/null
+++ b/vendor/github.com/jzelinskie/whirlpool/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2012, Jimmy Zelinskie
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ * Neither the name of the nor the
+ names of its contributors may be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/jzelinskie/whirlpool/README.md b/vendor/github.com/jzelinskie/whirlpool/README.md
new file mode 100644
index 00000000000..3445070f17a
--- /dev/null
+++ b/vendor/github.com/jzelinskie/whirlpool/README.md
@@ -0,0 +1,43 @@
+# whirlpool.go
+A [whirlpool hashing](https://en.wikipedia.org/wiki/Whirlpool_(cryptography)) library for go
+
+## Build status
+
+[](http://travis-ci.org/jzelinskie/whirlpool)
+
+## Setup
+
+```bash
+$ go get github.com/jzelinskie/whirlpool
+```
+
+## Example
+
+```Go
+package main
+
+import (
+ "fmt"
+ "github.com/jzelinskie/whirlpool"
+)
+
+func main() {
+ w := whirlpool.New()
+ text := []byte("This is an example.")
+ w.Write(text)
+ fmt.Println(w.Sum(nil))
+}
+```
+
+## Docs
+
+Check out the [gopkgdoc page](http://go.pkgdoc.org/github.com/jzelinskie/whirlpool), but there isn't much -- it works just like the other hashes in the standard library
+
+## Branches
+
+* master - stable, works like the hash libs in the corelib
+* trace - same code as master, but prints midstate values to stdout
+
+## license
+
+Modified BSD License
diff --git a/vendor/github.com/jzelinskie/whirlpool/const.go b/vendor/github.com/jzelinskie/whirlpool/const.go
new file mode 100644
index 00000000000..4a6f1104412
--- /dev/null
+++ b/vendor/github.com/jzelinskie/whirlpool/const.go
@@ -0,0 +1,565 @@
+// Copyright 2012 Jimmy Zelinskie. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package whirlpool
+
+const (
+ rounds = 10
+ lengthBytes = 32
+ lengthBits = 8 * lengthBytes
+ digestBytes = 64
+ digestBits = 8 * digestBytes
+ wblockBytes = 64
+ wblockBits = 8 * wblockBytes
+)
+
+var _C0 = [256]uint64{
+ 0x18186018c07830d8, 0x23238c2305af4626, 0xc6c63fc67ef991b8, 0xe8e887e8136fcdfb,
+ 0x878726874ca113cb, 0xb8b8dab8a9626d11, 0x0101040108050209, 0x4f4f214f426e9e0d,
+ 0x3636d836adee6c9b, 0xa6a6a2a6590451ff, 0xd2d26fd2debdb90c, 0xf5f5f3f5fb06f70e,
+ 0x7979f979ef80f296, 0x6f6fa16f5fcede30, 0x91917e91fcef3f6d, 0x52525552aa07a4f8,
+ 0x60609d6027fdc047, 0xbcbccabc89766535, 0x9b9b569baccd2b37, 0x8e8e028e048c018a,
+ 0xa3a3b6a371155bd2, 0x0c0c300c603c186c, 0x7b7bf17bff8af684, 0x3535d435b5e16a80,
+ 0x1d1d741de8693af5, 0xe0e0a7e05347ddb3, 0xd7d77bd7f6acb321, 0xc2c22fc25eed999c,
+ 0x2e2eb82e6d965c43, 0x4b4b314b627a9629, 0xfefedffea321e15d, 0x575741578216aed5,
+ 0x15155415a8412abd, 0x7777c1779fb6eee8, 0x3737dc37a5eb6e92, 0xe5e5b3e57b56d79e,
+ 0x9f9f469f8cd92313, 0xf0f0e7f0d317fd23, 0x4a4a354a6a7f9420, 0xdada4fda9e95a944,
+ 0x58587d58fa25b0a2, 0xc9c903c906ca8fcf, 0x2929a429558d527c, 0x0a0a280a5022145a,
+ 0xb1b1feb1e14f7f50, 0xa0a0baa0691a5dc9, 0x6b6bb16b7fdad614, 0x85852e855cab17d9,
+ 0xbdbdcebd8173673c, 0x5d5d695dd234ba8f, 0x1010401080502090, 0xf4f4f7f4f303f507,
+ 0xcbcb0bcb16c08bdd, 0x3e3ef83eedc67cd3, 0x0505140528110a2d, 0x676781671fe6ce78,
+ 0xe4e4b7e47353d597, 0x27279c2725bb4e02, 0x4141194132588273, 0x8b8b168b2c9d0ba7,
+ 0xa7a7a6a7510153f6, 0x7d7de97dcf94fab2, 0x95956e95dcfb3749, 0xd8d847d88e9fad56,
+ 0xfbfbcbfb8b30eb70, 0xeeee9fee2371c1cd, 0x7c7ced7cc791f8bb, 0x6666856617e3cc71,
+ 0xdddd53dda68ea77b, 0x17175c17b84b2eaf, 0x4747014702468e45, 0x9e9e429e84dc211a,
+ 0xcaca0fca1ec589d4, 0x2d2db42d75995a58, 0xbfbfc6bf9179632e, 0x07071c07381b0e3f,
+ 0xadad8ead012347ac, 0x5a5a755aea2fb4b0, 0x838336836cb51bef, 0x3333cc3385ff66b6,
+ 0x636391633ff2c65c, 0x02020802100a0412, 0xaaaa92aa39384993, 0x7171d971afa8e2de,
+ 0xc8c807c80ecf8dc6, 0x19196419c87d32d1, 0x494939497270923b, 0xd9d943d9869aaf5f,
+ 0xf2f2eff2c31df931, 0xe3e3abe34b48dba8, 0x5b5b715be22ab6b9, 0x88881a8834920dbc,
+ 0x9a9a529aa4c8293e, 0x262698262dbe4c0b, 0x3232c8328dfa64bf, 0xb0b0fab0e94a7d59,
+ 0xe9e983e91b6acff2, 0x0f0f3c0f78331e77, 0xd5d573d5e6a6b733, 0x80803a8074ba1df4,
+ 0xbebec2be997c6127, 0xcdcd13cd26de87eb, 0x3434d034bde46889, 0x48483d487a759032,
+ 0xffffdbffab24e354, 0x7a7af57af78ff48d, 0x90907a90f4ea3d64, 0x5f5f615fc23ebe9d,
+ 0x202080201da0403d, 0x6868bd6867d5d00f, 0x1a1a681ad07234ca, 0xaeae82ae192c41b7,
+ 0xb4b4eab4c95e757d, 0x54544d549a19a8ce, 0x93937693ece53b7f, 0x222288220daa442f,
+ 0x64648d6407e9c863, 0xf1f1e3f1db12ff2a, 0x7373d173bfa2e6cc, 0x12124812905a2482,
+ 0x40401d403a5d807a, 0x0808200840281048, 0xc3c32bc356e89b95, 0xecec97ec337bc5df,
+ 0xdbdb4bdb9690ab4d, 0xa1a1bea1611f5fc0, 0x8d8d0e8d1c830791, 0x3d3df43df5c97ac8,
+ 0x97976697ccf1335b, 0x0000000000000000, 0xcfcf1bcf36d483f9, 0x2b2bac2b4587566e,
+ 0x7676c57697b3ece1, 0x8282328264b019e6, 0xd6d67fd6fea9b128, 0x1b1b6c1bd87736c3,
+ 0xb5b5eeb5c15b7774, 0xafaf86af112943be, 0x6a6ab56a77dfd41d, 0x50505d50ba0da0ea,
+ 0x45450945124c8a57, 0xf3f3ebf3cb18fb38, 0x3030c0309df060ad, 0xefef9bef2b74c3c4,
+ 0x3f3ffc3fe5c37eda, 0x55554955921caac7, 0xa2a2b2a2791059db, 0xeaea8fea0365c9e9,
+ 0x656589650fecca6a, 0xbabad2bab9686903, 0x2f2fbc2f65935e4a, 0xc0c027c04ee79d8e,
+ 0xdede5fdebe81a160, 0x1c1c701ce06c38fc, 0xfdfdd3fdbb2ee746, 0x4d4d294d52649a1f,
+ 0x92927292e4e03976, 0x7575c9758fbceafa, 0x06061806301e0c36, 0x8a8a128a249809ae,
+ 0xb2b2f2b2f940794b, 0xe6e6bfe66359d185, 0x0e0e380e70361c7e, 0x1f1f7c1ff8633ee7,
+ 0x6262956237f7c455, 0xd4d477d4eea3b53a, 0xa8a89aa829324d81, 0x96966296c4f43152,
+ 0xf9f9c3f99b3aef62, 0xc5c533c566f697a3, 0x2525942535b14a10, 0x59597959f220b2ab,
+ 0x84842a8454ae15d0, 0x7272d572b7a7e4c5, 0x3939e439d5dd72ec, 0x4c4c2d4c5a619816,
+ 0x5e5e655eca3bbc94, 0x7878fd78e785f09f, 0x3838e038ddd870e5, 0x8c8c0a8c14860598,
+ 0xd1d163d1c6b2bf17, 0xa5a5aea5410b57e4, 0xe2e2afe2434dd9a1, 0x616199612ff8c24e,
+ 0xb3b3f6b3f1457b42, 0x2121842115a54234, 0x9c9c4a9c94d62508, 0x1e1e781ef0663cee,
+ 0x4343114322528661, 0xc7c73bc776fc93b1, 0xfcfcd7fcb32be54f, 0x0404100420140824,
+ 0x51515951b208a2e3, 0x99995e99bcc72f25, 0x6d6da96d4fc4da22, 0x0d0d340d68391a65,
+ 0xfafacffa8335e979, 0xdfdf5bdfb684a369, 0x7e7ee57ed79bfca9, 0x242490243db44819,
+ 0x3b3bec3bc5d776fe, 0xabab96ab313d4b9a, 0xcece1fce3ed181f0, 0x1111441188552299,
+ 0x8f8f068f0c890383, 0x4e4e254e4a6b9c04, 0xb7b7e6b7d1517366, 0xebeb8beb0b60cbe0,
+ 0x3c3cf03cfdcc78c1, 0x81813e817cbf1ffd, 0x94946a94d4fe3540, 0xf7f7fbf7eb0cf31c,
+ 0xb9b9deb9a1676f18, 0x13134c13985f268b, 0x2c2cb02c7d9c5851, 0xd3d36bd3d6b8bb05,
+ 0xe7e7bbe76b5cd38c, 0x6e6ea56e57cbdc39, 0xc4c437c46ef395aa, 0x03030c03180f061b,
+ 0x565645568a13acdc, 0x44440d441a49885e, 0x7f7fe17fdf9efea0, 0xa9a99ea921374f88,
+ 0x2a2aa82a4d825467, 0xbbbbd6bbb16d6b0a, 0xc1c123c146e29f87, 0x53535153a202a6f1,
+ 0xdcdc57dcae8ba572, 0x0b0b2c0b58271653, 0x9d9d4e9d9cd32701, 0x6c6cad6c47c1d82b,
+ 0x3131c43195f562a4, 0x7474cd7487b9e8f3, 0xf6f6fff6e309f115, 0x464605460a438c4c,
+ 0xacac8aac092645a5, 0x89891e893c970fb5, 0x14145014a04428b4, 0xe1e1a3e15b42dfba,
+ 0x16165816b04e2ca6, 0x3a3ae83acdd274f7, 0x6969b9696fd0d206, 0x09092409482d1241,
+ 0x7070dd70a7ade0d7, 0xb6b6e2b6d954716f, 0xd0d067d0ceb7bd1e, 0xeded93ed3b7ec7d6,
+ 0xcccc17cc2edb85e2, 0x424215422a578468, 0x98985a98b4c22d2c, 0xa4a4aaa4490e55ed,
+ 0x2828a0285d885075, 0x5c5c6d5cda31b886, 0xf8f8c7f8933fed6b, 0x8686228644a411c2,
+}
+
+var _C1 = [256]uint64{
+ 0xd818186018c07830, 0x2623238c2305af46, 0xb8c6c63fc67ef991, 0xfbe8e887e8136fcd,
+ 0xcb878726874ca113, 0x11b8b8dab8a9626d, 0x0901010401080502, 0x0d4f4f214f426e9e,
+ 0x9b3636d836adee6c, 0xffa6a6a2a6590451, 0x0cd2d26fd2debdb9, 0x0ef5f5f3f5fb06f7,
+ 0x967979f979ef80f2, 0x306f6fa16f5fcede, 0x6d91917e91fcef3f, 0xf852525552aa07a4,
+ 0x4760609d6027fdc0, 0x35bcbccabc897665, 0x379b9b569baccd2b, 0x8a8e8e028e048c01,
+ 0xd2a3a3b6a371155b, 0x6c0c0c300c603c18, 0x847b7bf17bff8af6, 0x803535d435b5e16a,
+ 0xf51d1d741de8693a, 0xb3e0e0a7e05347dd, 0x21d7d77bd7f6acb3, 0x9cc2c22fc25eed99,
+ 0x432e2eb82e6d965c, 0x294b4b314b627a96, 0x5dfefedffea321e1, 0xd5575741578216ae,
+ 0xbd15155415a8412a, 0xe87777c1779fb6ee, 0x923737dc37a5eb6e, 0x9ee5e5b3e57b56d7,
+ 0x139f9f469f8cd923, 0x23f0f0e7f0d317fd, 0x204a4a354a6a7f94, 0x44dada4fda9e95a9,
+ 0xa258587d58fa25b0, 0xcfc9c903c906ca8f, 0x7c2929a429558d52, 0x5a0a0a280a502214,
+ 0x50b1b1feb1e14f7f, 0xc9a0a0baa0691a5d, 0x146b6bb16b7fdad6, 0xd985852e855cab17,
+ 0x3cbdbdcebd817367, 0x8f5d5d695dd234ba, 0x9010104010805020, 0x07f4f4f7f4f303f5,
+ 0xddcbcb0bcb16c08b, 0xd33e3ef83eedc67c, 0x2d0505140528110a, 0x78676781671fe6ce,
+ 0x97e4e4b7e47353d5, 0x0227279c2725bb4e, 0x7341411941325882, 0xa78b8b168b2c9d0b,
+ 0xf6a7a7a6a7510153, 0xb27d7de97dcf94fa, 0x4995956e95dcfb37, 0x56d8d847d88e9fad,
+ 0x70fbfbcbfb8b30eb, 0xcdeeee9fee2371c1, 0xbb7c7ced7cc791f8, 0x716666856617e3cc,
+ 0x7bdddd53dda68ea7, 0xaf17175c17b84b2e, 0x454747014702468e, 0x1a9e9e429e84dc21,
+ 0xd4caca0fca1ec589, 0x582d2db42d75995a, 0x2ebfbfc6bf917963, 0x3f07071c07381b0e,
+ 0xacadad8ead012347, 0xb05a5a755aea2fb4, 0xef838336836cb51b, 0xb63333cc3385ff66,
+ 0x5c636391633ff2c6, 0x1202020802100a04, 0x93aaaa92aa393849, 0xde7171d971afa8e2,
+ 0xc6c8c807c80ecf8d, 0xd119196419c87d32, 0x3b49493949727092, 0x5fd9d943d9869aaf,
+ 0x31f2f2eff2c31df9, 0xa8e3e3abe34b48db, 0xb95b5b715be22ab6, 0xbc88881a8834920d,
+ 0x3e9a9a529aa4c829, 0x0b262698262dbe4c, 0xbf3232c8328dfa64, 0x59b0b0fab0e94a7d,
+ 0xf2e9e983e91b6acf, 0x770f0f3c0f78331e, 0x33d5d573d5e6a6b7, 0xf480803a8074ba1d,
+ 0x27bebec2be997c61, 0xebcdcd13cd26de87, 0x893434d034bde468, 0x3248483d487a7590,
+ 0x54ffffdbffab24e3, 0x8d7a7af57af78ff4, 0x6490907a90f4ea3d, 0x9d5f5f615fc23ebe,
+ 0x3d202080201da040, 0x0f6868bd6867d5d0, 0xca1a1a681ad07234, 0xb7aeae82ae192c41,
+ 0x7db4b4eab4c95e75, 0xce54544d549a19a8, 0x7f93937693ece53b, 0x2f222288220daa44,
+ 0x6364648d6407e9c8, 0x2af1f1e3f1db12ff, 0xcc7373d173bfa2e6, 0x8212124812905a24,
+ 0x7a40401d403a5d80, 0x4808082008402810, 0x95c3c32bc356e89b, 0xdfecec97ec337bc5,
+ 0x4ddbdb4bdb9690ab, 0xc0a1a1bea1611f5f, 0x918d8d0e8d1c8307, 0xc83d3df43df5c97a,
+ 0x5b97976697ccf133, 0x0000000000000000, 0xf9cfcf1bcf36d483, 0x6e2b2bac2b458756,
+ 0xe17676c57697b3ec, 0xe68282328264b019, 0x28d6d67fd6fea9b1, 0xc31b1b6c1bd87736,
+ 0x74b5b5eeb5c15b77, 0xbeafaf86af112943, 0x1d6a6ab56a77dfd4, 0xea50505d50ba0da0,
+ 0x5745450945124c8a, 0x38f3f3ebf3cb18fb, 0xad3030c0309df060, 0xc4efef9bef2b74c3,
+ 0xda3f3ffc3fe5c37e, 0xc755554955921caa, 0xdba2a2b2a2791059, 0xe9eaea8fea0365c9,
+ 0x6a656589650fecca, 0x03babad2bab96869, 0x4a2f2fbc2f65935e, 0x8ec0c027c04ee79d,
+ 0x60dede5fdebe81a1, 0xfc1c1c701ce06c38, 0x46fdfdd3fdbb2ee7, 0x1f4d4d294d52649a,
+ 0x7692927292e4e039, 0xfa7575c9758fbcea, 0x3606061806301e0c, 0xae8a8a128a249809,
+ 0x4bb2b2f2b2f94079, 0x85e6e6bfe66359d1, 0x7e0e0e380e70361c, 0xe71f1f7c1ff8633e,
+ 0x556262956237f7c4, 0x3ad4d477d4eea3b5, 0x81a8a89aa829324d, 0x5296966296c4f431,
+ 0x62f9f9c3f99b3aef, 0xa3c5c533c566f697, 0x102525942535b14a, 0xab59597959f220b2,
+ 0xd084842a8454ae15, 0xc57272d572b7a7e4, 0xec3939e439d5dd72, 0x164c4c2d4c5a6198,
+ 0x945e5e655eca3bbc, 0x9f7878fd78e785f0, 0xe53838e038ddd870, 0x988c8c0a8c148605,
+ 0x17d1d163d1c6b2bf, 0xe4a5a5aea5410b57, 0xa1e2e2afe2434dd9, 0x4e616199612ff8c2,
+ 0x42b3b3f6b3f1457b, 0x342121842115a542, 0x089c9c4a9c94d625, 0xee1e1e781ef0663c,
+ 0x6143431143225286, 0xb1c7c73bc776fc93, 0x4ffcfcd7fcb32be5, 0x2404041004201408,
+ 0xe351515951b208a2, 0x2599995e99bcc72f, 0x226d6da96d4fc4da, 0x650d0d340d68391a,
+ 0x79fafacffa8335e9, 0x69dfdf5bdfb684a3, 0xa97e7ee57ed79bfc, 0x19242490243db448,
+ 0xfe3b3bec3bc5d776, 0x9aabab96ab313d4b, 0xf0cece1fce3ed181, 0x9911114411885522,
+ 0x838f8f068f0c8903, 0x044e4e254e4a6b9c, 0x66b7b7e6b7d15173, 0xe0ebeb8beb0b60cb,
+ 0xc13c3cf03cfdcc78, 0xfd81813e817cbf1f, 0x4094946a94d4fe35, 0x1cf7f7fbf7eb0cf3,
+ 0x18b9b9deb9a1676f, 0x8b13134c13985f26, 0x512c2cb02c7d9c58, 0x05d3d36bd3d6b8bb,
+ 0x8ce7e7bbe76b5cd3, 0x396e6ea56e57cbdc, 0xaac4c437c46ef395, 0x1b03030c03180f06,
+ 0xdc565645568a13ac, 0x5e44440d441a4988, 0xa07f7fe17fdf9efe, 0x88a9a99ea921374f,
+ 0x672a2aa82a4d8254, 0x0abbbbd6bbb16d6b, 0x87c1c123c146e29f, 0xf153535153a202a6,
+ 0x72dcdc57dcae8ba5, 0x530b0b2c0b582716, 0x019d9d4e9d9cd327, 0x2b6c6cad6c47c1d8,
+ 0xa43131c43195f562, 0xf37474cd7487b9e8, 0x15f6f6fff6e309f1, 0x4c464605460a438c,
+ 0xa5acac8aac092645, 0xb589891e893c970f, 0xb414145014a04428, 0xbae1e1a3e15b42df,
+ 0xa616165816b04e2c, 0xf73a3ae83acdd274, 0x066969b9696fd0d2, 0x4109092409482d12,
+ 0xd77070dd70a7ade0, 0x6fb6b6e2b6d95471, 0x1ed0d067d0ceb7bd, 0xd6eded93ed3b7ec7,
+ 0xe2cccc17cc2edb85, 0x68424215422a5784, 0x2c98985a98b4c22d, 0xeda4a4aaa4490e55,
+ 0x752828a0285d8850, 0x865c5c6d5cda31b8, 0x6bf8f8c7f8933fed, 0xc28686228644a411,
+}
+
+var _C2 = [256]uint64{
+ 0x30d818186018c078, 0x462623238c2305af, 0x91b8c6c63fc67ef9, 0xcdfbe8e887e8136f,
+ 0x13cb878726874ca1, 0x6d11b8b8dab8a962, 0x0209010104010805, 0x9e0d4f4f214f426e,
+ 0x6c9b3636d836adee, 0x51ffa6a6a2a65904, 0xb90cd2d26fd2debd, 0xf70ef5f5f3f5fb06,
+ 0xf2967979f979ef80, 0xde306f6fa16f5fce, 0x3f6d91917e91fcef, 0xa4f852525552aa07,
+ 0xc04760609d6027fd, 0x6535bcbccabc8976, 0x2b379b9b569baccd, 0x018a8e8e028e048c,
+ 0x5bd2a3a3b6a37115, 0x186c0c0c300c603c, 0xf6847b7bf17bff8a, 0x6a803535d435b5e1,
+ 0x3af51d1d741de869, 0xddb3e0e0a7e05347, 0xb321d7d77bd7f6ac, 0x999cc2c22fc25eed,
+ 0x5c432e2eb82e6d96, 0x96294b4b314b627a, 0xe15dfefedffea321, 0xaed5575741578216,
+ 0x2abd15155415a841, 0xeee87777c1779fb6, 0x6e923737dc37a5eb, 0xd79ee5e5b3e57b56,
+ 0x23139f9f469f8cd9, 0xfd23f0f0e7f0d317, 0x94204a4a354a6a7f, 0xa944dada4fda9e95,
+ 0xb0a258587d58fa25, 0x8fcfc9c903c906ca, 0x527c2929a429558d, 0x145a0a0a280a5022,
+ 0x7f50b1b1feb1e14f, 0x5dc9a0a0baa0691a, 0xd6146b6bb16b7fda, 0x17d985852e855cab,
+ 0x673cbdbdcebd8173, 0xba8f5d5d695dd234, 0x2090101040108050, 0xf507f4f4f7f4f303,
+ 0x8bddcbcb0bcb16c0, 0x7cd33e3ef83eedc6, 0x0a2d050514052811, 0xce78676781671fe6,
+ 0xd597e4e4b7e47353, 0x4e0227279c2725bb, 0x8273414119413258, 0x0ba78b8b168b2c9d,
+ 0x53f6a7a7a6a75101, 0xfab27d7de97dcf94, 0x374995956e95dcfb, 0xad56d8d847d88e9f,
+ 0xeb70fbfbcbfb8b30, 0xc1cdeeee9fee2371, 0xf8bb7c7ced7cc791, 0xcc716666856617e3,
+ 0xa77bdddd53dda68e, 0x2eaf17175c17b84b, 0x8e45474701470246, 0x211a9e9e429e84dc,
+ 0x89d4caca0fca1ec5, 0x5a582d2db42d7599, 0x632ebfbfc6bf9179, 0x0e3f07071c07381b,
+ 0x47acadad8ead0123, 0xb4b05a5a755aea2f, 0x1bef838336836cb5, 0x66b63333cc3385ff,
+ 0xc65c636391633ff2, 0x041202020802100a, 0x4993aaaa92aa3938, 0xe2de7171d971afa8,
+ 0x8dc6c8c807c80ecf, 0x32d119196419c87d, 0x923b494939497270, 0xaf5fd9d943d9869a,
+ 0xf931f2f2eff2c31d, 0xdba8e3e3abe34b48, 0xb6b95b5b715be22a, 0x0dbc88881a883492,
+ 0x293e9a9a529aa4c8, 0x4c0b262698262dbe, 0x64bf3232c8328dfa, 0x7d59b0b0fab0e94a,
+ 0xcff2e9e983e91b6a, 0x1e770f0f3c0f7833, 0xb733d5d573d5e6a6, 0x1df480803a8074ba,
+ 0x6127bebec2be997c, 0x87ebcdcd13cd26de, 0x68893434d034bde4, 0x903248483d487a75,
+ 0xe354ffffdbffab24, 0xf48d7a7af57af78f, 0x3d6490907a90f4ea, 0xbe9d5f5f615fc23e,
+ 0x403d202080201da0, 0xd00f6868bd6867d5, 0x34ca1a1a681ad072, 0x41b7aeae82ae192c,
+ 0x757db4b4eab4c95e, 0xa8ce54544d549a19, 0x3b7f93937693ece5, 0x442f222288220daa,
+ 0xc86364648d6407e9, 0xff2af1f1e3f1db12, 0xe6cc7373d173bfa2, 0x248212124812905a,
+ 0x807a40401d403a5d, 0x1048080820084028, 0x9b95c3c32bc356e8, 0xc5dfecec97ec337b,
+ 0xab4ddbdb4bdb9690, 0x5fc0a1a1bea1611f, 0x07918d8d0e8d1c83, 0x7ac83d3df43df5c9,
+ 0x335b97976697ccf1, 0x0000000000000000, 0x83f9cfcf1bcf36d4, 0x566e2b2bac2b4587,
+ 0xece17676c57697b3, 0x19e68282328264b0, 0xb128d6d67fd6fea9, 0x36c31b1b6c1bd877,
+ 0x7774b5b5eeb5c15b, 0x43beafaf86af1129, 0xd41d6a6ab56a77df, 0xa0ea50505d50ba0d,
+ 0x8a5745450945124c, 0xfb38f3f3ebf3cb18, 0x60ad3030c0309df0, 0xc3c4efef9bef2b74,
+ 0x7eda3f3ffc3fe5c3, 0xaac755554955921c, 0x59dba2a2b2a27910, 0xc9e9eaea8fea0365,
+ 0xca6a656589650fec, 0x6903babad2bab968, 0x5e4a2f2fbc2f6593, 0x9d8ec0c027c04ee7,
+ 0xa160dede5fdebe81, 0x38fc1c1c701ce06c, 0xe746fdfdd3fdbb2e, 0x9a1f4d4d294d5264,
+ 0x397692927292e4e0, 0xeafa7575c9758fbc, 0x0c3606061806301e, 0x09ae8a8a128a2498,
+ 0x794bb2b2f2b2f940, 0xd185e6e6bfe66359, 0x1c7e0e0e380e7036, 0x3ee71f1f7c1ff863,
+ 0xc4556262956237f7, 0xb53ad4d477d4eea3, 0x4d81a8a89aa82932, 0x315296966296c4f4,
+ 0xef62f9f9c3f99b3a, 0x97a3c5c533c566f6, 0x4a102525942535b1, 0xb2ab59597959f220,
+ 0x15d084842a8454ae, 0xe4c57272d572b7a7, 0x72ec3939e439d5dd, 0x98164c4c2d4c5a61,
+ 0xbc945e5e655eca3b, 0xf09f7878fd78e785, 0x70e53838e038ddd8, 0x05988c8c0a8c1486,
+ 0xbf17d1d163d1c6b2, 0x57e4a5a5aea5410b, 0xd9a1e2e2afe2434d, 0xc24e616199612ff8,
+ 0x7b42b3b3f6b3f145, 0x42342121842115a5, 0x25089c9c4a9c94d6, 0x3cee1e1e781ef066,
+ 0x8661434311432252, 0x93b1c7c73bc776fc, 0xe54ffcfcd7fcb32b, 0x0824040410042014,
+ 0xa2e351515951b208, 0x2f2599995e99bcc7, 0xda226d6da96d4fc4, 0x1a650d0d340d6839,
+ 0xe979fafacffa8335, 0xa369dfdf5bdfb684, 0xfca97e7ee57ed79b, 0x4819242490243db4,
+ 0x76fe3b3bec3bc5d7, 0x4b9aabab96ab313d, 0x81f0cece1fce3ed1, 0x2299111144118855,
+ 0x03838f8f068f0c89, 0x9c044e4e254e4a6b, 0x7366b7b7e6b7d151, 0xcbe0ebeb8beb0b60,
+ 0x78c13c3cf03cfdcc, 0x1ffd81813e817cbf, 0x354094946a94d4fe, 0xf31cf7f7fbf7eb0c,
+ 0x6f18b9b9deb9a167, 0x268b13134c13985f, 0x58512c2cb02c7d9c, 0xbb05d3d36bd3d6b8,
+ 0xd38ce7e7bbe76b5c, 0xdc396e6ea56e57cb, 0x95aac4c437c46ef3, 0x061b03030c03180f,
+ 0xacdc565645568a13, 0x885e44440d441a49, 0xfea07f7fe17fdf9e, 0x4f88a9a99ea92137,
+ 0x54672a2aa82a4d82, 0x6b0abbbbd6bbb16d, 0x9f87c1c123c146e2, 0xa6f153535153a202,
+ 0xa572dcdc57dcae8b, 0x16530b0b2c0b5827, 0x27019d9d4e9d9cd3, 0xd82b6c6cad6c47c1,
+ 0x62a43131c43195f5, 0xe8f37474cd7487b9, 0xf115f6f6fff6e309, 0x8c4c464605460a43,
+ 0x45a5acac8aac0926, 0x0fb589891e893c97, 0x28b414145014a044, 0xdfbae1e1a3e15b42,
+ 0x2ca616165816b04e, 0x74f73a3ae83acdd2, 0xd2066969b9696fd0, 0x124109092409482d,
+ 0xe0d77070dd70a7ad, 0x716fb6b6e2b6d954, 0xbd1ed0d067d0ceb7, 0xc7d6eded93ed3b7e,
+ 0x85e2cccc17cc2edb, 0x8468424215422a57, 0x2d2c98985a98b4c2, 0x55eda4a4aaa4490e,
+ 0x50752828a0285d88, 0xb8865c5c6d5cda31, 0xed6bf8f8c7f8933f, 0x11c28686228644a4,
+}
+
+var _C3 = [256]uint64{
+ 0x7830d818186018c0, 0xaf462623238c2305, 0xf991b8c6c63fc67e, 0x6fcdfbe8e887e813,
+ 0xa113cb878726874c, 0x626d11b8b8dab8a9, 0x0502090101040108, 0x6e9e0d4f4f214f42,
+ 0xee6c9b3636d836ad, 0x0451ffa6a6a2a659, 0xbdb90cd2d26fd2de, 0x06f70ef5f5f3f5fb,
+ 0x80f2967979f979ef, 0xcede306f6fa16f5f, 0xef3f6d91917e91fc, 0x07a4f852525552aa,
+ 0xfdc04760609d6027, 0x766535bcbccabc89, 0xcd2b379b9b569bac, 0x8c018a8e8e028e04,
+ 0x155bd2a3a3b6a371, 0x3c186c0c0c300c60, 0x8af6847b7bf17bff, 0xe16a803535d435b5,
+ 0x693af51d1d741de8, 0x47ddb3e0e0a7e053, 0xacb321d7d77bd7f6, 0xed999cc2c22fc25e,
+ 0x965c432e2eb82e6d, 0x7a96294b4b314b62, 0x21e15dfefedffea3, 0x16aed55757415782,
+ 0x412abd15155415a8, 0xb6eee87777c1779f, 0xeb6e923737dc37a5, 0x56d79ee5e5b3e57b,
+ 0xd923139f9f469f8c, 0x17fd23f0f0e7f0d3, 0x7f94204a4a354a6a, 0x95a944dada4fda9e,
+ 0x25b0a258587d58fa, 0xca8fcfc9c903c906, 0x8d527c2929a42955, 0x22145a0a0a280a50,
+ 0x4f7f50b1b1feb1e1, 0x1a5dc9a0a0baa069, 0xdad6146b6bb16b7f, 0xab17d985852e855c,
+ 0x73673cbdbdcebd81, 0x34ba8f5d5d695dd2, 0x5020901010401080, 0x03f507f4f4f7f4f3,
+ 0xc08bddcbcb0bcb16, 0xc67cd33e3ef83eed, 0x110a2d0505140528, 0xe6ce78676781671f,
+ 0x53d597e4e4b7e473, 0xbb4e0227279c2725, 0x5882734141194132, 0x9d0ba78b8b168b2c,
+ 0x0153f6a7a7a6a751, 0x94fab27d7de97dcf, 0xfb374995956e95dc, 0x9fad56d8d847d88e,
+ 0x30eb70fbfbcbfb8b, 0x71c1cdeeee9fee23, 0x91f8bb7c7ced7cc7, 0xe3cc716666856617,
+ 0x8ea77bdddd53dda6, 0x4b2eaf17175c17b8, 0x468e454747014702, 0xdc211a9e9e429e84,
+ 0xc589d4caca0fca1e, 0x995a582d2db42d75, 0x79632ebfbfc6bf91, 0x1b0e3f07071c0738,
+ 0x2347acadad8ead01, 0x2fb4b05a5a755aea, 0xb51bef838336836c, 0xff66b63333cc3385,
+ 0xf2c65c636391633f, 0x0a04120202080210, 0x384993aaaa92aa39, 0xa8e2de7171d971af,
+ 0xcf8dc6c8c807c80e, 0x7d32d119196419c8, 0x70923b4949394972, 0x9aaf5fd9d943d986,
+ 0x1df931f2f2eff2c3, 0x48dba8e3e3abe34b, 0x2ab6b95b5b715be2, 0x920dbc88881a8834,
+ 0xc8293e9a9a529aa4, 0xbe4c0b262698262d, 0xfa64bf3232c8328d, 0x4a7d59b0b0fab0e9,
+ 0x6acff2e9e983e91b, 0x331e770f0f3c0f78, 0xa6b733d5d573d5e6, 0xba1df480803a8074,
+ 0x7c6127bebec2be99, 0xde87ebcdcd13cd26, 0xe468893434d034bd, 0x75903248483d487a,
+ 0x24e354ffffdbffab, 0x8ff48d7a7af57af7, 0xea3d6490907a90f4, 0x3ebe9d5f5f615fc2,
+ 0xa0403d202080201d, 0xd5d00f6868bd6867, 0x7234ca1a1a681ad0, 0x2c41b7aeae82ae19,
+ 0x5e757db4b4eab4c9, 0x19a8ce54544d549a, 0xe53b7f93937693ec, 0xaa442f222288220d,
+ 0xe9c86364648d6407, 0x12ff2af1f1e3f1db, 0xa2e6cc7373d173bf, 0x5a24821212481290,
+ 0x5d807a40401d403a, 0x2810480808200840, 0xe89b95c3c32bc356, 0x7bc5dfecec97ec33,
+ 0x90ab4ddbdb4bdb96, 0x1f5fc0a1a1bea161, 0x8307918d8d0e8d1c, 0xc97ac83d3df43df5,
+ 0xf1335b97976697cc, 0x0000000000000000, 0xd483f9cfcf1bcf36, 0x87566e2b2bac2b45,
+ 0xb3ece17676c57697, 0xb019e68282328264, 0xa9b128d6d67fd6fe, 0x7736c31b1b6c1bd8,
+ 0x5b7774b5b5eeb5c1, 0x2943beafaf86af11, 0xdfd41d6a6ab56a77, 0x0da0ea50505d50ba,
+ 0x4c8a574545094512, 0x18fb38f3f3ebf3cb, 0xf060ad3030c0309d, 0x74c3c4efef9bef2b,
+ 0xc37eda3f3ffc3fe5, 0x1caac75555495592, 0x1059dba2a2b2a279, 0x65c9e9eaea8fea03,
+ 0xecca6a656589650f, 0x686903babad2bab9, 0x935e4a2f2fbc2f65, 0xe79d8ec0c027c04e,
+ 0x81a160dede5fdebe, 0x6c38fc1c1c701ce0, 0x2ee746fdfdd3fdbb, 0x649a1f4d4d294d52,
+ 0xe0397692927292e4, 0xbceafa7575c9758f, 0x1e0c360606180630, 0x9809ae8a8a128a24,
+ 0x40794bb2b2f2b2f9, 0x59d185e6e6bfe663, 0x361c7e0e0e380e70, 0x633ee71f1f7c1ff8,
+ 0xf7c4556262956237, 0xa3b53ad4d477d4ee, 0x324d81a8a89aa829, 0xf4315296966296c4,
+ 0x3aef62f9f9c3f99b, 0xf697a3c5c533c566, 0xb14a102525942535, 0x20b2ab59597959f2,
+ 0xae15d084842a8454, 0xa7e4c57272d572b7, 0xdd72ec3939e439d5, 0x6198164c4c2d4c5a,
+ 0x3bbc945e5e655eca, 0x85f09f7878fd78e7, 0xd870e53838e038dd, 0x8605988c8c0a8c14,
+ 0xb2bf17d1d163d1c6, 0x0b57e4a5a5aea541, 0x4dd9a1e2e2afe243, 0xf8c24e616199612f,
+ 0x457b42b3b3f6b3f1, 0xa542342121842115, 0xd625089c9c4a9c94, 0x663cee1e1e781ef0,
+ 0x5286614343114322, 0xfc93b1c7c73bc776, 0x2be54ffcfcd7fcb3, 0x1408240404100420,
+ 0x08a2e351515951b2, 0xc72f2599995e99bc, 0xc4da226d6da96d4f, 0x391a650d0d340d68,
+ 0x35e979fafacffa83, 0x84a369dfdf5bdfb6, 0x9bfca97e7ee57ed7, 0xb44819242490243d,
+ 0xd776fe3b3bec3bc5, 0x3d4b9aabab96ab31, 0xd181f0cece1fce3e, 0x5522991111441188,
+ 0x8903838f8f068f0c, 0x6b9c044e4e254e4a, 0x517366b7b7e6b7d1, 0x60cbe0ebeb8beb0b,
+ 0xcc78c13c3cf03cfd, 0xbf1ffd81813e817c, 0xfe354094946a94d4, 0x0cf31cf7f7fbf7eb,
+ 0x676f18b9b9deb9a1, 0x5f268b13134c1398, 0x9c58512c2cb02c7d, 0xb8bb05d3d36bd3d6,
+ 0x5cd38ce7e7bbe76b, 0xcbdc396e6ea56e57, 0xf395aac4c437c46e, 0x0f061b03030c0318,
+ 0x13acdc565645568a, 0x49885e44440d441a, 0x9efea07f7fe17fdf, 0x374f88a9a99ea921,
+ 0x8254672a2aa82a4d, 0x6d6b0abbbbd6bbb1, 0xe29f87c1c123c146, 0x02a6f153535153a2,
+ 0x8ba572dcdc57dcae, 0x2716530b0b2c0b58, 0xd327019d9d4e9d9c, 0xc1d82b6c6cad6c47,
+ 0xf562a43131c43195, 0xb9e8f37474cd7487, 0x09f115f6f6fff6e3, 0x438c4c464605460a,
+ 0x2645a5acac8aac09, 0x970fb589891e893c, 0x4428b414145014a0, 0x42dfbae1e1a3e15b,
+ 0x4e2ca616165816b0, 0xd274f73a3ae83acd, 0xd0d2066969b9696f, 0x2d12410909240948,
+ 0xade0d77070dd70a7, 0x54716fb6b6e2b6d9, 0xb7bd1ed0d067d0ce, 0x7ec7d6eded93ed3b,
+ 0xdb85e2cccc17cc2e, 0x578468424215422a, 0xc22d2c98985a98b4, 0x0e55eda4a4aaa449,
+ 0x8850752828a0285d, 0x31b8865c5c6d5cda, 0x3fed6bf8f8c7f893, 0xa411c28686228644,
+}
+
+var _C4 = [256]uint64{
+ 0xc07830d818186018, 0x05af462623238c23, 0x7ef991b8c6c63fc6, 0x136fcdfbe8e887e8,
+ 0x4ca113cb87872687, 0xa9626d11b8b8dab8, 0x0805020901010401, 0x426e9e0d4f4f214f,
+ 0xadee6c9b3636d836, 0x590451ffa6a6a2a6, 0xdebdb90cd2d26fd2, 0xfb06f70ef5f5f3f5,
+ 0xef80f2967979f979, 0x5fcede306f6fa16f, 0xfcef3f6d91917e91, 0xaa07a4f852525552,
+ 0x27fdc04760609d60, 0x89766535bcbccabc, 0xaccd2b379b9b569b, 0x048c018a8e8e028e,
+ 0x71155bd2a3a3b6a3, 0x603c186c0c0c300c, 0xff8af6847b7bf17b, 0xb5e16a803535d435,
+ 0xe8693af51d1d741d, 0x5347ddb3e0e0a7e0, 0xf6acb321d7d77bd7, 0x5eed999cc2c22fc2,
+ 0x6d965c432e2eb82e, 0x627a96294b4b314b, 0xa321e15dfefedffe, 0x8216aed557574157,
+ 0xa8412abd15155415, 0x9fb6eee87777c177, 0xa5eb6e923737dc37, 0x7b56d79ee5e5b3e5,
+ 0x8cd923139f9f469f, 0xd317fd23f0f0e7f0, 0x6a7f94204a4a354a, 0x9e95a944dada4fda,
+ 0xfa25b0a258587d58, 0x06ca8fcfc9c903c9, 0x558d527c2929a429, 0x5022145a0a0a280a,
+ 0xe14f7f50b1b1feb1, 0x691a5dc9a0a0baa0, 0x7fdad6146b6bb16b, 0x5cab17d985852e85,
+ 0x8173673cbdbdcebd, 0xd234ba8f5d5d695d, 0x8050209010104010, 0xf303f507f4f4f7f4,
+ 0x16c08bddcbcb0bcb, 0xedc67cd33e3ef83e, 0x28110a2d05051405, 0x1fe6ce7867678167,
+ 0x7353d597e4e4b7e4, 0x25bb4e0227279c27, 0x3258827341411941, 0x2c9d0ba78b8b168b,
+ 0x510153f6a7a7a6a7, 0xcf94fab27d7de97d, 0xdcfb374995956e95, 0x8e9fad56d8d847d8,
+ 0x8b30eb70fbfbcbfb, 0x2371c1cdeeee9fee, 0xc791f8bb7c7ced7c, 0x17e3cc7166668566,
+ 0xa68ea77bdddd53dd, 0xb84b2eaf17175c17, 0x02468e4547470147, 0x84dc211a9e9e429e,
+ 0x1ec589d4caca0fca, 0x75995a582d2db42d, 0x9179632ebfbfc6bf, 0x381b0e3f07071c07,
+ 0x012347acadad8ead, 0xea2fb4b05a5a755a, 0x6cb51bef83833683, 0x85ff66b63333cc33,
+ 0x3ff2c65c63639163, 0x100a041202020802, 0x39384993aaaa92aa, 0xafa8e2de7171d971,
+ 0x0ecf8dc6c8c807c8, 0xc87d32d119196419, 0x7270923b49493949, 0x869aaf5fd9d943d9,
+ 0xc31df931f2f2eff2, 0x4b48dba8e3e3abe3, 0xe22ab6b95b5b715b, 0x34920dbc88881a88,
+ 0xa4c8293e9a9a529a, 0x2dbe4c0b26269826, 0x8dfa64bf3232c832, 0xe94a7d59b0b0fab0,
+ 0x1b6acff2e9e983e9, 0x78331e770f0f3c0f, 0xe6a6b733d5d573d5, 0x74ba1df480803a80,
+ 0x997c6127bebec2be, 0x26de87ebcdcd13cd, 0xbde468893434d034, 0x7a75903248483d48,
+ 0xab24e354ffffdbff, 0xf78ff48d7a7af57a, 0xf4ea3d6490907a90, 0xc23ebe9d5f5f615f,
+ 0x1da0403d20208020, 0x67d5d00f6868bd68, 0xd07234ca1a1a681a, 0x192c41b7aeae82ae,
+ 0xc95e757db4b4eab4, 0x9a19a8ce54544d54, 0xece53b7f93937693, 0x0daa442f22228822,
+ 0x07e9c86364648d64, 0xdb12ff2af1f1e3f1, 0xbfa2e6cc7373d173, 0x905a248212124812,
+ 0x3a5d807a40401d40, 0x4028104808082008, 0x56e89b95c3c32bc3, 0x337bc5dfecec97ec,
+ 0x9690ab4ddbdb4bdb, 0x611f5fc0a1a1bea1, 0x1c8307918d8d0e8d, 0xf5c97ac83d3df43d,
+ 0xccf1335b97976697, 0x0000000000000000, 0x36d483f9cfcf1bcf, 0x4587566e2b2bac2b,
+ 0x97b3ece17676c576, 0x64b019e682823282, 0xfea9b128d6d67fd6, 0xd87736c31b1b6c1b,
+ 0xc15b7774b5b5eeb5, 0x112943beafaf86af, 0x77dfd41d6a6ab56a, 0xba0da0ea50505d50,
+ 0x124c8a5745450945, 0xcb18fb38f3f3ebf3, 0x9df060ad3030c030, 0x2b74c3c4efef9bef,
+ 0xe5c37eda3f3ffc3f, 0x921caac755554955, 0x791059dba2a2b2a2, 0x0365c9e9eaea8fea,
+ 0x0fecca6a65658965, 0xb9686903babad2ba, 0x65935e4a2f2fbc2f, 0x4ee79d8ec0c027c0,
+ 0xbe81a160dede5fde, 0xe06c38fc1c1c701c, 0xbb2ee746fdfdd3fd, 0x52649a1f4d4d294d,
+ 0xe4e0397692927292, 0x8fbceafa7575c975, 0x301e0c3606061806, 0x249809ae8a8a128a,
+ 0xf940794bb2b2f2b2, 0x6359d185e6e6bfe6, 0x70361c7e0e0e380e, 0xf8633ee71f1f7c1f,
+ 0x37f7c45562629562, 0xeea3b53ad4d477d4, 0x29324d81a8a89aa8, 0xc4f4315296966296,
+ 0x9b3aef62f9f9c3f9, 0x66f697a3c5c533c5, 0x35b14a1025259425, 0xf220b2ab59597959,
+ 0x54ae15d084842a84, 0xb7a7e4c57272d572, 0xd5dd72ec3939e439, 0x5a6198164c4c2d4c,
+ 0xca3bbc945e5e655e, 0xe785f09f7878fd78, 0xddd870e53838e038, 0x148605988c8c0a8c,
+ 0xc6b2bf17d1d163d1, 0x410b57e4a5a5aea5, 0x434dd9a1e2e2afe2, 0x2ff8c24e61619961,
+ 0xf1457b42b3b3f6b3, 0x15a5423421218421, 0x94d625089c9c4a9c, 0xf0663cee1e1e781e,
+ 0x2252866143431143, 0x76fc93b1c7c73bc7, 0xb32be54ffcfcd7fc, 0x2014082404041004,
+ 0xb208a2e351515951, 0xbcc72f2599995e99, 0x4fc4da226d6da96d, 0x68391a650d0d340d,
+ 0x8335e979fafacffa, 0xb684a369dfdf5bdf, 0xd79bfca97e7ee57e, 0x3db4481924249024,
+ 0xc5d776fe3b3bec3b, 0x313d4b9aabab96ab, 0x3ed181f0cece1fce, 0x8855229911114411,
+ 0x0c8903838f8f068f, 0x4a6b9c044e4e254e, 0xd1517366b7b7e6b7, 0x0b60cbe0ebeb8beb,
+ 0xfdcc78c13c3cf03c, 0x7cbf1ffd81813e81, 0xd4fe354094946a94, 0xeb0cf31cf7f7fbf7,
+ 0xa1676f18b9b9deb9, 0x985f268b13134c13, 0x7d9c58512c2cb02c, 0xd6b8bb05d3d36bd3,
+ 0x6b5cd38ce7e7bbe7, 0x57cbdc396e6ea56e, 0x6ef395aac4c437c4, 0x180f061b03030c03,
+ 0x8a13acdc56564556, 0x1a49885e44440d44, 0xdf9efea07f7fe17f, 0x21374f88a9a99ea9,
+ 0x4d8254672a2aa82a, 0xb16d6b0abbbbd6bb, 0x46e29f87c1c123c1, 0xa202a6f153535153,
+ 0xae8ba572dcdc57dc, 0x582716530b0b2c0b, 0x9cd327019d9d4e9d, 0x47c1d82b6c6cad6c,
+ 0x95f562a43131c431, 0x87b9e8f37474cd74, 0xe309f115f6f6fff6, 0x0a438c4c46460546,
+ 0x092645a5acac8aac, 0x3c970fb589891e89, 0xa04428b414145014, 0x5b42dfbae1e1a3e1,
+ 0xb04e2ca616165816, 0xcdd274f73a3ae83a, 0x6fd0d2066969b969, 0x482d124109092409,
+ 0xa7ade0d77070dd70, 0xd954716fb6b6e2b6, 0xceb7bd1ed0d067d0, 0x3b7ec7d6eded93ed,
+ 0x2edb85e2cccc17cc, 0x2a57846842421542, 0xb4c22d2c98985a98, 0x490e55eda4a4aaa4,
+ 0x5d8850752828a028, 0xda31b8865c5c6d5c, 0x933fed6bf8f8c7f8, 0x44a411c286862286,
+}
+
+var _C5 = [256]uint64{
+ 0x18c07830d8181860, 0x2305af462623238c, 0xc67ef991b8c6c63f, 0xe8136fcdfbe8e887,
+ 0x874ca113cb878726, 0xb8a9626d11b8b8da, 0x0108050209010104, 0x4f426e9e0d4f4f21,
+ 0x36adee6c9b3636d8, 0xa6590451ffa6a6a2, 0xd2debdb90cd2d26f, 0xf5fb06f70ef5f5f3,
+ 0x79ef80f2967979f9, 0x6f5fcede306f6fa1, 0x91fcef3f6d91917e, 0x52aa07a4f8525255,
+ 0x6027fdc04760609d, 0xbc89766535bcbcca, 0x9baccd2b379b9b56, 0x8e048c018a8e8e02,
+ 0xa371155bd2a3a3b6, 0x0c603c186c0c0c30, 0x7bff8af6847b7bf1, 0x35b5e16a803535d4,
+ 0x1de8693af51d1d74, 0xe05347ddb3e0e0a7, 0xd7f6acb321d7d77b, 0xc25eed999cc2c22f,
+ 0x2e6d965c432e2eb8, 0x4b627a96294b4b31, 0xfea321e15dfefedf, 0x578216aed5575741,
+ 0x15a8412abd151554, 0x779fb6eee87777c1, 0x37a5eb6e923737dc, 0xe57b56d79ee5e5b3,
+ 0x9f8cd923139f9f46, 0xf0d317fd23f0f0e7, 0x4a6a7f94204a4a35, 0xda9e95a944dada4f,
+ 0x58fa25b0a258587d, 0xc906ca8fcfc9c903, 0x29558d527c2929a4, 0x0a5022145a0a0a28,
+ 0xb1e14f7f50b1b1fe, 0xa0691a5dc9a0a0ba, 0x6b7fdad6146b6bb1, 0x855cab17d985852e,
+ 0xbd8173673cbdbdce, 0x5dd234ba8f5d5d69, 0x1080502090101040, 0xf4f303f507f4f4f7,
+ 0xcb16c08bddcbcb0b, 0x3eedc67cd33e3ef8, 0x0528110a2d050514, 0x671fe6ce78676781,
+ 0xe47353d597e4e4b7, 0x2725bb4e0227279c, 0x4132588273414119, 0x8b2c9d0ba78b8b16,
+ 0xa7510153f6a7a7a6, 0x7dcf94fab27d7de9, 0x95dcfb374995956e, 0xd88e9fad56d8d847,
+ 0xfb8b30eb70fbfbcb, 0xee2371c1cdeeee9f, 0x7cc791f8bb7c7ced, 0x6617e3cc71666685,
+ 0xdda68ea77bdddd53, 0x17b84b2eaf17175c, 0x4702468e45474701, 0x9e84dc211a9e9e42,
+ 0xca1ec589d4caca0f, 0x2d75995a582d2db4, 0xbf9179632ebfbfc6, 0x07381b0e3f07071c,
+ 0xad012347acadad8e, 0x5aea2fb4b05a5a75, 0x836cb51bef838336, 0x3385ff66b63333cc,
+ 0x633ff2c65c636391, 0x02100a0412020208, 0xaa39384993aaaa92, 0x71afa8e2de7171d9,
+ 0xc80ecf8dc6c8c807, 0x19c87d32d1191964, 0x497270923b494939, 0xd9869aaf5fd9d943,
+ 0xf2c31df931f2f2ef, 0xe34b48dba8e3e3ab, 0x5be22ab6b95b5b71, 0x8834920dbc88881a,
+ 0x9aa4c8293e9a9a52, 0x262dbe4c0b262698, 0x328dfa64bf3232c8, 0xb0e94a7d59b0b0fa,
+ 0xe91b6acff2e9e983, 0x0f78331e770f0f3c, 0xd5e6a6b733d5d573, 0x8074ba1df480803a,
+ 0xbe997c6127bebec2, 0xcd26de87ebcdcd13, 0x34bde468893434d0, 0x487a75903248483d,
+ 0xffab24e354ffffdb, 0x7af78ff48d7a7af5, 0x90f4ea3d6490907a, 0x5fc23ebe9d5f5f61,
+ 0x201da0403d202080, 0x6867d5d00f6868bd, 0x1ad07234ca1a1a68, 0xae192c41b7aeae82,
+ 0xb4c95e757db4b4ea, 0x549a19a8ce54544d, 0x93ece53b7f939376, 0x220daa442f222288,
+ 0x6407e9c86364648d, 0xf1db12ff2af1f1e3, 0x73bfa2e6cc7373d1, 0x12905a2482121248,
+ 0x403a5d807a40401d, 0x0840281048080820, 0xc356e89b95c3c32b, 0xec337bc5dfecec97,
+ 0xdb9690ab4ddbdb4b, 0xa1611f5fc0a1a1be, 0x8d1c8307918d8d0e, 0x3df5c97ac83d3df4,
+ 0x97ccf1335b979766, 0x0000000000000000, 0xcf36d483f9cfcf1b, 0x2b4587566e2b2bac,
+ 0x7697b3ece17676c5, 0x8264b019e6828232, 0xd6fea9b128d6d67f, 0x1bd87736c31b1b6c,
+ 0xb5c15b7774b5b5ee, 0xaf112943beafaf86, 0x6a77dfd41d6a6ab5, 0x50ba0da0ea50505d,
+ 0x45124c8a57454509, 0xf3cb18fb38f3f3eb, 0x309df060ad3030c0, 0xef2b74c3c4efef9b,
+ 0x3fe5c37eda3f3ffc, 0x55921caac7555549, 0xa2791059dba2a2b2, 0xea0365c9e9eaea8f,
+ 0x650fecca6a656589, 0xbab9686903babad2, 0x2f65935e4a2f2fbc, 0xc04ee79d8ec0c027,
+ 0xdebe81a160dede5f, 0x1ce06c38fc1c1c70, 0xfdbb2ee746fdfdd3, 0x4d52649a1f4d4d29,
+ 0x92e4e03976929272, 0x758fbceafa7575c9, 0x06301e0c36060618, 0x8a249809ae8a8a12,
+ 0xb2f940794bb2b2f2, 0xe66359d185e6e6bf, 0x0e70361c7e0e0e38, 0x1ff8633ee71f1f7c,
+ 0x6237f7c455626295, 0xd4eea3b53ad4d477, 0xa829324d81a8a89a, 0x96c4f43152969662,
+ 0xf99b3aef62f9f9c3, 0xc566f697a3c5c533, 0x2535b14a10252594, 0x59f220b2ab595979,
+ 0x8454ae15d084842a, 0x72b7a7e4c57272d5, 0x39d5dd72ec3939e4, 0x4c5a6198164c4c2d,
+ 0x5eca3bbc945e5e65, 0x78e785f09f7878fd, 0x38ddd870e53838e0, 0x8c148605988c8c0a,
+ 0xd1c6b2bf17d1d163, 0xa5410b57e4a5a5ae, 0xe2434dd9a1e2e2af, 0x612ff8c24e616199,
+ 0xb3f1457b42b3b3f6, 0x2115a54234212184, 0x9c94d625089c9c4a, 0x1ef0663cee1e1e78,
+ 0x4322528661434311, 0xc776fc93b1c7c73b, 0xfcb32be54ffcfcd7, 0x0420140824040410,
+ 0x51b208a2e3515159, 0x99bcc72f2599995e, 0x6d4fc4da226d6da9, 0x0d68391a650d0d34,
+ 0xfa8335e979fafacf, 0xdfb684a369dfdf5b, 0x7ed79bfca97e7ee5, 0x243db44819242490,
+ 0x3bc5d776fe3b3bec, 0xab313d4b9aabab96, 0xce3ed181f0cece1f, 0x1188552299111144,
+ 0x8f0c8903838f8f06, 0x4e4a6b9c044e4e25, 0xb7d1517366b7b7e6, 0xeb0b60cbe0ebeb8b,
+ 0x3cfdcc78c13c3cf0, 0x817cbf1ffd81813e, 0x94d4fe354094946a, 0xf7eb0cf31cf7f7fb,
+ 0xb9a1676f18b9b9de, 0x13985f268b13134c, 0x2c7d9c58512c2cb0, 0xd3d6b8bb05d3d36b,
+ 0xe76b5cd38ce7e7bb, 0x6e57cbdc396e6ea5, 0xc46ef395aac4c437, 0x03180f061b03030c,
+ 0x568a13acdc565645, 0x441a49885e44440d, 0x7fdf9efea07f7fe1, 0xa921374f88a9a99e,
+ 0x2a4d8254672a2aa8, 0xbbb16d6b0abbbbd6, 0xc146e29f87c1c123, 0x53a202a6f1535351,
+ 0xdcae8ba572dcdc57, 0x0b582716530b0b2c, 0x9d9cd327019d9d4e, 0x6c47c1d82b6c6cad,
+ 0x3195f562a43131c4, 0x7487b9e8f37474cd, 0xf6e309f115f6f6ff, 0x460a438c4c464605,
+ 0xac092645a5acac8a, 0x893c970fb589891e, 0x14a04428b4141450, 0xe15b42dfbae1e1a3,
+ 0x16b04e2ca6161658, 0x3acdd274f73a3ae8, 0x696fd0d2066969b9, 0x09482d1241090924,
+ 0x70a7ade0d77070dd, 0xb6d954716fb6b6e2, 0xd0ceb7bd1ed0d067, 0xed3b7ec7d6eded93,
+ 0xcc2edb85e2cccc17, 0x422a578468424215, 0x98b4c22d2c98985a, 0xa4490e55eda4a4aa,
+ 0x285d8850752828a0, 0x5cda31b8865c5c6d, 0xf8933fed6bf8f8c7, 0x8644a411c2868622,
+}
+
+var _C6 = [256]uint64{
+ 0x6018c07830d81818, 0x8c2305af46262323, 0x3fc67ef991b8c6c6, 0x87e8136fcdfbe8e8,
+ 0x26874ca113cb8787, 0xdab8a9626d11b8b8, 0x0401080502090101, 0x214f426e9e0d4f4f,
+ 0xd836adee6c9b3636, 0xa2a6590451ffa6a6, 0x6fd2debdb90cd2d2, 0xf3f5fb06f70ef5f5,
+ 0xf979ef80f2967979, 0xa16f5fcede306f6f, 0x7e91fcef3f6d9191, 0x5552aa07a4f85252,
+ 0x9d6027fdc0476060, 0xcabc89766535bcbc, 0x569baccd2b379b9b, 0x028e048c018a8e8e,
+ 0xb6a371155bd2a3a3, 0x300c603c186c0c0c, 0xf17bff8af6847b7b, 0xd435b5e16a803535,
+ 0x741de8693af51d1d, 0xa7e05347ddb3e0e0, 0x7bd7f6acb321d7d7, 0x2fc25eed999cc2c2,
+ 0xb82e6d965c432e2e, 0x314b627a96294b4b, 0xdffea321e15dfefe, 0x41578216aed55757,
+ 0x5415a8412abd1515, 0xc1779fb6eee87777, 0xdc37a5eb6e923737, 0xb3e57b56d79ee5e5,
+ 0x469f8cd923139f9f, 0xe7f0d317fd23f0f0, 0x354a6a7f94204a4a, 0x4fda9e95a944dada,
+ 0x7d58fa25b0a25858, 0x03c906ca8fcfc9c9, 0xa429558d527c2929, 0x280a5022145a0a0a,
+ 0xfeb1e14f7f50b1b1, 0xbaa0691a5dc9a0a0, 0xb16b7fdad6146b6b, 0x2e855cab17d98585,
+ 0xcebd8173673cbdbd, 0x695dd234ba8f5d5d, 0x4010805020901010, 0xf7f4f303f507f4f4,
+ 0x0bcb16c08bddcbcb, 0xf83eedc67cd33e3e, 0x140528110a2d0505, 0x81671fe6ce786767,
+ 0xb7e47353d597e4e4, 0x9c2725bb4e022727, 0x1941325882734141, 0x168b2c9d0ba78b8b,
+ 0xa6a7510153f6a7a7, 0xe97dcf94fab27d7d, 0x6e95dcfb37499595, 0x47d88e9fad56d8d8,
+ 0xcbfb8b30eb70fbfb, 0x9fee2371c1cdeeee, 0xed7cc791f8bb7c7c, 0x856617e3cc716666,
+ 0x53dda68ea77bdddd, 0x5c17b84b2eaf1717, 0x014702468e454747, 0x429e84dc211a9e9e,
+ 0x0fca1ec589d4caca, 0xb42d75995a582d2d, 0xc6bf9179632ebfbf, 0x1c07381b0e3f0707,
+ 0x8ead012347acadad, 0x755aea2fb4b05a5a, 0x36836cb51bef8383, 0xcc3385ff66b63333,
+ 0x91633ff2c65c6363, 0x0802100a04120202, 0x92aa39384993aaaa, 0xd971afa8e2de7171,
+ 0x07c80ecf8dc6c8c8, 0x6419c87d32d11919, 0x39497270923b4949, 0x43d9869aaf5fd9d9,
+ 0xeff2c31df931f2f2, 0xabe34b48dba8e3e3, 0x715be22ab6b95b5b, 0x1a8834920dbc8888,
+ 0x529aa4c8293e9a9a, 0x98262dbe4c0b2626, 0xc8328dfa64bf3232, 0xfab0e94a7d59b0b0,
+ 0x83e91b6acff2e9e9, 0x3c0f78331e770f0f, 0x73d5e6a6b733d5d5, 0x3a8074ba1df48080,
+ 0xc2be997c6127bebe, 0x13cd26de87ebcdcd, 0xd034bde468893434, 0x3d487a7590324848,
+ 0xdbffab24e354ffff, 0xf57af78ff48d7a7a, 0x7a90f4ea3d649090, 0x615fc23ebe9d5f5f,
+ 0x80201da0403d2020, 0xbd6867d5d00f6868, 0x681ad07234ca1a1a, 0x82ae192c41b7aeae,
+ 0xeab4c95e757db4b4, 0x4d549a19a8ce5454, 0x7693ece53b7f9393, 0x88220daa442f2222,
+ 0x8d6407e9c8636464, 0xe3f1db12ff2af1f1, 0xd173bfa2e6cc7373, 0x4812905a24821212,
+ 0x1d403a5d807a4040, 0x2008402810480808, 0x2bc356e89b95c3c3, 0x97ec337bc5dfecec,
+ 0x4bdb9690ab4ddbdb, 0xbea1611f5fc0a1a1, 0x0e8d1c8307918d8d, 0xf43df5c97ac83d3d,
+ 0x6697ccf1335b9797, 0x0000000000000000, 0x1bcf36d483f9cfcf, 0xac2b4587566e2b2b,
+ 0xc57697b3ece17676, 0x328264b019e68282, 0x7fd6fea9b128d6d6, 0x6c1bd87736c31b1b,
+ 0xeeb5c15b7774b5b5, 0x86af112943beafaf, 0xb56a77dfd41d6a6a, 0x5d50ba0da0ea5050,
+ 0x0945124c8a574545, 0xebf3cb18fb38f3f3, 0xc0309df060ad3030, 0x9bef2b74c3c4efef,
+ 0xfc3fe5c37eda3f3f, 0x4955921caac75555, 0xb2a2791059dba2a2, 0x8fea0365c9e9eaea,
+ 0x89650fecca6a6565, 0xd2bab9686903baba, 0xbc2f65935e4a2f2f, 0x27c04ee79d8ec0c0,
+ 0x5fdebe81a160dede, 0x701ce06c38fc1c1c, 0xd3fdbb2ee746fdfd, 0x294d52649a1f4d4d,
+ 0x7292e4e039769292, 0xc9758fbceafa7575, 0x1806301e0c360606, 0x128a249809ae8a8a,
+ 0xf2b2f940794bb2b2, 0xbfe66359d185e6e6, 0x380e70361c7e0e0e, 0x7c1ff8633ee71f1f,
+ 0x956237f7c4556262, 0x77d4eea3b53ad4d4, 0x9aa829324d81a8a8, 0x6296c4f431529696,
+ 0xc3f99b3aef62f9f9, 0x33c566f697a3c5c5, 0x942535b14a102525, 0x7959f220b2ab5959,
+ 0x2a8454ae15d08484, 0xd572b7a7e4c57272, 0xe439d5dd72ec3939, 0x2d4c5a6198164c4c,
+ 0x655eca3bbc945e5e, 0xfd78e785f09f7878, 0xe038ddd870e53838, 0x0a8c148605988c8c,
+ 0x63d1c6b2bf17d1d1, 0xaea5410b57e4a5a5, 0xafe2434dd9a1e2e2, 0x99612ff8c24e6161,
+ 0xf6b3f1457b42b3b3, 0x842115a542342121, 0x4a9c94d625089c9c, 0x781ef0663cee1e1e,
+ 0x1143225286614343, 0x3bc776fc93b1c7c7, 0xd7fcb32be54ffcfc, 0x1004201408240404,
+ 0x5951b208a2e35151, 0x5e99bcc72f259999, 0xa96d4fc4da226d6d, 0x340d68391a650d0d,
+ 0xcffa8335e979fafa, 0x5bdfb684a369dfdf, 0xe57ed79bfca97e7e, 0x90243db448192424,
+ 0xec3bc5d776fe3b3b, 0x96ab313d4b9aabab, 0x1fce3ed181f0cece, 0x4411885522991111,
+ 0x068f0c8903838f8f, 0x254e4a6b9c044e4e, 0xe6b7d1517366b7b7, 0x8beb0b60cbe0ebeb,
+ 0xf03cfdcc78c13c3c, 0x3e817cbf1ffd8181, 0x6a94d4fe35409494, 0xfbf7eb0cf31cf7f7,
+ 0xdeb9a1676f18b9b9, 0x4c13985f268b1313, 0xb02c7d9c58512c2c, 0x6bd3d6b8bb05d3d3,
+ 0xbbe76b5cd38ce7e7, 0xa56e57cbdc396e6e, 0x37c46ef395aac4c4, 0x0c03180f061b0303,
+ 0x45568a13acdc5656, 0x0d441a49885e4444, 0xe17fdf9efea07f7f, 0x9ea921374f88a9a9,
+ 0xa82a4d8254672a2a, 0xd6bbb16d6b0abbbb, 0x23c146e29f87c1c1, 0x5153a202a6f15353,
+ 0x57dcae8ba572dcdc, 0x2c0b582716530b0b, 0x4e9d9cd327019d9d, 0xad6c47c1d82b6c6c,
+ 0xc43195f562a43131, 0xcd7487b9e8f37474, 0xfff6e309f115f6f6, 0x05460a438c4c4646,
+ 0x8aac092645a5acac, 0x1e893c970fb58989, 0x5014a04428b41414, 0xa3e15b42dfbae1e1,
+ 0x5816b04e2ca61616, 0xe83acdd274f73a3a, 0xb9696fd0d2066969, 0x2409482d12410909,
+ 0xdd70a7ade0d77070, 0xe2b6d954716fb6b6, 0x67d0ceb7bd1ed0d0, 0x93ed3b7ec7d6eded,
+ 0x17cc2edb85e2cccc, 0x15422a5784684242, 0x5a98b4c22d2c9898, 0xaaa4490e55eda4a4,
+ 0xa0285d8850752828, 0x6d5cda31b8865c5c, 0xc7f8933fed6bf8f8, 0x228644a411c28686,
+}
+
+var _C7 = [256]uint64{
+ 0x186018c07830d818, 0x238c2305af462623, 0xc63fc67ef991b8c6, 0xe887e8136fcdfbe8,
+ 0x8726874ca113cb87, 0xb8dab8a9626d11b8, 0x0104010805020901, 0x4f214f426e9e0d4f,
+ 0x36d836adee6c9b36, 0xa6a2a6590451ffa6, 0xd26fd2debdb90cd2, 0xf5f3f5fb06f70ef5,
+ 0x79f979ef80f29679, 0x6fa16f5fcede306f, 0x917e91fcef3f6d91, 0x525552aa07a4f852,
+ 0x609d6027fdc04760, 0xbccabc89766535bc, 0x9b569baccd2b379b, 0x8e028e048c018a8e,
+ 0xa3b6a371155bd2a3, 0x0c300c603c186c0c, 0x7bf17bff8af6847b, 0x35d435b5e16a8035,
+ 0x1d741de8693af51d, 0xe0a7e05347ddb3e0, 0xd77bd7f6acb321d7, 0xc22fc25eed999cc2,
+ 0x2eb82e6d965c432e, 0x4b314b627a96294b, 0xfedffea321e15dfe, 0x5741578216aed557,
+ 0x155415a8412abd15, 0x77c1779fb6eee877, 0x37dc37a5eb6e9237, 0xe5b3e57b56d79ee5,
+ 0x9f469f8cd923139f, 0xf0e7f0d317fd23f0, 0x4a354a6a7f94204a, 0xda4fda9e95a944da,
+ 0x587d58fa25b0a258, 0xc903c906ca8fcfc9, 0x29a429558d527c29, 0x0a280a5022145a0a,
+ 0xb1feb1e14f7f50b1, 0xa0baa0691a5dc9a0, 0x6bb16b7fdad6146b, 0x852e855cab17d985,
+ 0xbdcebd8173673cbd, 0x5d695dd234ba8f5d, 0x1040108050209010, 0xf4f7f4f303f507f4,
+ 0xcb0bcb16c08bddcb, 0x3ef83eedc67cd33e, 0x05140528110a2d05, 0x6781671fe6ce7867,
+ 0xe4b7e47353d597e4, 0x279c2725bb4e0227, 0x4119413258827341, 0x8b168b2c9d0ba78b,
+ 0xa7a6a7510153f6a7, 0x7de97dcf94fab27d, 0x956e95dcfb374995, 0xd847d88e9fad56d8,
+ 0xfbcbfb8b30eb70fb, 0xee9fee2371c1cdee, 0x7ced7cc791f8bb7c, 0x66856617e3cc7166,
+ 0xdd53dda68ea77bdd, 0x175c17b84b2eaf17, 0x47014702468e4547, 0x9e429e84dc211a9e,
+ 0xca0fca1ec589d4ca, 0x2db42d75995a582d, 0xbfc6bf9179632ebf, 0x071c07381b0e3f07,
+ 0xad8ead012347acad, 0x5a755aea2fb4b05a, 0x8336836cb51bef83, 0x33cc3385ff66b633,
+ 0x6391633ff2c65c63, 0x020802100a041202, 0xaa92aa39384993aa, 0x71d971afa8e2de71,
+ 0xc807c80ecf8dc6c8, 0x196419c87d32d119, 0x4939497270923b49, 0xd943d9869aaf5fd9,
+ 0xf2eff2c31df931f2, 0xe3abe34b48dba8e3, 0x5b715be22ab6b95b, 0x881a8834920dbc88,
+ 0x9a529aa4c8293e9a, 0x2698262dbe4c0b26, 0x32c8328dfa64bf32, 0xb0fab0e94a7d59b0,
+ 0xe983e91b6acff2e9, 0x0f3c0f78331e770f, 0xd573d5e6a6b733d5, 0x803a8074ba1df480,
+ 0xbec2be997c6127be, 0xcd13cd26de87ebcd, 0x34d034bde4688934, 0x483d487a75903248,
+ 0xffdbffab24e354ff, 0x7af57af78ff48d7a, 0x907a90f4ea3d6490, 0x5f615fc23ebe9d5f,
+ 0x2080201da0403d20, 0x68bd6867d5d00f68, 0x1a681ad07234ca1a, 0xae82ae192c41b7ae,
+ 0xb4eab4c95e757db4, 0x544d549a19a8ce54, 0x937693ece53b7f93, 0x2288220daa442f22,
+ 0x648d6407e9c86364, 0xf1e3f1db12ff2af1, 0x73d173bfa2e6cc73, 0x124812905a248212,
+ 0x401d403a5d807a40, 0x0820084028104808, 0xc32bc356e89b95c3, 0xec97ec337bc5dfec,
+ 0xdb4bdb9690ab4ddb, 0xa1bea1611f5fc0a1, 0x8d0e8d1c8307918d, 0x3df43df5c97ac83d,
+ 0x976697ccf1335b97, 0x0000000000000000, 0xcf1bcf36d483f9cf, 0x2bac2b4587566e2b,
+ 0x76c57697b3ece176, 0x82328264b019e682, 0xd67fd6fea9b128d6, 0x1b6c1bd87736c31b,
+ 0xb5eeb5c15b7774b5, 0xaf86af112943beaf, 0x6ab56a77dfd41d6a, 0x505d50ba0da0ea50,
+ 0x450945124c8a5745, 0xf3ebf3cb18fb38f3, 0x30c0309df060ad30, 0xef9bef2b74c3c4ef,
+ 0x3ffc3fe5c37eda3f, 0x554955921caac755, 0xa2b2a2791059dba2, 0xea8fea0365c9e9ea,
+ 0x6589650fecca6a65, 0xbad2bab9686903ba, 0x2fbc2f65935e4a2f, 0xc027c04ee79d8ec0,
+ 0xde5fdebe81a160de, 0x1c701ce06c38fc1c, 0xfdd3fdbb2ee746fd, 0x4d294d52649a1f4d,
+ 0x927292e4e0397692, 0x75c9758fbceafa75, 0x061806301e0c3606, 0x8a128a249809ae8a,
+ 0xb2f2b2f940794bb2, 0xe6bfe66359d185e6, 0x0e380e70361c7e0e, 0x1f7c1ff8633ee71f,
+ 0x62956237f7c45562, 0xd477d4eea3b53ad4, 0xa89aa829324d81a8, 0x966296c4f4315296,
+ 0xf9c3f99b3aef62f9, 0xc533c566f697a3c5, 0x25942535b14a1025, 0x597959f220b2ab59,
+ 0x842a8454ae15d084, 0x72d572b7a7e4c572, 0x39e439d5dd72ec39, 0x4c2d4c5a6198164c,
+ 0x5e655eca3bbc945e, 0x78fd78e785f09f78, 0x38e038ddd870e538, 0x8c0a8c148605988c,
+ 0xd163d1c6b2bf17d1, 0xa5aea5410b57e4a5, 0xe2afe2434dd9a1e2, 0x6199612ff8c24e61,
+ 0xb3f6b3f1457b42b3, 0x21842115a5423421, 0x9c4a9c94d625089c, 0x1e781ef0663cee1e,
+ 0x4311432252866143, 0xc73bc776fc93b1c7, 0xfcd7fcb32be54ffc, 0x0410042014082404,
+ 0x515951b208a2e351, 0x995e99bcc72f2599, 0x6da96d4fc4da226d, 0x0d340d68391a650d,
+ 0xfacffa8335e979fa, 0xdf5bdfb684a369df, 0x7ee57ed79bfca97e, 0x2490243db4481924,
+ 0x3bec3bc5d776fe3b, 0xab96ab313d4b9aab, 0xce1fce3ed181f0ce, 0x1144118855229911,
+ 0x8f068f0c8903838f, 0x4e254e4a6b9c044e, 0xb7e6b7d1517366b7, 0xeb8beb0b60cbe0eb,
+ 0x3cf03cfdcc78c13c, 0x813e817cbf1ffd81, 0x946a94d4fe354094, 0xf7fbf7eb0cf31cf7,
+ 0xb9deb9a1676f18b9, 0x134c13985f268b13, 0x2cb02c7d9c58512c, 0xd36bd3d6b8bb05d3,
+ 0xe7bbe76b5cd38ce7, 0x6ea56e57cbdc396e, 0xc437c46ef395aac4, 0x030c03180f061b03,
+ 0x5645568a13acdc56, 0x440d441a49885e44, 0x7fe17fdf9efea07f, 0xa99ea921374f88a9,
+ 0x2aa82a4d8254672a, 0xbbd6bbb16d6b0abb, 0xc123c146e29f87c1, 0x535153a202a6f153,
+ 0xdc57dcae8ba572dc, 0x0b2c0b582716530b, 0x9d4e9d9cd327019d, 0x6cad6c47c1d82b6c,
+ 0x31c43195f562a431, 0x74cd7487b9e8f374, 0xf6fff6e309f115f6, 0x4605460a438c4c46,
+ 0xac8aac092645a5ac, 0x891e893c970fb589, 0x145014a04428b414, 0xe1a3e15b42dfbae1,
+ 0x165816b04e2ca616, 0x3ae83acdd274f73a, 0x69b9696fd0d20669, 0x092409482d124109,
+ 0x70dd70a7ade0d770, 0xb6e2b6d954716fb6, 0xd067d0ceb7bd1ed0, 0xed93ed3b7ec7d6ed,
+ 0xcc17cc2edb85e2cc, 0x4215422a57846842, 0x985a98b4c22d2c98, 0xa4aaa4490e55eda4,
+ 0x28a0285d88507528, 0x5c6d5cda31b8865c, 0xf8c7f8933fed6bf8, 0x86228644a411c286,
+}
+
+var rc = [rounds + 1]uint64{
+ 0x0000000000000000,
+ 0x1823c6e887b8014f,
+ 0x36a6d2f5796f9152,
+ 0x60bc9b8ea30c7b35,
+ 0x1de0d7c22e4bfe57,
+ 0x157737e59ff04ada,
+ 0x58c9290ab1a06b85,
+ 0xbd5d10f4cb3e0567,
+ 0xe427418ba77d95d8,
+ 0xfbee7c66dd17479e,
+ 0xca2dbf07ad5a8333,
+}
diff --git a/vendor/github.com/jzelinskie/whirlpool/whirlpool.go b/vendor/github.com/jzelinskie/whirlpool/whirlpool.go
new file mode 100644
index 00000000000..0c16befee7f
--- /dev/null
+++ b/vendor/github.com/jzelinskie/whirlpool/whirlpool.go
@@ -0,0 +1,240 @@
+// Copyright 2012 Jimmy Zelinskie. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package whirlpool implements the ISO/IEC 10118-3:2004 whirlpool
+// cryptographic hash. Whirlpool is defined in
+// http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
+package whirlpool
+
+import (
+ "encoding/binary"
+ "hash"
+)
+
+// whirlpool represents the partial evaluation of a checksum.
+type whirlpool struct {
+ bitLength [lengthBytes]byte // Number of hashed bits.
+ buffer [wblockBytes]byte // Buffer of data to be hashed.
+ bufferBits int // Current number of bits on the buffer.
+ bufferPos int // Current byte location on buffer.
+ hash [digestBytes / 8]uint64 // Hash state.
+}
+
+// New returns a new hash.Hash computing the whirlpool checksum.
+func New() hash.Hash {
+ return new(whirlpool)
+}
+
+func (w *whirlpool) Reset() {
+ // Cleanup the buffer.
+ w.buffer = [wblockBytes]byte{}
+ w.bufferBits = 0
+ w.bufferPos = 0
+
+ // Cleanup the digest.
+ w.hash = [digestBytes / 8]uint64{}
+
+ // Clean up the number of hashed bits.
+ w.bitLength = [lengthBytes]byte{}
+}
+
+func (w *whirlpool) Size() int {
+ return digestBytes
+}
+
+func (w *whirlpool) BlockSize() int {
+ return wblockBytes
+}
+
+func (w *whirlpool) transform() {
+ var (
+ K [8]uint64 // Round key.
+ block [8]uint64 // μ(buffer).
+ state [8]uint64 // Cipher state.
+ L [8]uint64
+ )
+
+ // Map the buffer to a block.
+ for i := 0; i < 8; i++ {
+ b := 8 * i
+ block[i] = binary.BigEndian.Uint64(w.buffer[b:])
+ }
+
+ // Compute & apply K^0 to the cipher state.
+ for i := 0; i < 8; i++ {
+ K[i] = w.hash[i]
+ state[i] = block[i] ^ K[i]
+ }
+
+ // Iterate over all the rounds.
+ for r := 1; r <= rounds; r++ {
+ // Compute K^rounds from K^(rounds-1).
+ for i := 0; i < 8; i++ {
+ L[i] = _C0[byte(K[i%8]>>56)] ^
+ _C1[byte(K[(i+7)%8]>>48)] ^
+ _C2[byte(K[(i+6)%8]>>40)] ^
+ _C3[byte(K[(i+5)%8]>>32)] ^
+ _C4[byte(K[(i+4)%8]>>24)] ^
+ _C5[byte(K[(i+3)%8]>>16)] ^
+ _C6[byte(K[(i+2)%8]>>8)] ^
+ _C7[byte(K[(i+1)%8])]
+ }
+ L[0] ^= rc[r]
+
+ for i := 0; i < 8; i++ {
+ K[i] = L[i]
+ }
+
+ // Apply r-th round transformation.
+ for i := 0; i < 8; i++ {
+ L[i] = _C0[byte(state[i%8]>>56)] ^
+ _C1[byte(state[(i+7)%8]>>48)] ^
+ _C2[byte(state[(i+6)%8]>>40)] ^
+ _C3[byte(state[(i+5)%8]>>32)] ^
+ _C4[byte(state[(i+4)%8]>>24)] ^
+ _C5[byte(state[(i+3)%8]>>16)] ^
+ _C6[byte(state[(i+2)%8]>>8)] ^
+ _C7[byte(state[(i+1)%8])] ^
+ K[i%8]
+ }
+
+ for i := 0; i < 8; i++ {
+ state[i] = L[i]
+ }
+ }
+
+ // Apply the Miyaguchi-Preneel compression function.
+ for i := 0; i < 8; i++ {
+ w.hash[i] ^= state[i] ^ block[i]
+ }
+}
+
+func (w *whirlpool) Write(source []byte) (int, error) {
+ var (
+ sourcePos int // Index of the leftmost source.
+ nn int = len(source) // Num of bytes to process.
+ sourceBits uint64 = uint64(nn * 8) // Num of bits to process.
+ sourceGap uint = uint((8 - (int(sourceBits & 7))) & 7) // Space on source[sourcePos].
+ bufferRem uint = uint(w.bufferBits & 7) // Occupied bits on buffer[bufferPos].
+ b uint32 // Current byte.
+ )
+
+ // Tally the length of the data added.
+ for i, carry, value := 31, uint32(0), uint64(sourceBits); i >= 0 && (carry != 0 || value != 0); i-- {
+ carry += uint32(w.bitLength[i]) + (uint32(value & 0xff))
+ w.bitLength[i] = byte(carry)
+ carry >>= 8
+ value >>= 8
+ }
+
+ // Process data in chunks of 8 bits.
+ for sourceBits > 8 {
+ // Take a byte form the source.
+ b = uint32(((source[sourcePos] << sourceGap) & 0xff) |
+ ((source[sourcePos+1] & 0xff) >> (8 - sourceGap)))
+
+ // Process this byte.
+ w.buffer[w.bufferPos] |= uint8(b >> bufferRem)
+ w.bufferPos++
+ w.bufferBits += int(8 - bufferRem)
+
+ if w.bufferBits == digestBits {
+ // Process this block.
+ w.transform()
+ // Reset the buffer.
+ w.bufferBits = 0
+ w.bufferPos = 0
+ }
+ w.buffer[w.bufferPos] = byte(b << (8 - bufferRem))
+ w.bufferBits += int(bufferRem)
+
+ // Proceed to remaining data.
+ sourceBits -= 8
+ sourcePos++
+ }
+
+ // 0 <= sourceBits <= 8; All data leftover is in source[sourcePos].
+ if sourceBits > 0 {
+ b = uint32((source[sourcePos] << sourceGap) & 0xff) // The bits are left-justified.
+
+ // Process the remaining bits.
+ w.buffer[w.bufferPos] |= byte(b) >> bufferRem
+ } else {
+ b = 0
+ }
+
+ if uint64(bufferRem)+sourceBits < 8 {
+ // The remaining data fits on the buffer[bufferPos].
+ w.bufferBits += int(sourceBits)
+ } else {
+ // The buffer[bufferPos] is full.
+ w.bufferPos++
+ w.bufferBits += 8 - int(bufferRem) // bufferBits = 8*bufferPos
+ sourceBits -= uint64(8 - bufferRem)
+
+ // Now, 0 <= sourceBits <= 8; all data leftover is in source[sourcePos].
+ if w.bufferBits == digestBits {
+ // Process this data block.
+ w.transform()
+ // Reset buffer.
+ w.bufferBits = 0
+ w.bufferPos = 0
+ }
+ w.buffer[w.bufferPos] = byte(b << (8 - bufferRem))
+ w.bufferBits += int(sourceBits)
+ }
+ return nn, nil
+}
+
+func (w *whirlpool) Sum(in []byte) []byte {
+ // Copy the whirlpool so that the caller can keep summing.
+ n := *w
+
+ // Append a 1-bit.
+ n.buffer[n.bufferPos] |= 0x80 >> (uint(n.bufferBits) & 7)
+ n.bufferPos++
+
+ // The remaining bits should be 0. Pad with 0s to be complete.
+ if n.bufferPos > wblockBytes-lengthBytes {
+ if n.bufferPos < wblockBytes {
+ for i := 0; i < wblockBytes-n.bufferPos; i++ {
+ n.buffer[n.bufferPos+i] = 0
+ }
+ }
+ // Process this data block.
+ n.transform()
+ // Reset the buffer.
+ n.bufferPos = 0
+ }
+
+ if n.bufferPos < wblockBytes-lengthBytes {
+ for i := 0; i < (wblockBytes-lengthBytes)-n.bufferPos; i++ {
+ n.buffer[n.bufferPos+i] = 0
+ }
+ }
+ n.bufferPos = wblockBytes - lengthBytes
+
+ // Append the bit length of the hashed data.
+ for i := 0; i < lengthBytes; i++ {
+ n.buffer[n.bufferPos+i] = n.bitLength[i]
+ }
+
+ // Process this data block.
+ n.transform()
+
+ // Return the final digest as []byte.
+ var digest [digestBytes]byte
+ for i := 0; i < digestBytes/8; i++ {
+ digest[i*8] = byte(n.hash[i] >> 56)
+ digest[i*8+1] = byte(n.hash[i] >> 48)
+ digest[i*8+2] = byte(n.hash[i] >> 40)
+ digest[i*8+3] = byte(n.hash[i] >> 32)
+ digest[i*8+4] = byte(n.hash[i] >> 24)
+ digest[i*8+5] = byte(n.hash[i] >> 16)
+ digest[i*8+6] = byte(n.hash[i] >> 8)
+ digest[i*8+7] = byte(n.hash[i])
+ }
+
+ return append(in, digest[:digestBytes]...)
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/.gitignore b/vendor/github.com/mattn/go-ieproxy/.gitignore
new file mode 100644
index 00000000000..bc8a670e021
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/.gitignore
@@ -0,0 +1 @@
+.idea/*
\ No newline at end of file
diff --git a/vendor/github.com/mattn/go-ieproxy/LICENSE b/vendor/github.com/mattn/go-ieproxy/LICENSE
new file mode 100644
index 00000000000..7b7c0f855af
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/LICENSE
@@ -0,0 +1,23 @@
+MIT License
+
+Copyright (c) 2014 mattn
+Copyright (c) 2017 oliverpool
+Copyright (c) 2019 Adele Reed
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/mattn/go-ieproxy/README.md b/vendor/github.com/mattn/go-ieproxy/README.md
new file mode 100644
index 00000000000..3e3b4759cf7
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/README.md
@@ -0,0 +1,51 @@
+# ieproxy
+
+Go package to detect the proxy settings on Windows platform, and MacOS.
+
+On Windows, the settings are initially attempted to be read from the [`WinHttpGetIEProxyConfigForCurrentUser` DLL call](https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpgetieproxyconfigforcurrentuser), but falls back to the registry (`CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings`) in the event the DLL call fails.
+
+On MacOS, the settings are read from [`CFNetworkCopySystemProxySettings` method of CFNetwork](https://developer.apple.com/documentation/cfnetwork/1426754-cfnetworkcopysystemproxysettings?language=objc).
+
+For more information, take a look at the [documentation](https://godoc.org/github.com/mattn/go-ieproxy)
+
+## Methods
+
+You can either obtain a `net/http` compatible proxy function using `ieproxy.GetProxyFunc()`, set environment variables using `ieproxy.OverrideEnvWithStaticProxy()` (though no automatic configuration is available this way), or obtain the proxy settings via `ieproxy.GetConf()`.
+
+| Method | Supported configuration options: |
+|----------------------------------------|-----------------------------------------------|
+| `ieproxy.GetProxyFunc()` | Static, Specified script, and fully automatic |
+| `ieproxy.OverrideEnvWithStaticProxy()` | Static |
+| `ieproxy.GetConf()` | Depends on how you use it |
+
+## Examples
+
+### Using GetProxyFunc():
+
+```go
+func init() {
+ http.DefaultTransport.(*http.Transport).Proxy = ieproxy.GetProxyFunc()
+}
+```
+
+GetProxyFunc acts as a middleman between `net/http` and `mattn/go-ieproxy` in order to select the correct proxy configuration based off the details supplied in the config.
+
+### Using OverrideEnvWithStaticProxy():
+
+```go
+func init() {
+ ieproxy.OverrideEnvWithStaticProxy()
+ http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
+}
+```
+
+OverrideEnvWithStaticProxy overrides the relevant environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY`) with the **static, manually configured** proxy details typically found in the registry.
+
+### Using GetConf():
+
+```go
+func main() {
+ conf := ieproxy.GetConf()
+ //Handle proxies how you want to.
+}
+```
diff --git a/vendor/github.com/mattn/go-ieproxy/ieproxy.go b/vendor/github.com/mattn/go-ieproxy/ieproxy.go
new file mode 100644
index 00000000000..0b5460bb828
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/ieproxy.go
@@ -0,0 +1,56 @@
+// Package ieproxy is a utility to retrieve the proxy parameters (especially of Internet Explorer on windows)
+//
+// On windows, it gathers the parameters from the registry (regedit), while it uses env variable on other platforms
+package ieproxy
+
+import "os"
+
+// ProxyConf gathers the configuration for proxy
+type ProxyConf struct {
+ Static StaticProxyConf // static configuration
+ Automatic ProxyScriptConf // script configuration
+}
+
+// StaticProxyConf contains the configuration for static proxy
+type StaticProxyConf struct {
+ // Is the proxy active?
+ Active bool
+ // Proxy address for each scheme (http, https)
+ // "" (empty string) is the fallback proxy
+ Protocols map[string]string
+ // Addresses not to be browsed via the proxy (comma-separated, linux-like)
+ NoProxy string
+}
+
+// ProxyScriptConf contains the configuration for automatic proxy
+type ProxyScriptConf struct {
+ // Is the proxy active?
+ Active bool
+ // PreConfiguredURL of the .pac file.
+ // If this is empty and Active is true, auto-configuration should be assumed.
+ PreConfiguredURL string
+}
+
+// GetConf retrieves the proxy configuration from the Windows Regedit
+func GetConf() ProxyConf {
+ return getConf()
+}
+
+// ReloadConf reloads the proxy configuration
+func ReloadConf() ProxyConf {
+ return reloadConf()
+}
+
+// OverrideEnvWithStaticProxy writes new values to the
+// `http_proxy`, `https_proxy` and `no_proxy` environment variables.
+// The values are taken from the Windows Regedit (should be called in `init()` function - see example)
+func OverrideEnvWithStaticProxy() {
+ overrideEnvWithStaticProxy(GetConf(), os.Setenv)
+}
+
+// FindProxyForURL computes the proxy for a given URL according to the pac file
+func (psc *ProxyScriptConf) FindProxyForURL(URL string) string {
+ return psc.findProxyForURL(URL)
+}
+
+type envSetter func(string, string) error
diff --git a/vendor/github.com/mattn/go-ieproxy/ieproxy_darwin.go b/vendor/github.com/mattn/go-ieproxy/ieproxy_darwin.go
new file mode 100644
index 00000000000..5d53555708b
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/ieproxy_darwin.go
@@ -0,0 +1,123 @@
+package ieproxy
+
+/*
+#cgo LDFLAGS: -framework CoreFoundation
+#cgo LDFLAGS: -framework CFNetwork
+#include
+#include
+*/
+import "C"
+
+import (
+ "fmt"
+ "strings"
+ "sync"
+ "unsafe"
+)
+
+var once sync.Once
+var darwinProxyConf ProxyConf
+
+// GetConf retrieves the proxy configuration from the Windows Regedit
+func getConf() ProxyConf {
+ once.Do(writeConf)
+ return darwinProxyConf
+}
+
+// reloadConf forces a reload of the proxy configuration.
+func reloadConf() ProxyConf {
+ writeConf()
+ return getConf()
+}
+
+func cfStringGetGoString(cfStr C.CFStringRef) string {
+ retCString := (*C.char)(C.calloc(C.ulong(uint(128)), 1))
+ defer C.free(unsafe.Pointer(retCString))
+
+ C.CFStringGetCString(cfStr, retCString, C.long(128), C.kCFStringEncodingUTF8)
+ return C.GoString(retCString)
+}
+
+func cfNumberGetGoInt(cfNum C.CFNumberRef) int {
+ ret := 0
+ C.CFNumberGetValue(cfNum, C.kCFNumberIntType, unsafe.Pointer(&ret))
+ return ret
+}
+
+func cfArrayGetGoStrings(cfArray C.CFArrayRef) []string {
+ var ret []string
+ for i := 0; i < int(C.CFArrayGetCount(cfArray)); i++ {
+ cfStr := C.CFStringRef(C.CFArrayGetValueAtIndex(cfArray, C.long(i)))
+ if unsafe.Pointer(cfStr) != C.NULL {
+ ret = append(ret, cfStringGetGoString(cfStr))
+ }
+ }
+ return ret
+}
+
+func writeConf() {
+ cfDictProxy := C.CFDictionaryRef(C.CFNetworkCopySystemProxySettings())
+ defer C.CFRelease(C.CFTypeRef(cfDictProxy))
+ darwinProxyConf = ProxyConf{}
+
+ cfNumHttpEnable := C.CFNumberRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesHTTPEnable)))
+ if unsafe.Pointer(cfNumHttpEnable) != C.NULL && cfNumberGetGoInt(cfNumHttpEnable) > 0 {
+ darwinProxyConf.Static.Active = true
+ if darwinProxyConf.Static.Protocols == nil {
+ darwinProxyConf.Static.Protocols = make(map[string]string)
+ }
+ httpHost := C.CFStringRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesHTTPProxy)))
+ httpPort := C.CFNumberRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesHTTPPort)))
+
+ httpProxy := fmt.Sprintf("%s:%d", cfStringGetGoString(httpHost), cfNumberGetGoInt(httpPort))
+ darwinProxyConf.Static.Protocols["http"] = httpProxy
+ }
+
+ cfNumHttpsEnable := C.CFNumberRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesHTTPSEnable)))
+ if unsafe.Pointer(cfNumHttpsEnable) != C.NULL && cfNumberGetGoInt(cfNumHttpsEnable) > 0 {
+ darwinProxyConf.Static.Active = true
+ if darwinProxyConf.Static.Protocols == nil {
+ darwinProxyConf.Static.Protocols = make(map[string]string)
+ }
+ httpsHost := C.CFStringRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesHTTPSProxy)))
+ httpsPort := C.CFNumberRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesHTTPSPort)))
+
+ httpProxy := fmt.Sprintf("%s:%d", cfStringGetGoString(httpsHost), cfNumberGetGoInt(httpsPort))
+ darwinProxyConf.Static.Protocols["https"] = httpProxy
+ }
+
+ if darwinProxyConf.Static.Active {
+ cfArrayExceptionList := C.CFArrayRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesExceptionsList)))
+ if unsafe.Pointer(cfArrayExceptionList) != C.NULL {
+ exceptionList := cfArrayGetGoStrings(cfArrayExceptionList)
+ darwinProxyConf.Static.NoProxy = strings.Join(exceptionList, ",")
+ }
+ }
+
+ cfNumPacEnable := C.CFNumberRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesProxyAutoConfigEnable)))
+ if unsafe.Pointer(cfNumPacEnable) != C.NULL && cfNumberGetGoInt(cfNumPacEnable) > 0 {
+ cfStringPac := C.CFStringRef(C.CFDictionaryGetValue(cfDictProxy, unsafe.Pointer(C.kCFNetworkProxiesProxyAutoConfigURLString)))
+ if unsafe.Pointer(cfStringPac) != C.NULL {
+ pac := cfStringGetGoString(cfStringPac)
+ darwinProxyConf.Automatic.PreConfiguredURL = pac
+ darwinProxyConf.Automatic.Active = true
+ }
+ }
+}
+
+// OverrideEnvWithStaticProxy writes new values to the
+// http_proxy, https_proxy and no_proxy environment variables.
+// The values are taken from the MacOS System Preferences.
+func overrideEnvWithStaticProxy(conf ProxyConf, setenv envSetter) {
+ if conf.Static.Active {
+ for _, scheme := range []string{"http", "https"} {
+ url := conf.Static.Protocols[scheme]
+ if url != "" {
+ setenv(scheme+"_proxy", url)
+ }
+ }
+ if conf.Static.NoProxy != "" {
+ setenv("no_proxy", conf.Static.NoProxy)
+ }
+ }
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/ieproxy_unix.go b/vendor/github.com/mattn/go-ieproxy/ieproxy_unix.go
new file mode 100644
index 00000000000..c352546e23c
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/ieproxy_unix.go
@@ -0,0 +1,15 @@
+//go:build !windows && (!darwin || !cgo)
+// +build !windows,!darwin !cgo
+
+package ieproxy
+
+func getConf() ProxyConf {
+ return ProxyConf{}
+}
+
+func reloadConf() ProxyConf {
+ return getConf()
+}
+
+func overrideEnvWithStaticProxy(pc ProxyConf, setenv envSetter) {
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/ieproxy_windows.go b/vendor/github.com/mattn/go-ieproxy/ieproxy_windows.go
new file mode 100644
index 00000000000..7fd375017f6
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/ieproxy_windows.go
@@ -0,0 +1,219 @@
+package ieproxy
+
+import (
+ "strings"
+ "sync"
+ "unsafe"
+
+ "golang.org/x/sys/windows/registry"
+)
+
+type regeditValues struct {
+ ProxyServer string
+ ProxyOverride string
+ ProxyEnable uint64
+ AutoConfigURL string
+}
+
+var once sync.Once
+var windowsProxyConf ProxyConf
+
+// GetConf retrieves the proxy configuration from the Windows Regedit
+func getConf() ProxyConf {
+ once.Do(writeConf)
+ return windowsProxyConf
+}
+
+// reloadConf forces a reload of the proxy configuration from the Windows registry
+func reloadConf() ProxyConf {
+ writeConf()
+ return getConf()
+}
+
+func writeConf() {
+ proxy := ""
+ proxyByPass := ""
+ autoConfigUrl := ""
+ autoDetect := false
+
+ // Try from IE first.
+ if ieCfg, err := getUserConfigFromWindowsSyscall(); err == nil {
+ defer globalFreeWrapper(ieCfg.lpszProxy)
+ defer globalFreeWrapper(ieCfg.lpszProxyBypass)
+ defer globalFreeWrapper(ieCfg.lpszAutoConfigUrl)
+
+ proxy = StringFromUTF16Ptr(ieCfg.lpszProxy)
+ proxyByPass = StringFromUTF16Ptr(ieCfg.lpszProxyBypass)
+ autoConfigUrl = StringFromUTF16Ptr(ieCfg.lpszAutoConfigUrl)
+ autoDetect = ieCfg.fAutoDetect
+ }
+
+ if proxy == "" && !autoDetect {
+ // Try WinHTTP default proxy.
+ if defaultCfg, err := getDefaultProxyConfiguration(); err == nil {
+ defer globalFreeWrapper(defaultCfg.lpszProxy)
+ defer globalFreeWrapper(defaultCfg.lpszProxyBypass)
+
+ // Always set both of these (they are a pair, it doesn't make sense to set one here and keep the value of the other from above)
+ proxy = StringFromUTF16Ptr(defaultCfg.lpszProxy)
+ proxyByPass = StringFromUTF16Ptr(defaultCfg.lpszProxyBypass)
+ }
+ }
+
+ if proxy == "" && !autoDetect {
+ // Fall back to IE registry or manual detection if nothing is found there..
+ regedit, _ := readRegedit() // If the syscall fails, backup to manual detection.
+ windowsProxyConf = parseRegedit(regedit)
+ return
+ }
+
+ // Setting the proxy settings.
+ windowsProxyConf = ProxyConf{
+ Static: StaticProxyConf{
+ Active: len(proxy) > 0,
+ },
+ Automatic: ProxyScriptConf{
+ Active: len(autoConfigUrl) > 0 || autoDetect,
+ },
+ }
+
+ if windowsProxyConf.Static.Active {
+ protocol := make(map[string]string)
+ for _, s := range strings.Split(proxy, ";") {
+ s = strings.TrimSpace(s)
+ if s == "" {
+ continue
+ }
+ pair := strings.SplitN(s, "=", 2)
+ if len(pair) > 1 {
+ protocol[pair[0]] = pair[1]
+ } else {
+ protocol[""] = pair[0]
+ }
+ }
+
+ windowsProxyConf.Static.Protocols = protocol
+ if len(proxyByPass) > 0 {
+ windowsProxyConf.Static.NoProxy = strings.Replace(proxyByPass, ";", ",", -1)
+ }
+ }
+
+ if windowsProxyConf.Automatic.Active {
+ windowsProxyConf.Automatic.PreConfiguredURL = autoConfigUrl
+ }
+}
+
+func getUserConfigFromWindowsSyscall() (*tWINHTTP_CURRENT_USER_IE_PROXY_CONFIG, error) {
+ if err := winHttpGetIEProxyConfigForCurrentUser.Find(); err != nil {
+ return nil, err
+ }
+ p := new(tWINHTTP_CURRENT_USER_IE_PROXY_CONFIG)
+ r, _, err := winHttpGetIEProxyConfigForCurrentUser.Call(uintptr(unsafe.Pointer(p)))
+ if rTrue(r) {
+ return p, nil
+ }
+ return nil, err
+}
+
+func getDefaultProxyConfiguration() (*tWINHTTP_PROXY_INFO, error) {
+ pInfo := new(tWINHTTP_PROXY_INFO)
+ if err := winHttpGetDefaultProxyConfiguration.Find(); err != nil {
+ return nil, err
+ }
+ r, _, err := winHttpGetDefaultProxyConfiguration.Call(uintptr(unsafe.Pointer(pInfo)))
+ if rTrue(r) {
+ return pInfo, nil
+ }
+ return nil, err
+}
+
+// OverrideEnvWithStaticProxy writes new values to the
+// http_proxy, https_proxy and no_proxy environment variables.
+// The values are taken from the Windows Regedit (should be called in init() function)
+func overrideEnvWithStaticProxy(conf ProxyConf, setenv envSetter) {
+ if conf.Static.Active {
+ for _, scheme := range []string{"http", "https"} {
+ url := mapFallback(scheme, "", conf.Static.Protocols)
+ setenv(scheme+"_proxy", url)
+ }
+ if conf.Static.NoProxy != "" {
+ setenv("no_proxy", conf.Static.NoProxy)
+ }
+ }
+}
+
+func parseRegedit(regedit regeditValues) ProxyConf {
+ protocol := make(map[string]string)
+ for _, s := range strings.Split(regedit.ProxyServer, ";") {
+ if s == "" {
+ continue
+ }
+ pair := strings.SplitN(s, "=", 2)
+ if len(pair) > 1 {
+ protocol[pair[0]] = pair[1]
+ } else {
+ protocol[""] = pair[0]
+ }
+ }
+
+ return ProxyConf{
+ Static: StaticProxyConf{
+ Active: regedit.ProxyEnable > 0,
+ Protocols: protocol,
+ NoProxy: strings.Replace(regedit.ProxyOverride, ";", ",", -1), // to match linux style
+ },
+ Automatic: ProxyScriptConf{
+ Active: regedit.AutoConfigURL != "",
+ PreConfiguredURL: regedit.AutoConfigURL,
+ },
+ }
+}
+
+func readRegedit() (values regeditValues, err error) {
+ var proxySettingsPerUser uint64 = 1 // 1 is the default value to consider current user
+ k, err := registry.OpenKey(registry.LOCAL_MACHINE, `Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings`, registry.QUERY_VALUE)
+ if err == nil {
+ //We had used the below variable tempPrxUsrSettings, because the Golang method GetIntegerValue
+ //sets the value to zero even it fails.
+ tempPrxUsrSettings, _, err := k.GetIntegerValue("ProxySettingsPerUser")
+ if err == nil {
+ //consider the value of tempPrxUsrSettings if it is a success
+ proxySettingsPerUser = tempPrxUsrSettings
+ }
+ k.Close()
+ }
+
+ var hkey registry.Key
+ if proxySettingsPerUser == 0 {
+ hkey = registry.LOCAL_MACHINE
+ } else {
+ hkey = registry.CURRENT_USER
+ }
+
+ k, err = registry.OpenKey(hkey, `Software\Microsoft\Windows\CurrentVersion\Internet Settings`, registry.QUERY_VALUE)
+ if err != nil {
+ return
+ }
+ defer k.Close()
+
+ values.ProxyServer, _, err = k.GetStringValue("ProxyServer")
+ if err != nil && err != registry.ErrNotExist {
+ return
+ }
+ values.ProxyOverride, _, err = k.GetStringValue("ProxyOverride")
+ if err != nil && err != registry.ErrNotExist {
+ return
+ }
+
+ values.ProxyEnable, _, err = k.GetIntegerValue("ProxyEnable")
+ if err != nil && err != registry.ErrNotExist {
+ return
+ }
+
+ values.AutoConfigURL, _, err = k.GetStringValue("AutoConfigURL")
+ if err != nil && err != registry.ErrNotExist {
+ return
+ }
+ err = nil
+ return
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/kernel32_data_windows.go b/vendor/github.com/mattn/go-ieproxy/kernel32_data_windows.go
new file mode 100644
index 00000000000..30ebbd22a07
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/kernel32_data_windows.go
@@ -0,0 +1,19 @@
+package ieproxy
+
+import (
+ "golang.org/x/sys/windows"
+ "unsafe"
+)
+
+var kernel32 = windows.NewLazySystemDLL("kernel32.dll")
+var globalFree = kernel32.NewProc("GlobalFree")
+
+func globalFreeWrapper(ptr *uint16) {
+ if ptr != nil {
+ _, _, _ = globalFree.Call(uintptr(unsafe.Pointer(ptr)))
+ }
+}
+
+func rTrue(r uintptr) bool {
+ return r == 1
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/pac_darwin.go b/vendor/github.com/mattn/go-ieproxy/pac_darwin.go
new file mode 100644
index 00000000000..a8bf90e94d7
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/pac_darwin.go
@@ -0,0 +1,141 @@
+package ieproxy
+
+/*
+#cgo LDFLAGS: -framework CoreFoundation
+#cgo LDFLAGS: -framework CFNetwork
+#include
+#include
+
+#define STR_LEN 128
+
+void proxyAutoConfCallback(void* client, CFArrayRef proxies, CFErrorRef error) {
+ CFTypeRef* result_ptr = (CFTypeRef*)client;
+ if (error != NULL) {
+ *result_ptr = CFRetain(error);
+ } else {
+ *result_ptr = CFRetain(proxies);
+ }
+ CFRunLoopStop(CFRunLoopGetCurrent());
+}
+
+int intCFNumber(CFNumberRef num) {
+ int ret;
+ CFNumberGetValue(num, kCFNumberIntType, &ret);
+ return ret;
+}
+
+char* _getProxyUrlFromPac(char* pac, char* reqCs) {
+ char* retCString = (char*)calloc(STR_LEN, sizeof(char));
+
+ CFStringRef reqStr = CFStringCreateWithCString(NULL, reqCs, kCFStringEncodingUTF8);
+ CFStringRef pacStr = CFStringCreateWithCString(NULL, pac, kCFStringEncodingUTF8);
+ CFURLRef pacUrl = CFURLCreateWithString(NULL, pacStr, NULL);
+ CFURLRef reqUrl = CFURLCreateWithString(NULL, reqStr, NULL);
+
+ CFTypeRef result = NULL;
+ CFStreamClientContext context = { 0, &result, NULL, NULL, NULL };
+ CFRunLoopSourceRef runloop_src = CFNetworkExecuteProxyAutoConfigurationURL(pacUrl, reqUrl, proxyAutoConfCallback, &context);
+
+ if (runloop_src) {
+ const CFStringRef private_runloop_mode = CFSTR("go-ieproxy");
+ CFRunLoopAddSource(CFRunLoopGetCurrent(), runloop_src, private_runloop_mode);
+ CFRunLoopRunInMode(private_runloop_mode, DBL_MAX, false);
+ CFRunLoopRemoveSource(CFRunLoopGetCurrent(), runloop_src, kCFRunLoopCommonModes);
+
+ if (CFGetTypeID(result) == CFArrayGetTypeID()) {
+ CFArrayRef resultArray = (CFTypeRef)result;
+ if (CFArrayGetCount(resultArray) > 0) {
+ CFDictionaryRef pxy = (CFDictionaryRef)CFArrayGetValueAtIndex(resultArray, 0);
+ CFStringRef pxyType = CFDictionaryGetValue(pxy, kCFProxyTypeKey);
+
+ if (CFEqual(pxyType, kCFProxyTypeNone)) {
+ // noop
+ }
+
+ if (CFEqual(pxyType, kCFProxyTypeHTTP)) {
+ CFStringRef host = (CFStringRef)CFDictionaryGetValue(pxy, kCFProxyHostNameKey);
+ CFNumberRef port = (CFNumberRef)CFDictionaryGetValue(pxy, kCFProxyPortNumberKey);
+
+ char host_str[STR_LEN - 16];
+ CFStringGetCString(host, host_str, STR_LEN - 16, kCFStringEncodingUTF8);
+
+ int port_int = 80;
+ if (port) {
+ CFNumberGetValue(port, kCFNumberIntType, &port_int);
+ }
+
+ sprintf(retCString, "%s:%d", host_str, port_int);
+ }
+ }
+ } else {
+ // error
+ }
+ }
+
+ CFRelease(result);
+ CFRelease(reqStr);
+ CFRelease(reqUrl);
+ CFRelease(pacStr);
+ CFRelease(pacUrl);
+ return retCString;
+}
+
+char* _getPacUrl() {
+ char* retCString = (char*)calloc(STR_LEN, sizeof(char));
+ CFDictionaryRef proxyDict = CFNetworkCopySystemProxySettings();
+ CFNumberRef pacEnable = (CFNumberRef)CFDictionaryGetValue(proxyDict, kCFNetworkProxiesProxyAutoConfigEnable);
+
+ if (pacEnable && intCFNumber(pacEnable)) {
+ CFStringRef pacUrlStr = (CFStringRef)CFDictionaryGetValue(proxyDict, kCFNetworkProxiesProxyAutoConfigURLString);
+ if (pacUrlStr) {
+ CFStringGetCString(pacUrlStr, retCString, STR_LEN, kCFStringEncodingUTF8);
+ }
+ }
+
+ CFRelease(proxyDict);
+ return retCString;
+}
+
+*/
+import "C"
+import (
+ "net/url"
+ "unsafe"
+)
+
+func (psc *ProxyScriptConf) findProxyForURL(URL string) string {
+ if !psc.Active {
+ return ""
+ }
+ proxy := getProxyForURL(psc.PreConfiguredURL, URL)
+ return proxy
+}
+
+func getProxyForURL(pacFileURL, targetURL string) string {
+ if pacFileURL == "" {
+ pacFileURL = getPacUrl()
+ }
+ if pacFileURL == "" {
+ return ""
+ }
+ if u, err := url.Parse(pacFileURL); err != nil || u.Scheme == "" {
+ return ""
+ }
+
+ csUrl := C.CString(targetURL)
+ csPac := C.CString(pacFileURL)
+ csRet := C._getProxyUrlFromPac(csPac, csUrl)
+
+ defer C.free(unsafe.Pointer(csUrl))
+ defer C.free(unsafe.Pointer(csPac))
+ defer C.free(unsafe.Pointer(csRet))
+
+ return C.GoString(csRet)
+}
+
+func getPacUrl() string {
+ csRet := C._getPacUrl()
+
+ defer C.free(unsafe.Pointer(csRet))
+ return C.GoString(csRet)
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/pac_unix.go b/vendor/github.com/mattn/go-ieproxy/pac_unix.go
new file mode 100644
index 00000000000..d4613cff695
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/pac_unix.go
@@ -0,0 +1,8 @@
+//go:build !windows && (!darwin || !cgo)
+// +build !windows,!darwin !cgo
+
+package ieproxy
+
+func (psc *ProxyScriptConf) findProxyForURL(URL string) string {
+ return ""
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/pac_windows.go b/vendor/github.com/mattn/go-ieproxy/pac_windows.go
new file mode 100644
index 00000000000..6a2ee677855
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/pac_windows.go
@@ -0,0 +1,72 @@
+package ieproxy
+
+import (
+ "strings"
+ "syscall"
+ "unsafe"
+)
+
+func (psc *ProxyScriptConf) findProxyForURL(URL string) string {
+ if !psc.Active {
+ return ""
+ }
+ proxy, _ := getProxyForURL(psc.PreConfiguredURL, URL)
+ i := strings.Index(proxy, ";")
+ if i >= 0 {
+ return proxy[:i]
+ }
+ return proxy
+}
+
+func getProxyForURL(pacfileURL, URL string) (string, error) {
+ pacfileURLPtr, err := syscall.UTF16PtrFromString(pacfileURL)
+ if err != nil {
+ return "", err
+ }
+ URLPtr, err := syscall.UTF16PtrFromString(URL)
+ if err != nil {
+ return "", err
+ }
+
+ handle, _, err := winHttpOpen.Call(0, 0, 0, 0, 0)
+ if handle == 0 {
+ return "", err
+ }
+ defer winHttpCloseHandle.Call(handle)
+
+ dwFlags := fWINHTTP_AUTOPROXY_CONFIG_URL
+ dwAutoDetectFlags := autoDetectFlag(0)
+ pfURLptr := pacfileURLPtr
+
+ if pacfileURL == "" {
+ dwFlags = fWINHTTP_AUTOPROXY_AUTO_DETECT
+ dwAutoDetectFlags = fWINHTTP_AUTO_DETECT_TYPE_DNS_A | fWINHTTP_AUTO_DETECT_TYPE_DHCP
+ pfURLptr = nil
+ }
+
+ options := tWINHTTP_AUTOPROXY_OPTIONS{
+ dwFlags: dwFlags, // adding cache might cause issues: https://github.com/mattn/go-ieproxy/issues/6
+ dwAutoDetectFlags: dwAutoDetectFlags,
+ lpszAutoConfigUrl: pfURLptr,
+ lpvReserved: nil,
+ dwReserved: 0,
+ fAutoLogonIfChallenged: true, // may not be optimal https://msdn.microsoft.com/en-us/library/windows/desktop/aa383153(v=vs.85).aspx
+ } // lpszProxyBypass isn't used as this only executes in cases where there (may) be a pac file (autodetect can fail), where lpszProxyBypass couldn't be returned.
+ // in the case that autodetect fails and no pre-specified pacfile is present, no proxy is returned.
+
+ info := new(tWINHTTP_PROXY_INFO)
+
+ ret, _, err := winHttpGetProxyForURL.Call(
+ handle,
+ uintptr(unsafe.Pointer(URLPtr)),
+ uintptr(unsafe.Pointer(&options)),
+ uintptr(unsafe.Pointer(info)),
+ )
+ if ret > 0 {
+ err = nil
+ }
+
+ defer globalFreeWrapper(info.lpszProxyBypass)
+ defer globalFreeWrapper(info.lpszProxy)
+ return StringFromUTF16Ptr(info.lpszProxy), err
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/proxy_middleman.go b/vendor/github.com/mattn/go-ieproxy/proxy_middleman.go
new file mode 100644
index 00000000000..b2ff9147b92
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/proxy_middleman.go
@@ -0,0 +1,11 @@
+package ieproxy
+
+import (
+ "net/http"
+ "net/url"
+)
+
+// GetProxyFunc is a forwarder for the OS-Exclusive proxyMiddleman_os.go files
+func GetProxyFunc() func(*http.Request) (*url.URL, error) {
+ return proxyMiddleman()
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/proxy_middleman_darwin.go b/vendor/github.com/mattn/go-ieproxy/proxy_middleman_darwin.go
new file mode 100644
index 00000000000..a89948dca65
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/proxy_middleman_darwin.go
@@ -0,0 +1,43 @@
+package ieproxy
+
+import (
+ "net/http"
+ "net/url"
+
+ "golang.org/x/net/http/httpproxy"
+)
+
+func proxyMiddleman() func(req *http.Request) (i *url.URL, e error) {
+ // Get the proxy configuration
+ conf := GetConf()
+ envCfg := httpproxy.FromEnvironment()
+
+ if envCfg.HTTPProxy != "" || envCfg.HTTPSProxy != "" {
+ // If the user manually specifies environment variables, prefer those over the MacOS config.
+ return http.ProxyFromEnvironment
+ }
+
+ return func(req *http.Request) (i *url.URL, e error) {
+ if conf.Automatic.Active {
+ host := conf.Automatic.FindProxyForURL(req.URL.String())
+ if host != "" {
+ return &url.URL{Host: host}, nil
+ }
+ }
+ if conf.Static.Active {
+ return staticProxy(conf, req)
+ }
+ // Should return no proxy; fallthrough.
+ return http.ProxyFromEnvironment(req)
+ }
+}
+
+func staticProxy(conf ProxyConf, req *http.Request) (i *url.URL, e error) {
+ // If static proxy obtaining is specified
+ proxy := httpproxy.Config{
+ HTTPSProxy: conf.Static.Protocols["https"],
+ HTTPProxy: conf.Static.Protocols["http"],
+ NoProxy: conf.Static.NoProxy,
+ }
+ return proxy.ProxyFunc()(req.URL)
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/proxy_middleman_unix.go b/vendor/github.com/mattn/go-ieproxy/proxy_middleman_unix.go
new file mode 100644
index 00000000000..fe227a12ee2
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/proxy_middleman_unix.go
@@ -0,0 +1,14 @@
+//go:build !windows && !darwin
+// +build !windows,!darwin
+
+package ieproxy
+
+import (
+ "net/http"
+ "net/url"
+)
+
+func proxyMiddleman() func(req *http.Request) (i *url.URL, e error) {
+ // Fallthrough to ProxyFromEnvironment on all other OSes.
+ return http.ProxyFromEnvironment
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/proxy_middleman_windows.go b/vendor/github.com/mattn/go-ieproxy/proxy_middleman_windows.go
new file mode 100644
index 00000000000..7d314dbf9ca
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/proxy_middleman_windows.go
@@ -0,0 +1,52 @@
+package ieproxy
+
+import (
+ "net/http"
+ "net/url"
+
+ "golang.org/x/net/http/httpproxy"
+)
+
+func proxyMiddleman() func(req *http.Request) (i *url.URL, e error) {
+ // Get the proxy configuration
+ conf := GetConf()
+ envcfg := httpproxy.FromEnvironment()
+
+ if envcfg.HTTPProxy != "" || envcfg.HTTPSProxy != "" {
+ // If the user manually specifies environment variables, prefer those over the Windows config.
+ return http.ProxyFromEnvironment
+ }
+
+ return func(req *http.Request) (i *url.URL, e error) {
+ if conf.Automatic.Active {
+ host := conf.Automatic.FindProxyForURL(req.URL.String())
+ if host != "" {
+ return &url.URL{Host: host}, nil
+ }
+ }
+ if conf.Static.Active {
+ return staticProxy(conf, req)
+ }
+ // Should return no proxy; fallthrough.
+ return http.ProxyFromEnvironment(req)
+ }
+}
+
+func staticProxy(conf ProxyConf, req *http.Request) (i *url.URL, e error) {
+ // If static proxy obtaining is specified
+ prox := httpproxy.Config{
+ HTTPSProxy: mapFallback("https", "", conf.Static.Protocols),
+ HTTPProxy: mapFallback("http", "", conf.Static.Protocols),
+ NoProxy: conf.Static.NoProxy,
+ }
+ return prox.ProxyFunc()(req.URL)
+}
+
+// Return oKey or fbKey if oKey doesn't exist in the map.
+func mapFallback(oKey, fbKey string, m map[string]string) string {
+ if v, ok := m[oKey]; ok {
+ return v
+ } else {
+ return m[fbKey]
+ }
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/utils.go b/vendor/github.com/mattn/go-ieproxy/utils.go
new file mode 100644
index 00000000000..353b231120a
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/utils.go
@@ -0,0 +1,23 @@
+package ieproxy
+
+import (
+ "unicode/utf16"
+ "unsafe"
+)
+
+// StringFromUTF16Ptr converts a *uint16 C string to a Go String
+func StringFromUTF16Ptr(s *uint16) string {
+ if s == nil {
+ return ""
+ }
+
+ p := (*[1<<30 - 1]uint16)(unsafe.Pointer(s))
+
+ // find the string length
+ sz := 0
+ for p[sz] != 0 {
+ sz++
+ }
+
+ return string(utf16.Decode(p[:sz:sz]))
+}
diff --git a/vendor/github.com/mattn/go-ieproxy/winhttp_data_windows.go b/vendor/github.com/mattn/go-ieproxy/winhttp_data_windows.go
new file mode 100644
index 00000000000..4d3b1677805
--- /dev/null
+++ b/vendor/github.com/mattn/go-ieproxy/winhttp_data_windows.go
@@ -0,0 +1,51 @@
+package ieproxy
+
+import "golang.org/x/sys/windows"
+
+var winHttp = windows.NewLazySystemDLL("winhttp.dll")
+var winHttpGetProxyForURL = winHttp.NewProc("WinHttpGetProxyForUrl")
+var winHttpOpen = winHttp.NewProc("WinHttpOpen")
+var winHttpCloseHandle = winHttp.NewProc("WinHttpCloseHandle")
+var winHttpGetIEProxyConfigForCurrentUser = winHttp.NewProc("WinHttpGetIEProxyConfigForCurrentUser")
+var winHttpGetDefaultProxyConfiguration = winHttp.NewProc("WinHttpGetDefaultProxyConfiguration")
+
+type tWINHTTP_AUTOPROXY_OPTIONS struct {
+ dwFlags autoProxyFlag
+ dwAutoDetectFlags autoDetectFlag
+ lpszAutoConfigUrl *uint16
+ lpvReserved *uint16
+ dwReserved uint32
+ fAutoLogonIfChallenged bool
+}
+type autoProxyFlag uint32
+
+const (
+ fWINHTTP_AUTOPROXY_AUTO_DETECT = autoProxyFlag(0x00000001)
+ fWINHTTP_AUTOPROXY_CONFIG_URL = autoProxyFlag(0x00000002)
+ fWINHTTP_AUTOPROXY_NO_CACHE_CLIENT = autoProxyFlag(0x00080000)
+ fWINHTTP_AUTOPROXY_NO_CACHE_SVC = autoProxyFlag(0x00100000)
+ fWINHTTP_AUTOPROXY_NO_DIRECTACCESS = autoProxyFlag(0x00040000)
+ fWINHTTP_AUTOPROXY_RUN_INPROCESS = autoProxyFlag(0x00010000)
+ fWINHTTP_AUTOPROXY_RUN_OUTPROCESS_ONLY = autoProxyFlag(0x00020000)
+ fWINHTTP_AUTOPROXY_SORT_RESULTS = autoProxyFlag(0x00400000)
+)
+
+type autoDetectFlag uint32
+
+const (
+ fWINHTTP_AUTO_DETECT_TYPE_DHCP = autoDetectFlag(0x00000001)
+ fWINHTTP_AUTO_DETECT_TYPE_DNS_A = autoDetectFlag(0x00000002)
+)
+
+type tWINHTTP_PROXY_INFO struct {
+ dwAccessType uint32
+ lpszProxy *uint16
+ lpszProxyBypass *uint16
+}
+
+type tWINHTTP_CURRENT_USER_IE_PROXY_CONFIG struct {
+ fAutoDetect bool
+ lpszAutoConfigUrl *uint16
+ lpszProxy *uint16
+ lpszProxyBypass *uint16
+}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_bsd.go b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
index d569c0c9499..d0ea68f4082 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_bsd.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
@@ -1,6 +1,7 @@
-//go:build (darwin || freebsd || openbsd || netbsd || dragonfly || hurd) && !appengine
+//go:build (darwin || freebsd || openbsd || netbsd || dragonfly || hurd) && !appengine && !tinygo
// +build darwin freebsd openbsd netbsd dragonfly hurd
// +build !appengine
+// +build !tinygo
package isatty
diff --git a/vendor/github.com/mattn/go-isatty/isatty_others.go b/vendor/github.com/mattn/go-isatty/isatty_others.go
index 31503226f6c..7402e0618aa 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_others.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_others.go
@@ -1,5 +1,6 @@
-//go:build appengine || js || nacl || wasm
-// +build appengine js nacl wasm
+//go:build (appengine || js || nacl || tinygo || wasm) && !windows
+// +build appengine js nacl tinygo wasm
+// +build !windows
package isatty
diff --git a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
index 67787657fb2..0337d8cf6de 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
@@ -1,6 +1,7 @@
-//go:build (linux || aix || zos) && !appengine
+//go:build (linux || aix || zos) && !appengine && !tinygo
// +build linux aix zos
// +build !appengine
+// +build !tinygo
package isatty
diff --git a/vendor/github.com/mitchellh/go-homedir/LICENSE b/vendor/github.com/mitchellh/go-homedir/LICENSE
new file mode 100644
index 00000000000..f9c841a51e0
--- /dev/null
+++ b/vendor/github.com/mitchellh/go-homedir/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Mitchell Hashimoto
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/mitchellh/go-homedir/README.md b/vendor/github.com/mitchellh/go-homedir/README.md
new file mode 100644
index 00000000000..d70706d5b35
--- /dev/null
+++ b/vendor/github.com/mitchellh/go-homedir/README.md
@@ -0,0 +1,14 @@
+# go-homedir
+
+This is a Go library for detecting the user's home directory without
+the use of cgo, so the library can be used in cross-compilation environments.
+
+Usage is incredibly simple, just call `homedir.Dir()` to get the home directory
+for a user, and `homedir.Expand()` to expand the `~` in a path to the home
+directory.
+
+**Why not just use `os/user`?** The built-in `os/user` package requires
+cgo on Darwin systems. This means that any Go code that uses that package
+cannot cross compile. But 99% of the time the use for `os/user` is just to
+retrieve the home directory, which we can do for the current user without
+cgo. This library does that, enabling cross-compilation.
diff --git a/vendor/github.com/mitchellh/go-homedir/homedir.go b/vendor/github.com/mitchellh/go-homedir/homedir.go
new file mode 100644
index 00000000000..25378537ead
--- /dev/null
+++ b/vendor/github.com/mitchellh/go-homedir/homedir.go
@@ -0,0 +1,167 @@
+package homedir
+
+import (
+ "bytes"
+ "errors"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "runtime"
+ "strconv"
+ "strings"
+ "sync"
+)
+
+// DisableCache will disable caching of the home directory. Caching is enabled
+// by default.
+var DisableCache bool
+
+var homedirCache string
+var cacheLock sync.RWMutex
+
+// Dir returns the home directory for the executing user.
+//
+// This uses an OS-specific method for discovering the home directory.
+// An error is returned if a home directory cannot be detected.
+func Dir() (string, error) {
+ if !DisableCache {
+ cacheLock.RLock()
+ cached := homedirCache
+ cacheLock.RUnlock()
+ if cached != "" {
+ return cached, nil
+ }
+ }
+
+ cacheLock.Lock()
+ defer cacheLock.Unlock()
+
+ var result string
+ var err error
+ if runtime.GOOS == "windows" {
+ result, err = dirWindows()
+ } else {
+ // Unix-like system, so just assume Unix
+ result, err = dirUnix()
+ }
+
+ if err != nil {
+ return "", err
+ }
+ homedirCache = result
+ return result, nil
+}
+
+// Expand expands the path to include the home directory if the path
+// is prefixed with `~`. If it isn't prefixed with `~`, the path is
+// returned as-is.
+func Expand(path string) (string, error) {
+ if len(path) == 0 {
+ return path, nil
+ }
+
+ if path[0] != '~' {
+ return path, nil
+ }
+
+ if len(path) > 1 && path[1] != '/' && path[1] != '\\' {
+ return "", errors.New("cannot expand user-specific home dir")
+ }
+
+ dir, err := Dir()
+ if err != nil {
+ return "", err
+ }
+
+ return filepath.Join(dir, path[1:]), nil
+}
+
+// Reset clears the cache, forcing the next call to Dir to re-detect
+// the home directory. This generally never has to be called, but can be
+// useful in tests if you're modifying the home directory via the HOME
+// env var or something.
+func Reset() {
+ cacheLock.Lock()
+ defer cacheLock.Unlock()
+ homedirCache = ""
+}
+
+func dirUnix() (string, error) {
+ homeEnv := "HOME"
+ if runtime.GOOS == "plan9" {
+ // On plan9, env vars are lowercase.
+ homeEnv = "home"
+ }
+
+ // First prefer the HOME environmental variable
+ if home := os.Getenv(homeEnv); home != "" {
+ return home, nil
+ }
+
+ var stdout bytes.Buffer
+
+ // If that fails, try OS specific commands
+ if runtime.GOOS == "darwin" {
+ cmd := exec.Command("sh", "-c", `dscl -q . -read /Users/"$(whoami)" NFSHomeDirectory | sed 's/^[^ ]*: //'`)
+ cmd.Stdout = &stdout
+ if err := cmd.Run(); err == nil {
+ result := strings.TrimSpace(stdout.String())
+ if result != "" {
+ return result, nil
+ }
+ }
+ } else {
+ cmd := exec.Command("getent", "passwd", strconv.Itoa(os.Getuid()))
+ cmd.Stdout = &stdout
+ if err := cmd.Run(); err != nil {
+ // If the error is ErrNotFound, we ignore it. Otherwise, return it.
+ if err != exec.ErrNotFound {
+ return "", err
+ }
+ } else {
+ if passwd := strings.TrimSpace(stdout.String()); passwd != "" {
+ // username:password:uid:gid:gecos:home:shell
+ passwdParts := strings.SplitN(passwd, ":", 7)
+ if len(passwdParts) > 5 {
+ return passwdParts[5], nil
+ }
+ }
+ }
+ }
+
+ // If all else fails, try the shell
+ stdout.Reset()
+ cmd := exec.Command("sh", "-c", "cd && pwd")
+ cmd.Stdout = &stdout
+ if err := cmd.Run(); err != nil {
+ return "", err
+ }
+
+ result := strings.TrimSpace(stdout.String())
+ if result == "" {
+ return "", errors.New("blank output when reading home directory")
+ }
+
+ return result, nil
+}
+
+func dirWindows() (string, error) {
+ // First prefer the HOME environmental variable
+ if home := os.Getenv("HOME"); home != "" {
+ return home, nil
+ }
+
+ // Prefer standard environment variable USERPROFILE
+ if home := os.Getenv("USERPROFILE"); home != "" {
+ return home, nil
+ }
+
+ drive := os.Getenv("HOMEDRIVE")
+ path := os.Getenv("HOMEPATH")
+ home := drive + path
+ if drive == "" || path == "" {
+ return "", errors.New("HOMEDRIVE, HOMEPATH, or USERPROFILE are blank")
+ }
+
+ return home, nil
+}
diff --git a/vendor/github.com/ncw/swift/.gitignore b/vendor/github.com/ncw/swift/.gitignore
new file mode 100644
index 00000000000..5cdbab79477
--- /dev/null
+++ b/vendor/github.com/ncw/swift/.gitignore
@@ -0,0 +1,4 @@
+*~
+*.pyc
+test-env*
+junk/
\ No newline at end of file
diff --git a/vendor/github.com/ncw/swift/.travis.yml b/vendor/github.com/ncw/swift/.travis.yml
new file mode 100644
index 00000000000..72364ac18d6
--- /dev/null
+++ b/vendor/github.com/ncw/swift/.travis.yml
@@ -0,0 +1,61 @@
+language: go
+sudo: false
+
+arch:
+ - amd64
+ - ppc64le
+
+go_import_path: github.com/ncw/swift
+
+go:
+ - 1.2.x
+ - 1.3.x
+ - 1.4.x
+ - 1.5.x
+ - 1.6.x
+ - 1.7.x
+ - 1.8.x
+ - 1.9.x
+ - 1.10.x
+ - 1.11.x
+ - 1.12.x
+ - 1.13.x
+ - 1.14.x
+ - master
+
+matrix:
+ include:
+ - go: 1.14.x
+ env: TEST_REAL_SERVER=rackspace
+ - go: 1.14.x
+ env: TEST_REAL_SERVER=memset
+ - go: 1.14.x
+ arch: ppc64le
+ env: TEST_REAL_SERVER=rackspace
+ - go: 1.14.x
+ arch: ppc64le
+ env: TEST_REAL_SERVER=memset
+ allow_failures:
+ - go: 1.14.x
+ env: TEST_REAL_SERVER=rackspace
+ - go: 1.14.x
+ env: TEST_REAL_SERVER=memset
+ - go: 1.14.x
+ arch: ppc64le
+ env: TEST_REAL_SERVER=rackspace
+ - go: 1.14.x
+ arch: ppc64le
+ env: TEST_REAL_SERVER=memset
+# Removed unsupported jobs for ppc64le
+ exclude:
+ - go: 1.2.x
+ arch: ppc64le
+ - go: 1.3.x
+ arch: ppc64le
+ - go: 1.4.x
+ arch: ppc64le
+install: go test -i ./...
+script:
+ - test -z "$(go fmt ./...)"
+ - go test
+ - ./travis_realserver.sh
diff --git a/vendor/github.com/ncw/swift/COPYING b/vendor/github.com/ncw/swift/COPYING
new file mode 100644
index 00000000000..8c27c67fd0a
--- /dev/null
+++ b/vendor/github.com/ncw/swift/COPYING
@@ -0,0 +1,20 @@
+Copyright (C) 2012 by Nick Craig-Wood http://www.craig-wood.com/nick/
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
diff --git a/vendor/github.com/ncw/swift/README.md b/vendor/github.com/ncw/swift/README.md
new file mode 100644
index 00000000000..1965f73c5dd
--- /dev/null
+++ b/vendor/github.com/ncw/swift/README.md
@@ -0,0 +1,163 @@
+Swift
+=====
+
+This package provides an easy to use library for interfacing with
+Swift / Openstack Object Storage / Rackspace cloud files from the Go
+Language
+
+See here for package docs
+
+ http://godoc.org/github.com/ncw/swift
+
+[](https://travis-ci.org/ncw/swift) [](https://godoc.org/github.com/ncw/swift)
+
+Install
+-------
+
+Use go to install the library
+
+ go get github.com/ncw/swift
+
+Usage
+-----
+
+See here for full package docs
+
+- http://godoc.org/github.com/ncw/swift
+
+Here is a short example from the docs
+```go
+import "github.com/ncw/swift"
+
+// Create a connection
+c := swift.Connection{
+ UserName: "user",
+ ApiKey: "key",
+ AuthUrl: "auth_url",
+ Domain: "domain", // Name of the domain (v3 auth only)
+ Tenant: "tenant", // Name of the tenant (v2 auth only)
+}
+// Authenticate
+err := c.Authenticate()
+if err != nil {
+ panic(err)
+}
+// List all the containers
+containers, err := c.ContainerNames(nil)
+fmt.Println(containers)
+// etc...
+```
+
+Additions
+---------
+
+The `rs` sub project contains a wrapper for the Rackspace specific CDN Management interface.
+
+Testing
+-------
+
+To run the tests you can either use an embedded fake Swift server
+either use a real Openstack Swift server or a Rackspace Cloud files account.
+
+When using a real Swift server, you need to set these environment variables
+before running the tests
+
+ export SWIFT_API_USER='user'
+ export SWIFT_API_KEY='key'
+ export SWIFT_AUTH_URL='https://url.of.auth.server/v1.0'
+
+And optionally these if using v2 authentication
+
+ export SWIFT_TENANT='TenantName'
+ export SWIFT_TENANT_ID='TenantId'
+
+And optionally these if using v3 authentication
+
+ export SWIFT_TENANT='TenantName'
+ export SWIFT_TENANT_ID='TenantId'
+ export SWIFT_API_DOMAIN_ID='domain id'
+ export SWIFT_API_DOMAIN='domain name'
+
+And optionally these if using v3 trust
+
+ export SWIFT_TRUST_ID='TrustId'
+
+And optionally this if you want to skip server certificate validation
+
+ export SWIFT_AUTH_INSECURE=1
+
+And optionally this to configure the connect channel timeout, in seconds
+
+ export SWIFT_CONNECTION_CHANNEL_TIMEOUT=60
+
+And optionally this to configure the data channel timeout, in seconds
+
+ export SWIFT_DATA_CHANNEL_TIMEOUT=60
+
+Then run the tests with `go test`
+
+License
+-------
+
+This is free software under the terms of MIT license (check COPYING file
+included in this package).
+
+Contact and support
+-------------------
+
+The project website is at:
+
+- https://github.com/ncw/swift
+
+There you can file bug reports, ask for help or contribute patches.
+
+Authors
+-------
+
+- Nick Craig-Wood
+
+Contributors
+------------
+
+- Brian "bojo" Jones
+- Janika Liiv
+- Yamamoto, Hirotaka
+- Stephen
+- platformpurple
+- Paul Querna
+- Livio Soares
+- thesyncim
+- lsowen
+- Sylvain Baubeau
+- Chris Kastorff
+- Dai HaoJun
+- Hua Wang
+- Fabian Ruff
+- Arturo Reuschenbach Puncernau
+- Petr Kotek
+- Stefan Majewsky
+- Cezar Sa Espinola
+- Sam Gunaratne
+- Richard Scothern
+- Michel Couillard
+- Christopher Waldon
+- dennis
+- hag
+- Alexander Neumann
+- eclipseo <30413512+eclipseo@users.noreply.github.com>
+- Yuri Per
+- Falk Reimann
+- Arthur Paim Arnold
+- Bruno Michel
+- Charles Hsu
+- Omar Ali
+- Andreas Andersen
+- kayrus
+- CodeLingo Bot
+- Jérémy Clerc
+- 4xicom <37339705+4xicom@users.noreply.github.com>
+- Bo
+- Thiago da Silva
+- Brandon WELSCH
+- Damien Tournoud
+- Pedro Kiefer
diff --git a/vendor/github.com/ncw/swift/auth.go b/vendor/github.com/ncw/swift/auth.go
new file mode 100644
index 00000000000..25654f429cb
--- /dev/null
+++ b/vendor/github.com/ncw/swift/auth.go
@@ -0,0 +1,335 @@
+package swift
+
+import (
+ "bytes"
+ "encoding/json"
+ "net/http"
+ "net/url"
+ "strings"
+ "time"
+)
+
+// Auth defines the operations needed to authenticate with swift
+//
+// This encapsulates the different authentication schemes in use
+type Authenticator interface {
+ // Request creates an http.Request for the auth - return nil if not needed
+ Request(*Connection) (*http.Request, error)
+ // Response parses the http.Response
+ Response(resp *http.Response) error
+ // The public storage URL - set Internal to true to read
+ // internal/service net URL
+ StorageUrl(Internal bool) string
+ // The access token
+ Token() string
+ // The CDN url if available
+ CdnUrl() string
+}
+
+// Expireser is an optional interface to read the expiration time of the token
+type Expireser interface {
+ Expires() time.Time
+}
+
+type CustomEndpointAuthenticator interface {
+ StorageUrlForEndpoint(endpointType EndpointType) string
+}
+
+type EndpointType string
+
+const (
+ // Use public URL as storage URL
+ EndpointTypePublic = EndpointType("public")
+
+ // Use internal URL as storage URL
+ EndpointTypeInternal = EndpointType("internal")
+
+ // Use admin URL as storage URL
+ EndpointTypeAdmin = EndpointType("admin")
+)
+
+// newAuth - create a new Authenticator from the AuthUrl
+//
+// A hint for AuthVersion can be provided
+func newAuth(c *Connection) (Authenticator, error) {
+ AuthVersion := c.AuthVersion
+ if AuthVersion == 0 {
+ if strings.Contains(c.AuthUrl, "v3") {
+ AuthVersion = 3
+ } else if strings.Contains(c.AuthUrl, "v2") {
+ AuthVersion = 2
+ } else if strings.Contains(c.AuthUrl, "v1") {
+ AuthVersion = 1
+ } else {
+ return nil, newErrorf(500, "Can't find AuthVersion in AuthUrl - set explicitly")
+ }
+ }
+ switch AuthVersion {
+ case 1:
+ return &v1Auth{}, nil
+ case 2:
+ return &v2Auth{
+ // Guess as to whether using API key or
+ // password it will try both eventually so
+ // this is just an optimization.
+ useApiKey: len(c.ApiKey) >= 32,
+ }, nil
+ case 3:
+ return &v3Auth{}, nil
+ }
+ return nil, newErrorf(500, "Auth Version %d not supported", AuthVersion)
+}
+
+// ------------------------------------------------------------
+
+// v1 auth
+type v1Auth struct {
+ Headers http.Header // V1 auth: the authentication headers so extensions can access them
+}
+
+// v1 Authentication - make request
+func (auth *v1Auth) Request(c *Connection) (*http.Request, error) {
+ req, err := http.NewRequest("GET", c.AuthUrl, nil)
+ if err != nil {
+ return nil, err
+ }
+ req.Header.Set("User-Agent", c.UserAgent)
+ req.Header.Set("X-Auth-Key", c.ApiKey)
+ req.Header.Set("X-Auth-User", c.UserName)
+ return req, nil
+}
+
+// v1 Authentication - read response
+func (auth *v1Auth) Response(resp *http.Response) error {
+ auth.Headers = resp.Header
+ return nil
+}
+
+// v1 Authentication - read storage url
+func (auth *v1Auth) StorageUrl(Internal bool) string {
+ storageUrl := auth.Headers.Get("X-Storage-Url")
+ if Internal {
+ newUrl, err := url.Parse(storageUrl)
+ if err != nil {
+ return storageUrl
+ }
+ newUrl.Host = "snet-" + newUrl.Host
+ storageUrl = newUrl.String()
+ }
+ return storageUrl
+}
+
+// v1 Authentication - read auth token
+func (auth *v1Auth) Token() string {
+ return auth.Headers.Get("X-Auth-Token")
+}
+
+// v1 Authentication - read cdn url
+func (auth *v1Auth) CdnUrl() string {
+ return auth.Headers.Get("X-CDN-Management-Url")
+}
+
+// ------------------------------------------------------------
+
+// v2 Authentication
+type v2Auth struct {
+ Auth *v2AuthResponse
+ Region string
+ useApiKey bool // if set will use API key not Password
+ useApiKeyOk bool // if set won't change useApiKey any more
+ notFirst bool // set after first run
+}
+
+// v2 Authentication - make request
+func (auth *v2Auth) Request(c *Connection) (*http.Request, error) {
+ auth.Region = c.Region
+ // Toggle useApiKey if not first run and not OK yet
+ if auth.notFirst && !auth.useApiKeyOk {
+ auth.useApiKey = !auth.useApiKey
+ }
+ auth.notFirst = true
+ // Create a V2 auth request for the body of the connection
+ var v2i interface{}
+ if !auth.useApiKey {
+ // Normal swift authentication
+ v2 := v2AuthRequest{}
+ v2.Auth.PasswordCredentials.UserName = c.UserName
+ v2.Auth.PasswordCredentials.Password = c.ApiKey
+ v2.Auth.Tenant = c.Tenant
+ v2.Auth.TenantId = c.TenantId
+ v2i = v2
+ } else {
+ // Rackspace special with API Key
+ v2 := v2AuthRequestRackspace{}
+ v2.Auth.ApiKeyCredentials.UserName = c.UserName
+ v2.Auth.ApiKeyCredentials.ApiKey = c.ApiKey
+ v2.Auth.Tenant = c.Tenant
+ v2.Auth.TenantId = c.TenantId
+ v2i = v2
+ }
+ body, err := json.Marshal(v2i)
+ if err != nil {
+ return nil, err
+ }
+ url := c.AuthUrl
+ if !strings.HasSuffix(url, "/") {
+ url += "/"
+ }
+ url += "tokens"
+ req, err := http.NewRequest("POST", url, bytes.NewBuffer(body))
+ if err != nil {
+ return nil, err
+ }
+ req.Header.Set("Content-Type", "application/json")
+ req.Header.Set("User-Agent", c.UserAgent)
+ return req, nil
+}
+
+// v2 Authentication - read response
+func (auth *v2Auth) Response(resp *http.Response) error {
+ auth.Auth = new(v2AuthResponse)
+ err := readJson(resp, auth.Auth)
+ // If successfully read Auth then no need to toggle useApiKey any more
+ if err == nil {
+ auth.useApiKeyOk = true
+ }
+ return err
+}
+
+// Finds the Endpoint Url of "type" from the v2AuthResponse using the
+// Region if set or defaulting to the first one if not
+//
+// Returns "" if not found
+func (auth *v2Auth) endpointUrl(Type string, endpointType EndpointType) string {
+ for _, catalog := range auth.Auth.Access.ServiceCatalog {
+ if catalog.Type == Type {
+ for _, endpoint := range catalog.Endpoints {
+ if auth.Region == "" || (auth.Region == endpoint.Region) {
+ switch endpointType {
+ case EndpointTypeInternal:
+ return endpoint.InternalUrl
+ case EndpointTypePublic:
+ return endpoint.PublicUrl
+ case EndpointTypeAdmin:
+ return endpoint.AdminUrl
+ default:
+ return ""
+ }
+ }
+ }
+ }
+ }
+ return ""
+}
+
+// v2 Authentication - read storage url
+//
+// If Internal is true then it reads the private (internal / service
+// net) URL.
+func (auth *v2Auth) StorageUrl(Internal bool) string {
+ endpointType := EndpointTypePublic
+ if Internal {
+ endpointType = EndpointTypeInternal
+ }
+ return auth.StorageUrlForEndpoint(endpointType)
+}
+
+// v2 Authentication - read storage url
+//
+// Use the indicated endpointType to choose a URL.
+func (auth *v2Auth) StorageUrlForEndpoint(endpointType EndpointType) string {
+ return auth.endpointUrl("object-store", endpointType)
+}
+
+// v2 Authentication - read auth token
+func (auth *v2Auth) Token() string {
+ return auth.Auth.Access.Token.Id
+}
+
+// v2 Authentication - read expires
+func (auth *v2Auth) Expires() time.Time {
+ t, err := time.Parse(time.RFC3339, auth.Auth.Access.Token.Expires)
+ if err != nil {
+ return time.Time{} // return Zero if not parsed
+ }
+ return t
+}
+
+// v2 Authentication - read cdn url
+func (auth *v2Auth) CdnUrl() string {
+ return auth.endpointUrl("rax:object-cdn", EndpointTypePublic)
+}
+
+// ------------------------------------------------------------
+
+// V2 Authentication request
+//
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
+// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
+type v2AuthRequest struct {
+ Auth struct {
+ PasswordCredentials struct {
+ UserName string `json:"username"`
+ Password string `json:"password"`
+ } `json:"passwordCredentials"`
+ Tenant string `json:"tenantName,omitempty"`
+ TenantId string `json:"tenantId,omitempty"`
+ } `json:"auth"`
+}
+
+// V2 Authentication request - Rackspace variant
+//
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
+// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
+type v2AuthRequestRackspace struct {
+ Auth struct {
+ ApiKeyCredentials struct {
+ UserName string `json:"username"`
+ ApiKey string `json:"apiKey"`
+ } `json:"RAX-KSKEY:apiKeyCredentials"`
+ Tenant string `json:"tenantName,omitempty"`
+ TenantId string `json:"tenantId,omitempty"`
+ } `json:"auth"`
+}
+
+// V2 Authentication reply
+//
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://docs.rackspace.com/servers/api/v2/cs-gettingstarted/content/curl_auth.html
+// http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.html
+type v2AuthResponse struct {
+ Access struct {
+ ServiceCatalog []struct {
+ Endpoints []struct {
+ InternalUrl string
+ PublicUrl string
+ AdminUrl string
+ Region string
+ TenantId string
+ }
+ Name string
+ Type string
+ }
+ Token struct {
+ Expires string
+ Id string
+ Tenant struct {
+ Id string
+ Name string
+ }
+ }
+ User struct {
+ DefaultRegion string `json:"RAX-AUTH:defaultRegion"`
+ Id string
+ Name string
+ Roles []struct {
+ Description string
+ Id string
+ Name string
+ TenantId string
+ }
+ }
+ }
+}
diff --git a/vendor/github.com/ncw/swift/auth_v3.go b/vendor/github.com/ncw/swift/auth_v3.go
new file mode 100644
index 00000000000..1e34ad81464
--- /dev/null
+++ b/vendor/github.com/ncw/swift/auth_v3.go
@@ -0,0 +1,300 @@
+package swift
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "net/http"
+ "strings"
+ "time"
+)
+
+const (
+ v3AuthMethodToken = "token"
+ v3AuthMethodPassword = "password"
+ v3AuthMethodApplicationCredential = "application_credential"
+ v3CatalogTypeObjectStore = "object-store"
+)
+
+// V3 Authentication request
+// http://docs.openstack.org/developer/keystone/api_curl_examples.html
+// http://developer.openstack.org/api-ref-identity-v3.html
+type v3AuthRequest struct {
+ Auth struct {
+ Identity struct {
+ Methods []string `json:"methods"`
+ Password *v3AuthPassword `json:"password,omitempty"`
+ Token *v3AuthToken `json:"token,omitempty"`
+ ApplicationCredential *v3AuthApplicationCredential `json:"application_credential,omitempty"`
+ } `json:"identity"`
+ Scope *v3Scope `json:"scope,omitempty"`
+ } `json:"auth"`
+}
+
+type v3Scope struct {
+ Project *v3Project `json:"project,omitempty"`
+ Domain *v3Domain `json:"domain,omitempty"`
+ Trust *v3Trust `json:"OS-TRUST:trust,omitempty"`
+}
+
+type v3Domain struct {
+ Id string `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+}
+
+type v3Project struct {
+ Name string `json:"name,omitempty"`
+ Id string `json:"id,omitempty"`
+ Domain *v3Domain `json:"domain,omitempty"`
+}
+
+type v3Trust struct {
+ Id string `json:"id"`
+}
+
+type v3User struct {
+ Domain *v3Domain `json:"domain,omitempty"`
+ Id string `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Password string `json:"password,omitempty"`
+}
+
+type v3AuthToken struct {
+ Id string `json:"id"`
+}
+
+type v3AuthPassword struct {
+ User v3User `json:"user"`
+}
+
+type v3AuthApplicationCredential struct {
+ Id string `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Secret string `json:"secret,omitempty"`
+ User *v3User `json:"user,omitempty"`
+}
+
+// V3 Authentication response
+type v3AuthResponse struct {
+ Token struct {
+ ExpiresAt string `json:"expires_at"`
+ IssuedAt string `json:"issued_at"`
+ Methods []string
+ Roles []struct {
+ Id, Name string
+ Links struct {
+ Self string
+ }
+ }
+
+ Project struct {
+ Domain struct {
+ Id, Name string
+ }
+ Id, Name string
+ }
+
+ Catalog []struct {
+ Id, Namem, Type string
+ Endpoints []struct {
+ Id, Region_Id, Url, Region string
+ Interface EndpointType
+ }
+ }
+
+ User struct {
+ Id, Name string
+ Domain struct {
+ Id, Name string
+ Links struct {
+ Self string
+ }
+ }
+ }
+
+ Audit_Ids []string
+ }
+}
+
+type v3Auth struct {
+ Region string
+ Auth *v3AuthResponse
+ Headers http.Header
+}
+
+func (auth *v3Auth) Request(c *Connection) (*http.Request, error) {
+ auth.Region = c.Region
+
+ var v3i interface{}
+
+ v3 := v3AuthRequest{}
+
+ if (c.ApplicationCredentialId != "" || c.ApplicationCredentialName != "") && c.ApplicationCredentialSecret != "" {
+ var user *v3User
+
+ if c.ApplicationCredentialId != "" {
+ c.ApplicationCredentialName = ""
+ user = &v3User{}
+ }
+
+ if user == nil && c.UserId != "" {
+ // UserID could be used without the domain information
+ user = &v3User{
+ Id: c.UserId,
+ }
+ }
+
+ if user == nil && c.UserName == "" {
+ // Make sure that Username or UserID are provided
+ return nil, fmt.Errorf("UserID or Name should be provided")
+ }
+
+ if user == nil && c.DomainId != "" {
+ user = &v3User{
+ Name: c.UserName,
+ Domain: &v3Domain{
+ Id: c.DomainId,
+ },
+ }
+ }
+
+ if user == nil && c.Domain != "" {
+ user = &v3User{
+ Name: c.UserName,
+ Domain: &v3Domain{
+ Name: c.Domain,
+ },
+ }
+ }
+
+ // Make sure that DomainID or DomainName are provided among Username
+ if user == nil {
+ return nil, fmt.Errorf("DomainID or Domain should be provided")
+ }
+
+ v3.Auth.Identity.Methods = []string{v3AuthMethodApplicationCredential}
+ v3.Auth.Identity.ApplicationCredential = &v3AuthApplicationCredential{
+ Id: c.ApplicationCredentialId,
+ Name: c.ApplicationCredentialName,
+ Secret: c.ApplicationCredentialSecret,
+ User: user,
+ }
+ } else if c.UserName == "" && c.UserId == "" {
+ v3.Auth.Identity.Methods = []string{v3AuthMethodToken}
+ v3.Auth.Identity.Token = &v3AuthToken{Id: c.ApiKey}
+ } else {
+ v3.Auth.Identity.Methods = []string{v3AuthMethodPassword}
+ v3.Auth.Identity.Password = &v3AuthPassword{
+ User: v3User{
+ Name: c.UserName,
+ Id: c.UserId,
+ Password: c.ApiKey,
+ },
+ }
+
+ var domain *v3Domain
+
+ if c.Domain != "" {
+ domain = &v3Domain{Name: c.Domain}
+ } else if c.DomainId != "" {
+ domain = &v3Domain{Id: c.DomainId}
+ }
+ v3.Auth.Identity.Password.User.Domain = domain
+ }
+
+ if v3.Auth.Identity.Methods[0] != v3AuthMethodApplicationCredential {
+ if c.TrustId != "" {
+ v3.Auth.Scope = &v3Scope{Trust: &v3Trust{Id: c.TrustId}}
+ } else if c.TenantId != "" || c.Tenant != "" {
+
+ v3.Auth.Scope = &v3Scope{Project: &v3Project{}}
+
+ if c.TenantId != "" {
+ v3.Auth.Scope.Project.Id = c.TenantId
+ } else if c.Tenant != "" {
+ v3.Auth.Scope.Project.Name = c.Tenant
+ switch {
+ case c.TenantDomain != "":
+ v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.TenantDomain}
+ case c.TenantDomainId != "":
+ v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.TenantDomainId}
+ case c.Domain != "":
+ v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.Domain}
+ case c.DomainId != "":
+ v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.DomainId}
+ default:
+ v3.Auth.Scope.Project.Domain = &v3Domain{Name: "Default"}
+ }
+ }
+ }
+ }
+
+ v3i = v3
+
+ body, err := json.Marshal(v3i)
+
+ if err != nil {
+ return nil, err
+ }
+
+ url := c.AuthUrl
+ if !strings.HasSuffix(url, "/") {
+ url += "/"
+ }
+ url += "auth/tokens"
+ req, err := http.NewRequest("POST", url, bytes.NewBuffer(body))
+ if err != nil {
+ return nil, err
+ }
+ req.Header.Set("Content-Type", "application/json")
+ req.Header.Set("User-Agent", c.UserAgent)
+ return req, nil
+}
+
+func (auth *v3Auth) Response(resp *http.Response) error {
+ auth.Auth = &v3AuthResponse{}
+ auth.Headers = resp.Header
+ err := readJson(resp, auth.Auth)
+ return err
+}
+
+func (auth *v3Auth) endpointUrl(Type string, endpointType EndpointType) string {
+ for _, catalog := range auth.Auth.Token.Catalog {
+ if catalog.Type == Type {
+ for _, endpoint := range catalog.Endpoints {
+ if endpoint.Interface == endpointType && (auth.Region == "" || (auth.Region == endpoint.Region)) {
+ return endpoint.Url
+ }
+ }
+ }
+ }
+ return ""
+}
+
+func (auth *v3Auth) StorageUrl(Internal bool) string {
+ endpointType := EndpointTypePublic
+ if Internal {
+ endpointType = EndpointTypeInternal
+ }
+ return auth.StorageUrlForEndpoint(endpointType)
+}
+
+func (auth *v3Auth) StorageUrlForEndpoint(endpointType EndpointType) string {
+ return auth.endpointUrl("object-store", endpointType)
+}
+
+func (auth *v3Auth) Token() string {
+ return auth.Headers.Get("X-Subject-Token")
+}
+
+func (auth *v3Auth) Expires() time.Time {
+ t, err := time.Parse(time.RFC3339, auth.Auth.Token.ExpiresAt)
+ if err != nil {
+ return time.Time{} // return Zero if not parsed
+ }
+ return t
+}
+
+func (auth *v3Auth) CdnUrl() string {
+ return ""
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_0.go b/vendor/github.com/ncw/swift/compatibility_1_0.go
new file mode 100644
index 00000000000..7b69a757a1c
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_1_0.go
@@ -0,0 +1,28 @@
+// Go 1.0 compatibility functions
+
+// +build !go1.1
+
+package swift
+
+import (
+ "log"
+ "net/http"
+ "time"
+)
+
+// Cancel the request - doesn't work under < go 1.1
+func cancelRequest(transport http.RoundTripper, req *http.Request) {
+ log.Printf("Tried to cancel a request but couldn't - recompile with go 1.1")
+}
+
+// Reset a timer - Doesn't work properly < go 1.1
+//
+// This is quite hard to do properly under go < 1.1 so we do a crude
+// approximation and hope that everyone upgrades to go 1.1 quickly
+func resetTimer(t *time.Timer, d time.Duration) {
+ t.Stop()
+ // Very likely this doesn't actually work if we are already
+ // selecting on t.C. However we've stopped the original timer
+ // so won't break transfers but may not time them out :-(
+ *t = *time.NewTimer(d)
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_1.go b/vendor/github.com/ncw/swift/compatibility_1_1.go
new file mode 100644
index 00000000000..a4f9c3ab242
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_1_1.go
@@ -0,0 +1,24 @@
+// Go 1.1 and later compatibility functions
+//
+// +build go1.1
+
+package swift
+
+import (
+ "net/http"
+ "time"
+)
+
+// Cancel the request
+func cancelRequest(transport http.RoundTripper, req *http.Request) {
+ if tr, ok := transport.(interface {
+ CancelRequest(*http.Request)
+ }); ok {
+ tr.CancelRequest(req)
+ }
+}
+
+// Reset a timer
+func resetTimer(t *time.Timer, d time.Duration) {
+ t.Reset(d)
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_1_6.go b/vendor/github.com/ncw/swift/compatibility_1_6.go
new file mode 100644
index 00000000000..b443d01d2a8
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_1_6.go
@@ -0,0 +1,23 @@
+// +build go1.6
+
+package swift
+
+import (
+ "net/http"
+ "time"
+)
+
+const IS_AT_LEAST_GO_16 = true
+
+func SetExpectContinueTimeout(tr *http.Transport, t time.Duration) {
+ tr.ExpectContinueTimeout = t
+}
+
+func AddExpectAndTransferEncoding(req *http.Request, hasContentLength bool) {
+ if req.Body != nil {
+ req.Header.Add("Expect", "100-continue")
+ }
+ if !hasContentLength {
+ req.TransferEncoding = []string{"chunked"}
+ }
+}
diff --git a/vendor/github.com/ncw/swift/compatibility_not_1_6.go b/vendor/github.com/ncw/swift/compatibility_not_1_6.go
new file mode 100644
index 00000000000..aabb44e2b77
--- /dev/null
+++ b/vendor/github.com/ncw/swift/compatibility_not_1_6.go
@@ -0,0 +1,13 @@
+// +build !go1.6
+
+package swift
+
+import (
+ "net/http"
+ "time"
+)
+
+const IS_AT_LEAST_GO_16 = false
+
+func SetExpectContinueTimeout(tr *http.Transport, t time.Duration) {}
+func AddExpectAndTransferEncoding(req *http.Request, hasContentLength bool) {}
diff --git a/vendor/github.com/ncw/swift/dlo.go b/vendor/github.com/ncw/swift/dlo.go
new file mode 100644
index 00000000000..05a1927b393
--- /dev/null
+++ b/vendor/github.com/ncw/swift/dlo.go
@@ -0,0 +1,149 @@
+package swift
+
+import (
+ "os"
+ "strings"
+)
+
+// DynamicLargeObjectCreateFile represents an open static large object
+type DynamicLargeObjectCreateFile struct {
+ largeObjectCreateFile
+}
+
+// DynamicLargeObjectCreateFile creates a dynamic large object
+// returning an object which satisfies io.Writer, io.Seeker, io.Closer
+// and io.ReaderFrom. The flags are as passes to the
+// largeObjectCreate method.
+func (c *Connection) DynamicLargeObjectCreateFile(opts *LargeObjectOpts) (LargeObjectFile, error) {
+ lo, err := c.largeObjectCreate(opts)
+ if err != nil {
+ return nil, err
+ }
+
+ return withBuffer(opts, &DynamicLargeObjectCreateFile{
+ largeObjectCreateFile: *lo,
+ }), nil
+}
+
+// DynamicLargeObjectCreate creates or truncates an existing dynamic
+// large object returning a writeable object. This sets opts.Flags to
+// an appropriate value before calling DynamicLargeObjectCreateFile
+func (c *Connection) DynamicLargeObjectCreate(opts *LargeObjectOpts) (LargeObjectFile, error) {
+ opts.Flags = os.O_TRUNC | os.O_CREATE
+ return c.DynamicLargeObjectCreateFile(opts)
+}
+
+// DynamicLargeObjectDelete deletes a dynamic large object and all of its segments.
+func (c *Connection) DynamicLargeObjectDelete(container string, path string) error {
+ return c.LargeObjectDelete(container, path)
+}
+
+// DynamicLargeObjectMove moves a dynamic large object from srcContainer, srcObjectName to dstContainer, dstObjectName
+func (c *Connection) DynamicLargeObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) error {
+ info, headers, err := c.Object(srcContainer, srcObjectName)
+ if err != nil {
+ return err
+ }
+
+ segmentContainer, segmentPath := parseFullPath(headers["X-Object-Manifest"])
+ if err := c.createDLOManifest(dstContainer, dstObjectName, segmentContainer+"/"+segmentPath, info.ContentType, sanitizeLargeObjectMoveHeaders(headers)); err != nil {
+ return err
+ }
+
+ if err := c.ObjectDelete(srcContainer, srcObjectName); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func sanitizeLargeObjectMoveHeaders(headers Headers) Headers {
+ sanitizedHeaders := make(map[string]string, len(headers))
+ for k, v := range headers {
+ if strings.HasPrefix(k, "X-") { //Some of the fields does not effect the request e,g, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id. Open stack will generate new ones anyway.
+ sanitizedHeaders[k] = v
+ }
+ }
+ return sanitizedHeaders
+}
+
+// createDLOManifest creates a dynamic large object manifest
+func (c *Connection) createDLOManifest(container string, objectName string, prefix string, contentType string, headers Headers) error {
+ if headers == nil {
+ headers = make(Headers)
+ }
+ headers["X-Object-Manifest"] = prefix
+ manifest, err := c.ObjectCreate(container, objectName, false, "", contentType, headers)
+ if err != nil {
+ return err
+ }
+
+ if err := manifest.Close(); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// Close satisfies the io.Closer interface
+func (file *DynamicLargeObjectCreateFile) Close() error {
+ return file.Flush()
+}
+
+func (file *DynamicLargeObjectCreateFile) Flush() error {
+ err := file.conn.createDLOManifest(file.container, file.objectName, file.segmentContainer+"/"+file.prefix, file.contentType, file.headers)
+ if err != nil {
+ return err
+ }
+ return file.conn.waitForSegmentsToShowUp(file.container, file.objectName, file.Size())
+}
+
+func (c *Connection) getAllDLOSegments(segmentContainer, segmentPath string) ([]Object, error) {
+ //a simple container listing works 99.9% of the time
+ segments, err := c.ObjectsAll(segmentContainer, &ObjectsOpts{Prefix: segmentPath})
+ if err != nil {
+ return nil, err
+ }
+
+ hasObjectName := make(map[string]struct{})
+ for _, segment := range segments {
+ hasObjectName[segment.Name] = struct{}{}
+ }
+
+ //The container listing might be outdated (i.e. not contain all existing
+ //segment objects yet) because of temporary inconsistency (Swift is only
+ //eventually consistent!). Check its completeness.
+ segmentNumber := 0
+ for {
+ segmentNumber++
+ segmentName := getSegment(segmentPath, segmentNumber)
+ if _, seen := hasObjectName[segmentName]; seen {
+ continue
+ }
+
+ //This segment is missing in the container listing. Use a more reliable
+ //request to check its existence. (HEAD requests on segments are
+ //guaranteed to return the correct metadata, except for the pathological
+ //case of an outage of large parts of the Swift cluster or its network,
+ //since every segment is only written once.)
+ segment, _, err := c.Object(segmentContainer, segmentName)
+ switch err {
+ case nil:
+ //found new segment -> add it in the correct position and keep
+ //going, more might be missing
+ if segmentNumber <= len(segments) {
+ segments = append(segments[:segmentNumber], segments[segmentNumber-1:]...)
+ segments[segmentNumber-1] = segment
+ } else {
+ segments = append(segments, segment)
+ }
+ continue
+ case ObjectNotFound:
+ //This segment is missing. Since we upload segments sequentially,
+ //there won't be any more segments after it.
+ return segments, nil
+ default:
+ return nil, err //unexpected error
+ }
+ }
+}
diff --git a/vendor/github.com/ncw/swift/doc.go b/vendor/github.com/ncw/swift/doc.go
new file mode 100644
index 00000000000..44efde7bf82
--- /dev/null
+++ b/vendor/github.com/ncw/swift/doc.go
@@ -0,0 +1,19 @@
+/*
+Package swift provides an easy to use interface to Swift / Openstack Object Storage / Rackspace Cloud Files
+
+Standard Usage
+
+Most of the work is done through the Container*() and Object*() methods.
+
+All methods are safe to use concurrently in multiple go routines.
+
+Object Versioning
+
+As defined by http://docs.openstack.org/api/openstack-object-storage/1.0/content/Object_Versioning-e1e3230.html#d6e983 one can create a container which allows for version control of files. The suggested method is to create a version container for holding all non-current files, and a current container for holding the latest version that the file points to. The container and objects inside it can be used in the standard manner, however, pushing a file multiple times will result in it being copied to the version container and the new file put in it's place. If the current file is deleted, the previous file in the version container will replace it. This means that if a file is updated 5 times, it must be deleted 5 times to be completely removed from the system.
+
+Rackspace Sub Module
+
+This module specifically allows the enabling/disabling of Rackspace Cloud File CDN management on a container. This is specific to the Rackspace API and not Swift/Openstack, therefore it has been placed in a submodule. One can easily create a RsConnection and use it like the standard Connection to access and manipulate containers and objects.
+
+*/
+package swift
diff --git a/vendor/github.com/ncw/swift/largeobjects.go b/vendor/github.com/ncw/swift/largeobjects.go
new file mode 100644
index 00000000000..038bef85a9f
--- /dev/null
+++ b/vendor/github.com/ncw/swift/largeobjects.go
@@ -0,0 +1,448 @@
+package swift
+
+import (
+ "bufio"
+ "bytes"
+ "crypto/rand"
+ "crypto/sha1"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ gopath "path"
+ "strconv"
+ "strings"
+ "time"
+)
+
+// NotLargeObject is returned if an operation is performed on an object which isn't large.
+var NotLargeObject = errors.New("Not a large object")
+
+// readAfterWriteTimeout defines the time we wait before an object appears after having been uploaded
+var readAfterWriteTimeout = 15 * time.Second
+
+// readAfterWriteWait defines the time to sleep between two retries
+var readAfterWriteWait = 200 * time.Millisecond
+
+// largeObjectCreateFile represents an open static or dynamic large object
+type largeObjectCreateFile struct {
+ conn *Connection
+ container string
+ objectName string
+ currentLength int64
+ filePos int64
+ chunkSize int64
+ segmentContainer string
+ prefix string
+ contentType string
+ checkHash bool
+ segments []Object
+ headers Headers
+ minChunkSize int64
+}
+
+func swiftSegmentPath(path string) (string, error) {
+ checksum := sha1.New()
+ random := make([]byte, 32)
+ if _, err := rand.Read(random); err != nil {
+ return "", err
+ }
+ path = hex.EncodeToString(checksum.Sum(append([]byte(path), random...)))
+ return strings.TrimLeft(strings.TrimRight("segments/"+path[0:3]+"/"+path[3:], "/"), "/"), nil
+}
+
+func getSegment(segmentPath string, partNumber int) string {
+ return fmt.Sprintf("%s/%016d", segmentPath, partNumber)
+}
+
+func parseFullPath(manifest string) (container string, prefix string) {
+ components := strings.SplitN(manifest, "/", 2)
+ container = components[0]
+ if len(components) > 1 {
+ prefix = components[1]
+ }
+ return container, prefix
+}
+
+func (headers Headers) IsLargeObjectDLO() bool {
+ _, isDLO := headers["X-Object-Manifest"]
+ return isDLO
+}
+
+func (headers Headers) IsLargeObjectSLO() bool {
+ _, isSLO := headers["X-Static-Large-Object"]
+ return isSLO
+}
+
+func (headers Headers) IsLargeObject() bool {
+ return headers.IsLargeObjectSLO() || headers.IsLargeObjectDLO()
+}
+
+func (c *Connection) getAllSegments(container string, path string, headers Headers) (string, []Object, error) {
+ if manifest, isDLO := headers["X-Object-Manifest"]; isDLO {
+ segmentContainer, segmentPath := parseFullPath(manifest)
+ segments, err := c.getAllDLOSegments(segmentContainer, segmentPath)
+ return segmentContainer, segments, err
+ }
+ if headers.IsLargeObjectSLO() {
+ return c.getAllSLOSegments(container, path)
+ }
+ return "", nil, NotLargeObject
+}
+
+// LargeObjectOpts describes how a large object should be created
+type LargeObjectOpts struct {
+ Container string // Name of container to place object
+ ObjectName string // Name of object
+ Flags int // Creation flags
+ CheckHash bool // If set Check the hash
+ Hash string // If set use this hash to check
+ ContentType string // Content-Type of the object
+ Headers Headers // Additional headers to upload the object with
+ ChunkSize int64 // Size of chunks of the object, defaults to 10MB if not set
+ MinChunkSize int64 // Minimum chunk size, automatically set for SLO's based on info
+ SegmentContainer string // Name of the container to place segments
+ SegmentPrefix string // Prefix to use for the segments
+ NoBuffer bool // Prevents using a bufio.Writer to write segments
+}
+
+type LargeObjectFile interface {
+ io.Writer
+ io.Seeker
+ io.Closer
+ Size() int64
+ Flush() error
+}
+
+// largeObjectCreate creates a large object at opts.Container, opts.ObjectName.
+//
+// opts.Flags can have the following bits set
+// os.TRUNC - remove the contents of the large object if it exists
+// os.APPEND - write at the end of the large object
+func (c *Connection) largeObjectCreate(opts *LargeObjectOpts) (*largeObjectCreateFile, error) {
+ var (
+ segmentPath string
+ segmentContainer string
+ segments []Object
+ currentLength int64
+ err error
+ )
+
+ if opts.SegmentPrefix != "" {
+ segmentPath = opts.SegmentPrefix
+ } else if segmentPath, err = swiftSegmentPath(opts.ObjectName); err != nil {
+ return nil, err
+ }
+
+ if info, headers, err := c.Object(opts.Container, opts.ObjectName); err == nil {
+ if opts.Flags&os.O_TRUNC != 0 {
+ c.LargeObjectDelete(opts.Container, opts.ObjectName)
+ } else {
+ currentLength = info.Bytes
+ if headers.IsLargeObject() {
+ segmentContainer, segments, err = c.getAllSegments(opts.Container, opts.ObjectName, headers)
+ if err != nil {
+ return nil, err
+ }
+ if len(segments) > 0 {
+ segmentPath = gopath.Dir(segments[0].Name)
+ }
+ } else {
+ if err = c.ObjectMove(opts.Container, opts.ObjectName, opts.Container, getSegment(segmentPath, 1)); err != nil {
+ return nil, err
+ }
+ segments = append(segments, info)
+ }
+ }
+ } else if err != ObjectNotFound {
+ return nil, err
+ }
+
+ // segmentContainer is not empty when the manifest already existed
+ if segmentContainer == "" {
+ if opts.SegmentContainer != "" {
+ segmentContainer = opts.SegmentContainer
+ } else {
+ segmentContainer = opts.Container + "_segments"
+ }
+ }
+
+ file := &largeObjectCreateFile{
+ conn: c,
+ checkHash: opts.CheckHash,
+ container: opts.Container,
+ objectName: opts.ObjectName,
+ chunkSize: opts.ChunkSize,
+ minChunkSize: opts.MinChunkSize,
+ headers: opts.Headers,
+ segmentContainer: segmentContainer,
+ prefix: segmentPath,
+ segments: segments,
+ currentLength: currentLength,
+ }
+
+ if file.chunkSize == 0 {
+ file.chunkSize = 10 * 1024 * 1024
+ }
+
+ if file.minChunkSize > file.chunkSize {
+ file.chunkSize = file.minChunkSize
+ }
+
+ if opts.Flags&os.O_APPEND != 0 {
+ file.filePos = currentLength
+ }
+
+ return file, nil
+}
+
+// LargeObjectDelete deletes the large object named by container, path
+func (c *Connection) LargeObjectDelete(container string, objectName string) error {
+ _, headers, err := c.Object(container, objectName)
+ if err != nil {
+ return err
+ }
+
+ var objects [][]string
+ if headers.IsLargeObject() {
+ segmentContainer, segments, err := c.getAllSegments(container, objectName, headers)
+ if err != nil {
+ return err
+ }
+ for _, obj := range segments {
+ objects = append(objects, []string{segmentContainer, obj.Name})
+ }
+ }
+ objects = append(objects, []string{container, objectName})
+
+ info, err := c.cachedQueryInfo()
+ if err == nil && info.SupportsBulkDelete() && len(objects) > 0 {
+ filenames := make([]string, len(objects))
+ for i, obj := range objects {
+ filenames[i] = obj[0] + "/" + obj[1]
+ }
+ _, err = c.doBulkDelete(filenames, nil)
+ // Don't fail on ObjectNotFound because eventual consistency
+ // makes this situation normal.
+ if err != nil && err != Forbidden && err != ObjectNotFound {
+ return err
+ }
+ } else {
+ for _, obj := range objects {
+ if err := c.ObjectDelete(obj[0], obj[1]); err != nil {
+ return err
+ }
+ }
+ }
+
+ return nil
+}
+
+// LargeObjectGetSegments returns all the segments that compose an object
+// If the object is a Dynamic Large Object (DLO), it just returns the objects
+// that have the prefix as indicated by the manifest.
+// If the object is a Static Large Object (SLO), it retrieves the JSON content
+// of the manifest and return all the segments of it.
+func (c *Connection) LargeObjectGetSegments(container string, path string) (string, []Object, error) {
+ _, headers, err := c.Object(container, path)
+ if err != nil {
+ return "", nil, err
+ }
+
+ return c.getAllSegments(container, path, headers)
+}
+
+// Seek sets the offset for the next write operation
+func (file *largeObjectCreateFile) Seek(offset int64, whence int) (int64, error) {
+ switch whence {
+ case 0:
+ file.filePos = offset
+ case 1:
+ file.filePos += offset
+ case 2:
+ file.filePos = file.currentLength + offset
+ default:
+ return -1, fmt.Errorf("invalid value for whence")
+ }
+ if file.filePos < 0 {
+ return -1, fmt.Errorf("negative offset")
+ }
+ return file.filePos, nil
+}
+
+func (file *largeObjectCreateFile) Size() int64 {
+ return file.currentLength
+}
+
+func withLORetry(expectedSize int64, fn func() (Headers, int64, error)) (err error) {
+ endTimer := time.NewTimer(readAfterWriteTimeout)
+ defer endTimer.Stop()
+ waitingTime := readAfterWriteWait
+ for {
+ var headers Headers
+ var sz int64
+ if headers, sz, err = fn(); err == nil {
+ if !headers.IsLargeObjectDLO() || (expectedSize == 0 && sz > 0) || expectedSize == sz {
+ return
+ }
+ } else {
+ return
+ }
+ waitTimer := time.NewTimer(waitingTime)
+ select {
+ case <-endTimer.C:
+ waitTimer.Stop()
+ err = fmt.Errorf("Timeout expired while waiting for object to have size == %d, got: %d", expectedSize, sz)
+ return
+ case <-waitTimer.C:
+ waitingTime *= 2
+ }
+ }
+}
+
+func (c *Connection) waitForSegmentsToShowUp(container, objectName string, expectedSize int64) (err error) {
+ err = withLORetry(expectedSize, func() (Headers, int64, error) {
+ var info Object
+ var headers Headers
+ info, headers, err = c.objectBase(container, objectName)
+ if err != nil {
+ return headers, 0, err
+ }
+ return headers, info.Bytes, nil
+ })
+ return
+}
+
+// Write satisfies the io.Writer interface
+func (file *largeObjectCreateFile) Write(buf []byte) (int, error) {
+ var sz int64
+ var relativeFilePos int
+ writeSegmentIdx := 0
+ for i, obj := range file.segments {
+ if file.filePos < sz+obj.Bytes || (i == len(file.segments)-1 && file.filePos < sz+file.minChunkSize) {
+ relativeFilePos = int(file.filePos - sz)
+ break
+ }
+ writeSegmentIdx++
+ sz += obj.Bytes
+ }
+ sizeToWrite := len(buf)
+ for offset := 0; offset < sizeToWrite; {
+ newSegment, n, err := file.writeSegment(buf[offset:], writeSegmentIdx, relativeFilePos)
+ if err != nil {
+ return 0, err
+ }
+ if writeSegmentIdx < len(file.segments) {
+ file.segments[writeSegmentIdx] = *newSegment
+ } else {
+ file.segments = append(file.segments, *newSegment)
+ }
+ offset += n
+ writeSegmentIdx++
+ relativeFilePos = 0
+ }
+ file.filePos += int64(sizeToWrite)
+ file.currentLength = 0
+ for _, obj := range file.segments {
+ file.currentLength += obj.Bytes
+ }
+ return sizeToWrite, nil
+}
+
+func (file *largeObjectCreateFile) writeSegment(buf []byte, writeSegmentIdx int, relativeFilePos int) (*Object, int, error) {
+ var (
+ readers []io.Reader
+ existingSegment *Object
+ segmentSize int
+ )
+ segmentName := getSegment(file.prefix, writeSegmentIdx+1)
+ sizeToRead := int(file.chunkSize)
+ if writeSegmentIdx < len(file.segments) {
+ existingSegment = &file.segments[writeSegmentIdx]
+ if writeSegmentIdx != len(file.segments)-1 {
+ sizeToRead = int(existingSegment.Bytes)
+ }
+ if relativeFilePos > 0 {
+ headers := make(Headers)
+ headers["Range"] = "bytes=0-" + strconv.FormatInt(int64(relativeFilePos-1), 10)
+ existingSegmentReader, _, err := file.conn.ObjectOpen(file.segmentContainer, segmentName, true, headers)
+ if err != nil {
+ return nil, 0, err
+ }
+ defer existingSegmentReader.Close()
+ sizeToRead -= relativeFilePos
+ segmentSize += relativeFilePos
+ readers = []io.Reader{existingSegmentReader}
+ }
+ }
+ if sizeToRead > len(buf) {
+ sizeToRead = len(buf)
+ }
+ segmentSize += sizeToRead
+ readers = append(readers, bytes.NewReader(buf[:sizeToRead]))
+ if existingSegment != nil && segmentSize < int(existingSegment.Bytes) {
+ headers := make(Headers)
+ headers["Range"] = "bytes=" + strconv.FormatInt(int64(segmentSize), 10) + "-"
+ tailSegmentReader, _, err := file.conn.ObjectOpen(file.segmentContainer, segmentName, true, headers)
+ if err != nil {
+ return nil, 0, err
+ }
+ defer tailSegmentReader.Close()
+ segmentSize = int(existingSegment.Bytes)
+ readers = append(readers, tailSegmentReader)
+ }
+ segmentReader := io.MultiReader(readers...)
+ headers, err := file.conn.ObjectPut(file.segmentContainer, segmentName, segmentReader, true, "", file.contentType, nil)
+ if err != nil {
+ return nil, 0, err
+ }
+ return &Object{Name: segmentName, Bytes: int64(segmentSize), Hash: headers["Etag"]}, sizeToRead, nil
+}
+
+func withBuffer(opts *LargeObjectOpts, lo LargeObjectFile) LargeObjectFile {
+ if !opts.NoBuffer {
+ return &bufferedLargeObjectFile{
+ LargeObjectFile: lo,
+ bw: bufio.NewWriterSize(lo, int(opts.ChunkSize)),
+ }
+ }
+ return lo
+}
+
+type bufferedLargeObjectFile struct {
+ LargeObjectFile
+ bw *bufio.Writer
+}
+
+func (blo *bufferedLargeObjectFile) Close() error {
+ err := blo.bw.Flush()
+ if err != nil {
+ return err
+ }
+ return blo.LargeObjectFile.Close()
+}
+
+func (blo *bufferedLargeObjectFile) Write(p []byte) (n int, err error) {
+ return blo.bw.Write(p)
+}
+
+func (blo *bufferedLargeObjectFile) Seek(offset int64, whence int) (int64, error) {
+ err := blo.bw.Flush()
+ if err != nil {
+ return 0, err
+ }
+ return blo.LargeObjectFile.Seek(offset, whence)
+}
+
+func (blo *bufferedLargeObjectFile) Size() int64 {
+ return blo.LargeObjectFile.Size() + int64(blo.bw.Buffered())
+}
+
+func (blo *bufferedLargeObjectFile) Flush() error {
+ err := blo.bw.Flush()
+ if err != nil {
+ return err
+ }
+ return blo.LargeObjectFile.Flush()
+}
diff --git a/vendor/github.com/ncw/swift/meta.go b/vendor/github.com/ncw/swift/meta.go
new file mode 100644
index 00000000000..7e149e1390e
--- /dev/null
+++ b/vendor/github.com/ncw/swift/meta.go
@@ -0,0 +1,174 @@
+// Metadata manipulation in and out of Headers
+
+package swift
+
+import (
+ "fmt"
+ "net/http"
+ "strconv"
+ "strings"
+ "time"
+)
+
+// Metadata stores account, container or object metadata.
+type Metadata map[string]string
+
+// Metadata gets the Metadata starting with the metaPrefix out of the Headers.
+//
+// The keys in the Metadata will be converted to lower case
+func (h Headers) Metadata(metaPrefix string) Metadata {
+ m := Metadata{}
+ metaPrefix = http.CanonicalHeaderKey(metaPrefix)
+ for key, value := range h {
+ if strings.HasPrefix(key, metaPrefix) {
+ metaKey := strings.ToLower(key[len(metaPrefix):])
+ m[metaKey] = value
+ }
+ }
+ return m
+}
+
+// AccountMetadata converts Headers from account to a Metadata.
+//
+// The keys in the Metadata will be converted to lower case.
+func (h Headers) AccountMetadata() Metadata {
+ return h.Metadata("X-Account-Meta-")
+}
+
+// ContainerMetadata converts Headers from container to a Metadata.
+//
+// The keys in the Metadata will be converted to lower case.
+func (h Headers) ContainerMetadata() Metadata {
+ return h.Metadata("X-Container-Meta-")
+}
+
+// ObjectMetadata converts Headers from object to a Metadata.
+//
+// The keys in the Metadata will be converted to lower case.
+func (h Headers) ObjectMetadata() Metadata {
+ return h.Metadata("X-Object-Meta-")
+}
+
+// Headers convert the Metadata starting with the metaPrefix into a
+// Headers.
+//
+// The keys in the Metadata will be converted from lower case to http
+// Canonical (see http.CanonicalHeaderKey).
+func (m Metadata) Headers(metaPrefix string) Headers {
+ h := Headers{}
+ for key, value := range m {
+ key = http.CanonicalHeaderKey(metaPrefix + key)
+ h[key] = value
+ }
+ return h
+}
+
+// AccountHeaders converts the Metadata for the account.
+func (m Metadata) AccountHeaders() Headers {
+ return m.Headers("X-Account-Meta-")
+}
+
+// ContainerHeaders converts the Metadata for the container.
+func (m Metadata) ContainerHeaders() Headers {
+ return m.Headers("X-Container-Meta-")
+}
+
+// ObjectHeaders converts the Metadata for the object.
+func (m Metadata) ObjectHeaders() Headers {
+ return m.Headers("X-Object-Meta-")
+}
+
+// Turns a number of ns into a floating point string in seconds
+//
+// Trims trailing zeros and guaranteed to be perfectly accurate
+func nsToFloatString(ns int64) string {
+ if ns < 0 {
+ return "-" + nsToFloatString(-ns)
+ }
+ result := fmt.Sprintf("%010d", ns)
+ split := len(result) - 9
+ result, decimals := result[:split], result[split:]
+ decimals = strings.TrimRight(decimals, "0")
+ if decimals != "" {
+ result += "."
+ result += decimals
+ }
+ return result
+}
+
+// Turns a floating point string in seconds into a ns integer
+//
+// Guaranteed to be perfectly accurate
+func floatStringToNs(s string) (int64, error) {
+ const zeros = "000000000"
+ if point := strings.IndexRune(s, '.'); point >= 0 {
+ tail := s[point+1:]
+ if fill := 9 - len(tail); fill < 0 {
+ tail = tail[:9]
+ } else {
+ tail += zeros[:fill]
+ }
+ s = s[:point] + tail
+ } else if len(s) > 0 { // Make sure empty string produces an error
+ s += zeros
+ }
+ return strconv.ParseInt(s, 10, 64)
+}
+
+// FloatStringToTime converts a floating point number string to a time.Time
+//
+// The string is floating point number of seconds since the epoch
+// (Unix time). The number should be in fixed point format (not
+// exponential), eg "1354040105.123456789" which represents the time
+// "2012-11-27T18:15:05.123456789Z"
+//
+// Some care is taken to preserve all the accuracy in the time.Time
+// (which wouldn't happen with a naive conversion through float64) so
+// a round trip conversion won't change the data.
+//
+// If an error is returned then time will be returned as the zero time.
+func FloatStringToTime(s string) (t time.Time, err error) {
+ ns, err := floatStringToNs(s)
+ if err != nil {
+ return
+ }
+ t = time.Unix(0, ns)
+ return
+}
+
+// TimeToFloatString converts a time.Time object to a floating point string
+//
+// The string is floating point number of seconds since the epoch
+// (Unix time). The number is in fixed point format (not
+// exponential), eg "1354040105.123456789" which represents the time
+// "2012-11-27T18:15:05.123456789Z". Trailing zeros will be dropped
+// from the output.
+//
+// Some care is taken to preserve all the accuracy in the time.Time
+// (which wouldn't happen with a naive conversion through float64) so
+// a round trip conversion won't change the data.
+func TimeToFloatString(t time.Time) string {
+ return nsToFloatString(t.UnixNano())
+}
+
+// GetModTime reads a modification time (mtime) from a Metadata object
+//
+// This is a defacto standard (used in the official python-swiftclient
+// amongst others) for storing the modification time (as read using
+// os.Stat) for an object. It is stored using the key 'mtime', which
+// for example when written to an object will be 'X-Object-Meta-Mtime'.
+//
+// If an error is returned then time will be returned as the zero time.
+func (m Metadata) GetModTime() (t time.Time, err error) {
+ return FloatStringToTime(m["mtime"])
+}
+
+// SetModTime writes an modification time (mtime) to a Metadata object
+//
+// This is a defacto standard (used in the official python-swiftclient
+// amongst others) for storing the modification time (as read using
+// os.Stat) for an object. It is stored using the key 'mtime', which
+// for example when written to an object will be 'X-Object-Meta-Mtime'.
+func (m Metadata) SetModTime(t time.Time) {
+ m["mtime"] = TimeToFloatString(t)
+}
diff --git a/vendor/github.com/ncw/swift/notes.txt b/vendor/github.com/ncw/swift/notes.txt
new file mode 100644
index 00000000000..f738552cd8a
--- /dev/null
+++ b/vendor/github.com/ncw/swift/notes.txt
@@ -0,0 +1,55 @@
+Notes on Go Swift
+=================
+
+Make a builder style interface like the Google Go APIs? Advantages
+are that it is easy to add named methods to the service object to do
+specific things. Slightly less efficient. Not sure about how to
+return extra stuff though - in an object?
+
+Make a container struct so these could be methods on it?
+
+Make noResponse check for 204?
+
+Make storage public so it can be extended easily?
+
+Rename to go-swift to match user agent string?
+
+Reconnect on auth error - 401 when token expires isn't tested
+
+Make more api compatible with python cloudfiles?
+
+Retry operations on timeout / network errors?
+- also 408 error
+- GET requests only?
+
+Make Connection thread safe - whenever it is changed take a write lock whenever it is read from a read lock
+
+Add extra headers field to Connection (for via etc)
+
+Make errors use an error heirachy then can catch them with a type assertion
+
+ Error(...)
+ ObjectCorrupted{ Error }
+
+Make a Debug flag in connection for logging stuff
+
+Object If-Match, If-None-Match, If-Modified-Since, If-Unmodified-Since etc
+
+Object range
+
+Object create, update with X-Delete-At or X-Delete-After
+
+Large object support
+- check uploads are less than 5GB in normal mode?
+
+Access control CORS?
+
+Swift client retries and backs off for all types of errors
+
+Implement net error interface?
+
+type Error interface {
+ error
+ Timeout() bool // Is the error a timeout?
+ Temporary() bool // Is the error temporary?
+}
diff --git a/vendor/github.com/ncw/swift/slo.go b/vendor/github.com/ncw/swift/slo.go
new file mode 100644
index 00000000000..6a10ddfc056
--- /dev/null
+++ b/vendor/github.com/ncw/swift/slo.go
@@ -0,0 +1,171 @@
+package swift
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io/ioutil"
+ "net/url"
+ "os"
+)
+
+// StaticLargeObjectCreateFile represents an open static large object
+type StaticLargeObjectCreateFile struct {
+ largeObjectCreateFile
+}
+
+var SLONotSupported = errors.New("SLO not supported")
+
+type swiftSegment struct {
+ Path string `json:"path,omitempty"`
+ Etag string `json:"etag,omitempty"`
+ Size int64 `json:"size_bytes,omitempty"`
+ // When uploading a manifest, the attributes must be named `path`, `etag` and `size_bytes`
+ // but when querying the JSON content of a manifest with the `multipart-manifest=get`
+ // parameter, Swift names those attributes `name`, `hash` and `bytes`.
+ // We use all the different attributes names in this structure to be able to use
+ // the same structure for both uploading and retrieving.
+ Name string `json:"name,omitempty"`
+ Hash string `json:"hash,omitempty"`
+ Bytes int64 `json:"bytes,omitempty"`
+ ContentType string `json:"content_type,omitempty"`
+ LastModified string `json:"last_modified,omitempty"`
+}
+
+// StaticLargeObjectCreateFile creates a static large object returning
+// an object which satisfies io.Writer, io.Seeker, io.Closer and
+// io.ReaderFrom. The flags are as passed to the largeObjectCreate
+// method.
+func (c *Connection) StaticLargeObjectCreateFile(opts *LargeObjectOpts) (LargeObjectFile, error) {
+ info, err := c.cachedQueryInfo()
+ if err != nil || !info.SupportsSLO() {
+ return nil, SLONotSupported
+ }
+ realMinChunkSize := info.SLOMinSegmentSize()
+ if realMinChunkSize > opts.MinChunkSize {
+ opts.MinChunkSize = realMinChunkSize
+ }
+ lo, err := c.largeObjectCreate(opts)
+ if err != nil {
+ return nil, err
+ }
+ return withBuffer(opts, &StaticLargeObjectCreateFile{
+ largeObjectCreateFile: *lo,
+ }), nil
+}
+
+// StaticLargeObjectCreate creates or truncates an existing static
+// large object returning a writeable object. This sets opts.Flags to
+// an appropriate value before calling StaticLargeObjectCreateFile
+func (c *Connection) StaticLargeObjectCreate(opts *LargeObjectOpts) (LargeObjectFile, error) {
+ opts.Flags = os.O_TRUNC | os.O_CREATE
+ return c.StaticLargeObjectCreateFile(opts)
+}
+
+// StaticLargeObjectDelete deletes a static large object and all of its segments.
+func (c *Connection) StaticLargeObjectDelete(container string, path string) error {
+ info, err := c.cachedQueryInfo()
+ if err != nil || !info.SupportsSLO() {
+ return SLONotSupported
+ }
+ return c.LargeObjectDelete(container, path)
+}
+
+// StaticLargeObjectMove moves a static large object from srcContainer, srcObjectName to dstContainer, dstObjectName
+func (c *Connection) StaticLargeObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) error {
+ swiftInfo, err := c.cachedQueryInfo()
+ if err != nil || !swiftInfo.SupportsSLO() {
+ return SLONotSupported
+ }
+ info, headers, err := c.Object(srcContainer, srcObjectName)
+ if err != nil {
+ return err
+ }
+
+ container, segments, err := c.getAllSegments(srcContainer, srcObjectName, headers)
+ if err != nil {
+ return err
+ }
+
+ //copy only metadata during move (other headers might not be safe for copying)
+ headers = headers.ObjectMetadata().ObjectHeaders()
+
+ if err := c.createSLOManifest(dstContainer, dstObjectName, info.ContentType, container, segments, headers); err != nil {
+ return err
+ }
+
+ if err := c.ObjectDelete(srcContainer, srcObjectName); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// createSLOManifest creates a static large object manifest
+func (c *Connection) createSLOManifest(container string, path string, contentType string, segmentContainer string, segments []Object, h Headers) error {
+ sloSegments := make([]swiftSegment, len(segments))
+ for i, segment := range segments {
+ sloSegments[i].Path = fmt.Sprintf("%s/%s", segmentContainer, segment.Name)
+ sloSegments[i].Etag = segment.Hash
+ sloSegments[i].Size = segment.Bytes
+ }
+
+ content, err := json.Marshal(sloSegments)
+ if err != nil {
+ return err
+ }
+
+ values := url.Values{}
+ values.Set("multipart-manifest", "put")
+ if _, err := c.objectPut(container, path, bytes.NewBuffer(content), false, "", contentType, h, values); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func (file *StaticLargeObjectCreateFile) Close() error {
+ return file.Flush()
+}
+
+func (file *StaticLargeObjectCreateFile) Flush() error {
+ if err := file.conn.createSLOManifest(file.container, file.objectName, file.contentType, file.segmentContainer, file.segments, file.headers); err != nil {
+ return err
+ }
+ return file.conn.waitForSegmentsToShowUp(file.container, file.objectName, file.Size())
+}
+
+func (c *Connection) getAllSLOSegments(container, path string) (string, []Object, error) {
+ var (
+ segmentList []swiftSegment
+ segments []Object
+ segPath string
+ segmentContainer string
+ )
+
+ values := url.Values{}
+ values.Set("multipart-manifest", "get")
+
+ file, _, err := c.objectOpen(container, path, true, nil, values)
+ if err != nil {
+ return "", nil, err
+ }
+
+ content, err := ioutil.ReadAll(file)
+ if err != nil {
+ return "", nil, err
+ }
+
+ json.Unmarshal(content, &segmentList)
+ for _, segment := range segmentList {
+ segmentContainer, segPath = parseFullPath(segment.Name[1:])
+ segments = append(segments, Object{
+ Name: segPath,
+ Bytes: segment.Bytes,
+ Hash: segment.Hash,
+ })
+ }
+
+ return segmentContainer, segments, nil
+}
diff --git a/vendor/github.com/ncw/swift/swift.go b/vendor/github.com/ncw/swift/swift.go
new file mode 100644
index 00000000000..59b68ce96bb
--- /dev/null
+++ b/vendor/github.com/ncw/swift/swift.go
@@ -0,0 +1,2293 @@
+package swift
+
+import (
+ "bufio"
+ "bytes"
+ "crypto/hmac"
+ "crypto/md5"
+ "crypto/sha1"
+ "encoding/hex"
+ "encoding/json"
+ "fmt"
+ "hash"
+ "io"
+ "io/ioutil"
+ "mime"
+ "net/http"
+ "net/url"
+ "os"
+ "path"
+ "strconv"
+ "strings"
+ "sync"
+ "time"
+)
+
+const (
+ DefaultUserAgent = "goswift/1.0" // Default user agent
+ DefaultRetries = 3 // Default number of retries on token expiry
+ TimeFormat = "2006-01-02T15:04:05" // Python date format for json replies parsed as UTC
+ UploadTar = "tar" // Data format specifier for Connection.BulkUpload().
+ UploadTarGzip = "tar.gz" // Data format specifier for Connection.BulkUpload().
+ UploadTarBzip2 = "tar.bz2" // Data format specifier for Connection.BulkUpload().
+ allContainersLimit = 10000 // Number of containers to fetch at once
+ allObjectsLimit = 10000 // Number objects to fetch at once
+ allObjectsChanLimit = 1000 // ...when fetching to a channel
+)
+
+// ObjectType is the type of the swift object, regular, static large,
+// or dynamic large.
+type ObjectType int
+
+// Values that ObjectType can take
+const (
+ RegularObjectType ObjectType = iota
+ StaticLargeObjectType
+ DynamicLargeObjectType
+)
+
+// Connection holds the details of the connection to the swift server.
+//
+// You need to provide UserName, ApiKey and AuthUrl when you create a
+// connection then call Authenticate on it.
+//
+// The auth version in use will be detected from the AuthURL - you can
+// override this with the AuthVersion parameter.
+//
+// If using v2 auth you can also set Region in the Connection
+// structure. If you don't set Region you will get the default region
+// which may not be what you want.
+//
+// For reference some common AuthUrls looks like this:
+//
+// Rackspace US https://auth.api.rackspacecloud.com/v1.0
+// Rackspace UK https://lon.auth.api.rackspacecloud.com/v1.0
+// Rackspace v2 https://identity.api.rackspacecloud.com/v2.0
+// Memset Memstore UK https://auth.storage.memset.com/v1.0
+// Memstore v2 https://auth.storage.memset.com/v2.0
+//
+// When using Google Appengine you must provide the Connection with an
+// appengine-specific Transport:
+//
+// import (
+// "appengine/urlfetch"
+// "fmt"
+// "github.com/ncw/swift"
+// )
+//
+// func handler(w http.ResponseWriter, r *http.Request) {
+// ctx := appengine.NewContext(r)
+// tr := urlfetch.Transport{Context: ctx}
+// c := swift.Connection{
+// UserName: "user",
+// ApiKey: "key",
+// AuthUrl: "auth_url",
+// Transport: tr,
+// }
+// _ := c.Authenticate()
+// containers, _ := c.ContainerNames(nil)
+// fmt.Fprintf(w, "containers: %q", containers)
+// }
+//
+// If you don't supply a Transport, one is made which relies on
+// http.ProxyFromEnvironment (http://golang.org/pkg/net/http/#ProxyFromEnvironment).
+// This means that the connection will respect the HTTP proxy specified by the
+// environment variables $HTTP_PROXY and $NO_PROXY.
+type Connection struct {
+ // Parameters - fill these in before calling Authenticate
+ // They are all optional except UserName, ApiKey and AuthUrl
+ Domain string // User's domain name
+ DomainId string // User's domain Id
+ UserName string // UserName for api
+ UserId string // User Id
+ ApiKey string // Key for api access
+ ApplicationCredentialId string // Application Credential ID
+ ApplicationCredentialName string // Application Credential Name
+ ApplicationCredentialSecret string // Application Credential Secret
+ AuthUrl string // Auth URL
+ Retries int // Retries on error (default is 3)
+ UserAgent string // Http User agent (default goswift/1.0)
+ ConnectTimeout time.Duration // Connect channel timeout (default 10s)
+ Timeout time.Duration // Data channel timeout (default 60s)
+ Region string // Region to use eg "LON", "ORD" - default is use first region (v2,v3 auth only)
+ AuthVersion int // Set to 1, 2 or 3 or leave at 0 for autodetect
+ Internal bool // Set this to true to use the the internal / service network
+ Tenant string // Name of the tenant (v2,v3 auth only)
+ TenantId string // Id of the tenant (v2,v3 auth only)
+ EndpointType EndpointType // Endpoint type (v2,v3 auth only) (default is public URL unless Internal is set)
+ TenantDomain string // Name of the tenant's domain (v3 auth only), only needed if it differs from the user domain
+ TenantDomainId string // Id of the tenant's domain (v3 auth only), only needed if it differs the from user domain
+ TrustId string // Id of the trust (v3 auth only)
+ Transport http.RoundTripper `json:"-" xml:"-"` // Optional specialised http.Transport (eg. for Google Appengine)
+ // These are filled in after Authenticate is called as are the defaults for above
+ StorageUrl string
+ AuthToken string
+ Expires time.Time // time the token expires, may be Zero if unknown
+ client *http.Client
+ Auth Authenticator `json:"-" xml:"-"` // the current authenticator
+ authLock *sync.Mutex // lock when R/W StorageUrl, AuthToken, Auth
+ // swiftInfo is filled after QueryInfo is called
+ swiftInfo SwiftInfo
+}
+
+// setFromEnv reads the value that param points to (it must be a
+// pointer), if it isn't the zero value then it reads the environment
+// variable name passed in, parses it according to the type and writes
+// it to the pointer.
+func setFromEnv(param interface{}, name string) (err error) {
+ val := os.Getenv(name)
+ if val == "" {
+ return
+ }
+ switch result := param.(type) {
+ case *string:
+ if *result == "" {
+ *result = val
+ }
+ case *int:
+ if *result == 0 {
+ *result, err = strconv.Atoi(val)
+ }
+ case *bool:
+ if *result == false {
+ *result, err = strconv.ParseBool(val)
+ }
+ case *time.Duration:
+ if *result == 0 {
+ *result, err = time.ParseDuration(val)
+ }
+ case *EndpointType:
+ if *result == EndpointType("") {
+ *result = EndpointType(val)
+ }
+ default:
+ return newErrorf(0, "can't set var of type %T", param)
+ }
+ return err
+}
+
+// ApplyEnvironment reads environment variables and applies them to
+// the Connection structure. It won't overwrite any parameters which
+// are already set in the Connection struct.
+//
+// To make a new Connection object entirely from the environment you
+// would do:
+//
+// c := new(Connection)
+// err := c.ApplyEnvironment()
+// if err != nil { log.Fatal(err) }
+//
+// The naming of these variables follows the official Openstack naming
+// scheme so it should be compatible with OpenStack rc files.
+//
+// For v1 authentication (obsolete)
+// ST_AUTH - Auth URL
+// ST_USER - UserName for api
+// ST_KEY - Key for api access
+//
+// For v2 authentication
+// OS_AUTH_URL - Auth URL
+// OS_USERNAME - UserName for api
+// OS_PASSWORD - Key for api access
+// OS_TENANT_NAME - Name of the tenant
+// OS_TENANT_ID - Id of the tenant
+// OS_REGION_NAME - Region to use - default is use first region
+//
+// For v3 authentication
+// OS_AUTH_URL - Auth URL
+// OS_USERNAME - UserName for api
+// OS_USER_ID - User Id
+// OS_PASSWORD - Key for api access
+// OS_APPLICATION_CREDENTIAL_ID - Application Credential ID
+// OS_APPLICATION_CREDENTIAL_NAME - Application Credential Name
+// OS_APPLICATION_CREDENTIAL_SECRET - Application Credential Secret
+// OS_USER_DOMAIN_NAME - User's domain name
+// OS_USER_DOMAIN_ID - User's domain Id
+// OS_PROJECT_NAME - Name of the project
+// OS_PROJECT_DOMAIN_NAME - Name of the tenant's domain, only needed if it differs from the user domain
+// OS_PROJECT_DOMAIN_ID - Id of the tenant's domain, only needed if it differs the from user domain
+// OS_TRUST_ID - If of the trust
+// OS_REGION_NAME - Region to use - default is use first region
+//
+// Other
+// OS_ENDPOINT_TYPE - Endpoint type public, internal or admin
+// ST_AUTH_VERSION - Choose auth version - 1, 2 or 3 or leave at 0 for autodetect
+//
+// For manual authentication
+// OS_STORAGE_URL - storage URL from alternate authentication
+// OS_AUTH_TOKEN - Auth Token from alternate authentication
+//
+// Library specific
+// GOSWIFT_RETRIES - Retries on error (default is 3)
+// GOSWIFT_USER_AGENT - HTTP User agent (default goswift/1.0)
+// GOSWIFT_CONNECT_TIMEOUT - Connect channel timeout with unit, eg "10s", "100ms" (default "10s")
+// GOSWIFT_TIMEOUT - Data channel timeout with unit, eg "10s", "100ms" (default "60s")
+// GOSWIFT_INTERNAL - Set this to "true" to use the the internal network (obsolete - use OS_ENDPOINT_TYPE)
+func (c *Connection) ApplyEnvironment() (err error) {
+ for _, item := range []struct {
+ result interface{}
+ name string
+ }{
+ // Environment variables - keep in same order as Connection
+ {&c.Domain, "OS_USER_DOMAIN_NAME"},
+ {&c.DomainId, "OS_USER_DOMAIN_ID"},
+ {&c.UserName, "OS_USERNAME"},
+ {&c.UserId, "OS_USER_ID"},
+ {&c.ApiKey, "OS_PASSWORD"},
+ {&c.ApplicationCredentialId, "OS_APPLICATION_CREDENTIAL_ID"},
+ {&c.ApplicationCredentialName, "OS_APPLICATION_CREDENTIAL_NAME"},
+ {&c.ApplicationCredentialSecret, "OS_APPLICATION_CREDENTIAL_SECRET"},
+ {&c.AuthUrl, "OS_AUTH_URL"},
+ {&c.Retries, "GOSWIFT_RETRIES"},
+ {&c.UserAgent, "GOSWIFT_USER_AGENT"},
+ {&c.ConnectTimeout, "GOSWIFT_CONNECT_TIMEOUT"},
+ {&c.Timeout, "GOSWIFT_TIMEOUT"},
+ {&c.Region, "OS_REGION_NAME"},
+ {&c.AuthVersion, "ST_AUTH_VERSION"},
+ {&c.Internal, "GOSWIFT_INTERNAL"},
+ {&c.Tenant, "OS_TENANT_NAME"}, //v2
+ {&c.Tenant, "OS_PROJECT_NAME"}, // v3
+ {&c.TenantId, "OS_TENANT_ID"},
+ {&c.EndpointType, "OS_ENDPOINT_TYPE"},
+ {&c.TenantDomain, "OS_PROJECT_DOMAIN_NAME"},
+ {&c.TenantDomainId, "OS_PROJECT_DOMAIN_ID"},
+ {&c.TrustId, "OS_TRUST_ID"},
+ {&c.StorageUrl, "OS_STORAGE_URL"},
+ {&c.AuthToken, "OS_AUTH_TOKEN"},
+ // v1 auth alternatives
+ {&c.ApiKey, "ST_KEY"},
+ {&c.UserName, "ST_USER"},
+ {&c.AuthUrl, "ST_AUTH"},
+ } {
+ err = setFromEnv(item.result, item.name)
+ if err != nil {
+ return newErrorf(0, "failed to read env var %q: %v", item.name, err)
+ }
+ }
+ return nil
+}
+
+// Error - all errors generated by this package are of this type. Other error
+// may be passed on from library functions though.
+type Error struct {
+ StatusCode int // HTTP status code if relevant or 0 if not
+ Text string
+}
+
+// Error satisfy the error interface.
+func (e *Error) Error() string {
+ return e.Text
+}
+
+// newError make a new error from a string.
+func newError(StatusCode int, Text string) *Error {
+ return &Error{
+ StatusCode: StatusCode,
+ Text: Text,
+ }
+}
+
+// newErrorf makes a new error from sprintf parameters.
+func newErrorf(StatusCode int, Text string, Parameters ...interface{}) *Error {
+ return newError(StatusCode, fmt.Sprintf(Text, Parameters...))
+}
+
+// errorMap defines http error codes to error mappings.
+type errorMap map[int]error
+
+var (
+ // Specific Errors you might want to check for equality
+ NotModified = newError(304, "Not Modified")
+ BadRequest = newError(400, "Bad Request")
+ AuthorizationFailed = newError(401, "Authorization Failed")
+ ContainerNotFound = newError(404, "Container Not Found")
+ ContainerNotEmpty = newError(409, "Container Not Empty")
+ ObjectNotFound = newError(404, "Object Not Found")
+ ObjectCorrupted = newError(422, "Object Corrupted")
+ TimeoutError = newError(408, "Timeout when reading or writing data")
+ Forbidden = newError(403, "Operation forbidden")
+ TooLargeObject = newError(413, "Too Large Object")
+ RateLimit = newError(498, "Rate Limit")
+ TooManyRequests = newError(429, "TooManyRequests")
+
+ // Mappings for authentication errors
+ authErrorMap = errorMap{
+ 400: BadRequest,
+ 401: AuthorizationFailed,
+ 403: Forbidden,
+ }
+
+ // Mappings for container errors
+ ContainerErrorMap = errorMap{
+ 400: BadRequest,
+ 403: Forbidden,
+ 404: ContainerNotFound,
+ 409: ContainerNotEmpty,
+ 498: RateLimit,
+ }
+
+ // Mappings for object errors
+ objectErrorMap = errorMap{
+ 304: NotModified,
+ 400: BadRequest,
+ 403: Forbidden,
+ 404: ObjectNotFound,
+ 413: TooLargeObject,
+ 422: ObjectCorrupted,
+ 429: TooManyRequests,
+ 498: RateLimit,
+ }
+)
+
+// checkClose is used to check the return from Close in a defer
+// statement.
+func checkClose(c io.Closer, err *error) {
+ cerr := c.Close()
+ if *err == nil {
+ *err = cerr
+ }
+}
+
+// drainAndClose discards all data from rd and closes it.
+// If an error occurs during Read, it is discarded.
+func drainAndClose(rd io.ReadCloser, err *error) {
+ if rd == nil {
+ return
+ }
+
+ _, _ = io.Copy(ioutil.Discard, rd)
+ cerr := rd.Close()
+ if err != nil && *err == nil {
+ *err = cerr
+ }
+}
+
+// parseHeaders checks a response for errors and translates into
+// standard errors if necessary. If an error is returned, resp.Body
+// has been drained and closed.
+func (c *Connection) parseHeaders(resp *http.Response, errorMap errorMap) error {
+ if errorMap != nil {
+ if err, ok := errorMap[resp.StatusCode]; ok {
+ drainAndClose(resp.Body, nil)
+ return err
+ }
+ }
+ if resp.StatusCode < 200 || resp.StatusCode > 299 {
+ drainAndClose(resp.Body, nil)
+ return newErrorf(resp.StatusCode, "HTTP Error: %d: %s", resp.StatusCode, resp.Status)
+ }
+ return nil
+}
+
+// readHeaders returns a Headers object from the http.Response.
+//
+// If it receives multiple values for a key (which should never
+// happen) it will use the first one
+func readHeaders(resp *http.Response) Headers {
+ headers := Headers{}
+ for key, values := range resp.Header {
+ headers[key] = values[0]
+ }
+ return headers
+}
+
+// Headers stores HTTP headers (can only have one of each header like Swift).
+type Headers map[string]string
+
+// Does an http request using the running timer passed in
+func (c *Connection) doTimeoutRequest(timer *time.Timer, req *http.Request) (*http.Response, error) {
+ // Do the request in the background so we can check the timeout
+ type result struct {
+ resp *http.Response
+ err error
+ }
+ done := make(chan result, 1)
+ go func() {
+ resp, err := c.client.Do(req)
+ done <- result{resp, err}
+ }()
+ // Wait for the read or the timeout
+ select {
+ case r := <-done:
+ return r.resp, r.err
+ case <-timer.C:
+ // Kill the connection on timeout so we don't leak sockets or goroutines
+ cancelRequest(c.Transport, req)
+ return nil, TimeoutError
+ }
+ panic("unreachable") // For Go 1.0
+}
+
+// Set defaults for any unset values
+//
+// Call with authLock held
+func (c *Connection) setDefaults() {
+ if c.UserAgent == "" {
+ c.UserAgent = DefaultUserAgent
+ }
+ if c.Retries == 0 {
+ c.Retries = DefaultRetries
+ }
+ if c.ConnectTimeout == 0 {
+ c.ConnectTimeout = 10 * time.Second
+ }
+ if c.Timeout == 0 {
+ c.Timeout = 60 * time.Second
+ }
+ if c.Transport == nil {
+ t := &http.Transport{
+ // TLSClientConfig: &tls.Config{RootCAs: pool},
+ // DisableCompression: true,
+ Proxy: http.ProxyFromEnvironment,
+ // Half of linux's default open files limit (1024).
+ MaxIdleConnsPerHost: 512,
+ }
+ SetExpectContinueTimeout(t, 5*time.Second)
+ c.Transport = t
+ }
+ if c.client == nil {
+ c.client = &http.Client{
+ // CheckRedirect: redirectPolicyFunc,
+ Transport: c.Transport,
+ }
+ }
+}
+
+// Authenticate connects to the Swift server.
+//
+// If you don't call it before calling one of the connection methods
+// then it will be called for you on the first access.
+func (c *Connection) Authenticate() (err error) {
+ if c.authLock == nil {
+ c.authLock = &sync.Mutex{}
+ }
+ c.authLock.Lock()
+ defer c.authLock.Unlock()
+ return c.authenticate()
+}
+
+// Internal implementation of Authenticate
+//
+// Call with authLock held
+func (c *Connection) authenticate() (err error) {
+ c.setDefaults()
+
+ // Flush the keepalives connection - if we are
+ // re-authenticating then stuff has gone wrong
+ flushKeepaliveConnections(c.Transport)
+
+ if c.Auth == nil {
+ c.Auth, err = newAuth(c)
+ if err != nil {
+ return
+ }
+ }
+
+ retries := 1
+again:
+ var req *http.Request
+ req, err = c.Auth.Request(c)
+ if err != nil {
+ return
+ }
+ if req != nil {
+ timer := time.NewTimer(c.ConnectTimeout)
+ defer timer.Stop()
+ var resp *http.Response
+ resp, err = c.doTimeoutRequest(timer, req)
+ if err != nil {
+ return
+ }
+ defer func() {
+ drainAndClose(resp.Body, &err)
+ // Flush the auth connection - we don't want to keep
+ // it open if keepalives were enabled
+ flushKeepaliveConnections(c.Transport)
+ }()
+ if err = c.parseHeaders(resp, authErrorMap); err != nil {
+ // Try again for a limited number of times on
+ // AuthorizationFailed or BadRequest. This allows us
+ // to try some alternate forms of the request
+ if (err == AuthorizationFailed || err == BadRequest) && retries > 0 {
+ retries--
+ goto again
+ }
+ return
+ }
+ err = c.Auth.Response(resp)
+ if err != nil {
+ return
+ }
+ }
+ if customAuth, isCustom := c.Auth.(CustomEndpointAuthenticator); isCustom && c.EndpointType != "" {
+ c.StorageUrl = customAuth.StorageUrlForEndpoint(c.EndpointType)
+ } else {
+ c.StorageUrl = c.Auth.StorageUrl(c.Internal)
+ }
+ c.AuthToken = c.Auth.Token()
+ if do, ok := c.Auth.(Expireser); ok {
+ c.Expires = do.Expires()
+ } else {
+ c.Expires = time.Time{}
+ }
+
+ if !c.authenticated() {
+ err = newError(0, "Response didn't have storage url and auth token")
+ return
+ }
+ return
+}
+
+// Get an authToken and url
+//
+// The Url may be updated if it needed to authenticate using the OnReAuth function
+func (c *Connection) getUrlAndAuthToken(targetUrlIn string, OnReAuth func() (string, error)) (targetUrlOut, authToken string, err error) {
+ c.authLock.Lock()
+ defer c.authLock.Unlock()
+ targetUrlOut = targetUrlIn
+ if !c.authenticated() {
+ err = c.authenticate()
+ if err != nil {
+ return
+ }
+ if OnReAuth != nil {
+ targetUrlOut, err = OnReAuth()
+ if err != nil {
+ return
+ }
+ }
+ }
+ authToken = c.AuthToken
+ return
+}
+
+// flushKeepaliveConnections is called to flush pending requests after an error.
+func flushKeepaliveConnections(transport http.RoundTripper) {
+ if tr, ok := transport.(interface {
+ CloseIdleConnections()
+ }); ok {
+ tr.CloseIdleConnections()
+ }
+}
+
+// UnAuthenticate removes the authentication from the Connection.
+func (c *Connection) UnAuthenticate() {
+ c.authLock.Lock()
+ c.StorageUrl = ""
+ c.AuthToken = ""
+ c.authLock.Unlock()
+}
+
+// Authenticated returns a boolean to show if the current connection
+// is authenticated.
+//
+// Doesn't actually check the credentials against the server.
+func (c *Connection) Authenticated() bool {
+ if c.authLock == nil {
+ c.authLock = &sync.Mutex{}
+ }
+ c.authLock.Lock()
+ defer c.authLock.Unlock()
+ return c.authenticated()
+}
+
+// Internal version of Authenticated()
+//
+// Call with authLock held
+func (c *Connection) authenticated() bool {
+ if c.StorageUrl == "" || c.AuthToken == "" {
+ return false
+ }
+ if c.Expires.IsZero() {
+ return true
+ }
+ timeUntilExpiry := c.Expires.Sub(time.Now())
+ return timeUntilExpiry >= 60*time.Second
+}
+
+// SwiftInfo contains the JSON object returned by Swift when the /info
+// route is queried. The object contains, among others, the Swift version,
+// the enabled middlewares and their configuration
+type SwiftInfo map[string]interface{}
+
+func (i SwiftInfo) SupportsBulkDelete() bool {
+ _, val := i["bulk_delete"]
+ return val
+}
+
+func (i SwiftInfo) SupportsSLO() bool {
+ _, val := i["slo"]
+ return val
+}
+
+func (i SwiftInfo) SLOMinSegmentSize() int64 {
+ if slo, ok := i["slo"].(map[string]interface{}); ok {
+ val, _ := slo["min_segment_size"].(float64)
+ return int64(val)
+ }
+ return 1
+}
+
+// Discover Swift configuration by doing a request against /info
+func (c *Connection) QueryInfo() (infos SwiftInfo, err error) {
+ infoUrl, err := url.Parse(c.StorageUrl)
+ if err != nil {
+ return nil, err
+ }
+ infoUrl.Path = path.Join(infoUrl.Path, "..", "..", "info")
+ resp, err := c.client.Get(infoUrl.String())
+ if err == nil {
+ if resp.StatusCode != http.StatusOK {
+ drainAndClose(resp.Body, nil)
+ return nil, fmt.Errorf("Invalid status code for info request: %d", resp.StatusCode)
+ }
+ err = readJson(resp, &infos)
+ if err == nil {
+ c.authLock.Lock()
+ c.swiftInfo = infos
+ c.authLock.Unlock()
+ }
+ return infos, err
+ }
+ return nil, err
+}
+
+func (c *Connection) cachedQueryInfo() (infos SwiftInfo, err error) {
+ c.authLock.Lock()
+ infos = c.swiftInfo
+ c.authLock.Unlock()
+ if infos == nil {
+ infos, err = c.QueryInfo()
+ if err != nil {
+ return
+ }
+ }
+ return infos, nil
+}
+
+// RequestOpts contains parameters for Connection.storage.
+type RequestOpts struct {
+ Container string
+ ObjectName string
+ Operation string
+ Parameters url.Values
+ Headers Headers
+ ErrorMap errorMap
+ NoResponse bool
+ Body io.Reader
+ Retries int
+ // if set this is called on re-authentication to refresh the targetUrl
+ OnReAuth func() (string, error)
+}
+
+// Call runs a remote command on the targetUrl, returns a
+// response, headers and possible error.
+//
+// operation is GET, HEAD etc
+// container is the name of a container
+// Any other parameters (if not None) are added to the targetUrl
+//
+// Returns a response or an error. If response is returned then
+// the resp.Body must be read completely and
+// resp.Body.Close() must be called on it, unless noResponse is set in
+// which case the body will be closed in this function
+//
+// If "Content-Length" is set in p.Headers it will be used - this can
+// be used to override the default chunked transfer encoding for
+// uploads.
+//
+// This will Authenticate if necessary, and re-authenticate if it
+// receives a 401 error which means the token has expired
+//
+// This method is exported so extensions can call it.
+func (c *Connection) Call(targetUrl string, p RequestOpts) (resp *http.Response, headers Headers, err error) {
+ c.authLock.Lock()
+ c.setDefaults()
+ c.authLock.Unlock()
+ retries := p.Retries
+ if retries == 0 {
+ retries = c.Retries
+ }
+ var req *http.Request
+ for {
+ var authToken string
+ if targetUrl, authToken, err = c.getUrlAndAuthToken(targetUrl, p.OnReAuth); err != nil {
+ return //authentication failure
+ }
+ var URL *url.URL
+ URL, err = url.Parse(targetUrl)
+ if err != nil {
+ return
+ }
+ if p.Container != "" {
+ URL.Path += "/" + p.Container
+ if p.ObjectName != "" {
+ URL.Path += "/" + p.ObjectName
+ }
+ }
+ if p.Parameters != nil {
+ URL.RawQuery = p.Parameters.Encode()
+ }
+ timer := time.NewTimer(c.ConnectTimeout)
+ defer timer.Stop()
+ reader := p.Body
+ if reader != nil {
+ reader = newWatchdogReader(reader, c.Timeout, timer)
+ }
+ req, err = http.NewRequest(p.Operation, URL.String(), reader)
+ if err != nil {
+ return
+ }
+ if p.Headers != nil {
+ for k, v := range p.Headers {
+ // Set ContentLength in req if the user passed it in in the headers
+ if k == "Content-Length" {
+ req.ContentLength, err = strconv.ParseInt(v, 10, 64)
+ if err != nil {
+ err = fmt.Errorf("Invalid %q header %q: %v", k, v, err)
+ return
+ }
+ } else {
+ req.Header.Add(k, v)
+ }
+ }
+ }
+ req.Header.Add("User-Agent", c.UserAgent)
+ req.Header.Add("X-Auth-Token", authToken)
+
+ _, hasCL := p.Headers["Content-Length"]
+ AddExpectAndTransferEncoding(req, hasCL)
+
+ resp, err = c.doTimeoutRequest(timer, req)
+ if err != nil {
+ if (p.Operation == "HEAD" || p.Operation == "GET") && retries > 0 {
+ retries--
+ continue
+ }
+ return
+ }
+ // Check to see if token has expired
+ if resp.StatusCode == 401 && retries > 0 {
+ drainAndClose(resp.Body, nil)
+ c.UnAuthenticate()
+ retries--
+ } else {
+ break
+ }
+ }
+
+ headers = readHeaders(resp)
+ if err = c.parseHeaders(resp, p.ErrorMap); err != nil {
+ return
+ }
+ if p.NoResponse {
+ drainAndClose(resp.Body, &err)
+ if err != nil {
+ return
+ }
+ } else {
+ // Cancel the request on timeout
+ cancel := func() {
+ cancelRequest(c.Transport, req)
+ }
+ // Wrap resp.Body to make it obey an idle timeout
+ resp.Body = newTimeoutReader(resp.Body, c.Timeout, cancel)
+ }
+ return
+}
+
+// storage runs a remote command on a the storage url, returns a
+// response, headers and possible error.
+//
+// operation is GET, HEAD etc
+// container is the name of a container
+// Any other parameters (if not None) are added to the storage url
+//
+// Returns a response or an error. If response is returned then
+// resp.Body.Close() must be called on it, unless noResponse is set in
+// which case the body will be closed in this function
+//
+// This will Authenticate if necessary, and re-authenticate if it
+// receives a 401 error which means the token has expired
+func (c *Connection) storage(p RequestOpts) (resp *http.Response, headers Headers, err error) {
+ p.OnReAuth = func() (string, error) {
+ return c.StorageUrl, nil
+ }
+ c.authLock.Lock()
+ url := c.StorageUrl
+ c.authLock.Unlock()
+ return c.Call(url, p)
+}
+
+// readLines reads the response into an array of strings.
+//
+// Closes the response when done
+func readLines(resp *http.Response) (lines []string, err error) {
+ defer drainAndClose(resp.Body, &err)
+ reader := bufio.NewReader(resp.Body)
+ buffer := bytes.NewBuffer(make([]byte, 0, 128))
+ var part []byte
+ var prefix bool
+ for {
+ if part, prefix, err = reader.ReadLine(); err != nil {
+ break
+ }
+ buffer.Write(part)
+ if !prefix {
+ lines = append(lines, buffer.String())
+ buffer.Reset()
+ }
+ }
+ if err == io.EOF {
+ err = nil
+ }
+ return
+}
+
+// readJson reads the response into the json type passed in
+//
+// Closes the response when done
+func readJson(resp *http.Response, result interface{}) (err error) {
+ defer drainAndClose(resp.Body, &err)
+ decoder := json.NewDecoder(resp.Body)
+ return decoder.Decode(result)
+}
+
+/* ------------------------------------------------------------ */
+
+// ContainersOpts is options for Containers() and ContainerNames()
+type ContainersOpts struct {
+ Limit int // For an integer value n, limits the number of results to at most n values.
+ Prefix string // Given a string value x, return container names matching the specified prefix.
+ Marker string // Given a string value x, return container names greater in value than the specified marker.
+ EndMarker string // Given a string value x, return container names less in value than the specified marker.
+ Headers Headers // Any additional HTTP headers - can be nil
+}
+
+// parse the ContainerOpts
+func (opts *ContainersOpts) parse() (url.Values, Headers) {
+ v := url.Values{}
+ var h Headers
+ if opts != nil {
+ if opts.Limit > 0 {
+ v.Set("limit", strconv.Itoa(opts.Limit))
+ }
+ if opts.Prefix != "" {
+ v.Set("prefix", opts.Prefix)
+ }
+ if opts.Marker != "" {
+ v.Set("marker", opts.Marker)
+ }
+ if opts.EndMarker != "" {
+ v.Set("end_marker", opts.EndMarker)
+ }
+ h = opts.Headers
+ }
+ return v, h
+}
+
+// ContainerNames returns a slice of names of containers in this account.
+func (c *Connection) ContainerNames(opts *ContainersOpts) ([]string, error) {
+ v, h := opts.parse()
+ resp, _, err := c.storage(RequestOpts{
+ Operation: "GET",
+ Parameters: v,
+ ErrorMap: ContainerErrorMap,
+ Headers: h,
+ })
+ if err != nil {
+ return nil, err
+ }
+ lines, err := readLines(resp)
+ return lines, err
+}
+
+// Container contains information about a container
+type Container struct {
+ Name string // Name of the container
+ Count int64 // Number of objects in the container
+ Bytes int64 // Total number of bytes used in the container
+}
+
+// Containers returns a slice of structures with full information as
+// described in Container.
+func (c *Connection) Containers(opts *ContainersOpts) ([]Container, error) {
+ v, h := opts.parse()
+ v.Set("format", "json")
+ resp, _, err := c.storage(RequestOpts{
+ Operation: "GET",
+ Parameters: v,
+ ErrorMap: ContainerErrorMap,
+ Headers: h,
+ })
+ if err != nil {
+ return nil, err
+ }
+ var containers []Container
+ err = readJson(resp, &containers)
+ return containers, err
+}
+
+// containersAllOpts makes a copy of opts if set or makes a new one and
+// overrides Limit and Marker
+func containersAllOpts(opts *ContainersOpts) *ContainersOpts {
+ var newOpts ContainersOpts
+ if opts != nil {
+ newOpts = *opts
+ }
+ if newOpts.Limit == 0 {
+ newOpts.Limit = allContainersLimit
+ }
+ newOpts.Marker = ""
+ return &newOpts
+}
+
+// ContainersAll is like Containers but it returns all the Containers
+//
+// It calls Containers multiple times using the Marker parameter
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ContainersAll(opts *ContainersOpts) ([]Container, error) {
+ opts = containersAllOpts(opts)
+ containers := make([]Container, 0)
+ for {
+ newContainers, err := c.Containers(opts)
+ if err != nil {
+ return nil, err
+ }
+ containers = append(containers, newContainers...)
+ if len(newContainers) < opts.Limit {
+ break
+ }
+ opts.Marker = newContainers[len(newContainers)-1].Name
+ }
+ return containers, nil
+}
+
+// ContainerNamesAll is like ContainerNames but it returns all the Containers
+//
+// It calls ContainerNames multiple times using the Marker parameter
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ContainerNamesAll(opts *ContainersOpts) ([]string, error) {
+ opts = containersAllOpts(opts)
+ containers := make([]string, 0)
+ for {
+ newContainers, err := c.ContainerNames(opts)
+ if err != nil {
+ return nil, err
+ }
+ containers = append(containers, newContainers...)
+ if len(newContainers) < opts.Limit {
+ break
+ }
+ opts.Marker = newContainers[len(newContainers)-1]
+ }
+ return containers, nil
+}
+
+/* ------------------------------------------------------------ */
+
+// ObjectOpts is options for Objects() and ObjectNames()
+type ObjectsOpts struct {
+ Limit int // For an integer value n, limits the number of results to at most n values.
+ Marker string // Given a string value x, return object names greater in value than the specified marker.
+ EndMarker string // Given a string value x, return object names less in value than the specified marker
+ Prefix string // For a string value x, causes the results to be limited to object names beginning with the substring x.
+ Path string // For a string value x, return the object names nested in the pseudo path
+ Delimiter rune // For a character c, return all the object names nested in the container
+ Headers Headers // Any additional HTTP headers - can be nil
+ KeepMarker bool // Do not reset Marker when using ObjectsAll or ObjectNamesAll
+}
+
+// parse reads values out of ObjectsOpts
+func (opts *ObjectsOpts) parse() (url.Values, Headers) {
+ v := url.Values{}
+ var h Headers
+ if opts != nil {
+ if opts.Limit > 0 {
+ v.Set("limit", strconv.Itoa(opts.Limit))
+ }
+ if opts.Marker != "" {
+ v.Set("marker", opts.Marker)
+ }
+ if opts.EndMarker != "" {
+ v.Set("end_marker", opts.EndMarker)
+ }
+ if opts.Prefix != "" {
+ v.Set("prefix", opts.Prefix)
+ }
+ if opts.Path != "" {
+ v.Set("path", opts.Path)
+ }
+ if opts.Delimiter != 0 {
+ v.Set("delimiter", string(opts.Delimiter))
+ }
+ h = opts.Headers
+ }
+ return v, h
+}
+
+// ObjectNames returns a slice of names of objects in a given container.
+func (c *Connection) ObjectNames(container string, opts *ObjectsOpts) ([]string, error) {
+ v, h := opts.parse()
+ resp, _, err := c.storage(RequestOpts{
+ Container: container,
+ Operation: "GET",
+ Parameters: v,
+ ErrorMap: ContainerErrorMap,
+ Headers: h,
+ })
+ if err != nil {
+ return nil, err
+ }
+ return readLines(resp)
+}
+
+// Object contains information about an object
+type Object struct {
+ Name string `json:"name"` // object name
+ ContentType string `json:"content_type"` // eg application/directory
+ Bytes int64 `json:"bytes"` // size in bytes
+ ServerLastModified string `json:"last_modified"` // Last modified time, eg '2011-06-30T08:20:47.736680' as a string supplied by the server
+ LastModified time.Time // Last modified time converted to a time.Time
+ Hash string `json:"hash"` // MD5 hash, eg "d41d8cd98f00b204e9800998ecf8427e"
+ SLOHash string `json:"slo_etag"` // MD5 hash of all segments' MD5 hash, eg "d41d8cd98f00b204e9800998ecf8427e"
+ PseudoDirectory bool // Set when using delimiter to show that this directory object does not really exist
+ SubDir string `json:"subdir"` // returned only when using delimiter to mark "pseudo directories"
+ ObjectType ObjectType // type of this object
+}
+
+// Objects returns a slice of Object with information about each
+// object in the container.
+//
+// If Delimiter is set in the opts then PseudoDirectory may be set,
+// with ContentType 'application/directory'. These are not real
+// objects but represent directories of objects which haven't had an
+// object created for them.
+func (c *Connection) Objects(container string, opts *ObjectsOpts) ([]Object, error) {
+ v, h := opts.parse()
+ v.Set("format", "json")
+ resp, _, err := c.storage(RequestOpts{
+ Container: container,
+ Operation: "GET",
+ Parameters: v,
+ ErrorMap: ContainerErrorMap,
+ Headers: h,
+ })
+ if err != nil {
+ return nil, err
+ }
+ var objects []Object
+ err = readJson(resp, &objects)
+ // Convert Pseudo directories and dates
+ for i := range objects {
+ object := &objects[i]
+ if object.SubDir != "" {
+ object.Name = object.SubDir
+ object.PseudoDirectory = true
+ object.ContentType = "application/directory"
+ }
+ if object.ServerLastModified != "" {
+ // 2012-11-11T14:49:47.887250
+ //
+ // Remove fractional seconds if present. This
+ // then keeps it consistent with Object
+ // which can only return timestamps accurate
+ // to 1 second
+ //
+ // The TimeFormat will parse fractional
+ // seconds if desired though
+ datetime := strings.SplitN(object.ServerLastModified, ".", 2)[0]
+ object.LastModified, err = time.Parse(TimeFormat, datetime)
+ if err != nil {
+ return nil, err
+ }
+ }
+ if object.SLOHash != "" {
+ object.ObjectType = StaticLargeObjectType
+ }
+ }
+ return objects, err
+}
+
+// objectsAllOpts makes a copy of opts if set or makes a new one and
+// overrides Limit and Marker
+// Marker is not overriden if KeepMarker is set
+func objectsAllOpts(opts *ObjectsOpts, Limit int) *ObjectsOpts {
+ var newOpts ObjectsOpts
+ if opts != nil {
+ newOpts = *opts
+ }
+ if newOpts.Limit == 0 {
+ newOpts.Limit = Limit
+ }
+ if !newOpts.KeepMarker {
+ newOpts.Marker = ""
+ }
+ return &newOpts
+}
+
+// A closure defined by the caller to iterate through all objects
+//
+// Call Objects or ObjectNames from here with the *ObjectOpts passed in
+//
+// Do whatever is required with the results then return them
+type ObjectsWalkFn func(*ObjectsOpts) (interface{}, error)
+
+// ObjectsWalk is uses to iterate through all the objects in chunks as
+// returned by Objects or ObjectNames using the Marker and Limit
+// parameters in the ObjectsOpts.
+//
+// Pass in a closure `walkFn` which calls Objects or ObjectNames with
+// the *ObjectsOpts passed to it and does something with the results.
+//
+// Errors will be returned from this function
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ObjectsWalk(container string, opts *ObjectsOpts, walkFn ObjectsWalkFn) error {
+ opts = objectsAllOpts(opts, allObjectsChanLimit)
+ for {
+ objects, err := walkFn(opts)
+ if err != nil {
+ return err
+ }
+ var n int
+ var last string
+ switch objects := objects.(type) {
+ case []string:
+ n = len(objects)
+ if n > 0 {
+ last = objects[len(objects)-1]
+ }
+ case []Object:
+ n = len(objects)
+ if n > 0 {
+ last = objects[len(objects)-1].Name
+ }
+ default:
+ panic("Unknown type returned to ObjectsWalk")
+ }
+ if n < opts.Limit {
+ break
+ }
+ opts.Marker = last
+ }
+ return nil
+}
+
+// ObjectsAll is like Objects but it returns an unlimited number of Objects in a slice
+//
+// It calls Objects multiple times using the Marker parameter
+func (c *Connection) ObjectsAll(container string, opts *ObjectsOpts) ([]Object, error) {
+ objects := make([]Object, 0)
+ err := c.ObjectsWalk(container, opts, func(opts *ObjectsOpts) (interface{}, error) {
+ newObjects, err := c.Objects(container, opts)
+ if err == nil {
+ objects = append(objects, newObjects...)
+ }
+ return newObjects, err
+ })
+ return objects, err
+}
+
+// ObjectNamesAll is like ObjectNames but it returns all the Objects
+//
+// It calls ObjectNames multiple times using the Marker parameter. Marker is
+// reset unless KeepMarker is set
+//
+// It has a default Limit parameter but you may pass in your own
+func (c *Connection) ObjectNamesAll(container string, opts *ObjectsOpts) ([]string, error) {
+ objects := make([]string, 0)
+ err := c.ObjectsWalk(container, opts, func(opts *ObjectsOpts) (interface{}, error) {
+ newObjects, err := c.ObjectNames(container, opts)
+ if err == nil {
+ objects = append(objects, newObjects...)
+ }
+ return newObjects, err
+ })
+ return objects, err
+}
+
+// Account contains information about this account.
+type Account struct {
+ BytesUsed int64 // total number of bytes used
+ Containers int64 // total number of containers
+ Objects int64 // total number of objects
+}
+
+// getInt64FromHeader is a helper function to decode int64 from header.
+func getInt64FromHeader(resp *http.Response, header string) (result int64, err error) {
+ value := resp.Header.Get(header)
+ result, err = strconv.ParseInt(value, 10, 64)
+ if err != nil {
+ err = newErrorf(0, "Bad Header '%s': '%s': %s", header, value, err)
+ }
+ return
+}
+
+// Account returns info about the account in an Account struct.
+func (c *Connection) Account() (info Account, headers Headers, err error) {
+ var resp *http.Response
+ resp, headers, err = c.storage(RequestOpts{
+ Operation: "HEAD",
+ ErrorMap: ContainerErrorMap,
+ NoResponse: true,
+ })
+ if err != nil {
+ return
+ }
+ // Parse the headers into a dict
+ //
+ // {'Accept-Ranges': 'bytes',
+ // 'Content-Length': '0',
+ // 'Date': 'Tue, 05 Jul 2011 16:37:06 GMT',
+ // 'X-Account-Bytes-Used': '316598182',
+ // 'X-Account-Container-Count': '4',
+ // 'X-Account-Object-Count': '1433'}
+ if info.BytesUsed, err = getInt64FromHeader(resp, "X-Account-Bytes-Used"); err != nil {
+ return
+ }
+ if info.Containers, err = getInt64FromHeader(resp, "X-Account-Container-Count"); err != nil {
+ return
+ }
+ if info.Objects, err = getInt64FromHeader(resp, "X-Account-Object-Count"); err != nil {
+ return
+ }
+ return
+}
+
+// AccountUpdate adds, replaces or remove account metadata.
+//
+// Add or update keys by mentioning them in the Headers.
+//
+// Remove keys by setting them to an empty string.
+func (c *Connection) AccountUpdate(h Headers) error {
+ _, _, err := c.storage(RequestOpts{
+ Operation: "POST",
+ ErrorMap: ContainerErrorMap,
+ NoResponse: true,
+ Headers: h,
+ })
+ return err
+}
+
+// ContainerCreate creates a container.
+//
+// If you don't want to add Headers just pass in nil
+//
+// No error is returned if it already exists but the metadata if any will be updated.
+func (c *Connection) ContainerCreate(container string, h Headers) error {
+ _, _, err := c.storage(RequestOpts{
+ Container: container,
+ Operation: "PUT",
+ ErrorMap: ContainerErrorMap,
+ NoResponse: true,
+ Headers: h,
+ })
+ return err
+}
+
+// ContainerDelete deletes a container.
+//
+// May return ContainerDoesNotExist or ContainerNotEmpty
+func (c *Connection) ContainerDelete(container string) error {
+ _, _, err := c.storage(RequestOpts{
+ Container: container,
+ Operation: "DELETE",
+ ErrorMap: ContainerErrorMap,
+ NoResponse: true,
+ })
+ return err
+}
+
+// Container returns info about a single container including any
+// metadata in the headers.
+func (c *Connection) Container(container string) (info Container, headers Headers, err error) {
+ var resp *http.Response
+ resp, headers, err = c.storage(RequestOpts{
+ Container: container,
+ Operation: "HEAD",
+ ErrorMap: ContainerErrorMap,
+ NoResponse: true,
+ })
+ if err != nil {
+ return
+ }
+ // Parse the headers into the struct
+ info.Name = container
+ if info.Bytes, err = getInt64FromHeader(resp, "X-Container-Bytes-Used"); err != nil {
+ return
+ }
+ if info.Count, err = getInt64FromHeader(resp, "X-Container-Object-Count"); err != nil {
+ return
+ }
+ return
+}
+
+// ContainerUpdate adds, replaces or removes container metadata.
+//
+// Add or update keys by mentioning them in the Metadata.
+//
+// Remove keys by setting them to an empty string.
+//
+// Container metadata can only be read with Container() not with Containers().
+func (c *Connection) ContainerUpdate(container string, h Headers) error {
+ _, _, err := c.storage(RequestOpts{
+ Container: container,
+ Operation: "POST",
+ ErrorMap: ContainerErrorMap,
+ NoResponse: true,
+ Headers: h,
+ })
+ return err
+}
+
+// ------------------------------------------------------------
+
+// ObjectCreateFile represents a swift object open for writing
+type ObjectCreateFile struct {
+ checkHash bool // whether we are checking the hash
+ pipeReader *io.PipeReader // pipe for the caller to use
+ pipeWriter *io.PipeWriter
+ hash hash.Hash // hash being build up as we go along
+ done chan struct{} // signals when the upload has finished
+ resp *http.Response // valid when done has signalled
+ err error // ditto
+ headers Headers // ditto
+}
+
+// Write bytes to the object - see io.Writer
+func (file *ObjectCreateFile) Write(p []byte) (n int, err error) {
+ n, err = file.pipeWriter.Write(p)
+ if err == io.ErrClosedPipe {
+ if file.err != nil {
+ return 0, file.err
+ }
+ return 0, newError(500, "Write on closed file")
+ }
+ if err == nil && file.checkHash {
+ _, _ = file.hash.Write(p)
+ }
+ return
+}
+
+// CloseWithError closes the object, aborting the upload.
+func (file *ObjectCreateFile) CloseWithError(err error) error {
+ _ = file.pipeWriter.CloseWithError(err)
+ <-file.done
+ return nil
+}
+
+// Close the object and checks the md5sum if it was required.
+//
+// Also returns any other errors from the server (eg container not
+// found) so it is very important to check the errors on this method.
+func (file *ObjectCreateFile) Close() error {
+ // Close the body
+ err := file.pipeWriter.Close()
+ if err != nil {
+ return err
+ }
+
+ // Wait for the HTTP operation to complete
+ <-file.done
+
+ // Check errors
+ if file.err != nil {
+ return file.err
+ }
+ if file.checkHash {
+ receivedMd5 := strings.ToLower(file.headers["Etag"])
+ calculatedMd5 := fmt.Sprintf("%x", file.hash.Sum(nil))
+ if receivedMd5 != calculatedMd5 {
+ return ObjectCorrupted
+ }
+ }
+ return nil
+}
+
+// Headers returns the response headers from the created object if the upload
+// has been completed. The Close() method must be called on an ObjectCreateFile
+// before this method.
+func (file *ObjectCreateFile) Headers() (Headers, error) {
+ // error out if upload is not complete.
+ select {
+ case <-file.done:
+ default:
+ return nil, fmt.Errorf("Cannot get metadata, object upload failed or has not yet completed.")
+ }
+ return file.headers, nil
+}
+
+// Check it satisfies the interface
+var _ io.WriteCloser = &ObjectCreateFile{}
+
+// objectPutHeaders create a set of headers for a PUT
+//
+// It guesses the contentType from the objectName if it isn't set
+//
+// checkHash may be changed
+func objectPutHeaders(objectName string, checkHash *bool, Hash string, contentType string, h Headers) Headers {
+ if contentType == "" {
+ contentType = mime.TypeByExtension(path.Ext(objectName))
+ if contentType == "" {
+ contentType = "application/octet-stream"
+ }
+ }
+ // Meta stuff
+ extraHeaders := map[string]string{
+ "Content-Type": contentType,
+ }
+ for key, value := range h {
+ extraHeaders[key] = value
+ }
+ if Hash != "" {
+ extraHeaders["Etag"] = Hash
+ *checkHash = false // the server will do it
+ }
+ return extraHeaders
+}
+
+// ObjectCreate creates or updates the object in the container. It
+// returns an io.WriteCloser you should write the contents to. You
+// MUST call Close() on it and you MUST check the error return from
+// Close().
+//
+// If checkHash is True then it will calculate the MD5 Hash of the
+// file as it is being uploaded and check it against that returned
+// from the server. If it is wrong then it will return
+// ObjectCorrupted on Close()
+//
+// If you know the MD5 hash of the object ahead of time then set the
+// Hash parameter and it will be sent to the server (as an Etag
+// header) and the server will check the MD5 itself after the upload,
+// and this will return ObjectCorrupted on Close() if it is incorrect.
+//
+// If you don't want any error protection (not recommended) then set
+// checkHash to false and Hash to "".
+//
+// If contentType is set it will be used, otherwise one will be
+// guessed from objectName using mime.TypeByExtension
+func (c *Connection) ObjectCreate(container string, objectName string, checkHash bool, Hash string, contentType string, h Headers) (file *ObjectCreateFile, err error) {
+ extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
+ pipeReader, pipeWriter := io.Pipe()
+ file = &ObjectCreateFile{
+ hash: md5.New(),
+ checkHash: checkHash,
+ pipeReader: pipeReader,
+ pipeWriter: pipeWriter,
+ done: make(chan struct{}),
+ }
+ // Run the PUT in the background piping it data
+ go func() {
+ opts := RequestOpts{
+ Container: container,
+ ObjectName: objectName,
+ Operation: "PUT",
+ Headers: extraHeaders,
+ Body: pipeReader,
+ NoResponse: true,
+ ErrorMap: objectErrorMap,
+ }
+ file.resp, file.headers, file.err = c.storage(opts)
+ // Signal finished
+ pipeReader.Close()
+ close(file.done)
+ }()
+ return
+}
+
+func (c *Connection) ObjectSymlinkCreate(container string, symlink string, targetAccount string, targetContainer string, targetObject string, targetEtag string) (headers Headers, err error) {
+
+ EMPTY_MD5 := "d41d8cd98f00b204e9800998ecf8427e"
+ symHeaders := Headers{}
+ contents := bytes.NewBufferString("")
+ if targetAccount != "" {
+ symHeaders["X-Symlink-Target-Account"] = targetAccount
+ }
+ if targetEtag != "" {
+ symHeaders["X-Symlink-Target-Etag"] = targetEtag
+ }
+ symHeaders["X-Symlink-Target"] = fmt.Sprintf("%s/%s", targetContainer, targetObject)
+ _, err = c.ObjectPut(container, symlink, contents, true, EMPTY_MD5, "application/symlink", symHeaders)
+ return
+}
+
+func (c *Connection) objectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers, parameters url.Values) (headers Headers, err error) {
+ extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
+ hash := md5.New()
+ var body io.Reader = contents
+ if checkHash {
+ body = io.TeeReader(contents, hash)
+ }
+ _, headers, err = c.storage(RequestOpts{
+ Container: container,
+ ObjectName: objectName,
+ Operation: "PUT",
+ Headers: extraHeaders,
+ Body: body,
+ NoResponse: true,
+ ErrorMap: objectErrorMap,
+ Parameters: parameters,
+ })
+ if err != nil {
+ return
+ }
+ if checkHash {
+ receivedMd5 := strings.ToLower(headers["Etag"])
+ calculatedMd5 := fmt.Sprintf("%x", hash.Sum(nil))
+ if receivedMd5 != calculatedMd5 {
+ err = ObjectCorrupted
+ return
+ }
+ }
+ return
+}
+
+// ObjectPut creates or updates the path in the container from
+// contents. contents should be an open io.Reader which will have all
+// its contents read.
+//
+// This is a low level interface.
+//
+// If checkHash is True then it will calculate the MD5 Hash of the
+// file as it is being uploaded and check it against that returned
+// from the server. If it is wrong then it will return
+// ObjectCorrupted.
+//
+// If you know the MD5 hash of the object ahead of time then set the
+// Hash parameter and it will be sent to the server (as an Etag
+// header) and the server will check the MD5 itself after the upload,
+// and this will return ObjectCorrupted if it is incorrect.
+//
+// If you don't want any error protection (not recommended) then set
+// checkHash to false and Hash to "".
+//
+// If contentType is set it will be used, otherwise one will be
+// guessed from objectName using mime.TypeByExtension
+func (c *Connection) ObjectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers) (headers Headers, err error) {
+ return c.objectPut(container, objectName, contents, checkHash, Hash, contentType, h, nil)
+}
+
+// ObjectPutBytes creates an object from a []byte in a container.
+//
+// This is a simplified interface which checks the MD5.
+func (c *Connection) ObjectPutBytes(container string, objectName string, contents []byte, contentType string) (err error) {
+ buf := bytes.NewBuffer(contents)
+ h := Headers{"Content-Length": strconv.Itoa(len(contents))}
+ _, err = c.ObjectPut(container, objectName, buf, true, "", contentType, h)
+ return
+}
+
+// ObjectPutString creates an object from a string in a container.
+//
+// This is a simplified interface which checks the MD5
+func (c *Connection) ObjectPutString(container string, objectName string, contents string, contentType string) (err error) {
+ buf := strings.NewReader(contents)
+ h := Headers{"Content-Length": strconv.Itoa(len(contents))}
+ _, err = c.ObjectPut(container, objectName, buf, true, "", contentType, h)
+ return
+}
+
+// ObjectOpenFile represents a swift object open for reading
+type ObjectOpenFile struct {
+ connection *Connection // stored copy of Connection used in Open
+ container string // stored copy of container used in Open
+ objectName string // stored copy of objectName used in Open
+ headers Headers // stored copy of headers used in Open
+ resp *http.Response // http connection
+ body io.Reader // read data from this
+ checkHash bool // true if checking MD5
+ hash hash.Hash // currently accumulating MD5
+ bytes int64 // number of bytes read on this connection
+ eof bool // whether we have read end of file
+ pos int64 // current position when reading
+ lengthOk bool // whether length is valid
+ length int64 // length of the object if read
+ seeked bool // whether we have seeked this file or not
+ overSeeked bool // set if we have seeked to the end or beyond
+}
+
+// Read bytes from the object - see io.Reader
+func (file *ObjectOpenFile) Read(p []byte) (n int, err error) {
+ if file.overSeeked {
+ return 0, io.EOF
+ }
+ n, err = file.body.Read(p)
+ file.bytes += int64(n)
+ file.pos += int64(n)
+ if err == io.EOF {
+ file.eof = true
+ }
+ return
+}
+
+// Seek sets the offset for the next Read to offset, interpreted
+// according to whence: 0 means relative to the origin of the file, 1
+// means relative to the current offset, and 2 means relative to the
+// end. Seek returns the new offset and an Error, if any.
+//
+// Seek uses HTTP Range headers which, if the file pointer is moved,
+// will involve reopening the HTTP connection.
+//
+// Note that you can't seek to the end of a file or beyond; HTTP Range
+// requests don't support the file pointer being outside the data,
+// unlike os.File
+//
+// Seek(0, 1) will return the current file pointer.
+func (file *ObjectOpenFile) Seek(offset int64, whence int) (newPos int64, err error) {
+ file.overSeeked = false
+ switch whence {
+ case 0: // relative to start
+ newPos = offset
+ case 1: // relative to current
+ newPos = file.pos + offset
+ case 2: // relative to end
+ if !file.lengthOk {
+ return file.pos, newError(0, "Length of file unknown so can't seek from end")
+ }
+ newPos = file.length + offset
+ if offset >= 0 {
+ file.overSeeked = true
+ return
+ }
+ default:
+ panic("Unknown whence in ObjectOpenFile.Seek")
+ }
+ // If at correct position (quite likely), do nothing
+ if newPos == file.pos {
+ return
+ }
+ // Close the file...
+ file.seeked = true
+ err = file.Close()
+ if err != nil {
+ return
+ }
+ // ...and re-open with a Range header
+ if file.headers == nil {
+ file.headers = Headers{}
+ }
+ if newPos > 0 {
+ file.headers["Range"] = fmt.Sprintf("bytes=%d-", newPos)
+ } else {
+ delete(file.headers, "Range")
+ }
+ newFile, _, err := file.connection.ObjectOpen(file.container, file.objectName, false, file.headers)
+ if err != nil {
+ return
+ }
+ // Update the file
+ file.resp = newFile.resp
+ file.body = newFile.body
+ file.checkHash = false
+ file.pos = newPos
+ return
+}
+
+// Length gets the objects content length either from a cached copy or
+// from the server.
+func (file *ObjectOpenFile) Length() (int64, error) {
+ if !file.lengthOk {
+ info, _, err := file.connection.Object(file.container, file.objectName)
+ file.length = info.Bytes
+ file.lengthOk = (err == nil)
+ return file.length, err
+ }
+ return file.length, nil
+}
+
+// Close the object and checks the length and md5sum if it was
+// required and all the object was read
+func (file *ObjectOpenFile) Close() (err error) {
+ // Close the body at the end
+ defer checkClose(file.resp.Body, &err)
+
+ // If not end of file or seeked then can't check anything
+ if !file.eof || file.seeked {
+ return
+ }
+
+ // Check the MD5 sum if requested
+ if file.checkHash {
+ receivedMd5 := strings.ToLower(file.resp.Header.Get("Etag"))
+ calculatedMd5 := fmt.Sprintf("%x", file.hash.Sum(nil))
+ if receivedMd5 != calculatedMd5 {
+ err = ObjectCorrupted
+ return
+ }
+ }
+
+ // Check to see we read the correct number of bytes
+ if file.lengthOk && file.length != file.bytes {
+ err = ObjectCorrupted
+ return
+ }
+ return
+}
+
+// Check it satisfies the interfaces
+var _ io.ReadCloser = &ObjectOpenFile{}
+var _ io.Seeker = &ObjectOpenFile{}
+
+func (c *Connection) objectOpenBase(container string, objectName string, checkHash bool, h Headers, parameters url.Values) (file *ObjectOpenFile, headers Headers, err error) {
+ var resp *http.Response
+ opts := RequestOpts{
+ Container: container,
+ ObjectName: objectName,
+ Operation: "GET",
+ ErrorMap: objectErrorMap,
+ Headers: h,
+ Parameters: parameters,
+ }
+ resp, headers, err = c.storage(opts)
+ if err != nil {
+ return
+ }
+ // Can't check MD5 on an object with X-Object-Manifest or X-Static-Large-Object set
+ if checkHash && headers.IsLargeObject() {
+ // log.Printf("swift: turning off md5 checking on object with manifest %v", objectName)
+ checkHash = false
+ }
+ file = &ObjectOpenFile{
+ connection: c,
+ container: container,
+ objectName: objectName,
+ headers: h,
+ resp: resp,
+ checkHash: checkHash,
+ body: resp.Body,
+ }
+ if checkHash {
+ file.hash = md5.New()
+ file.body = io.TeeReader(resp.Body, file.hash)
+ }
+ // Read Content-Length
+ if resp.Header.Get("Content-Length") != "" {
+ file.length, err = getInt64FromHeader(resp, "Content-Length")
+ file.lengthOk = (err == nil)
+ }
+ return
+}
+
+func (c *Connection) objectOpen(container string, objectName string, checkHash bool, h Headers, parameters url.Values) (file *ObjectOpenFile, headers Headers, err error) {
+ err = withLORetry(0, func() (Headers, int64, error) {
+ file, headers, err = c.objectOpenBase(container, objectName, checkHash, h, parameters)
+ if err != nil {
+ return headers, 0, err
+ }
+ return headers, file.length, nil
+ })
+ return
+}
+
+// ObjectOpen returns an ObjectOpenFile for reading the contents of
+// the object. This satisfies the io.ReadCloser and the io.Seeker
+// interfaces.
+//
+// You must call Close() on contents when finished
+//
+// Returns the headers of the response.
+//
+// If checkHash is true then it will calculate the md5sum of the file
+// as it is being received and check it against that returned from the
+// server. If it is wrong then it will return ObjectCorrupted. It
+// will also check the length returned. No checking will be done if
+// you don't read all the contents.
+//
+// Note that objects with X-Object-Manifest or X-Static-Large-Object
+// set won't ever have their md5sum's checked as the md5sum reported
+// on the object is actually the md5sum of the md5sums of the
+// parts. This isn't very helpful to detect a corrupted download as
+// the size of the parts aren't known without doing more operations.
+// If you want to ensure integrity of an object with a manifest then
+// you will need to download everything in the manifest separately.
+//
+// headers["Content-Type"] will give the content type if desired.
+func (c *Connection) ObjectOpen(container string, objectName string, checkHash bool, h Headers) (file *ObjectOpenFile, headers Headers, err error) {
+ return c.objectOpen(container, objectName, checkHash, h, nil)
+}
+
+// ObjectGet gets the object into the io.Writer contents.
+//
+// Returns the headers of the response.
+//
+// If checkHash is true then it will calculate the md5sum of the file
+// as it is being received and check it against that returned from the
+// server. If it is wrong then it will return ObjectCorrupted.
+//
+// headers["Content-Type"] will give the content type if desired.
+func (c *Connection) ObjectGet(container string, objectName string, contents io.Writer, checkHash bool, h Headers) (headers Headers, err error) {
+ file, headers, err := c.ObjectOpen(container, objectName, checkHash, h)
+ if err != nil {
+ return
+ }
+ defer checkClose(file, &err)
+ _, err = io.Copy(contents, file)
+ return
+}
+
+// ObjectGetBytes returns an object as a []byte.
+//
+// This is a simplified interface which checks the MD5
+func (c *Connection) ObjectGetBytes(container string, objectName string) (contents []byte, err error) {
+ var buf bytes.Buffer
+ _, err = c.ObjectGet(container, objectName, &buf, true, nil)
+ contents = buf.Bytes()
+ return
+}
+
+// ObjectGetString returns an object as a string.
+//
+// This is a simplified interface which checks the MD5
+func (c *Connection) ObjectGetString(container string, objectName string) (contents string, err error) {
+ var buf bytes.Buffer
+ _, err = c.ObjectGet(container, objectName, &buf, true, nil)
+ contents = buf.String()
+ return
+}
+
+// ObjectDelete deletes the object.
+//
+// May return ObjectNotFound if the object isn't found
+func (c *Connection) ObjectDelete(container string, objectName string) error {
+ _, _, err := c.storage(RequestOpts{
+ Container: container,
+ ObjectName: objectName,
+ Operation: "DELETE",
+ ErrorMap: objectErrorMap,
+ })
+ return err
+}
+
+// ObjectTempUrl returns a temporary URL for an object
+func (c *Connection) ObjectTempUrl(container string, objectName string, secretKey string, method string, expires time.Time) string {
+ mac := hmac.New(sha1.New, []byte(secretKey))
+ prefix, _ := url.Parse(c.StorageUrl)
+ body := fmt.Sprintf("%s\n%d\n%s/%s/%s", method, expires.Unix(), prefix.Path, container, objectName)
+ mac.Write([]byte(body))
+ sig := hex.EncodeToString(mac.Sum(nil))
+ return fmt.Sprintf("%s/%s/%s?temp_url_sig=%s&temp_url_expires=%d", c.StorageUrl, container, objectName, sig, expires.Unix())
+}
+
+// parseResponseStatus parses string like "200 OK" and returns Error.
+//
+// For status codes beween 200 and 299, this returns nil.
+func parseResponseStatus(resp string, errorMap errorMap) error {
+ code := 0
+ reason := resp
+ t := strings.SplitN(resp, " ", 2)
+ if len(t) == 2 {
+ ncode, err := strconv.Atoi(t[0])
+ if err == nil {
+ code = ncode
+ reason = t[1]
+ }
+ }
+ if errorMap != nil {
+ if err, ok := errorMap[code]; ok {
+ return err
+ }
+ }
+ if 200 <= code && code <= 299 {
+ return nil
+ }
+ return newError(code, reason)
+}
+
+// BulkDeleteResult stores results of BulkDelete().
+//
+// Individual errors may (or may not) be returned by Errors.
+// Errors is a map whose keys are a full path of where the object was
+// to be deleted, and whose values are Error objects. A full path of
+// object looks like "/API_VERSION/USER_ACCOUNT/CONTAINER/OBJECT_PATH".
+type BulkDeleteResult struct {
+ NumberNotFound int64 // # of objects not found.
+ NumberDeleted int64 // # of deleted objects.
+ Errors map[string]error // Mapping between object name and an error.
+ Headers Headers // Response HTTP headers.
+}
+
+func (c *Connection) doBulkDelete(objects []string, h Headers) (result BulkDeleteResult, err error) {
+ var buffer bytes.Buffer
+ for _, s := range objects {
+ u := url.URL{Path: s}
+ buffer.WriteString(u.String() + "\n")
+ }
+ extraHeaders := Headers{
+ "Accept": "application/json",
+ "Content-Type": "text/plain",
+ "Content-Length": strconv.Itoa(buffer.Len()),
+ }
+ for key, value := range h {
+ extraHeaders[key] = value
+ }
+ resp, headers, err := c.storage(RequestOpts{
+ Operation: "DELETE",
+ Parameters: url.Values{"bulk-delete": []string{"1"}},
+ Headers: extraHeaders,
+ ErrorMap: ContainerErrorMap,
+ Body: &buffer,
+ })
+ if err != nil {
+ return
+ }
+ var jsonResult struct {
+ NotFound int64 `json:"Number Not Found"`
+ Status string `json:"Response Status"`
+ Errors [][]string
+ Deleted int64 `json:"Number Deleted"`
+ }
+ err = readJson(resp, &jsonResult)
+ if err != nil {
+ return
+ }
+
+ err = parseResponseStatus(jsonResult.Status, objectErrorMap)
+ result.NumberNotFound = jsonResult.NotFound
+ result.NumberDeleted = jsonResult.Deleted
+ result.Headers = headers
+ el := make(map[string]error, len(jsonResult.Errors))
+ for _, t := range jsonResult.Errors {
+ if len(t) != 2 {
+ continue
+ }
+ el[t[0]] = parseResponseStatus(t[1], objectErrorMap)
+ }
+ result.Errors = el
+ return
+}
+
+// BulkDelete deletes multiple objectNames from container in one operation.
+//
+// Some servers may not accept bulk-delete requests since bulk-delete is
+// an optional feature of swift - these will return the Forbidden error.
+//
+// See also:
+// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-bulk-delete.html
+// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Bulk_Delete-d1e2338.html
+func (c *Connection) BulkDelete(container string, objectNames []string) (result BulkDeleteResult, err error) {
+ return c.BulkDeleteHeaders(container, objectNames, nil)
+}
+
+// BulkDeleteHeaders deletes multiple objectNames from container in one operation.
+//
+// Some servers may not accept bulk-delete requests since bulk-delete is
+// an optional feature of swift - these will return the Forbidden error.
+//
+// See also:
+// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-bulk-delete.html
+// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Bulk_Delete-d1e2338.html
+func (c *Connection) BulkDeleteHeaders(container string, objectNames []string, h Headers) (result BulkDeleteResult, err error) {
+ if len(objectNames) == 0 {
+ result.Errors = make(map[string]error)
+ return
+ }
+ fullPaths := make([]string, len(objectNames))
+ for i, name := range objectNames {
+ fullPaths[i] = fmt.Sprintf("/%s/%s", container, name)
+ }
+ return c.doBulkDelete(fullPaths, h)
+}
+
+// BulkUploadResult stores results of BulkUpload().
+//
+// Individual errors may (or may not) be returned by Errors.
+// Errors is a map whose keys are a full path of where an object was
+// to be created, and whose values are Error objects. A full path of
+// object looks like "/API_VERSION/USER_ACCOUNT/CONTAINER/OBJECT_PATH".
+type BulkUploadResult struct {
+ NumberCreated int64 // # of created objects.
+ Errors map[string]error // Mapping between object name and an error.
+ Headers Headers // Response HTTP headers.
+}
+
+// BulkUpload uploads multiple files in one operation.
+//
+// uploadPath can be empty, a container name, or a pseudo-directory
+// within a container. If uploadPath is empty, new containers may be
+// automatically created.
+//
+// Files are read from dataStream. The format of the stream is specified
+// by the format parameter. Available formats are:
+// * UploadTar - Plain tar stream.
+// * UploadTarGzip - Gzip compressed tar stream.
+// * UploadTarBzip2 - Bzip2 compressed tar stream.
+//
+// Some servers may not accept bulk-upload requests since bulk-upload is
+// an optional feature of swift - these will return the Forbidden error.
+//
+// See also:
+// * http://docs.openstack.org/trunk/openstack-object-storage/admin/content/object-storage-extract-archive.html
+// * http://docs.rackspace.com/files/api/v1/cf-devguide/content/Extract_Archive-d1e2338.html
+func (c *Connection) BulkUpload(uploadPath string, dataStream io.Reader, format string, h Headers) (result BulkUploadResult, err error) {
+ extraHeaders := Headers{"Accept": "application/json"}
+ for key, value := range h {
+ extraHeaders[key] = value
+ }
+ // The following code abuses Container parameter intentionally.
+ // The best fix might be to rename Container to UploadPath.
+ resp, headers, err := c.storage(RequestOpts{
+ Container: uploadPath,
+ Operation: "PUT",
+ Parameters: url.Values{"extract-archive": []string{format}},
+ Headers: extraHeaders,
+ ErrorMap: ContainerErrorMap,
+ Body: dataStream,
+ })
+ if err != nil {
+ return
+ }
+ // Detect old servers which don't support this feature
+ if headers["Content-Type"] != "application/json" {
+ err = Forbidden
+ return
+ }
+ var jsonResult struct {
+ Created int64 `json:"Number Files Created"`
+ Status string `json:"Response Status"`
+ Errors [][]string
+ }
+ err = readJson(resp, &jsonResult)
+ if err != nil {
+ return
+ }
+
+ err = parseResponseStatus(jsonResult.Status, objectErrorMap)
+ result.NumberCreated = jsonResult.Created
+ result.Headers = headers
+ el := make(map[string]error, len(jsonResult.Errors))
+ for _, t := range jsonResult.Errors {
+ if len(t) != 2 {
+ continue
+ }
+ el[t[0]] = parseResponseStatus(t[1], objectErrorMap)
+ }
+ result.Errors = el
+ return
+}
+
+// Object returns info about a single object including any metadata in the header.
+//
+// May return ObjectNotFound.
+//
+// Use headers.ObjectMetadata() to read the metadata in the Headers.
+func (c *Connection) Object(container string, objectName string) (info Object, headers Headers, err error) {
+ err = withLORetry(0, func() (Headers, int64, error) {
+ info, headers, err = c.objectBase(container, objectName)
+ if err != nil {
+ return headers, 0, err
+ }
+ return headers, info.Bytes, nil
+ })
+ return
+}
+
+func (c *Connection) objectBase(container string, objectName string) (info Object, headers Headers, err error) {
+ var resp *http.Response
+ resp, headers, err = c.storage(RequestOpts{
+ Container: container,
+ ObjectName: objectName,
+ Operation: "HEAD",
+ ErrorMap: objectErrorMap,
+ NoResponse: true,
+ })
+ if err != nil {
+ return
+ }
+ // Parse the headers into the struct
+ // HTTP/1.1 200 OK
+ // Date: Thu, 07 Jun 2010 20:59:39 GMT
+ // Server: Apache
+ // Last-Modified: Fri, 12 Jun 2010 13:40:18 GMT
+ // ETag: 8a964ee2a5e88be344f36c22562a6486
+ // Content-Length: 512000
+ // Content-Type: text/plain; charset=UTF-8
+ // X-Object-Meta-Meat: Bacon
+ // X-Object-Meta-Fruit: Bacon
+ // X-Object-Meta-Veggie: Bacon
+ // X-Object-Meta-Dairy: Bacon
+ info.Name = objectName
+ info.ContentType = resp.Header.Get("Content-Type")
+ if resp.Header.Get("Content-Length") != "" {
+ if info.Bytes, err = getInt64FromHeader(resp, "Content-Length"); err != nil {
+ return
+ }
+ }
+ // Currently ceph doesn't return a Last-Modified header for DLO manifests without any segments
+ // See ceph http://tracker.ceph.com/issues/15812
+ if resp.Header.Get("Last-Modified") != "" {
+ info.ServerLastModified = resp.Header.Get("Last-Modified")
+ if info.LastModified, err = time.Parse(http.TimeFormat, info.ServerLastModified); err != nil {
+ return
+ }
+ }
+
+ info.Hash = resp.Header.Get("Etag")
+ if resp.Header.Get("X-Object-Manifest") != "" {
+ info.ObjectType = DynamicLargeObjectType
+ } else if resp.Header.Get("X-Static-Large-Object") != "" {
+ info.ObjectType = StaticLargeObjectType
+ }
+
+ return
+}
+
+// ObjectUpdate adds, replaces or removes object metadata.
+//
+// Add or Update keys by mentioning them in the Metadata. Use
+// Metadata.ObjectHeaders and Headers.ObjectMetadata to convert your
+// Metadata to and from normal HTTP headers.
+//
+// This removes all metadata previously added to the object and
+// replaces it with that passed in so to delete keys, just don't
+// mention them the headers you pass in.
+//
+// Object metadata can only be read with Object() not with Objects().
+//
+// This can also be used to set headers not already assigned such as
+// X-Delete-At or X-Delete-After for expiring objects.
+//
+// You cannot use this to change any of the object's other headers
+// such as Content-Type, ETag, etc.
+//
+// Refer to copying an object when you need to update metadata or
+// other headers such as Content-Type or CORS headers.
+//
+// May return ObjectNotFound.
+func (c *Connection) ObjectUpdate(container string, objectName string, h Headers) error {
+ _, _, err := c.storage(RequestOpts{
+ Container: container,
+ ObjectName: objectName,
+ Operation: "POST",
+ ErrorMap: objectErrorMap,
+ NoResponse: true,
+ Headers: h,
+ })
+ return err
+}
+
+// urlPathEscape escapes URL path the in string using URL escaping rules
+//
+// This mimics url.PathEscape which only available from go 1.8
+func urlPathEscape(in string) string {
+ var u url.URL
+ u.Path = in
+ return u.String()
+}
+
+// ObjectCopy does a server side copy of an object to a new position
+//
+// All metadata is preserved. If metadata is set in the headers then
+// it overrides the old metadata on the copied object.
+//
+// The destination container must exist before the copy.
+//
+// You can use this to copy an object to itself - this is the only way
+// to update the content type of an object.
+func (c *Connection) ObjectCopy(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string, h Headers) (headers Headers, err error) {
+ // Meta stuff
+ extraHeaders := map[string]string{
+ "Destination": urlPathEscape(dstContainer + "/" + dstObjectName),
+ }
+ for key, value := range h {
+ extraHeaders[key] = value
+ }
+ _, headers, err = c.storage(RequestOpts{
+ Container: srcContainer,
+ ObjectName: srcObjectName,
+ Operation: "COPY",
+ ErrorMap: objectErrorMap,
+ NoResponse: true,
+ Headers: extraHeaders,
+ })
+ return
+}
+
+// ObjectMove does a server side move of an object to a new position
+//
+// This is a convenience method which calls ObjectCopy then ObjectDelete
+//
+// All metadata is preserved.
+//
+// The destination container must exist before the copy.
+func (c *Connection) ObjectMove(srcContainer string, srcObjectName string, dstContainer string, dstObjectName string) (err error) {
+ _, err = c.ObjectCopy(srcContainer, srcObjectName, dstContainer, dstObjectName, nil)
+ if err != nil {
+ return
+ }
+ return c.ObjectDelete(srcContainer, srcObjectName)
+}
+
+// ObjectUpdateContentType updates the content type of an object
+//
+// This is a convenience method which calls ObjectCopy
+//
+// All other metadata is preserved.
+func (c *Connection) ObjectUpdateContentType(container string, objectName string, contentType string) (err error) {
+ h := Headers{"Content-Type": contentType}
+ _, err = c.ObjectCopy(container, objectName, container, objectName, h)
+ return
+}
+
+// ------------------------------------------------------------
+
+// VersionContainerCreate is a helper method for creating and enabling version controlled containers.
+//
+// It builds the current object container, the non-current object version container, and enables versioning.
+//
+// If the server doesn't support versioning then it will return
+// Forbidden however it will have created both the containers at that point.
+func (c *Connection) VersionContainerCreate(current, version string) error {
+ if err := c.ContainerCreate(version, nil); err != nil {
+ return err
+ }
+ if err := c.ContainerCreate(current, nil); err != nil {
+ return err
+ }
+ if err := c.VersionEnable(current, version); err != nil {
+ return err
+ }
+ return nil
+}
+
+// VersionEnable enables versioning on the current container with version as the tracking container.
+//
+// May return Forbidden if this isn't supported by the server
+func (c *Connection) VersionEnable(current, version string) error {
+ h := Headers{"X-Versions-Location": version}
+ if err := c.ContainerUpdate(current, h); err != nil {
+ return err
+ }
+ // Check to see if the header was set properly
+ _, headers, err := c.Container(current)
+ if err != nil {
+ return err
+ }
+ // If failed to set versions header, return Forbidden as the server doesn't support this
+ if headers["X-Versions-Location"] != version {
+ return Forbidden
+ }
+ return nil
+}
+
+// VersionDisable disables versioning on the current container.
+func (c *Connection) VersionDisable(current string) error {
+ h := Headers{"X-Versions-Location": ""}
+ if err := c.ContainerUpdate(current, h); err != nil {
+ return err
+ }
+ return nil
+}
+
+// VersionObjectList returns a list of older versions of the object.
+//
+// Objects are returned in the format /
+func (c *Connection) VersionObjectList(version, object string) ([]string, error) {
+ opts := &ObjectsOpts{
+ // <3-character zero-padded hexadecimal character length>