Commit 0c89b93c by Mitsuhiro Tanda Committed by Marcus Efraimsson

upgrade aws-sdk-go (#20957)

Upgrading aws-sdk-go since there's additional changes 
for IMDSv2 support.
parent f24b84fa
...@@ -5,7 +5,7 @@ go 1.13 ...@@ -5,7 +5,7 @@ go 1.13
require ( require (
github.com/BurntSushi/toml v0.3.1 github.com/BurntSushi/toml v0.3.1
github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f
github.com/aws/aws-sdk-go v1.25.38 github.com/aws/aws-sdk-go v1.25.48
github.com/beevik/etree v1.1.0 // indirect github.com/beevik/etree v1.1.0 // indirect
github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3 github.com/benbjohnson/clock v0.0.0-20161215174838-7dc76406b6d3
github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668 github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668
......
...@@ -9,8 +9,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy ...@@ -9,8 +9,8 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/apache/arrow/go/arrow v0.0.0-20190716210558-5f564424c71c h1:iHUHzx3S1TU5xt+D7vLb0PAk3e+RfayF9IhR6+hyO/k= github.com/apache/arrow/go/arrow v0.0.0-20190716210558-5f564424c71c h1:iHUHzx3S1TU5xt+D7vLb0PAk3e+RfayF9IhR6+hyO/k=
github.com/apache/arrow/go/arrow v0.0.0-20190716210558-5f564424c71c/go.mod h1:VTxUBvSJ3s3eHAg65PNgrsn5BtqCRPdmyXh6rAfdxN0= github.com/apache/arrow/go/arrow v0.0.0-20190716210558-5f564424c71c/go.mod h1:VTxUBvSJ3s3eHAg65PNgrsn5BtqCRPdmyXh6rAfdxN0=
github.com/aws/aws-sdk-go v1.25.38 h1:QfclT79PFWCyaPDq9+zTEWsOMDWFswTpP9i07YxqPf0= github.com/aws/aws-sdk-go v1.25.48 h1:J82DYDGZHOKHdhx6hD24Tm30c2C3GchYGfN0mf9iKUk=
github.com/aws/aws-sdk-go v1.25.38/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.48/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/beevik/etree v1.0.1/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= github.com/beevik/etree v1.0.1/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs= github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
...@@ -113,10 +113,6 @@ github.com/gosimple/slug v1.4.2 h1:jDmprx3q/9Lfk4FkGZtvzDQ9Cj9eAmsjzeQGp24PeiQ= ...@@ -113,10 +113,6 @@ github.com/gosimple/slug v1.4.2 h1:jDmprx3q/9Lfk4FkGZtvzDQ9Cj9eAmsjzeQGp24PeiQ=
github.com/gosimple/slug v1.4.2/go.mod h1:ER78kgg1Mv0NQGlXiDe57DpCyfbNywXXZ9mIorhxAf0= github.com/gosimple/slug v1.4.2/go.mod h1:ER78kgg1Mv0NQGlXiDe57DpCyfbNywXXZ9mIorhxAf0=
github.com/grafana/grafana-plugin-model v0.0.0-20190930120109-1fc953a61fb4 h1:SPdxCL9BChFTlyi0Khv64vdCW4TMna8+sxL7+Chx+Ag= github.com/grafana/grafana-plugin-model v0.0.0-20190930120109-1fc953a61fb4 h1:SPdxCL9BChFTlyi0Khv64vdCW4TMna8+sxL7+Chx+Ag=
github.com/grafana/grafana-plugin-model v0.0.0-20190930120109-1fc953a61fb4/go.mod h1:nc0XxBzjeGcrMltCDw269LoWF9S8ibhgxolCdA1R8To= github.com/grafana/grafana-plugin-model v0.0.0-20190930120109-1fc953a61fb4/go.mod h1:nc0XxBzjeGcrMltCDw269LoWF9S8ibhgxolCdA1R8To=
github.com/grafana/grafana-plugin-sdk-go v0.2.0 h1:MgcTjCuzIkZcjb/2vCPK1RvLEHfRnQtFK7AF0W3SQm0=
github.com/grafana/grafana-plugin-sdk-go v0.2.0/go.mod h1:yA268OaX+C71ubT39tyACEfFwyhEzS1kbEVHUCgkKS8=
github.com/grafana/grafana-plugin-sdk-go v0.3.1-0.20191125180836-d77f6ffe8e05 h1:COdehD2bs2CJ3zrGAOueGrqCOaCG/M9aYiO4y+J4MUk=
github.com/grafana/grafana-plugin-sdk-go v0.3.1-0.20191125180836-d77f6ffe8e05/go.mod h1:yA268OaX+C71ubT39tyACEfFwyhEzS1kbEVHUCgkKS8=
github.com/grafana/grafana-plugin-sdk-go v0.4.0 h1:bypT7gwGL9i584JEUQ1twcLxoUPO/60XW3VM8VYndYI= github.com/grafana/grafana-plugin-sdk-go v0.4.0 h1:bypT7gwGL9i584JEUQ1twcLxoUPO/60XW3VM8VYndYI=
github.com/grafana/grafana-plugin-sdk-go v0.4.0/go.mod h1:yA268OaX+C71ubT39tyACEfFwyhEzS1kbEVHUCgkKS8= github.com/grafana/grafana-plugin-sdk-go v0.4.0/go.mod h1:yA268OaX+C71ubT39tyACEfFwyhEzS1kbEVHUCgkKS8=
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
......
// Package arn provides a parser for interacting with Amazon Resource Names.
package arn
import (
"errors"
"strings"
)
const (
arnDelimiter = ":"
arnSections = 6
arnPrefix = "arn:"
// zero-indexed
sectionPartition = 1
sectionService = 2
sectionRegion = 3
sectionAccountID = 4
sectionResource = 5
// errors
invalidPrefix = "arn: invalid prefix"
invalidSections = "arn: not enough sections"
)
// ARN captures the individual fields of an Amazon Resource Name.
// See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html for more information.
type ARN struct {
// The partition that the resource is in. For standard AWS regions, the partition is "aws". If you have resources in
// other partitions, the partition is "aws-partitionname". For example, the partition for resources in the China
// (Beijing) region is "aws-cn".
Partition string
// The service namespace that identifies the AWS product (for example, Amazon S3, IAM, or Amazon RDS). For a list of
// namespaces, see
// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces.
Service string
// The region the resource resides in. Note that the ARNs for some resources do not require a region, so this
// component might be omitted.
Region string
// The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the
// ARNs for some resources don't require an account number, so this component might be omitted.
AccountID string
// The content of this part of the ARN varies by service. It often includes an indicator of the type of resource —
// for example, an IAM user or Amazon RDS database - followed by a slash (/) or a colon (:), followed by the
// resource name itself. Some services allows paths for resource names, as described in
// http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arns-paths.
Resource string
}
// Parse parses an ARN into its constituent parts.
//
// Some example ARNs:
// arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment
// arn:aws:iam::123456789012:user/David
// arn:aws:rds:eu-west-1:123456789012:db:mysql-db
// arn:aws:s3:::my_corporate_bucket/exampleobject.png
func Parse(arn string) (ARN, error) {
if !strings.HasPrefix(arn, arnPrefix) {
return ARN{}, errors.New(invalidPrefix)
}
sections := strings.SplitN(arn, arnDelimiter, arnSections)
if len(sections) != arnSections {
return ARN{}, errors.New(invalidSections)
}
return ARN{
Partition: sections[sectionPartition],
Service: sections[sectionService],
Region: sections[sectionRegion],
AccountID: sections[sectionAccountID],
Resource: sections[sectionResource],
}, nil
}
// IsARN returns whether the given string is an arn
// by looking for whether the string starts with arn:
func IsARN(arn string) bool {
return strings.HasPrefix(arn, arnPrefix) && strings.Count(arn, ":") > arnSections-1
}
// String returns the canonical representation of the ARN
func (arn ARN) String() string {
return arnPrefix +
arn.Partition + arnDelimiter +
arn.Service + arnDelimiter +
arn.Region + arnDelimiter +
arn.AccountID + arnDelimiter +
arn.Resource
}
...@@ -161,6 +161,10 @@ type Config struct { ...@@ -161,6 +161,10 @@ type Config struct {
// on GetObject API calls. // on GetObject API calls.
S3DisableContentMD5Validation *bool S3DisableContentMD5Validation *bool
// Set this to `true` to have the S3 service client to use the region specified
// in the ARN, when an ARN is provided as an argument to a bucket parameter.
S3UseARNRegion *bool
// Set this to `true` to disable the EC2Metadata client from overriding the // Set this to `true` to disable the EC2Metadata client from overriding the
// default http.Client's Timeout. This is helpful if you do not want the // default http.Client's Timeout. This is helpful if you do not want the
// EC2Metadata client to create a new http.Client. This options is only // EC2Metadata client to create a new http.Client. This options is only
...@@ -385,6 +389,13 @@ func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config { ...@@ -385,6 +389,13 @@ func (c *Config) WithS3DisableContentMD5Validation(enable bool) *Config {
} }
// WithS3UseARNRegion sets a config S3UseARNRegion value and
// returning a Config pointer for chaining
func (c *Config) WithS3UseARNRegion(enable bool) *Config {
c.S3UseARNRegion = &enable
return c
}
// WithUseDualStack sets a config UseDualStack value returning a Config // WithUseDualStack sets a config UseDualStack value returning a Config
// pointer for chaining. // pointer for chaining.
func (c *Config) WithUseDualStack(enable bool) *Config { func (c *Config) WithUseDualStack(enable bool) *Config {
...@@ -513,6 +524,10 @@ func mergeInConfig(dst *Config, other *Config) { ...@@ -513,6 +524,10 @@ func mergeInConfig(dst *Config, other *Config) {
dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation dst.S3DisableContentMD5Validation = other.S3DisableContentMD5Validation
} }
if other.S3UseARNRegion != nil {
dst.S3UseARNRegion = other.S3UseARNRegion
}
if other.UseDualStack != nil { if other.UseDualStack != nil {
dst.UseDualStack = other.UseDualStack dst.UseDualStack = other.UseDualStack
} }
......
...@@ -90,6 +90,7 @@ import ( ...@@ -90,6 +90,7 @@ import (
"github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/internal/sdkio"
) )
const ( const (
...@@ -142,7 +143,7 @@ const ( ...@@ -142,7 +143,7 @@ const (
// DefaultBufSize limits buffer size from growing to an enormous // DefaultBufSize limits buffer size from growing to an enormous
// amount due to a faulty process. // amount due to a faulty process.
DefaultBufSize = 1024 DefaultBufSize = int(8 * sdkio.KibiByte)
// DefaultTimeout default limit on time a process can run. // DefaultTimeout default limit on time a process can run.
DefaultTimeout = time.Duration(1) * time.Minute DefaultTimeout = time.Duration(1) * time.Minute
......
...@@ -31,7 +31,7 @@ func (c *EC2Metadata) getToken(duration time.Duration) (tokenOutput, error) { ...@@ -31,7 +31,7 @@ func (c *EC2Metadata) getToken(duration time.Duration) (tokenOutput, error) {
// Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request. // Swap the unmarshalMetadataHandler with unmarshalTokenHandler on this request.
req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler) req.Handlers.Unmarshal.Swap(unmarshalMetadataHandlerName, unmarshalTokenHandler)
ttl := strconv.FormatInt(int64(duration / time.Second),10) ttl := strconv.FormatInt(int64(duration/time.Second), 10)
req.HTTPRequest.Header.Set(ttlHeader, ttl) req.HTTPRequest.Header.Set(ttlHeader, ttl)
err := req.Send() err := req.Send()
...@@ -145,17 +145,17 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) { ...@@ -145,17 +145,17 @@ func (c *EC2Metadata) IAMInfo() (EC2IAMInfo, error) {
// Region returns the region the instance is running in. // Region returns the region the instance is running in.
func (c *EC2Metadata) Region() (string, error) { func (c *EC2Metadata) Region() (string, error) {
resp, err := c.GetMetadata("placement/availability-zone") ec2InstanceIdentityDocument, err := c.GetInstanceIdentityDocument()
if err != nil { if err != nil {
return "", err return "", err
} }
// extract region from the ec2InstanceIdentityDocument
if len(resp) == 0 { region := ec2InstanceIdentityDocument.Region
return "", awserr.New("EC2MetadataError", "invalid Region response", nil) if len(region) == 0 {
return "", awserr.New("EC2MetadataError", "invalid region received for ec2metadata instance", nil)
} }
// returns region
// returns region without the suffix. Eg: us-west-2a becomes us-west-2 return region, nil
return resp[:len(resp)-1], nil
} }
// Available returns if the application has access to the EC2 Metadata service. // Available returns if the application has access to the EC2 Metadata service.
......
...@@ -158,6 +158,7 @@ type tokenOutput struct { ...@@ -158,6 +158,7 @@ type tokenOutput struct {
var unmarshalTokenHandler = request.NamedHandler{ var unmarshalTokenHandler = request.NamedHandler{
Name: unmarshalTokenHandlerName, Name: unmarshalTokenHandlerName,
Fn: func(r *request.Request) { Fn: func(r *request.Request) {
defer r.HTTPResponse.Body.Close()
var b bytes.Buffer var b bytes.Buffer
if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil { if _, err := io.Copy(&b, r.HTTPResponse.Body); err != nil {
r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization, r.Error = awserr.NewRequestFailure(awserr.New(request.ErrCodeSerialization,
......
...@@ -425,11 +425,7 @@ var awsPartition = partition{ ...@@ -425,11 +425,7 @@ var awsPartition = partition{
}, },
"application-autoscaling": service{ "application-autoscaling": service{
Defaults: endpoint{ Defaults: endpoint{
Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "application-autoscaling",
},
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
...@@ -560,11 +556,7 @@ var awsPartition = partition{ ...@@ -560,11 +556,7 @@ var awsPartition = partition{
}, },
"autoscaling-plans": service{ "autoscaling-plans": service{
Defaults: endpoint{ Defaults: endpoint{
Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "autoscaling-plans",
},
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
...@@ -1133,12 +1125,15 @@ var awsPartition = partition{ ...@@ -1133,12 +1125,15 @@ var awsPartition = partition{
"datasync": service{ "datasync": service{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{}, "ca-central-1": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
...@@ -1167,6 +1162,7 @@ var awsPartition = partition{ ...@@ -1167,6 +1162,7 @@ var awsPartition = partition{
}, },
}, },
"me-south-1": endpoint{}, "me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{}, "us-east-2": endpoint{},
"us-west-1": endpoint{}, "us-west-1": endpoint{},
...@@ -1223,6 +1219,7 @@ var awsPartition = partition{ ...@@ -1223,6 +1219,7 @@ var awsPartition = partition{
"discovery": service{ "discovery": service{
Endpoints: endpoints{ Endpoints: endpoints{
"eu-central-1": endpoint{},
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
...@@ -1523,6 +1520,7 @@ var awsPartition = partition{ ...@@ -1523,6 +1520,7 @@ var awsPartition = partition{
"elasticfilesystem": service{ "elasticfilesystem": service{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
...@@ -1530,9 +1528,12 @@ var awsPartition = partition{ ...@@ -1530,9 +1528,12 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{}, "ca-central-1": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"me-south-1": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{}, "us-east-2": endpoint{},
"us-west-1": endpoint{}, "us-west-1": endpoint{},
...@@ -2076,6 +2077,27 @@ var awsPartition = partition{ ...@@ -2076,6 +2077,27 @@ var awsPartition = partition{
}, },
}, },
}, },
"iotsecuredtunneling": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{},
"ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{},
},
},
"iotthingsgraph": service{ "iotthingsgraph": service{
Defaults: endpoint{ Defaults: endpoint{
CredentialScope: credentialScope{ CredentialScope: credentialScope{
...@@ -2192,12 +2214,17 @@ var awsPartition = partition{ ...@@ -2192,12 +2214,17 @@ var awsPartition = partition{
Endpoints: endpoints{ Endpoints: endpoints{
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"ca-central-1": endpoint{},
"eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{}, "us-east-2": endpoint{},
"us-west-1": endpoint{},
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
...@@ -2421,6 +2448,7 @@ var awsPartition = partition{ ...@@ -2421,6 +2448,7 @@ var awsPartition = partition{
"mgh": service{ "mgh": service{
Endpoints: endpoints{ Endpoints: endpoints{
"eu-central-1": endpoint{},
"us-west-2": endpoint{}, "us-west-2": endpoint{},
}, },
}, },
...@@ -2726,8 +2754,30 @@ var awsPartition = partition{ ...@@ -2726,8 +2754,30 @@ var awsPartition = partition{
"ap-southeast-2": endpoint{}, "ap-southeast-2": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"us-east-1": endpoint{}, "fips-us-east-1": endpoint{
"us-west-2": endpoint{}, Hostname: "pinpoint-fips.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"fips-us-west-2": endpoint{
Hostname: "pinpoint-fips.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
"us-east-1": endpoint{
Hostname: "pinpoint.us-east-1.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-east-1",
},
},
"us-west-2": endpoint{
Hostname: "pinpoint.us-west-2.amazonaws.com",
CredentialScope: credentialScope{
Region: "us-west-2",
},
},
}, },
}, },
"polly": service{ "polly": service{
...@@ -2850,6 +2900,7 @@ var awsPartition = partition{ ...@@ -2850,6 +2900,7 @@ var awsPartition = partition{
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{}, "eu-west-2": endpoint{},
"eu-west-3": endpoint{}, "eu-west-3": endpoint{},
"sa-east-1": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-2": endpoint{}, "us-east-2": endpoint{},
"us-west-1": endpoint{}, "us-west-1": endpoint{},
...@@ -3308,6 +3359,16 @@ var awsPartition = partition{ ...@@ -3308,6 +3359,16 @@ var awsPartition = partition{
}, },
}, },
}, },
"schemas": service{
Endpoints: endpoints{
"ap-northeast-1": endpoint{},
"eu-west-1": endpoint{},
"us-east-1": endpoint{},
"us-east-2": endpoint{},
"us-west-2": endpoint{},
},
},
"sdb": service{ "sdb": service{
Defaults: endpoint{ Defaults: endpoint{
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
...@@ -3920,6 +3981,7 @@ var awsPartition = partition{ ...@@ -3920,6 +3981,7 @@ var awsPartition = partition{
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"ap-east-1": endpoint{}, "ap-east-1": endpoint{},
"ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
...@@ -3974,13 +4036,18 @@ var awsPartition = partition{ ...@@ -3974,13 +4036,18 @@ var awsPartition = partition{
Protocols: []string{"https"}, Protocols: []string{"https"},
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"ap-east-1": endpoint{},
"ap-northeast-1": endpoint{}, "ap-northeast-1": endpoint{},
"ap-northeast-2": endpoint{}, "ap-northeast-2": endpoint{},
"ap-south-1": endpoint{}, "ap-south-1": endpoint{},
"ap-southeast-1": endpoint{}, "ap-southeast-1": endpoint{},
"ap-southeast-2": endpoint{},
"ca-central-1": endpoint{}, "ca-central-1": endpoint{},
"eu-central-1": endpoint{}, "eu-central-1": endpoint{},
"eu-north-1": endpoint{},
"eu-west-1": endpoint{}, "eu-west-1": endpoint{},
"eu-west-2": endpoint{},
"eu-west-3": endpoint{},
"us-east-1": endpoint{}, "us-east-1": endpoint{},
"us-east-1-fips": endpoint{ "us-east-1-fips": endpoint{
Hostname: "translate-fips.us-east-1.amazonaws.com", Hostname: "translate-fips.us-east-1.amazonaws.com",
...@@ -3995,6 +4062,7 @@ var awsPartition = partition{ ...@@ -3995,6 +4062,7 @@ var awsPartition = partition{
Region: "us-east-2", Region: "us-east-2",
}, },
}, },
"us-west-1": endpoint{},
"us-west-2": endpoint{}, "us-west-2": endpoint{},
"us-west-2-fips": endpoint{ "us-west-2-fips": endpoint{
Hostname: "translate-fips.us-west-2.amazonaws.com", Hostname: "translate-fips.us-west-2.amazonaws.com",
...@@ -4156,11 +4224,7 @@ var awscnPartition = partition{ ...@@ -4156,11 +4224,7 @@ var awscnPartition = partition{
}, },
"application-autoscaling": service{ "application-autoscaling": service{
Defaults: endpoint{ Defaults: endpoint{
Hostname: "autoscaling.{region}.amazonaws.com.cn",
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "application-autoscaling",
},
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"cn-north-1": endpoint{}, "cn-north-1": endpoint{},
...@@ -4718,6 +4782,7 @@ var awsusgovPartition = partition{ ...@@ -4718,6 +4782,7 @@ var awsusgovPartition = partition{
"application-autoscaling": service{ "application-autoscaling": service{
Defaults: endpoint{ Defaults: endpoint{
Hostname: "autoscaling.{region}.amazonaws.com", Hostname: "autoscaling.{region}.amazonaws.com",
Protocols: []string{"http", "https"},
CredentialScope: credentialScope{ CredentialScope: credentialScope{
Service: "application-autoscaling", Service: "application-autoscaling",
}, },
...@@ -4854,6 +4919,7 @@ var awsusgovPartition = partition{ ...@@ -4854,6 +4919,7 @@ var awsusgovPartition = partition{
Region: "us-gov-west-1", Region: "us-gov-west-1",
}, },
}, },
"us-gov-east-1": endpoint{},
"us-gov-west-1": endpoint{}, "us-gov-west-1": endpoint{},
}, },
}, },
...@@ -5522,11 +5588,8 @@ var awsisoPartition = partition{ ...@@ -5522,11 +5588,8 @@ var awsisoPartition = partition{
}, },
"application-autoscaling": service{ "application-autoscaling": service{
Defaults: endpoint{ Defaults: endpoint{
Hostname: "autoscaling.{region}.amazonaws.com", Hostname: "autoscaling.us-iso-east-1.c2s.ic.gov",
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "application-autoscaling",
},
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"us-iso-east-1": endpoint{}, "us-iso-east-1": endpoint{},
...@@ -5854,11 +5917,8 @@ var awsisobPartition = partition{ ...@@ -5854,11 +5917,8 @@ var awsisobPartition = partition{
Services: services{ Services: services{
"application-autoscaling": service{ "application-autoscaling": service{
Defaults: endpoint{ Defaults: endpoint{
Hostname: "autoscaling.{region}.amazonaws.com", Hostname: "autoscaling.us-isob-east-1.sc2s.sgov.gov",
Protocols: []string{"http", "https"}, Protocols: []string{"http", "https"},
CredentialScope: credentialScope{
Service: "application-autoscaling",
},
}, },
Endpoints: endpoints{ Endpoints: endpoints{
"us-isob-east-1": endpoint{}, "us-isob-east-1": endpoint{},
......
...@@ -4,6 +4,7 @@ import ( ...@@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"os" "os"
"strconv" "strconv"
"strings"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
...@@ -141,6 +142,12 @@ type envConfig struct { ...@@ -141,6 +142,12 @@ type envConfig struct {
// AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional // AWS_S3_US_EAST_1_REGIONAL_ENDPOINT=regional
// This can take value as `regional` or `legacy` // This can take value as `regional` or `legacy`
S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
// Specifies if the S3 service should allow ARNs to direct the region
// the client's requests are sent to.
//
// AWS_S3_USE_ARN_REGION=true
S3UseARNRegion bool
} }
var ( var (
...@@ -201,6 +208,9 @@ var ( ...@@ -201,6 +208,9 @@ var (
s3UsEast1RegionalEndpoint = []string{ s3UsEast1RegionalEndpoint = []string{
"AWS_S3_US_EAST_1_REGIONAL_ENDPOINT", "AWS_S3_US_EAST_1_REGIONAL_ENDPOINT",
} }
s3UseARNRegionEnvKey = []string{
"AWS_S3_USE_ARN_REGION",
}
) )
// loadEnvConfig retrieves the SDK's environment configuration. // loadEnvConfig retrieves the SDK's environment configuration.
...@@ -307,6 +317,21 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { ...@@ -307,6 +317,21 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) {
} }
} }
var s3UseARNRegion string
setFromEnvVal(&s3UseARNRegion, s3UseARNRegionEnvKey)
if len(s3UseARNRegion) != 0 {
switch {
case strings.EqualFold(s3UseARNRegion, "false"):
cfg.S3UseARNRegion = false
case strings.EqualFold(s3UseARNRegion, "true"):
cfg.S3UseARNRegion = true
default:
return envConfig{}, fmt.Errorf(
"invalid value for environment variable, %s=%s, need true or false",
s3UseARNRegionEnvKey[0], s3UseARNRegion)
}
}
return cfg, nil return cfg, nil
} }
......
...@@ -580,6 +580,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, ...@@ -580,6 +580,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config,
cfg.Credentials = creds cfg.Credentials = creds
} }
cfg.S3UseARNRegion = userCfg.S3UseARNRegion
if cfg.S3UseARNRegion == nil {
cfg.S3UseARNRegion = &envCfg.S3UseARNRegion
}
if cfg.S3UseARNRegion == nil {
cfg.S3UseARNRegion = &sharedCfg.S3UseARNRegion
}
return nil return nil
} }
...@@ -643,6 +651,7 @@ func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Confi ...@@ -643,6 +651,7 @@ func (s *Session) ClientConfig(service string, cfgs ...*aws.Config) client.Confi
return client.Config{ return client.Config{
Config: s.Config, Config: s.Config,
Handlers: s.Handlers, Handlers: s.Handlers,
PartitionID: resolved.PartitionID,
Endpoint: resolved.URL, Endpoint: resolved.URL,
SigningRegion: resolved.SigningRegion, SigningRegion: resolved.SigningRegion,
SigningNameDerived: resolved.SigningNameDerived, SigningNameDerived: resolved.SigningNameDerived,
......
...@@ -51,6 +51,9 @@ const ( ...@@ -51,6 +51,9 @@ const (
// loading configuration from the config files if another profile name // loading configuration from the config files if another profile name
// is not provided. // is not provided.
DefaultSharedConfigProfile = `default` DefaultSharedConfigProfile = `default`
// S3 ARN Region Usage
s3UseARNRegionKey = "s3_use_arn_region"
) )
// sharedConfig represents the configuration fields of the SDK config files. // sharedConfig represents the configuration fields of the SDK config files.
...@@ -89,6 +92,7 @@ type sharedConfig struct { ...@@ -89,6 +92,7 @@ type sharedConfig struct {
// //
// endpoint_discovery_enabled = true // endpoint_discovery_enabled = true
EnableEndpointDiscovery *bool EnableEndpointDiscovery *bool
// CSM Options // CSM Options
CSMEnabled *bool CSMEnabled *bool
CSMHost string CSMHost string
...@@ -106,6 +110,12 @@ type sharedConfig struct { ...@@ -106,6 +110,12 @@ type sharedConfig struct {
// s3_us_east_1_regional_endpoint = regional // s3_us_east_1_regional_endpoint = regional
// This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint` // This can take value as `LegacyS3UsEast1Endpoint` or `RegionalS3UsEast1Endpoint`
S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint S3UsEast1RegionalEndpoint endpoints.S3UsEast1RegionalEndpoint
// Specifies if the S3 service should allow ARNs to direct the region
// the client's requests are sent to.
//
// s3_use_arn_region=true
S3UseARNRegion bool
} }
type sharedConfigFile struct { type sharedConfigFile struct {
...@@ -306,6 +316,8 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e ...@@ -306,6 +316,8 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e
updateString(&cfg.CSMPort, section, csmPortKey) updateString(&cfg.CSMPort, section, csmPortKey)
updateString(&cfg.CSMClientID, section, csmClientIDKey) updateString(&cfg.CSMClientID, section, csmClientIDKey)
updateBool(&cfg.S3UseARNRegion, section, s3UseARNRegionKey)
return nil return nil
} }
...@@ -398,6 +410,15 @@ func updateString(dst *string, section ini.Section, key string) { ...@@ -398,6 +410,15 @@ func updateString(dst *string, section ini.Section, key string) {
*dst = section.String(key) *dst = section.String(key)
} }
// updateBool will only update the dst with the value in the section key, key
// is present in the section.
func updateBool(dst *bool, section ini.Section, key string) {
if !section.Has(key) {
return
}
*dst = section.Bool(key)
}
// updateBoolPtr will only update the dst with the value in the section key, // updateBoolPtr will only update the dst with the value in the section key,
// key is present in the section. // key is present in the section.
func updateBoolPtr(dst **bool, section ini.Section, key string) { func updateBoolPtr(dst **bool, section ini.Section, key string) {
......
...@@ -5,4 +5,4 @@ package aws ...@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go" const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK // SDKVersion is the version of this SDK
const SDKVersion = "1.25.38" const SDKVersion = "1.25.48"
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -952,6 +952,57 @@ func (c *EC2) WaitUntilPasswordDataAvailableWithContext(ctx aws.Context, input * ...@@ -952,6 +952,57 @@ func (c *EC2) WaitUntilPasswordDataAvailableWithContext(ctx aws.Context, input *
return w.WaitWithContext(ctx) return w.WaitWithContext(ctx)
} }
// WaitUntilSecurityGroupExists uses the Amazon EC2 API operation
// DescribeSecurityGroups to wait for a condition to be met before returning.
// If the condition is not met within the max attempt window, an error will
// be returned.
func (c *EC2) WaitUntilSecurityGroupExists(input *DescribeSecurityGroupsInput) error {
return c.WaitUntilSecurityGroupExistsWithContext(aws.BackgroundContext(), input)
}
// WaitUntilSecurityGroupExistsWithContext is an extended version of WaitUntilSecurityGroupExists.
// With the support for passing in a context and options to configure the
// Waiter and the underlying request options.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *EC2) WaitUntilSecurityGroupExistsWithContext(ctx aws.Context, input *DescribeSecurityGroupsInput, opts ...request.WaiterOption) error {
w := request.Waiter{
Name: "WaitUntilSecurityGroupExists",
MaxAttempts: 6,
Delay: request.ConstantWaiterDelay(5 * time.Second),
Acceptors: []request.WaiterAcceptor{
{
State: request.SuccessWaiterState,
Matcher: request.PathWaiterMatch, Argument: "length(SecurityGroups[].GroupId) > `0`",
Expected: true,
},
{
State: request.RetryWaiterState,
Matcher: request.ErrorWaiterMatch,
Expected: "InvalidGroupNotFound",
},
},
Logger: c.Config.Logger,
NewRequest: func(opts []request.Option) (*request.Request, error) {
var inCpy *DescribeSecurityGroupsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.DescribeSecurityGroupsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
w.ApplyOptions(opts...)
return w.WaitWithContext(ctx)
}
// WaitUntilSnapshotCompleted uses the Amazon EC2 API operation // WaitUntilSnapshotCompleted uses the Amazon EC2 API operation
// DescribeSnapshots to wait for a condition to be met before returning. // DescribeSnapshots to wait for a condition to be met before returning.
// If the condition is not met within the max attempt window, an error will // If the condition is not met within the max attempt window, an error will
......
...@@ -16,16 +16,16 @@ ...@@ -16,16 +16,16 @@
// You can use the resource groups tagging API operations to complete the following // You can use the resource groups tagging API operations to complete the following
// tasks: // tasks:
// //
// * Tag and untag supported resources located in the specified region for // * Tag and untag supported resources located in the specified Region for
// the AWS account // the AWS account.
// //
// * Use tag-based filters to search for resources located in the specified // * Use tag-based filters to search for resources located in the specified
// region for the AWS account // Region for the AWS account.
// //
// * List all existing tag keys in the specified region for the AWS account // * List all existing tag keys in the specified Region for the AWS account.
// //
// * List all existing values for the specified key in the specified region // * List all existing values for the specified key in the specified Region
// for the AWS account // for the AWS account.
// //
// To use resource groups tagging API operations, you must add the following // To use resource groups tagging API operations, you must add the following
// permissions to your IAM policy: // permissions to your IAM policy:
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
// //
// * API Gateway // * API Gateway
// //
// * AWS AppStream // * Amazon AppStream
// //
// * AWS AppSync // * AWS AppSync
// //
...@@ -105,7 +105,7 @@ ...@@ -105,7 +105,7 @@
// //
// * AWS Database Migration Service // * AWS Database Migration Service
// //
// * AWS Datasync // * AWS DataSync
// //
// * AWS Direct Connect // * AWS Direct Connect
// //
...@@ -141,10 +141,12 @@ ...@@ -141,10 +141,12 @@
// //
// * Amazon FSx // * Amazon FSx
// //
// * Amazon Glacier // * Amazon S3 Glacier
// //
// * AWS Glue // * AWS Glue
// //
// * Amazon GuardDuty
//
// * Amazon Inspector // * Amazon Inspector
// //
// * AWS IoT Analytics // * AWS IoT Analytics
...@@ -155,6 +157,8 @@ ...@@ -155,6 +157,8 @@
// //
// * AWS IoT Device Management // * AWS IoT Device Management
// //
// * AWS IoT Events
//
// * AWS IoT Greengrass // * AWS IoT Greengrass
// //
// * AWS Key Management Service // * AWS Key Management Service
...@@ -179,6 +183,10 @@ ...@@ -179,6 +183,10 @@
// //
// * AWS OpsWorks // * AWS OpsWorks
// //
// * AWS Organizations
//
// * Amazon Quantum Ledger Database (QLDB)
//
// * Amazon RDS // * Amazon RDS
// //
// * Amazon Redshift // * Amazon Redshift
...@@ -199,18 +207,20 @@ ...@@ -199,18 +207,20 @@
// //
// * AWS Secrets Manager // * AWS Secrets Manager
// //
// * AWS Security Hub
//
// * AWS Service Catalog // * AWS Service Catalog
// //
// * Amazon Simple Notification Service (SNS) // * Amazon Simple Notification Service (SNS)
// //
// * Amazon Simple Queue Service (SQS) // * Amazon Simple Queue Service (SQS)
// //
// * AWS Simple System Manager (SSM)
//
// * AWS Step Functions // * AWS Step Functions
// //
// * AWS Storage Gateway // * AWS Storage Gateway
// //
// * AWS Systems Manager
//
// * AWS Transfer for SFTP // * AWS Transfer for SFTP
// //
// * Amazon VPC // * Amazon VPC
......
...@@ -4,6 +4,33 @@ package resourcegroupstaggingapi ...@@ -4,6 +4,33 @@ package resourcegroupstaggingapi
const ( const (
// ErrCodeConcurrentModificationException for service response error code
// "ConcurrentModificationException".
//
// The target of the operation is currently being modified by a different request.
// Try again later.
ErrCodeConcurrentModificationException = "ConcurrentModificationException"
// ErrCodeConstraintViolationException for service response error code
// "ConstraintViolationException".
//
// The request was denied because performing this operation violates a constraint.
//
// Some of the reasons in the following list might not apply to this specific
// operation.
//
// * You must meet the prerequisites for using tag policies. For information,
// see Prerequisites and Permissions for Using Tag Policies (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies-prereqs.html)
// in the AWS Organizations User Guide.
//
// * You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com)
// to integrate with AWS Organizations For information, see EnableAWSServiceAccess
// (http://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAWSServiceAccess.html).
//
// * You must have a tag policy attached to the organization root, an OU,
// or an account.
ErrCodeConstraintViolationException = "ConstraintViolationException"
// ErrCodeInternalServiceException for service response error code // ErrCodeInternalServiceException for service response error code
// "InternalServiceException". // "InternalServiceException".
// //
...@@ -14,8 +41,20 @@ const ( ...@@ -14,8 +41,20 @@ const (
// ErrCodeInvalidParameterException for service response error code // ErrCodeInvalidParameterException for service response error code
// "InvalidParameterException". // "InvalidParameterException".
// //
// A parameter is missing or a malformed string or invalid or out-of-range value // This error indicates one of the following:
// was supplied for the request parameter. //
// * A parameter is missing.
//
// * A malformed string was supplied for the request parameter.
//
// * An out-of-range value was supplied for the request parameter.
//
// * The target ID is invalid, unsupported, or doesn't exist.
//
// * You can't access the Amazon S3 bucket for report storage. For more information,
// see Additional Requirements for Organization-wide Tag Compliance Reports
// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies-prereqs.html#bucket-policies-org-report)
// in the AWS Organizations User Guide.
ErrCodeInvalidParameterException = "InvalidParameterException" ErrCodeInvalidParameterException = "InvalidParameterException"
// ErrCodePaginationTokenExpiredException for service response error code // ErrCodePaginationTokenExpiredException for service response error code
......
...@@ -26,7 +26,7 @@ import ( ...@@ -26,7 +26,7 @@ import (
// // myFunc uses an SDK service client to make a request to // // myFunc uses an SDK service client to make a request to
// // AWS Resource Groups Tagging API. // // AWS Resource Groups Tagging API.
// func myFunc(svc resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI) bool { // func myFunc(svc resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI) bool {
// // Make svc.GetResources request // // Make svc.DescribeReportCreation request
// } // }
// //
// func main() { // func main() {
...@@ -42,7 +42,7 @@ import ( ...@@ -42,7 +42,7 @@ import (
// type mockResourceGroupsTaggingAPIClient struct { // type mockResourceGroupsTaggingAPIClient struct {
// resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI // resourcegroupstaggingapiiface.ResourceGroupsTaggingAPIAPI
// } // }
// func (m *mockResourceGroupsTaggingAPIClient) GetResources(input *resourcegroupstaggingapi.GetResourcesInput) (*resourcegroupstaggingapi.GetResourcesOutput, error) { // func (m *mockResourceGroupsTaggingAPIClient) DescribeReportCreation(input *resourcegroupstaggingapi.DescribeReportCreationInput) (*resourcegroupstaggingapi.DescribeReportCreationOutput, error) {
// // mock response/functionality // // mock response/functionality
// } // }
// //
...@@ -60,6 +60,17 @@ import ( ...@@ -60,6 +60,17 @@ import (
// and waiters. Its suggested to use the pattern above for testing, or using // and waiters. Its suggested to use the pattern above for testing, or using
// tooling to generate mocks to satisfy the interfaces. // tooling to generate mocks to satisfy the interfaces.
type ResourceGroupsTaggingAPIAPI interface { type ResourceGroupsTaggingAPIAPI interface {
DescribeReportCreation(*resourcegroupstaggingapi.DescribeReportCreationInput) (*resourcegroupstaggingapi.DescribeReportCreationOutput, error)
DescribeReportCreationWithContext(aws.Context, *resourcegroupstaggingapi.DescribeReportCreationInput, ...request.Option) (*resourcegroupstaggingapi.DescribeReportCreationOutput, error)
DescribeReportCreationRequest(*resourcegroupstaggingapi.DescribeReportCreationInput) (*request.Request, *resourcegroupstaggingapi.DescribeReportCreationOutput)
GetComplianceSummary(*resourcegroupstaggingapi.GetComplianceSummaryInput) (*resourcegroupstaggingapi.GetComplianceSummaryOutput, error)
GetComplianceSummaryWithContext(aws.Context, *resourcegroupstaggingapi.GetComplianceSummaryInput, ...request.Option) (*resourcegroupstaggingapi.GetComplianceSummaryOutput, error)
GetComplianceSummaryRequest(*resourcegroupstaggingapi.GetComplianceSummaryInput) (*request.Request, *resourcegroupstaggingapi.GetComplianceSummaryOutput)
GetComplianceSummaryPages(*resourcegroupstaggingapi.GetComplianceSummaryInput, func(*resourcegroupstaggingapi.GetComplianceSummaryOutput, bool) bool) error
GetComplianceSummaryPagesWithContext(aws.Context, *resourcegroupstaggingapi.GetComplianceSummaryInput, func(*resourcegroupstaggingapi.GetComplianceSummaryOutput, bool) bool, ...request.Option) error
GetResources(*resourcegroupstaggingapi.GetResourcesInput) (*resourcegroupstaggingapi.GetResourcesOutput, error) GetResources(*resourcegroupstaggingapi.GetResourcesInput) (*resourcegroupstaggingapi.GetResourcesOutput, error)
GetResourcesWithContext(aws.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error) GetResourcesWithContext(aws.Context, *resourcegroupstaggingapi.GetResourcesInput, ...request.Option) (*resourcegroupstaggingapi.GetResourcesOutput, error)
GetResourcesRequest(*resourcegroupstaggingapi.GetResourcesInput) (*request.Request, *resourcegroupstaggingapi.GetResourcesOutput) GetResourcesRequest(*resourcegroupstaggingapi.GetResourcesInput) (*request.Request, *resourcegroupstaggingapi.GetResourcesOutput)
...@@ -81,6 +92,10 @@ type ResourceGroupsTaggingAPIAPI interface { ...@@ -81,6 +92,10 @@ type ResourceGroupsTaggingAPIAPI interface {
GetTagValuesPages(*resourcegroupstaggingapi.GetTagValuesInput, func(*resourcegroupstaggingapi.GetTagValuesOutput, bool) bool) error GetTagValuesPages(*resourcegroupstaggingapi.GetTagValuesInput, func(*resourcegroupstaggingapi.GetTagValuesOutput, bool) bool) error
GetTagValuesPagesWithContext(aws.Context, *resourcegroupstaggingapi.GetTagValuesInput, func(*resourcegroupstaggingapi.GetTagValuesOutput, bool) bool, ...request.Option) error GetTagValuesPagesWithContext(aws.Context, *resourcegroupstaggingapi.GetTagValuesInput, func(*resourcegroupstaggingapi.GetTagValuesOutput, bool) bool, ...request.Option) error
StartReportCreation(*resourcegroupstaggingapi.StartReportCreationInput) (*resourcegroupstaggingapi.StartReportCreationOutput, error)
StartReportCreationWithContext(aws.Context, *resourcegroupstaggingapi.StartReportCreationInput, ...request.Option) (*resourcegroupstaggingapi.StartReportCreationOutput, error)
StartReportCreationRequest(*resourcegroupstaggingapi.StartReportCreationInput) (*request.Request, *resourcegroupstaggingapi.StartReportCreationOutput)
TagResources(*resourcegroupstaggingapi.TagResourcesInput) (*resourcegroupstaggingapi.TagResourcesOutput, error) TagResources(*resourcegroupstaggingapi.TagResourcesInput) (*resourcegroupstaggingapi.TagResourcesOutput, error)
TagResourcesWithContext(aws.Context, *resourcegroupstaggingapi.TagResourcesInput, ...request.Option) (*resourcegroupstaggingapi.TagResourcesOutput, error) TagResourcesWithContext(aws.Context, *resourcegroupstaggingapi.TagResourcesInput, ...request.Option) (*resourcegroupstaggingapi.TagResourcesOutput, error)
TagResourcesRequest(*resourcegroupstaggingapi.TagResourcesInput) (*request.Request, *resourcegroupstaggingapi.TagResourcesOutput) TagResourcesRequest(*resourcegroupstaggingapi.TagResourcesInput) (*request.Request, *resourcegroupstaggingapi.TagResourcesOutput)
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -4,6 +4,7 @@ import ( ...@@ -4,6 +4,7 @@ import (
"github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/internal/s3err" "github.com/aws/aws-sdk-go/internal/s3err"
"github.com/aws/aws-sdk-go/service/s3/internal/arn"
) )
func init() { func init() {
...@@ -13,7 +14,7 @@ func init() { ...@@ -13,7 +14,7 @@ func init() {
func defaultInitClientFn(c *client.Client) { func defaultInitClientFn(c *client.Client) {
// Support building custom endpoints based on config // Support building custom endpoints based on config
c.Handlers.Build.PushFront(updateEndpointForS3Config) c.Handlers.Build.PushFront(endpointHandler)
// Require SSL when using SSE keys // Require SSL when using SSE keys
c.Handlers.Validate.PushBack(validateSSERequiresSSL) c.Handlers.Validate.PushBack(validateSSERequiresSSL)
...@@ -27,7 +28,7 @@ func defaultInitClientFn(c *client.Client) { ...@@ -27,7 +28,7 @@ func defaultInitClientFn(c *client.Client) {
} }
func defaultInitRequestFn(r *request.Request) { func defaultInitRequestFn(r *request.Request) {
// Add reuest handlers for specific platforms. // Add request handlers for specific platforms.
// e.g. 100-continue support for PUT requests using Go 1.6 // e.g. 100-continue support for PUT requests using Go 1.6
platformRequestHandlers(r) platformRequestHandlers(r)
...@@ -73,3 +74,8 @@ type sseCustomerKeyGetter interface { ...@@ -73,3 +74,8 @@ type sseCustomerKeyGetter interface {
type copySourceSSECustomerKeyGetter interface { type copySourceSSECustomerKeyGetter interface {
getCopySourceSSECustomerKey() string getCopySourceSSECustomerKey() string
} }
type endpointARNGetter interface {
getEndpointARN() (arn.Resource, error)
hasEndpointARN() bool
}
package s3
import (
"net/url"
"strings"
"github.com/aws/aws-sdk-go/aws"
awsarn "github.com/aws/aws-sdk-go/aws/arn"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/service/s3/internal/arn"
)
// Used by shapes with members decorated as endpoint ARN.
func parseEndpointARN(v string) (arn.Resource, error) {
return arn.ParseResource(v, accessPointResourceParser)
}
func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
resParts := arn.SplitResource(a.Resource)
switch resParts[0] {
case "accesspoint":
return arn.ParseAccessPointResource(a, resParts[1:])
default:
return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
}
}
func endpointHandler(req *request.Request) {
endpoint, ok := req.Params.(endpointARNGetter)
if !ok || !endpoint.hasEndpointARN() {
updateBucketEndpointFromParams(req)
return
}
resource, err := endpoint.getEndpointARN()
if err != nil {
req.Error = newInvalidARNError(nil, err)
return
}
resReq := resourceRequest{
Resource: resource,
Request: req,
}
if resReq.IsCrossPartition() {
req.Error = newClientPartitionMismatchError(resource,
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
return
}
if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
req.Error = newClientRegionMismatchError(resource,
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
return
}
if resReq.HasCustomEndpoint() {
req.Error = newInvalidARNWithCustomEndpointError(resource, nil)
return
}
switch tv := resource.(type) {
case arn.AccessPointARN:
err = updateRequestAccessPointEndpoint(req, tv)
if err != nil {
req.Error = err
}
default:
req.Error = newInvalidARNError(resource, nil)
}
}
type resourceRequest struct {
Resource arn.Resource
Request *request.Request
}
func (r resourceRequest) ARN() awsarn.ARN {
return r.Resource.GetARN()
}
func (r resourceRequest) AllowCrossRegion() bool {
return aws.BoolValue(r.Request.Config.S3UseARNRegion)
}
func (r resourceRequest) UseFIPS() bool {
return isFIPS(aws.StringValue(r.Request.Config.Region))
}
func (r resourceRequest) IsCrossPartition() bool {
return r.Request.ClientInfo.PartitionID != r.Resource.GetARN().Partition
}
func (r resourceRequest) IsCrossRegion() bool {
return isCrossRegion(r.Request, r.Resource.GetARN().Region)
}
func (r resourceRequest) HasCustomEndpoint() bool {
return len(aws.StringValue(r.Request.Config.Endpoint)) > 0
}
func isFIPS(clientRegion string) bool {
return strings.HasPrefix(clientRegion, "fips-") || strings.HasSuffix(clientRegion, "-fips")
}
func isCrossRegion(req *request.Request, otherRegion string) bool {
return req.ClientInfo.SigningRegion != otherRegion
}
func updateBucketEndpointFromParams(r *request.Request) {
bucket, ok := bucketNameFromReqParams(r.Params)
if !ok {
// Ignore operation requests if the bucket name was not provided
// if this is an input validation error the validation handler
// will report it.
return
}
updateEndpointForS3Config(r, bucket)
}
func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
// Accelerate not supported
if aws.BoolValue(req.Config.S3UseAccelerate) {
return newClientConfiguredForAccelerateError(accessPoint,
req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
}
// Ignore the disable host prefix for access points since custom endpoints
// are not supported.
req.Config.DisableEndpointHostPrefix = aws.Bool(false)
if err := accessPointEndpointBuilder(accessPoint).Build(req); err != nil {
return err
}
removeBucketFromPath(req.HTTPRequest.URL)
return nil
}
func removeBucketFromPath(u *url.URL) {
u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
if u.Path == "" {
u.Path = "/"
}
}
type accessPointEndpointBuilder arn.AccessPointARN
const (
accessPointPrefixLabel = "accesspoint"
accountIDPrefixLabel = "accountID"
accesPointPrefixTemplate = "{" + accessPointPrefixLabel + "}-{" + accountIDPrefixLabel + "}."
)
func (a accessPointEndpointBuilder) Build(req *request.Request) error {
resolveRegion := arn.AccessPointARN(a).Region
cfgRegion := aws.StringValue(req.Config.Region)
if isFIPS(cfgRegion) {
if aws.BoolValue(req.Config.S3UseARNRegion) && isCrossRegion(req, resolveRegion) {
// FIPS with cross region is not supported, the SDK must fail
// because there is no well defined method for SDK to construct a
// correct FIPS endpoint.
return newClientConfiguredForCrossRegionFIPSError(arn.AccessPointARN(a),
req.ClientInfo.PartitionID, cfgRegion, nil)
}
resolveRegion = cfgRegion
}
endpoint, err := resolveRegionalEndpoint(req, resolveRegion)
if err != nil {
return newFailedToResolveEndpointError(arn.AccessPointARN(a),
req.ClientInfo.PartitionID, cfgRegion, err)
}
if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
return err
}
const serviceEndpointLabel = "s3-accesspoint"
// dualstack provided by endpoint resolver
cfgHost := req.HTTPRequest.URL.Host
if strings.HasPrefix(cfgHost, "s3") {
req.HTTPRequest.URL.Host = serviceEndpointLabel + cfgHost[2:]
}
protocol.HostPrefixBuilder{
Prefix: accesPointPrefixTemplate,
LabelsFn: a.hostPrefixLabelValues,
}.Build(req)
req.ClientInfo.SigningName = endpoint.SigningName
req.ClientInfo.SigningRegion = endpoint.SigningRegion
err = protocol.ValidateEndpointHost(req.Operation.Name, req.HTTPRequest.URL.Host)
if err != nil {
return newInvalidARNError(arn.AccessPointARN(a), err)
}
return nil
}
func (a accessPointEndpointBuilder) hostPrefixLabelValues() map[string]string {
return map[string]string{
accessPointPrefixLabel: arn.AccessPointARN(a).AccessPointName,
accountIDPrefixLabel: arn.AccessPointARN(a).AccountID,
}
}
func resolveRegionalEndpoint(r *request.Request, region string) (endpoints.ResolvedEndpoint, error) {
return r.Config.EndpointResolver.EndpointFor(EndpointsID, region, func(opts *endpoints.Options) {
opts.DisableSSL = aws.BoolValue(r.Config.DisableSSL)
opts.UseDualStack = aws.BoolValue(r.Config.UseDualStack)
opts.S3UsEast1RegionalEndpoint = endpoints.RegionalS3UsEast1Endpoint
})
}
func updateRequestEndpoint(r *request.Request, endpoint string) (err error) {
endpoint = endpoints.AddScheme(endpoint, aws.BoolValue(r.Config.DisableSSL))
r.HTTPRequest.URL, err = url.Parse(endpoint + r.Operation.HTTPPath)
if err != nil {
return awserr.New(request.ErrCodeSerialization,
"failed to parse endpoint URL", err)
}
return nil
}
package s3
import (
"fmt"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/s3/internal/arn"
)
const (
invalidARNErrorErrCode = "InvalidARNError"
configurationErrorErrCode = "ConfigurationError"
)
type invalidARNError struct {
message string
resource arn.Resource
origErr error
}
func (e invalidARNError) Error() string {
var extra string
if e.resource != nil {
extra = "ARN: " + e.resource.String()
}
return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
}
func (e invalidARNError) Code() string {
return invalidARNErrorErrCode
}
func (e invalidARNError) Message() string {
return e.message
}
func (e invalidARNError) OrigErr() error {
return e.origErr
}
func newInvalidARNError(resource arn.Resource, err error) invalidARNError {
return invalidARNError{
message: "invalid ARN",
origErr: err,
resource: resource,
}
}
func newInvalidARNWithCustomEndpointError(resource arn.Resource, err error) invalidARNError {
return invalidARNError{
message: "resource ARN not supported with custom client endpoints",
origErr: err,
resource: resource,
}
}
// ARN not supported for the target partition
func newInvalidARNWithUnsupportedPartitionError(resource arn.Resource, err error) invalidARNError {
return invalidARNError{
message: "resource ARN not supported for the target ARN partition",
origErr: err,
resource: resource,
}
}
type configurationError struct {
message string
resource arn.Resource
clientPartitionID string
clientRegion string
origErr error
}
func (e configurationError) Error() string {
extra := fmt.Sprintf("ARN: %s, client partition: %s, client region: %s",
e.resource, e.clientPartitionID, e.clientRegion)
return awserr.SprintError(e.Code(), e.Message(), extra, e.origErr)
}
func (e configurationError) Code() string {
return configurationErrorErrCode
}
func (e configurationError) Message() string {
return e.message
}
func (e configurationError) OrigErr() error {
return e.origErr
}
func newClientPartitionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
return configurationError{
message: "client partition does not match provided ARN partition",
origErr: err,
resource: resource,
clientPartitionID: clientPartitionID,
clientRegion: clientRegion,
}
}
func newClientRegionMismatchError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
return configurationError{
message: "client region does not match provided ARN region",
origErr: err,
resource: resource,
clientPartitionID: clientPartitionID,
clientRegion: clientRegion,
}
}
func newFailedToResolveEndpointError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
return configurationError{
message: "endpoint resolver failed to find an endpoint for the provided ARN region",
origErr: err,
resource: resource,
clientPartitionID: clientPartitionID,
clientRegion: clientRegion,
}
}
func newClientConfiguredForFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
return configurationError{
message: "client configured for fips but cross-region resource ARN provided",
origErr: err,
resource: resource,
clientPartitionID: clientPartitionID,
clientRegion: clientRegion,
}
}
func newClientConfiguredForAccelerateError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
return configurationError{
message: "client configured for S3 Accelerate but is supported with resource ARN",
origErr: err,
resource: resource,
clientPartitionID: clientPartitionID,
clientRegion: clientRegion,
}
}
func newClientConfiguredForCrossRegionFIPSError(resource arn.Resource, clientPartitionID, clientRegion string, err error) configurationError {
return configurationError{
message: "client configured for FIPS with cross-region enabled but is supported with cross-region resource ARN",
origErr: err,
resource: resource,
clientPartitionID: clientPartitionID,
clientRegion: clientRegion,
}
}
...@@ -15,9 +15,9 @@ const ( ...@@ -15,9 +15,9 @@ const (
// "BucketAlreadyOwnedByYou". // "BucketAlreadyOwnedByYou".
// //
// The bucket you tried to create already exists, and you own it. Amazon S3 // The bucket you tried to create already exists, and you own it. Amazon S3
// returns this error in all AWS Regions except in the North Virginia region. // returns this error in all AWS Regions except in the North Virginia Region.
// For legacy compatibility, if you re-create an existing bucket that you already // For legacy compatibility, if you re-create an existing bucket that you already
// own in the North Virginia region, Amazon S3 returns 200 OK and resets the // own in the North Virginia Region, Amazon S3 returns 200 OK and resets the
// bucket access control lists (ACLs). // bucket access control lists (ACLs).
ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou" ErrCodeBucketAlreadyOwnedByYou = "BucketAlreadyOwnedByYou"
...@@ -42,13 +42,13 @@ const ( ...@@ -42,13 +42,13 @@ const (
// ErrCodeObjectAlreadyInActiveTierError for service response error code // ErrCodeObjectAlreadyInActiveTierError for service response error code
// "ObjectAlreadyInActiveTierError". // "ObjectAlreadyInActiveTierError".
// //
// This operation is not allowed against this storage tier // This operation is not allowed against this storage tier.
ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError" ErrCodeObjectAlreadyInActiveTierError = "ObjectAlreadyInActiveTierError"
// ErrCodeObjectNotInActiveTierError for service response error code // ErrCodeObjectNotInActiveTierError for service response error code
// "ObjectNotInActiveTierError". // "ObjectNotInActiveTierError".
// //
// The source object of the COPY operation is not in the active tier and is // The source object of the COPY operation is not in the active tier and is
// only stored in Amazon Glacier. // only stored in Amazon S3 Glacier.
ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError" ErrCodeObjectNotInActiveTierError = "ObjectNotInActiveTierError"
) )
...@@ -30,10 +30,10 @@ var accelerateOpBlacklist = operationBlacklist{ ...@@ -30,10 +30,10 @@ var accelerateOpBlacklist = operationBlacklist{
opListBuckets, opCreateBucket, opDeleteBucket, opListBuckets, opCreateBucket, opDeleteBucket,
} }
// Request handler to automatically add the bucket name to the endpoint domain // Automatically add the bucket name to the endpoint domain
// if possible. This style of bucket is valid for all bucket names which are // if possible. This style of bucket is valid for all bucket names which are
// DNS compatible and do not contain "." // DNS compatible and do not contain "."
func updateEndpointForS3Config(r *request.Request) { func updateEndpointForS3Config(r *request.Request, bucketName string) {
forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle) forceHostStyle := aws.BoolValue(r.Config.S3ForcePathStyle)
accelerate := aws.BoolValue(r.Config.S3UseAccelerate) accelerate := aws.BoolValue(r.Config.S3UseAccelerate)
...@@ -43,45 +43,29 @@ func updateEndpointForS3Config(r *request.Request) { ...@@ -43,45 +43,29 @@ func updateEndpointForS3Config(r *request.Request) {
r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.") r.Config.Logger.Log("ERROR: aws.Config.S3UseAccelerate is not compatible with aws.Config.S3ForcePathStyle, ignoring S3ForcePathStyle.")
} }
} }
updateEndpointForAccelerate(r) updateEndpointForAccelerate(r, bucketName)
} else if !forceHostStyle && r.Operation.Name != opGetBucketLocation { } else if !forceHostStyle && r.Operation.Name != opGetBucketLocation {
updateEndpointForHostStyle(r) updateEndpointForHostStyle(r, bucketName)
} }
} }
func updateEndpointForHostStyle(r *request.Request) { func updateEndpointForHostStyle(r *request.Request, bucketName string) {
bucket, ok := bucketNameFromReqParams(r.Params) if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
if !ok {
// Ignore operation requests if the bucketname was not provided
// if this is an input validation error the validation handler
// will report it.
return
}
if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) {
// bucket name must be valid to put into the host // bucket name must be valid to put into the host
return return
} }
moveBucketToHost(r.HTTPRequest.URL, bucket) moveBucketToHost(r.HTTPRequest.URL, bucketName)
} }
var ( var (
accelElem = []byte("s3-accelerate.dualstack.") accelElem = []byte("s3-accelerate.dualstack.")
) )
func updateEndpointForAccelerate(r *request.Request) { func updateEndpointForAccelerate(r *request.Request, bucketName string) {
bucket, ok := bucketNameFromReqParams(r.Params) if !hostCompatibleBucketName(r.HTTPRequest.URL, bucketName) {
if !ok {
// Ignore operation requests if the bucketname was not provided
// if this is an input validation error the validation handler
// will report it.
return
}
if !hostCompatibleBucketName(r.HTTPRequest.URL, bucket) {
r.Error = awserr.New("InvalidParameterException", r.Error = awserr.New("InvalidParameterException",
fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucket), fmt.Sprintf("bucket name %s is not compatible with S3 Accelerate", bucketName),
nil) nil)
return return
} }
...@@ -106,7 +90,7 @@ func updateEndpointForAccelerate(r *request.Request) { ...@@ -106,7 +90,7 @@ func updateEndpointForAccelerate(r *request.Request) {
r.HTTPRequest.URL.Host = strings.Join(parts, ".") r.HTTPRequest.URL.Host = strings.Join(parts, ".")
moveBucketToHost(r.HTTPRequest.URL, bucket) moveBucketToHost(r.HTTPRequest.URL, bucketName)
} }
// Attempts to retrieve the bucket name from the request input parameters. // Attempts to retrieve the bucket name from the request input parameters.
...@@ -148,8 +132,5 @@ func dnsCompatibleBucketName(bucket string) bool { ...@@ -148,8 +132,5 @@ func dnsCompatibleBucketName(bucket string) bool {
// moveBucketToHost moves the bucket name from the URI path to URL host. // moveBucketToHost moves the bucket name from the URI path to URL host.
func moveBucketToHost(u *url.URL, bucket string) { func moveBucketToHost(u *url.URL, bucket string) {
u.Host = bucket + "." + u.Host u.Host = bucket + "." + u.Host
u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1) removeBucketFromPath(u)
if u.Path == "" {
u.Path = "/"
}
} }
package arn
import (
"strings"
"github.com/aws/aws-sdk-go/aws/arn"
)
// AccessPointARN provides representation
type AccessPointARN struct {
arn.ARN
AccessPointName string
}
// GetARN returns the base ARN for the Access Point resource
func (a AccessPointARN) GetARN() arn.ARN {
return a.ARN
}
// ParseAccessPointResource attempts to parse the ARN's resource as an
// AccessPoint resource.
func ParseAccessPointResource(a arn.ARN, resParts []string) (AccessPointARN, error) {
if len(a.Region) == 0 {
return AccessPointARN{}, InvalidARNError{a, "region not set"}
}
if len(a.AccountID) == 0 {
return AccessPointARN{}, InvalidARNError{a, "account-id not set"}
}
if len(resParts) == 0 {
return AccessPointARN{}, InvalidARNError{a, "resource-id not set"}
}
if len(resParts) > 1 {
return AccessPointARN{}, InvalidARNError{a, "sub resource not supported"}
}
resID := resParts[0]
if len(strings.TrimSpace(resID)) == 0 {
return AccessPointARN{}, InvalidARNError{a, "resource-id not set"}
}
return AccessPointARN{
ARN: a,
AccessPointName: resID,
}, nil
}
package arn
import (
"strings"
"github.com/aws/aws-sdk-go/aws/arn"
)
// Resource provides the interfaces abstracting ARNs of specific resource
// types.
type Resource interface {
GetARN() arn.ARN
String() string
}
// ResourceParser provides the function for parsing an ARN's resource
// component into a typed resource.
type ResourceParser func(arn.ARN) (Resource, error)
// ParseResource parses an AWS ARN into a typed resource for the S3 API.
func ParseResource(s string, resParser ResourceParser) (resARN Resource, err error) {
a, err := arn.Parse(s)
if err != nil {
return nil, err
}
if len(a.Partition) == 0 {
return nil, InvalidARNError{a, "partition not set"}
}
if a.Service != "s3" {
return nil, InvalidARNError{a, "service is not S3"}
}
if len(a.Resource) == 0 {
return nil, InvalidARNError{a, "resource not set"}
}
return resParser(a)
}
// SplitResource splits the resource components by the ARN resource delimiters.
func SplitResource(v string) []string {
var parts []string
var offset int
for offset <= len(v) {
idx := strings.IndexAny(v[offset:], "/:")
if idx < 0 {
parts = append(parts, v[offset:])
break
}
parts = append(parts, v[offset:idx+offset])
offset += idx + 1
}
return parts
}
// IsARN returns whether the given string is an ARN
func IsARN(s string) bool {
return arn.IsARN(s)
}
// InvalidARNError provides the error for an invalid ARN error.
type InvalidARNError struct {
ARN arn.ARN
Reason string
}
func (e InvalidARNError) Error() string {
return "invalid Amazon S3 ARN, " + e.Reason + ", " + e.ARN.String()
}
...@@ -14,11 +14,11 @@ const ( ...@@ -14,11 +14,11 @@ const (
// ErrCodeIDPCommunicationErrorException for service response error code // ErrCodeIDPCommunicationErrorException for service response error code
// "IDPCommunicationError". // "IDPCommunicationError".
// //
// The request could not be fulfilled because the non-AWS identity provider // The request could not be fulfilled because the identity provider (IDP) that
// (IDP) that was asked to verify the incoming identity token could not be reached. // was asked to verify the incoming identity token could not be reached. This
// This is often a transient error caused by network conditions. Retry the request // is often a transient error caused by network conditions. Retry the request
// a limited number of times so that you don't exceed the request rate. If the // a limited number of times so that you don't exceed the request rate. If the
// error persists, the non-AWS identity provider might be down or not responding. // error persists, the identity provider might be down or not responding.
ErrCodeIDPCommunicationErrorException = "IDPCommunicationError" ErrCodeIDPCommunicationErrorException = "IDPCommunicationError"
// ErrCodeIDPRejectedClaimException for service response error code // ErrCodeIDPRejectedClaimException for service response error code
...@@ -34,9 +34,9 @@ const ( ...@@ -34,9 +34,9 @@ const (
// ErrCodeInvalidAuthorizationMessageException for service response error code // ErrCodeInvalidAuthorizationMessageException for service response error code
// "InvalidAuthorizationMessageException". // "InvalidAuthorizationMessageException".
// //
// This error is returned if the message passed to DecodeAuthorizationMessage // The error returned if the message passed to DecodeAuthorizationMessage was
// was invalid. This can happen if the token contains invalid characters, such // invalid. This can happen if the token contains invalid characters, such as
// as linebreaks. // linebreaks.
ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException" ErrCodeInvalidAuthorizationMessageException = "InvalidAuthorizationMessageException"
// ErrCodeInvalidIdentityTokenException for service response error code // ErrCodeInvalidIdentityTokenException for service response error code
...@@ -56,9 +56,18 @@ const ( ...@@ -56,9 +56,18 @@ const (
// ErrCodePackedPolicyTooLargeException for service response error code // ErrCodePackedPolicyTooLargeException for service response error code
// "PackedPolicyTooLarge". // "PackedPolicyTooLarge".
// //
// The request was rejected because the policy document was too large. The error // The request was rejected because the total packed size of the session policies
// message describes how big the policy document is, in packed form, as a percentage // and session tags combined was too large. An AWS conversion compresses the
// of what the API allows. // session policy document, session policy ARNs, and session tags into a packed
// binary format that has a separate limit. The error message indicates by percentage
// how close the policies and tags are to the upper size limit. For more information,
// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html)
// in the IAM User Guide.
//
// You could receive this error even though you meet other defined session policy
// and session tag limits. For more information, see IAM and STS Entity Character
// Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge" ErrCodePackedPolicyTooLargeException = "PackedPolicyTooLarge"
// ErrCodeRegionDisabledException for service response error code // ErrCodeRegionDisabledException for service response error code
......
...@@ -17,8 +17,9 @@ github.com/apache/arrow/go/arrow/internal/debug ...@@ -17,8 +17,9 @@ github.com/apache/arrow/go/arrow/internal/debug
github.com/apache/arrow/go/arrow/internal/flatbuf github.com/apache/arrow/go/arrow/internal/flatbuf
github.com/apache/arrow/go/arrow/ipc github.com/apache/arrow/go/arrow/ipc
github.com/apache/arrow/go/arrow/memory github.com/apache/arrow/go/arrow/memory
# github.com/aws/aws-sdk-go v1.25.38 # github.com/aws/aws-sdk-go v1.25.48
github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws
github.com/aws/aws-sdk-go/aws/arn
github.com/aws/aws-sdk-go/aws/awserr github.com/aws/aws-sdk-go/aws/awserr
github.com/aws/aws-sdk-go/aws/awsutil github.com/aws/aws-sdk-go/aws/awsutil
github.com/aws/aws-sdk-go/aws/client github.com/aws/aws-sdk-go/aws/client
...@@ -60,6 +61,7 @@ github.com/aws/aws-sdk-go/service/ec2/ec2iface ...@@ -60,6 +61,7 @@ github.com/aws/aws-sdk-go/service/ec2/ec2iface
github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi
github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/resourcegroupstaggingapiiface github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi/resourcegroupstaggingapiiface
github.com/aws/aws-sdk-go/service/s3 github.com/aws/aws-sdk-go/service/s3
github.com/aws/aws-sdk-go/service/s3/internal/arn
github.com/aws/aws-sdk-go/service/sts github.com/aws/aws-sdk-go/service/sts
github.com/aws/aws-sdk-go/service/sts/stsiface github.com/aws/aws-sdk-go/service/sts/stsiface
# github.com/beevik/etree v1.1.0 # github.com/beevik/etree v1.1.0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment